Regulation 2016/679 of the European Parliament and of the Council and the Finnish Data Protection Act 1050/2018.

Data controller
Espoo Art Museum Foundation / EMMA – Espoo Museum of Modern Art (hereinafter EMMA)
P.O. Box 6661
02070 CITY OF ESPOO
email: info@emmamuseum.fi
tel. +358 43 827 0941
Business ID 1784691-8

Contact person for matters concerning the data file
Saara Suojoki, Development Director, EMMA, saara.suojoki@emmamuseum.fi

Data file name
EMMA customer and stakeholder register

Purpose of processing personal data
Data is collected for the customer and stakeholder register and used in accordance with applicable data protection and other legislation.
The register is used for purposes such as:

• planning, producing, communicating, developing and assuring the quality of EMMA’s own and co-produced exhibitions, other services, events, products and other relevant matters;
• communication and customer support associated with services and targeted customer communications with visitors and other stakeholders;
• meeting statutory obligations;
• marketing and its targeting to customers and potential customers.

Data content of the register
The register contains data necessary for the operation of the museum and the provision of its services, including:

• name;
• title;
• (organisation);
• contact details;
• grouping by purpose (e.g. guests of exhibition openings, EMMA club letter subscribers);
• purpose-based profiling (e.g. stakeholders, business contacts, sectors); and
additional data relevant to the museum’s purpose (e.g. position, title) or contact status (on alternation leave, substitute).

Regular sources of data
Data is collected from stakeholders involved in our own operations and directly from customers. Data may also be collected and updated from public data sources such as websites or public registers maintained by third parties.

Regular disclosures of data
As a rule, data is not disclosed outside EMMA. Data may be disclosed to EMMA’s contracted, established and relevant partners in order to maintain customer relationships and produce services.

Transferring data outside the EU or EEA
Data will not be transferred outside the EU or the European Economic Area.

Principles of the protection of the register
The data stored in the register is protected in a secure manner so that it can only be viewed and used by authorised EMMA employees who need the data for their work. The data system can only be accessed with a username and password issued by EMMA. Upon termination of employment, user accounts will be locked and access to the system will be revoked.

The technical protection of the register is the responsibility of the provider of the electronic service.

Right of inspection and exercise of the right of inspection
Everyone has the right to inspect their personal data and the to request the rectification of inaccurate data in the register. The request for inspection and rectification shall be addressed to the data controller.

Other possible rights
The data subject may object to EMMA’s use of their data for direct marketing and customer satisfaction and other surveys. In addition, the data subject has the right to request that their personal data be erased (right to be forgotten). Any objections and changes to the processing of data concerning the data subject shall be addressed in writing to the data controller.

This Privacy Statement was last updated on 27 March 2024.