Privacy Policy

Data Controller
Name: Finnish Artists’ Association – Konstnärsgillet i Finland
Business ID: 0117013-2
Address: Iso Roobertinkatu 3–5 A 22, 00120 Helsinki
Email: matrikkeli@artists.fi
Telephone: +358 40 8345 0170
Person in charge of registration:
Marketta Tuomainen, Organization Coordinator

Name of Register
Kuvataiteilijamatrikkeli

Purpose of and legal basis for processing personal data
The processing of personal data is based on agreement.
The Artist Register of the Artists’ Association of Finland is used for professional marketing of artists.
The data are used for the purpose of providing services, for research, and for compilation of statistics.
The data may also be used for communications about the Artist Register.
The data are not used for automated decision making or profiling.

Content of the register
The Artist Register can hold and process the following information necessary for the purpose of the register:
First and middle name, family name, professional title, year of birth, place of birth, gender, email address, website address, telephone number, work and home addresses, country, curriculum vitae, and username.
The Artist Register is by nature permanent. Data on individual artists are removed at the artist’s request or at the request of copyright owners.

Regular data sources
The personal data are gathered from data subjects themselves. The data are submitted and disclosed by the data subjects personally.

Disclosure and transfer of data outside the EU or the EEA
No data is transferred to third parties or to countries outside the EU or the EEA.

Principles of protection of the register
The register is never shared with outsiders. Only users with administrator rights to the Finnish Artists Online Register have the right to use the register. The register is located on a password-protected server administered by Konsepto Oy.

Audit right and rectification of data in the register
Data subjects have the right to review what data concerning themselves is stored in the Artist Register.
Requests for rectification of data must be submitted in writing to the address Iso Roobertinkatu 3–5 A 22, 00120 Helsinki. After receipt of the request, the Data Controller will verify the data subject’s identity by checking the data subject’s personal identification document containing their photograph. The identity check will be conducted in the Data Controller’s premises prior to disclosure of any data. The Data Controller will respond to the data subject within the time limit set by the EU General Data Protection Regulation (usually within one month).

Insofar as the data subject or user of the register is able to do it themselves, they shall, without unwarranted delay, having received notice of an error or having identified an error themselves, act promptly and rectify, remove or augment the data item in the register that is erroneous, superfluous, incomplete or outdated or otherwise contrary to the purpose of the service.

Data subjects can update their basic information by contacting Artists’ Association of Finland by email at matrikkeli@artists.fi. The identity of the data subject may be verified using background questions.

A request for rectification can also be submitted using a signed document or in some other verifiable manner and must be addressed to the Data Controller, who will make the decision concerning rectification. The identity of the data subject will be verified from an official form of identification prior to rectification or deletion of data, if deemed necessary.

Other rights pertaining to the processing of personal data
Data subjects have the right to request the deletion of their personal data from the register (‘right to be forgotten’).
Additionally, data subjects have other rights accorded by the general data protection directive of the EU. Requests pertaining to processing of personal data must be submitted in writing to the Data Controller. The Data Controller may ask the requester to prove their identity. The Data Controller will respond to requests within the time limit set by the EU General Data Protection Regulation (usually within one month).