Read more about Suomisport’s data protection policy

Read the data processing policy

1. Controller

Name: Finnish Olympic Committee
Address: Valimotie 10, postal address: FI-00380 Helsinki

2. Contact in matters regarding the data file

Name: Sari Aro, sari.aro@olympiakomitea.fi, suomisport@olympiakomitea.fi
Address: Valimotie 10, postal address: FI-00380 Helsinki

3. Name of data file

Data file for the Suomisport service.

This privacy policy applies to the Suomisport service and the information contained by the Sport accounts created in the service. The privacy policy describes how the Finnish Olympic Committee as the controller processes the information contained by the users’ Sport accounts.

4. Description of data file

Suomisport is a sports and exercise service provided jointly by the Finnish Olympic Committee and the Finnish sports community. Each user must create a personal user account, i.e. Sport account, in the Suomisport service. The Sport account is intended for users to access the service and manage their information in accordance with the My Data principle.

 

Through their Sport account, a data subject can purchase a variety of sports and exercise services available in the service, such as competition licences, insurance policies, club memberships, club products and services, and event registrations. Through the Sport account, which is available online and as a mobile application, users can manage their own daily sporting activities and those of their dependants.

 

When a person accesses the various services encompassed by Suomisport, the controllers (i.e. service providers, such as the sports federation or a club) or those processing the personal data contained by them gain the right to use the data subject’s information for the lawful purposes indicated to each data subject upon service use and for a limited period only. The purpose of use is described in the service providers’ accounts regarding the processing of personal data.

COLLECTED DATA

The following personal information is collected for the purposes of the data subject’s own service management:
language, name, personal identity code, citizenship, Suomisport ID, telephone number, e-mail address, address and country
If a data subject wishes to make purchases for a dependant within the Suomisport service, Suomisport will collect the corresponding information for the dependant in question.

5. Grounds for providing the personal identity code and the use of the code

Upon the creation of an account, the personal identity code is used for identification, based on which each user is provided with a personal Sport ID and Sport account. Collecting the personal identity code for the service is necessary and lawful.

The personal identification number requested in the context of creating a Sport account is processed only in accordance with the law (Data Protection Act 5.12.2018/1050, § 29 Processing of personal identification number) and is not otherwise forwarded or processed in the Suomisport service. The persons who process personal data for the Suomisport service cannot view or process the personal identity codes of the registered persons. The personal identity codes are only displayed to the administrator of the Suomisport service in the context of error correction.

6. Processing and use of personal data

USE OF THE PERSONAL DATA CONTAINED BY A SPORT ACCOUNT

The personal details contained by a Sport account are processed by the service providers’ processors who have been granted access to the service. The processors of personal data gain access to the data subjects’ details for a limited period only and for the specific lawful purpose that is indicated to each data subject upon accessing the service. Each processor of personal data is bound by terms of use regarding the use and data protection of the Suomisport service. All service providers are obliged to describe the personal data processing measures as regards their own data file.

The administrator of the Suomisport service will process personal data as necessary in the context of data file maintenance and error resolution. The Suomisport service may use the personal data of each registered user to inform them about any events, products or services that promote an athletic lifestyle and are offered through Suomisport.

USE OF DATA REGARDING SPORT ACCOUNT ACCESS

The personal data in and access data of the Suomisport service can be used for statistical and official purposes in an anonymised format.

In addition to this, the Google Analytics online analytics tool uses cookies to collect statistical data. This information is collected for the purpose of developing the service and analysing visitor numbers, content appeal and the ways in which the service is used. The data collected, saved and analysed by Google Analytics does not include details that can be used to identify any individual. Google manages this information in accordance with its privacy policy.  

DATA DISCLOSURE

When registered users access Suomisport services, their personal data is conveyed to the necessary parties. Data is also disclosed when purchasing an insurance policy or entering information into a competition system of the service providers, for example. Every instance of disclosure is indicated to the registered users separately when the service in question is being used. In other words, the data subjects are informed about the use and processing of their personal data on a service-specific basis. If the use of the data is not based on legal grounds, the data subjects will be asked to provide their explicit consent in accordance with the purpose of use of the service in question.

MARKETING PERMISSION

If they
wish, data subjects can provide their consent for the direct marketing
activities of third parties. 

7. Ensuring the commitment of service providers to data security

Suomisport has a delivery agreement with the technical supplier Vincit Oy, which complies with the agreed terms and conditions for data security and data protection IT2015 YSE general agreement terms and conditions (Section 8) and IT2015 ETP special terms and conditions for services delivered via data networks (Sections 13 and 14) as well as the general terms IT2018 EHK. Vincit meets the requirements of the ISO-9001 standard.   

 

As regards the payment service provider  Svea Payments Oy, the terms and conditions under Section 10 ‘Functionality and data security’ of the general terms of agreement (online vendor) are applied, in addition to the terms and conditions in the agreement appendix.   

 

All service providers, i.e. other controllers and processors, are bound to Suomisport’s data protection principles through contracts.   

8. Inspecting and editing personal data

Registered users can view, manage and maintain
their own information in their Sport accounts. The Suomisport administrator can
edit the information in conjunction with resolving failure situations. 
 

9. Removing one’s personal data

The Suomisport service providers (sports federation, club) have the right to use a data subject’s personal data for the validity period of the service in question. The validity period is the term of operation of the service, with an added transition period of 13 months. After this, the service loses its connection to the person’s Sport account.  

 

The personal details of registered users are stored under the personal Sport account of each respective user in the Suomisport service. The system automatically removes the personal data under Sport accounts that have been inactive for a period of five years. Registered persons can request the deletion of their Sport accounts after the transition period by e-mailing suomisport@olympiakomitea.fi.  

 

Updated 8.5.2023