Privacy Policy

This privacy notice concerns the customer register of Amos Rex’s online ticket store and the principles for processing personal data. The notice applies to individuals (hereinafter referred to as “customer”) who purchase or reserve tickets or guided tours through the Amos Rex online store.

This privacy notice and other data protection practices may be updated from time to time. We recommend reviewing the notice regularly.

1. Data Controller

Amos Rex / Amos Rex Ab
Mannerheimintie 22–24, 00100 Helsinki
museum@amosrex.fi
Business ID: 2137480-2

2. Contact Person for Register Matters

Pia Bondestam
Amos Rex / Amos Rex Ab
pia.bondestam@amosrex.fi

3. Name of the Register

Customer register for Amos Rex’s online ticket store

4. Purpose and Legal Basis for Processing Personal Data

We collect personal data in order to deliver tickets or other products or services to the customer. The collected personal data is used for the functions of Amos Rex’s ticketing system.

The legal basis for processing personal data is the performance of a contract. A contract is formed between the customer and Amos Rex when the customer accepts our terms of service and purchases or reserves tickets or guided tours via the online store.

Personal data is used for the following purposes:

Processing the order

Supporting and developing the shopping experience

Receiving payment

Providing customer support

If personal data is processed for marketing purposes, we always request the customer’s prior consent. The customer may withdraw consent at any time.

Personal data is not used for automated decision-making or profiling.

5. Data Content of the Register

First and last name

Contact information: email address, phone number, postal address

Order history

Payment method and payment status (as provided by the payment service provider)

Direct marketing consents and restrictions

Any additional information provided by the customer during the order process

In addition, for companies:

Company name

Business ID

Postal address

Billing address

Intermediary ID

Reference

6. Regular Sources of Data

Data is collected through Amos Rex’s ticket store via electronic forms provided by the Liveto online service. Customers provide the data personally when placing an order for products or services from Amos Rex.

7. Regular Disclosures of Personal Data

Online ticket sales are conducted via an online store maintained by Liveto Group Oy. Paytrail Oyj acts as the payment service provider. In addition, Smartum and ePassi cultural benefit payments are available. These service providers process data from the ticket store’s customer register.

8. Retention Period for Personal Data

Data is retained for as long as necessary to manage the customer relationship and deliver services. However, data is retained for a maximum of six (6) years after the end of the customer relationship to fulfill accounting obligations and handle possible complaints.

9. Data Subject’s Rights

The data subject has the right to:

Access their own data

Request the correction of inaccurate data

Request the deletion of data if there is no legal basis for processing

Object to or restrict the processing of data in certain situations

Lodge a complaint with the Data Protection Ombudsman (www.tietosuoja.fi)

10. Principles on Data Security

Personal data is processed with care. Data is protected through technical and organizational measures such as user IDs, passwords, and access control restrictions. Only personnel whose duties require it have access to the data.

External service providers, such as Paytrail, Smartum, ePassi, and Liveto Group Oy, act as authorized data processors for Amos Rex. These providers are responsible for their own data protection compliance. Their privacy practices are available on their respective websites.

11. Updates to the Privacy Notice

This privacy notice may be updated due to changes in legislation or services. The updated version will be published on this page, and changes may also be communicated separately.

Updated Sep 1, 2025

Data protection policy notice for subscriber register of the newsletter

This privacy policy concerns the personal data of subscribers to Amos Rex Museum’s newsletter. This data protection policy notice describes how we process your personal data when you become a subscriber to our general newsletter or newsletter for teachers.

Data controller

Name: Amos Rex AB / Amos Rex
Business ID: 2137480-2
Mannerheimintie 22–24, 00100 Helsinki

Name of register

Amos Rex’s newsletter subscriber register

Contact person for matters related to the register

Pia Bondestam, pia.bondestam@amosrex.fi
Mannerheimintie 22–24, 00100 Helsinki

Purpose and legal basis processing personal data

The collected personal data will be used for communicating about Amos Rex’s operations via the newsletter.

The legal basis for the processing of data is the registered person’s voluntary, individualised, deliberate and unambiguous consent. The registered has the right to cancel their consent and newsletter subscription at any time.

Data sources

Amos Rex collects personal data for sending the newsletter from the registered person.

Personal data to be processed

We collect the following data on the registered person for newsletter subscription purposes: e-mail address, person’s first name and surname.

In the subscription form of the newsletter for teachers we also ask for the name of the school.

Protection and security of the register

Amos Rex is committed to following sufficient security measures in all its activities to protect personal data.

Right to use the register is limited on the organisational level to viewing the data or updating it to the extent required by the work tasks.

Use of the register requires a user name. The main user also determines the level of user rights. Logging on to the system requires a user password and the system is used through an encrypted SSL connection.

Recipients of personal data

Recipients of the personal data are those third parties to whom the personal data in the register is transferred or handed over, i.e. the data controller and processers of the personal data.

Amos Rex uses data processors to process personal data. The data is collected into the system of service provider MailChimp. Amos Rex has made an agreement with MailChimp, as required by the data protection regulation, on the processing of personal data.

Personal data may be transferred to our partners for marketing purposes upon consent from the registered on our website.

Transferring personal data outside the EU/EEA zone

Personal data is transferred outside the EU/EEA zone when necessary for providing the service. This type of transferrring always takes place in accordance with standard contractual clauses approved by the European Commission.

Storing and removing personal data

Amos Rex stores personal data upon further notice. The registered may, however, discontinue their newsletter subscription any time, which will result in their data being removed.

Removal of the data takes place through technical means, and backup copies will also be also removed.

Automatic decision making and profiling

Amos Rex does not use data for automated decision making or profiling.

Rights of the registered

The registered has the right to see the saved data on them, demand the correction of possibly false data and completion of incomplete data and to be removed if there is no legal basis for storing the data. The registered also has the right to request for their data to be limited, oppose the processing of their data and the right to transfer their data from one system to another.

The data controller may ask for the presenter of the request to prove their identity. The data controller shall respond to the customer within the time frame stipulated by data protection legislation (primarily within a month).

All data check and correction requests shall be made to the contact person in charge of register matters.

Complaint right

The registered has the right to file a complaint to the supervisory authority if they find that their data has been mishandled. The supervisory authority in Finland is the data protection ombudsman.

This data protection policy has been updated on Sep 9, 2025