Lappeenranta City Board (Lappeenrannan kaupunginhallitus)
53100 Lappeenranta, Finland
Contact person for the data resource
Expert Teemu Myyryläinen
Tel. +358 40 351 6488
Data protection officer
+358 40 768 1336
Purpose of processing personal data
The purpose of the data file is to manage the customer relationships of the event services, facility and area rental invoicing, payment of artist fees and communication of the events and services by the event services.
Personal data to be processed
The name, organisation and e-mail address of the event organiser.
In the case of the area and facility rentals and performance contracts, also a business ID or personal ID code, address and invoicing address.
Are special categories of personal data processed (GDPR, Article 9)?
Grounds for the processing
Contract: facility and area leases, performance contracts and event production contracts.
Consent: registration for briefings and training events organised by the city.
Information sources of the data resource
The data subjects themselves.
Is the provision of information based on law or contract? What are the consequences of refusing to provide the information?
Based on a contract. If the information is not provided, area or facility leases and performance contracts cannot be concluded.
Systems used to maintain the data repository
Timmi and M-Files.
Is the information contained in the data repository in digital or physical format?
Primarily in electronic form, processing in paper form only in special cases.
Have any of the data processing activities been outsourced?
Principles of data protection
TIMMI: access to the data file requires a personal username and password, which the system will force to be changed periodically. The username is provided when a person is granted access rights. The access rights are terminated when the person leaves the position based on which they were granted the access rights. The username is also erased at this point.
M-Files: access rights to the register are limited to event service employees only.
Access rights are granted task-specifically.
Any customer documents in paper form are stored in a locked space, and their use is controlled.
All employees are bound by an obligation of confidentiality.
Disclosure of information contained in the data repository
No data will be disclosed.
Automated decision-making and profiling
Disclosure of information outside the EU/EEA
Data storage periods or the principles based on which they are determined
The data retention period is two years.
Rights of data subjects
Right to receive information on the processing of personal data
The controller must describe the processing of personal data in a clear and transparent manner.
Right to access one’s own data
As a data subject, you can check which of your personal details are being processed. We recommend using an electronic form that requires strong authentication.
Right to request the rectification of personal data
If you notice that your personal data is erroneous or inaccurate, you can request the rectification of your data. To do so, please contact the person responsible for the data file.
Right to be forgotten
You have the right to request the erasure of your personal data insofar as the processing is based on consent. To do so, please contact the data file contact person.
Right to restrict the processing of your personal data
In some specific cases, you are entitled to request the processing of your data to be restricted until your data has been appropriately checked and rectified or supplemented.
Right to transfer personal data from one system to another
Insofar as the processing is based on consent, you have the right to transfer personal data to the system of another controller if you have provided the data to the city yourself.
Right to withdraw consent
You have the right to withdraw your consent at any time, insofar as the processing is based on consent. To do so, please contact the data file contact person.
Right to lodge a complaint with a supervisory authority
If you find that your rights have been violated, you have the right to lodge a complaint with a supervisory authority. In Finland, this supervisory authority is the Data Protection Ombudsman (Tietosuojavaltuutettu).