The registrar of the register is Safe to Play Oy (Business ID 2665051-1)
The contact person for registry matters is:
tel. 040 543 2957
Safe to Play Oy
Valtakatu 6 B 13
2 Name of the registry
The name of the registry is
a) Safe to Play Oy Customer Register
b) Safe to Play Oy Marketing and communications register
3 Purpose of the processing of personal data
Personal data is processed for purposes related to the management, administration and development of the customer relationship, the provision and delivery of services, and the development and invoicing of services. Personal data is also processed for the purposes required to clarify possible complaints and other claims.
In addition, personal data is processed in communications to customers, such as for information and news purposes and in marketing, as part of which personal data are also processed for purposes related to direct marketing and electronic direct marketing.
The customer has the right to prohibit direct marketing directed at him.
The controller processes the data itself and utilizes subcontractors acting on behalf of and for the account of the controller in the processing of personal data.
4 Legal bases of the proceedings
The legal bases for the processing of personal data are the following in accordance with the General EU Data Protection Regulation (hereinafter also the “GDPR”):
The above-mentioned legitimate interest of the controller is based on a relevant and appropriate relationship between the data subject and the controller as a result of the data subject's processing and the processing for purposes which the data subject could reasonably have expected at the time of collection and in the appropriate relationship.
5 Data content of the register (categories of personal data to be processed)
The register contains, in principle, the following personal data on all registered persons:
6 Regular sources of information
Personal information is collected from the registered person himself.
Personal data shall also be collected and updated, within the limits of the applicable law, from publicly available sources related to the implementation of the customer relationship between the controller and the data subject and through which the controller fulfills its customer relationship responsibilities. The marketing and communications register also collects information about external services or applications, such as Facebook, Instagram, other social media channels, Mailchimp, Campaign Monitor, possible trade fairs and events, customer meetings, partners.
7 Retention period of personal data
The data collected in the register shall be kept only for as long and to the extent necessary in relation to the original or compatible purposes for which the personal data were collected.
The need for the retention of personal data shall be assessed every three years and in any case the data of the data subject shall be deleted from the register five years after the end of that data subject's customer relationship with the controller and the end of the customer relationship obligations and measures. For example, accounting documents are kept for six years from the end of the financial year.
The controller shall regularly assess the need for data retention in accordance with its internal code of conduct. In addition, the controller shall take all reasonable steps to ensure that personal data which are inaccurate, incorrect or out of date for the purposes of processing are deleted or rectified without delay.
8 Recipients of personal data (groups of recipients) and regular disclosures of data
Personal data will not be disclosed to third parties.
9 Data transfer outside the EU or the EEA
Personal data contained in the register will not be transferred outside the EU or the EEA.
10 Registry security principles
Materials containing personal data shall be kept in locked premises to which only designated and authorized persons have access.
The database containing personal data is on a server, which is stored in a locked state, which can only be accessed by designated and authorized persons. The server is protected by an appropriate firewall and technical protection.
Access to databases and systems is only possible with separately issued personal usernames and passwords. The controller has limited the access rights and authorizations to information systems and other storage media so that the data can be viewed and processed only by persons necessary for their lawful processing. In addition, database and system access transactions are recorded in the log data of the registrar's IT system.
The controller's employees and other persons have undertaken to observe professional secrecy and to keep confidential the information they receive in connection with the processing of personal data.
11 Rights of the data subject
The data subject has the following rights under the general EU data protection regulation:
Requests for the exercise of the data subject's rights shall be addressed to the controller's contact person mentioned in paragraph 1.
Registration for Safe to Play training (hereafter referred to as training) is done via an online form, phone call, e-mail or any other means that can be verified later. Order confirmation will be sent to the email given by the student (hereinafter customer).
The invoicing information shall be given at the time of the order and the first pdf-invoice is included in the price. Additional invoices may be added with additional fee as given in the price list.
Safe to Play Oy sells only to corporate customers. An order can be cancelled 24 hours after ordering. Products cannot be returned.
Registration to a training can be cancelled free of charge over the period of 7 days after the registration. Later the cancellation is not possible, but the participation may be transferred to another person, even to a different company.
Due to a force major situation the participation may be transferred to the next training. However, the training is invoiced normally plus an additional € 50 per cancelled day to cover room and serving costs.
The trainings are organized in suitable and secure premises.
A customer whose behaviour disturbs the training will receive an oral request to stop. If the disturbance continues, he receives a warning in a bilateral conversation. If disturbing behaviour still continues, the student will be asked to leave and, if necessary, removed by the security personnel. A person who has been removed from the training receives a one-year ban on participating in Safe to Play training. All of his training fees and other depreciation costs, including any compensation paid for other students due to the disruption or compensation for their leaving from the training, will be charged in full.
Disputes will be resolved in the District Court of the training organiser’s home town.