Privacy notice, game hub for SMEs in the Capital Region: Participant and partner register of the Espoo Game LAB

Date of publication: 11 January 2024

City of Espoo 
P.O. Box 1, 02070 CITY OF ESPOO

Harri Paananen, Director of Economic Development 
harri.paananen(at)espoo.fi

Heli Hidén, Senior Planning Officer 
heli.hiden(at)espoo.fi

Data Protection Officer of the City of Espoo 
Address: P.O. Box 12, 02070 City of Espoo 
Tel. +358 9 81621 (switchboard) 
Email address: tietosuoja(at)espoo.fi

Personal data will be processed to implement the game hub and Game LAB activities produced by the City of Espoo. This activity is part of the Game hub for SMEs in the Capital Region project.

Personal data is used:

• For registration and contact of people applying to the Espoo Game LAB.
• To communicate with project partners, mentors and teachers.
• To produce the event and teaching activities of the project.
• To develop the project's services.
• For sending newsletters and customer bulletins and for other actions comparable to these. 

In the case of private individuals: Article 6(1)(a) of the General Data Protection Regulation of the European Union: the data subject has given consent to the processing of his or her personal data for one or more specific purposes

In the case of companies and employers: Article 6(1)(e) of the General Data Protection Regulation of the European Union: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

• given first and surname
• organization (and department) and position
• address information of the organization
• municipality of residence
• e-mail address and other relevant contact data, such as links to social media accounts
• phone number
• marketing measures targeted at the data subject and participation in them
• other data disclosed by the data subject
• possible mailing bans (email and mail)
• information about changes to the above data
• consent and preference data
• data related to education, employment history and profession
• newsletter logs
• log data of events arranged with third parties, such as participants of meetings related to the events, public chat data and participation data from virtual events

People whose data can be processed are the register holder’s client and partner companies’ contact persons, persons who due to their position can be regarded cooperation partners, potential clients and/or are within the marketing sphere, persons in contact with the register holder and persons who have participated in the register holder’s events and have given their marketing consent.

The register may process the following data of the registered persons:

• name
• organisation, (department) and position
• address of the organisation, and other relevant contact data, such as links to social media accounts
• e-mail address
• phone number
• open positions within the organisation
• marketing efforts aimed at the registered person and participation in them
• other data disclosed by the data subject
• possible mailing bans (e-mail and mail)
• information about changes to the above data
• newsletter logs
• Log data of events arranged with third parties, such as participants of meetings related to the events, public chat data and participation data from virtual events.

• visit and booking data (this applies to e.g. services related to starting a company and employment)
• data related to organising the service
• notes related to customer work, customer contacts and communications.
•  customer-specific plans

• statistical events of the service

• EkaCRM (“Elinkeino- ja kaupunkikehitysyksikön asiakkuuden hallinnan järjestelmä” - customer relations management system of the Economic Development and Employment unit of the City of Espoo)
• Protected online file storage of the City of Espoo with limited access and user rights.

The data in the register is received or collected from the registered person themselves, the website of the City of Espoo (contact forms, material downloads, newsletter submission forms), and from the enrolments to the events and programs organised by the City of Espoo as well as third parties, such as the Espoo Game LAB

Personal data of contact persons of companies and employers can also be accessed via public internet- and other sources. Such data can also be gathered, saved and updated according to the registers of register holders offering address, update or other services.

Data will be given to cooperation partners who participate in planning and executing the services offered to the registered party.

Personal data will not be transferred outside the EU/EEA. To produce services, the data controller uses cloud services provided by third parties that are governed by United States legislation. This legislation may under special circumstances force cloud service providers to transfer information to United States authorities.

Personal data is stored for as long as it is necessary for the operations of the City of Espoo or until the data subject prohibits the processing of their data.

Documents are stored in controlled and locked facilities. Data stored in systems is protected by access rights and access logs. The personnel are introduced to data protection and appropriate processing of personal data.

If collection of data is based on consent, the customer can at any time revoke the consent and demand deleting of personal data by sending e-mail to the contact person of the register.

Further instructions on submitting information requests referred to in the General Data Protection Regulation.

You have the right to obtain from the controller a copy of the personal data that is subject to processing. The controller shall provide the data without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Requests from the data subject and any resulting actions are free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.

Before disclosing the information, the identity of the person requesting the information is checked, which may require a visit to the Espoo service centre.

You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us.

You have the right to have the controller erase your personal data without undue delay under certain conditions. The data subject does not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In these cases, the data will only be erased after the statutory time limit.

If the data concerning you is inaccurate, you have the right to request that its processing be restricted until its accuracy has been verified.

You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data is in infringement of data protection legislation. You can lodge a complaint with the Office of the Data Protection Ombudsman: www.tietosuoja.fi.