Read more about Suomisport’s data protection policy

Read the data processing policy

1. Controller

Name: Finnish Olympic Committee
Address: Valimotie 10, postal address: FI-00380 Helsinki

2. Contact in matters regarding the data file

Name: Sari Aro, sari.aro@olympiakomitea.fi, suomisport@olympiakomitea.fi
Address: Valimotie 10, postal address: FI-00380 Helsinki

3. Name of data file

Data file for the Suomisport service.

4. Description of data file

Suomisport is a sports and exercise service provided jointly by the Finnish Olympic Committee and the Finnish sports community. Through the Suomisport service, data subjects can obtain a variety of sports and exercise services, such as competition licences, insurance policies and club memberships, in addition to registering for various events. Data subjects manage their own information, and the controller and processors of the personal data gain access to the data subjects’ information for a fixed period only and exclusively for the purpose indicated to the data subjects.

Services related to sports and exercise can be integrated into the Suomisport service. These services utilise the personal data contained by Suomisport if there are legal grounds for their processing. For example, the personal data contained by a competition licence are used in the competition system.

COLLECTED DATA

The following personal information is collected for the purposes of the data subject’s own service management:
language, name, personal identity code, citizenship, Suomisport ID, telephone number, e-mail address, address and country
If a data subject wishes to make purchases for a dependant within the Suomisport service, Suomisport will collect the corresponding information for the dependant in question.

5. Grounds for providing the personal identity code and the use of the code

An e-mail address or mobile phone number is used to register for the service. The personal identity code is requested in conjunction with the registration. The service uses personal identity codes to identify data subjects unambiguously. This identification is a benefit to the data subjects as it ensures that no two identities can be mixed up. Collecting the personal identity code for unambiguous identification is necessary and lawful.

The processors of the Suomisport service cannot see or process the personal identity codes of data subjects. The personal identity code is only shown to the data subject in question and the administrator of the Suomisport system.

6. Processing and use of personal data

USE OF DATA

The parties processing personal data for the Suomisport service only access the data in the form of anonymous statistics. The administrator processes personal data for the purpose of resolving error situations.

The Suomisport service uses the personal data of each registered user to inform them about any events, products or services that promote an athletic lifestyle and are offered through Suomisport.

DISSEMINATION OF DATA

When registered users access Suomisport services, their personal data is conveyed to the necessary parties. Data is also disclosed when purchasing an insurance policy or entering information into a competition system, for example. Every instance of disclosure is indicated to the registered users separately when the service in question is being used. In other words, the data subjects are informed about the use and processing of their personal data on a service-specific basis. If the use of the personal data is not based on any other legal grounds, the data subjects will be asked to provide their explicit consent in accordance with the purpose of use of the service in question.

MARKETING PERMISSION

If they wish, data subjects can provide their consent for the direct marketing activities of third parties.

7. Ensuring the commitment of service providers to data security

Suomisport has a delivery agreement with the technical supplier Vincit Oy, which complies with the agreed terms and conditions for data security and data protection IT2015 YSE general agreement terms and conditions (Section 8) and IT2015 ETP special terms and conditions for services delivered via data networks (Sections 13 and 14). Vincit meets the requirements of the ISO-9001 standard. The relationship with the payment service provider Maksuturva Group Oy adheres to Section 11 (functionality and data security) of the general terms and conditions for payment security services (online retailer) and the terms and conditions in the agreement appendix on the processing of personal data within the Maksuturva service. The providers of the Suomisport services – i.e. other controllers and processors, such as sports federations and clubs – are required to commit to Suomisport’s data protection principles by means of agreements.

Insurance companies or other service providers are also required to commit to Suomisport’s data protection principles by means of agreements.

8. Inspecting and editing personal data

Registered users can view, manage and maintain their own information. The system administrator can edit the information in conjunction with resolving failure situations.

9. Removing one’s personal data

The services integrated into Suomisport are entitled to access the information of registered users for the validity period of these services.

The profile information of each registered user will remain in the Suomisport system. Registered users can edit their information and/or request the complete erasure of their information/profile within the transition period. Should a registered user deem that they will not be needing the extensive sports services provided by Suomisport, they can request the erasure of the information by sending e-mail to suomisport@olympiakomitea.fi. The system automatically deletes passive users within five years.