Privacy Policy

RLO Events Oy Privacy Policy, updated on 30 May 2023.

Data Controller

RLO Events Oy (Business ID 2132851-5)
Paippistentie 457
FI-04170 Paippinen

Register Name

RLO Events Oy marketing, event participant and customer registers.

Purpose and Legal Basis for Processing Personal Data

Personal data is used for the delivery of RLO Events Oy’s products, direct marketing, sales, invoicing, opinion or market research, and other comparable targeted communications. Personal data is also processed in connection with sending newsletters.

The data may also be used, within the limits set by law, to target offers, benefits, events, or other marketing activities. In addition, personal data is processed to fulfil agreements between the data controller and the data subject, and where applicable, based on the consent given by the data subject in connection with registrations for events, trade fairs, and other occasions.

Retention Period of Personal Data

Personal data is retained for as long as necessary to fulfil the purposes of processing described in this privacy policy. In addition, invoicing data is retained for five (5) years in accordance with the Accounting Act.

Data Content of the Register

The categories of data subjects whose data may be processed include participants in events organised by the data controller, individuals who have given marketing consent, or customers who have ordered services.

The data provided by the data subject may include, for example: first name, last name, email address, phone number, job title, address, and date of birth. For corporate, association, and organisational customers, the company name and business ID may also be collected. In addition, in connection with marketing activities, information regarding marketing consents and restrictions, as well as preferred methods of contact, may be collected.

Regular Sources of Data

Personal data is collected directly from the data subject, including when registering to use RLO Events Oy’s services.

Data may be collected via contact forms on RLO Events Oy’s websites, marketing raffles and competitions, newsletter subscription forms, registrations for RLO Events Oy events, and from publicly available internet sources.
Customer information systems and invoicing databases are also used.

To monitor the use of services, we use cookies and other analytics technologies. Through the use of services, we may collect, for example, the following data:

• Usage and browsing data related to service features, such as advertisements displayed and information on ad clicks
• The page from which the user accessed our website, device model, unique device and/or cookie identifier, data collection channel, browser version, IP address, session identifier, session time and duration, screen resolution, and operating system
• Location data, if the user has explicitly granted permission
• Other data collected with the user’s consent

Regular Disclosure of Data

RLO Events Oy may disclose personal data within the limits permitted and required by applicable legislation. Data is not disclosed to third parties that do not have a cooperation relationship with RLO Events Oy. Data is not transferred outside the EU or EEA.

Principles of Register Protection

Data is stored in a technically protected environment. Access to the data requires appropriate authorization, and unauthorized access is prevented through measures such as firewalls and other technical safeguards. Only designated persons have the right to process and maintain the register data, and all users are bound by confidentiality obligations. The data is securely backed up and can be restored when necessary.

Rights of the Data Subject

In accordance with Section 26 of the Personal Data Act, the data subject has the right to inspect the personal data concerning them stored in the register and to request the correction, completion, or deletion of inaccurate or unnecessary data. Requests for inspection must be submitted in writing to the data controller. The data controller may request proof of identity if necessary. The data controller will respond within the timeframe set out in the EU General Data Protection Regulation (generally within one month).

Changes to the Privacy Policy

We continuously develop our services and therefore reserve the right to amend this privacy policy by publishing updates on this page.