Privacy policy

This privacy policy notice concerns the personal data of buyers of Amos Rex’s museum tickets. In this policy, we describe how we process your personal data when you purchase tickets to Amos Rex through our online shop.

Data controller

Name: Amos Rex AB / Amos Rex
Business ID: 2137480–2
Mannerheimintie 22–24, 00100 Helsinki

Name of register

Customer register of Amos Rex’s ticket sales system

Contact person for matters related to the register

Head of Education Elsa Hessle, elsa.hessle@amosrex.fi
Mannerheimintie 22–24, 00100 Helsinki

Purpose and legal basis of processing personal data

We collect your personal data so that we can deliver your ticket. The collected personal data is used for the purposes of Amos Rex’s ticket sales system. We use your data when you purchase products or a ticket so that we can:

• process your order,
• support the site’s user experience,
• receive payment, and
• provide customer support.

The legal basis for processing personal data is the execution of contract. We process your personal data to complete the transaction of delivering your ticket.

When we process your personal data, we always ask for your consent. The consent may be withdrawn at any time.

Data sources

Amos Rex collects the personal data to be processed directly from the buyer of the museum ticket.

Personal data to be processed

We collect the following data from the registered for the ticket purchase: the person’s first and last name, address, phone number, e-mail address, and information on the processed orders.

Protection and security of the register

Amos Rex is committed to following sufficient security measures in all its activities to protect personal data.

Digital contents are stored in a service provider’s environment. The service is protected with personal passwords, and the transfer of data is done through encrypted data transfer connections.

User rights are limited to only viewing or updating the data to the extent required by one’s work tasks.

Recipients of personal data

Recipients of personal data are third parties, i.e. data controllers and those processors of personal data to whom the personal data is transferred or handed over.

Because we use service providers as partners, we have ensured that all our service providers comply with data protection legislation. We regularly use the following service providers to process personal data:

Johku (provider of the online shop platform system)

WordPress (provider of the website platform system)

Paytrail (provider of payment system)

Agreements have been made with the above-mentioned processors of personal data, as required by the GDPR.

Personal data can be handed over for marketing purposes to our partners if the registered person provides their consent on our website. This consent may be withdrawn at any time.

Transferring personal data outside the EU/EEA

The collected personal data that is used for the purposes of Amos Rex’s ticket sales system is not transferred to third parties. Personal data is transferred outside the EU/EEA zone when necessary for providing the service. This type of transferring always takes place in accordance with standard contractual clauses approved by the European Commission.

Transferring personal data when consenting to digital marketing purposes

When we process your personal data for marketing purposes, we may transfer your personal data to third parties. We always ask for your consent for this. The consent may be withdrawn at any time. Consent to marketing purposes is not a prerequisite for buying a ticket.

If you consent, we transfer personal data only to our immediate contractual partners and only to the extent that is necessary. The consent may be withdrawn at any time.

Storing and removing personal data

We store the information from ticket sales for 10 years. We only store your data for the purposes defined in this policy and for legal purposes applying to us that require for the data to be stored. We remove your data securely once we no longer need it for these purposes in accordance with the company’s policies.

Removal takes place through technical means, and also backup copies are removed after the deadline.

Automated decision making and profiling

Amos Rex does not use the data for automated decision making or profiling.

Rights of the registered

The registered has the right to see the saved data on them, demand the correction of possibly false data and completion of incomplete data and to be removed if there is no legal basis for storing the data. The registered also has the right to request for their data to be limited, oppose the processing of their data and the right to transfer their data from one system to another.

The data controller may ask for the presenter of the request to prove their identity. The data controller shall respond to the customer within the time frame stipulated by data protection legislation (primarily within a month).

All data check and correction requests shall be made to the contact person in charge of register matters mentioned at the start of this document.

Complaint right

The registered has the right to file a complaint to the supervisory authority if they find that their data has been mishandled. The supervisory authority in Finland is the data protection ombudsman.

This privacy policy has been updated on 13 October 2022.

This privacy policy concerns the personal data of subscribers to Amos Rex Museum’s newsletter. This data protection policy notice describes how we process your personal data when you become a subscriber to our general newsletter or newsletter for teachers.

Data controller

Name: Amos Rex AB / Amos Rex
Business ID: 2137480-2
Mannerheimintie 22–24, 00100 Helsinki

Name of register

Amos Rex’s newsletter subscriber register

Contact person for matters related to the register

Head of Communications Iia Palovaara, iia.palovaara@amosrex.fi
Mannerheimintie 22–24, 00100 Helsinki

Purpose and legal basis processing personal data

The collected personal data will be used for communicating about Amos Rex’s operations via the newsletter.

The legal basis for the processing of data is the registered person’s voluntary, individualised, deliberate and unambiguous consent. The registered has the right to cancel their consent and newsletter subscription at any time.

Data sources

Amos Rex collects personal data for sending the newsletter from the registered person.

Personal data to be processed

We collect the following data on the registered person for newsletter subscription purposes: e-mail address, person’s first name and surname.

In the subscription form of the newsletter for teachers we also ask for the name of the school.

Protection and security of the register

Amos Rex is committed to following sufficient security measures in all its activities to protect personal data.

Right to use the register is limited on the organisational level to viewing the data or updating it to the extent required by the work tasks.

Use of the register requires a user name. The main user also determines the level of user rights. Logging on to the system requires a user password and the system is used through an encrypted SSL connection.

Recipients of personal data

Recipients of the personal data are those third parties to whom the personal data in the register is transferred or handed over, i.e. the data controller and processers of the personal data.

Amos Rex uses data processors to process personal data. The data is collected into the system of service provider MailChimp. Amos Rex has made an agreement with MailChimp, as required by the data protection regulation, on the processing of personal data.

Personal data may be transferred to our partners for marketing purposes upon consent from the registered on our website.

Transferring personal data outside the EU/EEA zone

Personal data is transferred outside the EU/EEA zone when necessary for providing the service. This type of transferrring always takes place in accordance with standard contractual clauses approved by the European Commission.

Storing and removing personal data

Amos Rex stores personal data upon further notice. The registered may, however, discontinue their newsletter subscription any time, which will result in their data being removed.

Removal of the data takes place through technical means, and backup copies will also be also removed.

Automatic decision making and profiling

Amos Rex does not use data for automated decision making or profiling.

Rights of the registered

The registered has the right to see the saved data on them, demand the correction of possibly false data and completion of incomplete data and to be removed if there is no legal basis for storing the data. The registered also has the right to request for their data to be limited, oppose the processing of their data and the right to transfer their data from one system to another.

The data controller may ask for the presenter of the request to prove their identity. The data controller shall respond to the customer within the time frame stipulated by data protection legislation (primarily within a month).

All data check and correction requests shall be made to the contact person in charge of register matters.

Complaint right

The registered has the right to file a complaint to the supervisory authority if they find that their data has been mishandled. The supervisory authority in Finland is the data protection ombudsman.

This data protection policy has been updated on 26 October 2021.