This is a registry and privacy statement in accordance with the EU's General Data Protection Regulation (2016/679) (GDPR).
Controller and contact information
Rovaniemen 10-lenkki ry (Y: 3146305-9)
Kansankatu 2, 96100 Rovaniemi
Tel. +358 (0) 44 2397 737
Registry name: Arctic Cycling Challenge – cycling event customer register
Purposes and legal basis of the processing of personal data
The legal basis for the processing of personal data under the EU's General Data Protection Regulation is the consent of the person.
The purpose of the personal data processing of the person participating in the cycling event organised by the association is customer communication, customer service, customer relationship maintenance as well as data management and marketing. We retain your shopping history and suggest future events based on previously purchased products that may be of interest to the person participating in the event.
The data is not used for automated decision-making or profiling.
Data content of the registry
The information stored in the register of the person participating in the cycling event organised by the association includes:
- Personal data (name and gender)
- Contact information (phone number, e-mail address)
- Registration information and/or information about the services ordered and their changes, as well as billing information related to the order
- Other information related to customer relationship and ordered services
The retention period for the personal data of the participant of the event organised by the association is one year.
The information stored in the register is obtained from the person participating in the event, for example, through the website registration, ordering or contact forms, email, telephone, social media services, contracts, meetings and other situations in which the person discloses their data.
Registry security principles
The register is handled with due care and the data processed through the information systems is properly protected. When the registry information is stored on internet servers, the physical and digital security of their hardware is properly ensured. The controller ensures that the stored data, server access rights and other information critical to the security of personal data are handled confidentially and only by the persons whose areas of responsibility falls within.
Regular disclosures and transfer of data outside the EU or EEA
The data is not regularly disclosed to other parties. Personal data may be disclosed to a service partner if you have separately given consent to a third party to process your data in connection with the products and services it provides. Please note, however, that publicly displayed information is available worldwide.
Personal data may be disclosed to the commercial or non-commercial partners of the Rovaniemen 10-lenkki ry in order to provide the service.
We may disclose your personal data to authorised third parties who process personal data on behalf of the Rovaniemien 10-lenkki ry for the purposes described herein (e.g. providers of technical, logistical and other event-related services). However, these parties may use your personal data only for the purpose for which the data was collected. The Rovaniemien 10-lenkki ry also requires that the parties concerned act in accordance with applicable legislation and the purpose described herein and that they use appropriate security measures to protect your personal data. According to the description, a third party may be, for example, the hotel and restaurant that we use to provide the accommodation and catering during the event.
Data subject's rights
Right to check information and to request the correction any incorrect information
Every person in the register has the right to:
- get information about the processing of their personal data
- be allowed to check their data stored in the register
- require correcting any incorrect information or completion of incomplete information
If a person wishes to check or request rectification of the data stored about him or her, the request must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will reply to the customer within the timeframe set in the EU's General Data Protection Regulation (usually within one month).
Other rights related to the processing of personal data
Every person in the register has the right to request the removal of his or her personal data from the register ("right to be forgotten"). Data subjects also have other rights under the EU's General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent by e-mail to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will reply to the customer within the timeframe set in the EU's General Data Protection Regulation (usually within one month).