Credit Jaakko Paarvala

Privacy Policy

Online Privacy Policy of the Helsinki Philharmonic Orchestra 

The City of Helsinki uses personal data only as is required for carrying out its operations and only as permitted by law. The City of Helsinki complies with the EU’s General Data Protection Regulation (2016/679)) and The Data Protection Act (1050/2018) on the processing of personal data. Personal data is retained only for as long as is necessary for the stated purpose. 

Information about cookies 

Our website uses cookies. Cookies are small text files that your browser saves on your device when you visit a website. They make the site easier to use and allow us to add different features. 

Cookies allow us to track the number of visitors to the service, what pages they accessed, and information about their browsers and operating systems. Cookies are also used to store the user's IP and network address. This information helps us understand how the website is used and how it can be further developed. Cookies also allow us to share the content of the website on social media. For these functions we use third-party services, such as Matomo and AddThis, that can set cookies. 

Using our website means that you agree to our use of cookies. You can restrict or block cookies at any time through your browser settings. However, if you decide to remove cookies, the site may not work properly, or the user experience may be less satisfactory. 

Personal data collected by the Helsinki Philharmonic Orchestra 

The types of data collected from visitors to the www.helsinginkaupunginorkesteri.fi website and users of the HKO Screen app include the following: name, contact information, such as e-mail and postal addresses, and newsletter subscription details. 

For musicians who have registered for an audition using the Muvac system, we also collect the following types of personal data: date of birth, phone number, and application details, such as position applied for, details about the accompanist and CV or information about studies and working experiment. 

We may also collect technical data in connection with using our online services that may relate to you. The types of technical data that are collected may include the following classifications of personal data: 

  • Logs and timestamps for service usage 
  • Browser and operating system data 
  • Data collected by network analytics about online visits, such as time of visit, pages visited and browser data 
  • Device identifiers, such as a device model and a unique device and/or cookie identifier  
  • Data about purchases made using the HKO Screen app 

Why do we collect personal data 

We collect personal data for the following purposes: 

1. Marketing and customer relationship management 

Subscribers to our newsletter receive information about upcoming events and special offers, for example. The personal data of newsletter subscribers is administered by Gruppo Software Oy. Subscribers to our season brochure receive the brochure and other possible informative material to their home addresses once a year. The personal data of season brochure subscribers is administered by DM-Database Oy. The handling of personal data is based on customer consent. You are entitled to withdraw your marketing consent by removing yourself from the mailing list which can be done using the link provided in the newsletter, and ask your HKO Screen account to be deleted by sending an e-mail to helsinki.philharmonic@hel.fi or by calling 09 310 22700.  

2. Service improvements and data security 

We also collect personal data to ensure data security, as well as to improve the quality of our online services and new features. The handling of technical personal data is based on our legitimate interest to ensure a sufficient level of data security and to obtain sufficient data for improving the service. 

3. Audition notifications 

Musicians can register for auditions for open positions at the Helsinki Philharmonic Orchestra using an online application in Muvac. To use the Muvac system, you need to provide an email address to the system. Muvac's terms of service can be found in the link here.  

 

Privacy statement 

EU General Data Protection Regulation (2016/679), articles 13 and 14 

Helsinki Philharmonic Orchestra’s customer register for ticket sales 

Controller 

The controller is the Culture and Leisure Committee, which delegated the controller’s tasks to the Culture Director on 27 March 2018, Section 71. 

Why do we process your personal data? 

The purpose of the processing of personal data is the organisation of the Helsinki Philharmonic Orchestra’s ticket sales: the sale of season tickets and individual concert tickets, i.e. single tickets, as well as the sending of service messages related to ticket sales. 

Personal data is also processed for the purposes of maintaining customer relations with the Helsinki Philharmonic Orchestra and marketing the orchestra’s services to those who have given marketing permission. 

Purpose of the processing 

Personal data is processed to the extent necessary for ticket sales in the ticket sales system of Tixly Sweden AB, managed by Helsingin Musiikkitalo Oy. The Helsinki Philharmonic Orchestra processes personal data for the organisation and development of the orchestra’s visitor services, marketing communications and customer service. 

Legal grounds for the processing of personal data 

General Data Protection Regulation, Article 6(1)(a): the data subject has given consent to the processing of his or her personal data for one or more specific purposes. Article (1)(b):  Processing is necessary for the performance of a contract to which the data subject is party. A ticket is a contract between the event organiser (Helsinki Philharmonic Orchestra) and the customer.  

Essential legislation 

  • EU General Data Protection Regulation (679/2016) 
  • Data Protection Act (1050/2018) 

What personal data do we process about you? 

We process the identifying and contact data and date of birth of the registered individual as well as the identifying and contact data and payment method data of business and community customers. 

How do we collect personal data?  

The data is obtained from the data subject himself/herself, i.e. the customers who buy tickets: individuals, companies and communities.   

To whom do we disclose your personal data?  

No regular disclosures of data. 

Personal data processors 

Each of the main operators of Musiikkitalo the Helsinki Philharmonic Orchestra, the Radio Symphony Orchestra and the Sibelius Academy of the University of the Arts) is the controller of its own customer register for ticket sales in respect of the personal data whose purposes and means of processing it determines in accordance with the legislation of the European Union or of a Member State.  

The data in the Helsinki Philharmonic Orchestra’s customer register for ticket sales is processed by the orchestra itself and, to the extent necessary for ticket sales, by Helsingin Musiikkitalo Oy. The sub-processors of the data in the register are Tixly Sweden AB, responsible for the technical ticket sales system and online shop, Compass Group (Musiikkitalo’s restaurant), Avarn Oy, responsible for Musiikkitalo’s security services and Cuuma Communications Oy (Call centre system supplier). 

Will your personal data be transferred outside the EU or EEA? 

As a processor of personal data, Musiikkitalo may only transfer personal data to such non-EU/EEA territories that have been recognised by the Commission as providing an adequate level of data protection in accordance with Article 45 of the GDPR. As a processor, Musiikkitalo is responsible for ensuring that transfers are made in accordance with the safeguards set out in Chapter 5 of the GDPR.  

How long do we store your personal data? 

Personal data is stored for the duration of the customer relationship, but inactive customer relationships are deleted from the system three (3) years after the last purchase transaction.  

Automated decision-making and profiling 

The processing of personal data does not involve automated decision-making and profiling. 

Your rights in relation to the processing of your personal data 

The data subject’s rights and instructions for exercising them are available at: 

https://www.hel.fi/en/decision-making/information-on-helsinki/data-protection-and-information-management/data-protection/rights-of-data-subjects-and-exercising-these-rights 

Right of access (Right of access by the data subject, Article 15) 

You have the right to know whether your personal data is being processed and what data is stored about you. The City of Helsinki will provide the information without undue delay, at the latest within one month of receiving the request. If necessary, this period may be extended by a maximum of two months if the request is of exceptional scope and complexity. If the time limit is extended, the city will inform the person requesting the information of this within one month of receiving the request, as well as of the reasons for the delay. 

Right to rectification (Article 16) 

You have the right to demand that the city rectify imprecise and inaccurate personal data concerning you without undue delay. In addition, you have the right to the supplementation of incomplete information. Any incompleteness of the data will be resolved by taking into account the purpose of the processing of personal data. If the city does not accept the person’s demand for rectification, it will issue a written certificate stating the reasons the demand was not accepted. The possibility of lodging a complaint with a supervisory authority and of seeking other remedies is also mentioned in connection with the certificate. 

Right to erasure (‘right to be forgotten’) (Article 17) 

In some exceptional cases – for example, if the processing of data has been based on the person’s consent and the person withdraws their consent – the person has the right to have their data erased, or in other words, to be forgotten. If the city does not accept the person’s demand for erasure, it will issue a written certificate stating the reasons the demand was not accepted. The possibility of lodging a complaint with a supervisory authority and of seeking other remedies is also mentioned in connection with the certificate. The right to erasure does not exist if the processing is based on compliance with the city’s statutory obligation, or it is related to the performance of a task carried out in public interest or the exercise of public authority vested in the city. 

Right to restriction of processing (Article 18) 

In certain situations, a person may have the right to request that the processing of their personal data be restricted until their data has been duly checked and corrected or supplemented. Such situations include a person denying the accuracy of their data, in which case the processing of their data is restricted while the city is checking their accuracy. 

Right to data portability (Article 20) 

A person has the right to transfer their personal data from one controller to another if they have themselves provided the controller with their personal data, the processing of the data is based on consent or a contract and the processing is carried out automatically. This right does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of an official authority vested in the city. 

Right to object (Article 21) 

A person has the right to object to the processing of their personal data at any time on grounds related to their personal situation, where the processing is based on the performance of a task carried out in the public interest or in the exercise of an official authority vested in the city. In this case, the data may be further processed only if there is a substantial and justified reason for the processing that can be demonstrated by the city. The processing may also continue if the processing is necessary for the establishment, exercise or defence of legal claims. 

Right to lodge a complaint with an authority (Article 77) 

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the EU General Data Protection Regulation (EU) 2016/679. You also have the right to exercise other administrative and judicial remedies. 

Office of the Data Protection Ombudsman 

Street address: Lintulahdenkuja 4 

Postal address: PO Box 800, FI-00531 Helsinki, Finland 

Email: tietosuoja@om.fi 

Switchboard: +358 29 56 66700 

How can you contact us about data protection issues? 

[Body text] 

Responsible person  

[contact person for the service and email address] 

Contact information 

[City of Helsinki, Registrar’s Office, PO Box 10 (Pohjoisesplanadi 11–13), FI-00099 City of Helsinki, Finland] 

Contact information of the data protection officer 

 

City of Helsinki’s Data Protection Officer 

tietosuoja@hel.fi 

+358 9 310 1691 (switchboard) 

 

This privacy statement was updated on 19.4.2024.