Privacy Policy
January 2, 2024
We understand how important privacy is to our customers. We are committed to respecting and protecting our customers’ privacy. As our customer or user, you trust us with confidential data, and we have an obligation to act every day in accordance with the trust you place in us.
In this Privacy Notice, we disclose:
how we collect your personal data
what personal data we process on you
for what purposes we process your personal data
how we protect and safeguard your personal data
to whom we disclose your personal data
how long we store your personal data
what rights and options you have regarding the processing of your personal data.
Assembly Organizing Oy ("Assembly") provides services, features, and functions on the Site that we have made available for use through the Site.
We are joint controllers when processing personal data in connection with the provision of the Services in accordance with this Privacy Statement. We describe the processing of personal data in this Privacy Notice.
Assembly may act as separate or joint controllers for customer information provided to the Services, as well as for data generated or otherwise collected in connection with the use of the Services, depending on the processing purpose of the information. Assembly's roles for different processing purposes are described in this Privacy Notice. You can always contact either company regardless of the situation if you have any questions about the processing of personal data. Contact information can be found at the end of this Privacy Notice.
We comply with EU and local legislation applicable to the processing of your personal data in the Services, as well as with instructions and guidelines issued by authorities.
This Privacy Notice applies to the processing of personal data of natural persons, regardless of whether you are a consumer or business customer. In addition, information about the processing of personal data in a specific service may be provided in service-specific privacy statements, the applicability of which is indicated separately.
This Privacy Notice does not apply to services or websites provided by other companies, even if access to them is provided through the Services.
Definitions
The below terms are used in the Privacy Notice as follows:
Anonymized data refers to data that can no longer be associated with you as a person, as all identifiable elements have been removed.
Customer is a subscriber, buyer or user of our Services.
Personal data refers to data that can be associated with you either directly or indirectly. The types of personal data we process are described below in the Privacy Notice.
Services refers to all offerings and services provided by Assembly.
Site refers to the assembly.org website or the domain name directly replacing the assembly.org domain name, which offers Services, and which Assembly operates.
How do we collect your personal data?
The Site provides range of services for computer festival events and esports. What personal data we collect depends on the Services you use, subscribe to or buy, and on what data you submit to us or we collect in this connection or otherwise when you log in to our Service.
We can collect personal data from the following sources:
Directly from you yourself for instance when you do business with us, buy or subscribe to our Services and products, or when you register with or log in to our Services, visit our website, subscribe to our newsletter, reply to our customer satisfaction survey or contact us.
From other sources
Detected data generated in connection with the Service use are processed by us to the extent permitted by law for instance when you buy event tickets, use our online services, mobile apps and other Services (e.g. in connection with phone calls and sending of email or website visits).
Derived data we have created on the basis of your personal data, such as conclusions about your possible interests, made by means of analytics in order to target direct marketing.
Data obtained specifically from other sources, such as other service providers like ticket sales systems we use, for example adding your ticket sales related email to our event email contact list where we announce our event related news.
Disclosure of personal data to us is not compulsory, but if you choose not to disclose your personal data, we will not necessarily be able to provide you with our Services.
What personal data do we process on you?
We may process the following types of personal data:
Basic details, such as name and contact details, the desired communications channel, title or profession, for corporate contact persons also the area of responsibility / position, and social media identification data.
Demographic data, such as age, date of birth and mother tongue.
Data collected in connection with the registration with and login to Site's services and portals, such as usernames and passwords.
Data related to the customer relationship and contractual relationship, such as information related to the Service, products and orders, and the information needed for their delivery, subscriber and user information.
When applicable, information related to invoicing, credit control and payments, bank details, information related to transactions (powers of attorney, authorizations).
Customer contacts and related recordings, e.g. calls, email and chat or other messages to customer service, video recordings of security cameras of your visit to our premises or events.
Data generated during the use of our Site and Services and when visiting and sharing your data on Assembly social media pages.
Other data describing the Service use, including any personal data collected by means of cookies and similar technologies in connection with web or mobile browsing.
Data related to the identification and registration of a customer or user.
Data collected in connection with registration for events, competitions and prize draws organized by Assembly.
Data related to direct marketing campaigns, permissions and prohibitions related to direct marketing, interests, subscriptions to newsletters and invitations to events, data related to the targeting of direct marketing.
Other data that we collect with your consent and that we specify when requesting your consent.
We process children’s personal data to the extent permitted by law, when appropriate in the case in question. We take reasonable efforts to ensure and verify that the custodian of a child under the age of 13 has agreed to the processing of personal data when legal ground for processing is consent, taking into account the available technology and the privacy risks related to the processing.
How do we use your personal data?
We collect, process and use personal data that are needed for conducting our business, efficient customer service and appropriate commercial activities, including the processing of personal data for anonymizing data.
The processing of personal data is generally based on an agreement with Assembly when you register as a User of the Site or use the Services. In addition, processing may be based on Assembly's legitimate interest in using and providing the Services, managing customer relationships and serving Users, as well as targeting marketing and advertising. We may also process personal data on other grounds, such as consent or legal obligation."
In all of the above cases, we process personal data only for a specified purpose and to the extent necessary for it, taking the protection of our customers’ privacy always into account.
We may combine data collected in connection with different Services in so far as the data have been collected for the same purpose. If the customer is identifiable, we may combine their customer data with analytics data collected on them in order to be able to better target our Services for the customer's needs.
The Site may have Facebook fan or business pages, for which Assembly act as administrators. In these pages, Assembly and Facebook act as joint controllers, to the extent applicable. Facebook processes data in accordance with its privacy statement and policy. Facebook is primarily responsible for compliance with data protection legislation and the implementation of data subjects' rights in its service. This link provides more information on the processing of personal data by Facebook and the parties' responsibilities. You can manage Facebook's privacy settings.
We processes personal data for the following purposes:
1. On the basis of a contractual relationship and in order to provide Services:
We process your personal data for the provision and production of Services which you as a Site's Customer are entitled to.
The provision of Services requires that we process personal data for managing a customer or contractual relationship, identifying customers or users, processing and delivering orders, service and product quality control, customer service, and for ensuring information security, fixing various faults and incidents or for processing complaints. We may also process your personal data invoicing, credit control and debt collection when those purposes are applicable to the Services we are providing for you.
We also process personal data in customer communications, e.g. when sending notifications related to Services, and in order to contact customers in issues related to our Services.
We process your personal data internally for the development, management and quality control of our business, Services and related processes. Such processing may be necessary, for example, when we analyze delivery processes and complaints related to them in order to improve the efficiency of our delivery process and thereby to find a better and faster way to serve our customers. We also process personal data to better understand our customers’ needs and wishes as regards, for example, the features and contents of our Services.
If necessary, we can also process personal data to detect or prevent misuse and fraud related to the Services, and collect information for security purposes regarding the use of the Services, such as successful and unsuccessful logins to our Services that require registration."
2. On the basis of legitimate interest:
Assembly may process your personal data on the basis of legitimate interest in the following situations, for example:
Direct marketing: We process and utilize both anonymized data and personal data for marketing purposes and for building target groups for marketing within the limits of the valid legislation. In addition, we may process your personal data in order to target our marketing at the products and services that each customer finds interesting. Marketing can be targeted also on our social media channels. We may use your personal data within the limits of the law for marketing both our own and our cooperation partners’s products and services, such as for direct marketing and market research, and for customer satisfaction surveys.
Personalization of services: We may process personal data or anonymized data for personalizing and targeting Services for instance by giving recommendations and by showing targeted contents in our Services or customer channels. We also process personal data and anonymized data in order to get a comprehensive picture about the customer's use of our Services and likings related to our Services. We use such profiled data in order to enable our customers to get a better experience of the use of our Services.
Statistical purposes: We may also process your personal data in order to create statistical analyses, which enable us to develop our customer offering or improve our services or products.
3. To comply with legal obligations:
We may process your personal data in order to meet our legal obligations, such as for accounting and authority purposes.
4. For other purposes to which you have given your consent
We may process your personal data for all purposes to which you have given your consent. You can, for example, give your consent to the processing of your location data in order for us to target such benefits at you that are topical or relevant to you.
When requesting your consent, we inform you thoroughly of the meaning of the consent to personal data processing and how you can cancel your consent.
How do we protect and safeguard your personal data?
Information security and protection of customer data is of utmost importance to us. It is important for us to ensure the availability, integrity and security of personal data. We strive to take appropriate actions in order to protect personal data and to prevent and detect unauthorized access to personal data and loss of personal data.
We take continuous efforts to safeguard our customers’ rights. We take care of the security of our personnel, data, information systems and public communications networks as well as our offices and technical facilities. We pay special attention to protecting the data we process, such as your personal data.
In data protection, we take into account the risks posed to privacy protection and business operations by the processing of personal data, the available technical options, and different kinds of threats in accordance with the applicable legislation, regulations and obligations under agreements.
To whom do we disclose your personal data?
We may disclose your personal data to the extent permitted and required by law. We may also process anonymized or statistical data that cannot be associated with you as a person. Such information can also be disclosed to third parties for other purposes than those described in the Privacy Notice.
We may disclose your personal data to the parties below.
1. Subcontractors who process personal data on our behalf for the provision and maintenance of the Services. These third parties are not allowed to use the personal data for any other purpose than for providing the service agreed with us. When using subcontractors, we will ensure in an appropriate manner that the processing takes place in accordance with the Privacy Notice. The processors referred to herein include, for example, IT service providers and ticket sales partners.
Our partners processing personal data on our behalf may be located outside the European Union or the European Economic Area. When transferring personal data outside the EU or EEA, we ensure by means of agreements (e.g. by the use of the EU Commission's standard contractual clauses) or otherwise that the transfers are implemented as required by law. In addition, we ensure, and also expect our processors to ensure, as required by legislation, that your personal data remain protected regardless of whether they are transferred outside the EU or EEA.
2. Other third parties with your consent, which we may have received in connection with a particular service, for example.
3. In relation to legal proceedings or at the request of an authority on the basis of applicable law or court order or in connection with a trial or authority process.
We may also disclose your data to a competent authority to the extent required by law in accordance with a predefined procedure.
4. As required or permitted by law.
5. In connection with mergers and acquisitions and various business transaction and transfers.
How long do we store your personal data?
We store your personal data only as long as necessary to implement the purposes defined in the Privacy Notice, unless otherwise required by legislation. No corresponding restrictions apply to the storing of anonymized data.
We do not store outdated or unnecessary information. We aim to make sure that your personal data and other customer data are up-to-date and correct.
Your data processed on the basis of a contractual relationship are stored, as a rule, for the duration of the contractual relationship or as long as the provision of the Services requires. After the expiry of the contractual relationship or the end of the Service provision, your personal data will be stored as long as they are needed, for example, for unfinished business, invoicing or complaints.
Personal data is stored for one year after the end of the customer relationship.
Data processed on the basis of legitimate interest are processed for as long as there are grounds for their processing. If the customer is entitled to object to the processing, the data are erased when the customer's request related to the objection has been processed and approved. An example of this kind of processing falling within the scope of legitimate interest is direct marketing.
Data processed on the basis of legal obligations are processed and stored as long as required by law. Obligations related to the storage of personal data are set, for example, by the accounting and money laundering legislation.
The storage time of data processed with your consent is determined according to purpose of the processing.
What rights and options do you have?
Your rights and options depend on the purposes of the processing of personal data and on the situation.
The right to access: You have the right to receive a confirmation of whether your personal data are processed, and if they are, to gain access to the data.
The right to give and withdraw your consent: If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time.
The right to rectify data: You are entitled to have your personal data rectified or, in certain cases, to have defective personal data supplemented.
The right to object to the processing of personal data: You are entitled to object to the processing of your personal data based on our legitimate interests, including profiling. We may reject the request, if the processing is necessary in order to implement our mandatory and legitimate interests. You are always entitled to oppose to the processing of your personal data for direct marketing purposes and for profiling related to direct marketing.
The right to data portability: You have the right to receive your personal data you have submitted to us for processing based on your consent or the implementation of an agreement. You are entitled to receive the data in a structured, commonly used and machine-readable format, and the right to transmit the data to another controller.
The right to be forgotten: You are entitled to ask us to erase data related to you, for example, if (i) you consider them unnecessary for the purposes described above, (ii) you cancel the consent you have given, (iii) you consider we process your personal data unlawfully, or (iv) you object to the use of your personal data for direct marketing purposes.
The right to restriction of processing: You have the right under certain circumstances to require the controller to restrict the processing of your personal data.
How will you know if the Privacy Notice has been amended?
We will update the Privacy Notice, if necessary, as our operations and Services develop. We advise you to check for the latest version regularly on our website.
How can you exercise your rights and contact us?
You can delete your user account on the website and make a request for inspection by logging in to assembly.org.
You can also exercise all registered rights by sending us an email to privacyassembly.org.
You can also send questions related to the processing of personal data or the Privacy Policy to the addresses below.
Controller
Assembly Organizing Oy Valimotie 13 BB, 00380 Helsinki Business ID 2245136-3, VAT No. FI22451363
Change history
On January 2, 2024, the sole controller is now Assembly Organizing Oy.
On August 12, 2021, the Privacy Statement was updated as Teliaesportsseries.com changed to Assembly.org Hub. In the same context, Assembly Organizing Oy became a joint controller alongside Telia Finland Oyj, as stated in the Privacy Statement. Data subject privacy rights are implemented in the same way as before, and the Data Protection Officer for Telia Finland remains responsible for data protection. Minor clarifications were made to the processing purposes for personal data.
As a result of the discontinuation of Teliesportsseries.com's websites in Denmark, Norway, and Sweden, references to joint controllership with Telia companies in those countries were removed from the Privacy Statement. The personal data of users in those countries has been deleted, and those companies no longer process personal data.
