Privacy Policy

1. Data Controller

Tampere Chamber of Commerce (Business ID 0206122-9) [“Data Controller”]
Address: Kalevantie 2, 33100 Tampere
Phone: (03) 230 0555
Email: info (at) tampereenkauppakamari.fi
Contact person for data protection matters: Juha Koski juha.koski (at) tampereenkauppakamari.fi

2. For what purposes do we process personal data?

Personal data is processed and protected in accordance with applicable data protection legislation,
including the European Union’s General Data Protection Regulation (2016/679, as amended).

The data controller processes personal data for the following purposes:

    • managing and analyzing membership, stakeholder, and customer relationships
    • marketing, implementing, developing, billing, collecting feedback, and selling services,
      products, and events
    • providing member benefits
    • processing the personal data of stakeholders (member companies, individual members,
      persons holding positions of trust, customers, website users) and for stakeholder
      communications
    • developing online services and ensuring data security
    • managing customer relationships and customer service
    • exercising the rights and fulfilling the obligations of the data controller

    3. Legal basis for the processing of personal data

    The legal basis for the processing of personal data consists of the data controller’s statutory
    obligations, agreements, consent, and the data controller’s legitimate interest.
    The controller’s legitimate interest applies when there is a relevant relationship between the data
    subject and the controller. A relevant relationship exists, for example, when the data subject contacts
    the controller on their own initiative or when the controller processes the data subject’s personal data
    for the purpose of providing the controller’s services, products, or events.

    4. What information can we collect?

    The controller’s register contains information on:

      • the Data Controller’s member companies and their representatives
      • individual members
      • persons holding positions of trust
      • stakeholders and their representatives
      • customers
      • potential members and customers
      • users of the online service and applications

      Member companies and individual members refer to companies, representatives of organizations, and
      individual members who have a membership relationship with the controller.

      Persons holding positions of trust refer to members of the data controller’s board of directors and
      committees, as well as representatives from Tampere on the Finland Chamber of Commerce’s
      delegation.

      Stakeholders and their representatives refer to representatives of companies and organizations, as
      well as private individuals, with whom the data controller has a cooperative relationship (for example,
      representatives of companies and other organizations providing services to the data controller), or
      other connection (e.g., political decision-makers, public officials, representatives of other
      organizations, and media representatives).

      “Customers” refers to contact persons at companies and other organizations, as well as individuals
      with whom the controller has a customer relationship or other relevant connection.
      Potential customers refer to contact persons at companies and organizations, as well as private
      individuals, with whom the data controller seeks to establish a customer relationship.
      We collect information about users of our online services and applications using cookies, as
      described in more detail in our cookie policies.

      The following personal data may be processed:

      • name
      • contact information (mailing address, email address, and phone number)
      • member company name, business ID, and contact person
      • the contact person’s position in the company
      • information based on the membership relationship, such as email communications, the use of products and services, and other communications
      • membership details, billing and payment information, customer feedback, and participation in
      • events
      • information concerning the termination of membership
      • log data
      • additional information provided by the data subject
      • the position of trust held by the person and the duration of that position
      • the political party membership of persons holding public positions of trust, such as members of parliament and municipal councillors
      • contact information, date of birth, and food allergies of those who have registered for the controller’s meetings and events, which the registrant has provided voluntarily

      5. What are the regular sources of data for the register?

      The data controller generally obtains personal data from the following sources:

      • from a representative of a member company or from the data subject themselves
      • from authorities, organizations, and companies that provide credit and personal data update
        services
      • from public sources, such as newspapers, the internet, and the commercial register
      • from social media
      • in connection with participation in events and meetings organized by the controller
      • from subscribers to services or products
      • from cookie data of online service users

      6. With whom may we share personal data?

      As a general rule, the data controller does not disclose personal data to third parties unless required to
      do so by authorities or mandatory legislation.

      The data controller uses reliable external service providers and partners (such as the Finland Chamber
      of Commerce) in the processing of personal data as well as in the technical production and
      implementation of its services. External service providers process personal data in accordance with a
      data processing agreement concluded between the parties as required by data protection legislation.
      External service providers have committed to complying with the provisions of this privacy policy in
      their processing of personal data.

      The data controller may also disclose the personal data of event participants (name, organization, job
      title) to other participants in the event in question, provided the participant has given their consent.

      The data controller may disclose personal data for research, advisory-service and direct-marketing
      activities carried out in cooperation with third parties. Data may be shared for these purposes only if
      the third party’s intended use does not conflict with the purposes defined in this privacy policy.

      The data controller has the right to disclose personal data in connection with a corporate transaction
      or other corporate restructuring, or when the service provided by the data controller is transferred to
      another service provider.

      7. Do we transfer personal data outside the EU?

      As a general rule, personal data is not transferred outside the EU or the EEA. However, some of the
      data processors used by the data controller are partially located outside the EU or EEA, and therefore
      personal data is also processed outside the EU and EEA. The data controller may therefore transfer
      personal data outside the country where the services are used and possibly also to countries outside
      the EU and EEA whose legislation does not provide specific protection for personal data or whose data
      protection legislation is very different. Any transfers of personal data outside the EU and EEA will be
      carried out in accordance with applicable data protection laws.

      In such cases, the data controller ensures that personal data is protected in accordance with
      applicable legislation and requires compliance with appropriate technical and organizational data
      protection measures.

      8. How long do we process personal data?

      The data controller processes personal data in this register for as long as necessary to fulfill one of the
      purposes described in Section 2 of this privacy policy.

      The data controller will periodically delete personal data for which there are no longer grounds for
      retention or processing. Deletion is carried out in accordance with the data controller’s own data
      protection policies.

      Notwithstanding the foregoing, the data controller will retain the data of persons holding positions of
      trust for historical records and statistical purposes as long as the individual in question does not
      object to the retention of their personal data for the aforementioned purposes.

      9. How do we protect the register and process personal data?

      Personal data in the register is stored confidentially, and the information contained in the register is
      appropriately protected by encryption, technical restrictions, and separate security software.

      The data controller protects personal data and ensures data security in accordance with generally
      accepted and up-to-date practices, so that personal data is protected against unauthorized access
      and processing, as well as against accidental or unlawful destruction, loss, and corruption.

      The data controller treats personal data as confidential, and all our employees are committed to
      maintaining the confidentiality of the data being processed and to complying with the data controller’s
      data protection and information security guidelines. Access control to confidential data is
      implemented through our CRM system.

      Only designated individuals may grant access and user rights to the system. Access to the system and
      user rights are reviewed regularly.

      Personal data is processed either using automated data processing or manually. The processing of
      personal data does not involve automated decision-making. The data controller does not engage in
      profiling as defined by the EU General Data Protection Regulation that would have legal effects or
      other similar consequences for the data subject.

      10. What are the data subject’s rights?

      The data subject has various rights regarding the processing of personal data. However, the data
      subject cannot exercise all of their rights in all situations. These rights are influenced, for example, by
      the basis on which personal data is processed.

      The rights belonging to the data subject and applicable on a case-by-case basis are:

      Right to withdraw consent

      The data subject has the right to withdraw their consent to the processing of personal data at any time.
      Withdrawing consent does not affect the lawfulness of processing carried out on the basis of consent
      prior to its withdrawal.

      Right of access

      The data subject has the right to obtain from the controller confirmation as to whether or not personal
      data concerning him or her are being processed, and if such personal data is being processed, the
      right to access the personal data and the right to receive the information specified in Article 15 of the General Data Protection Regulation.

      Right to rectification

      The data subject has the right to request that the controller rectify, without undue delay, any
      inaccurate or incorrect personal data concerning the data subject. Taking into account the purposes
      for which the data was processed, the data subject has the right to have incomplete personal data
      completed, including by providing additional information.

      Right to erasure

      The data subject has the right to have the controller erase personal data concerning the data subject
      without undue delay, and the controller is obligated to erase the personal data without undue delay,
      provided that one of the grounds set forth in Article 17 of the GDPR is met.

      Right to restriction of processing

      The data subject has the right to have the controller restrict the processing of personal data if any of
      the grounds set forth in Article 18 of the GDPR are met.

      Right to data portability

      The data subject has the right to receive the personal data concerning him or her, which he or she has
      provided to the controller, in a structured, commonly used, and machine-readable format, and the
      right to transmit that data to another controller without hindrance from the controller to whom the
      personal data has been provided, if the processing is based on consent or a contract and is carried out
      by automated means.

      Right to object to data processing

      The data subject has the right, on grounds relating to his or her particular situation, to object at any
      time to the processing of personal data concerning him or her based on the controller’s legitimate
      interests. The controller may no longer process the personal data, unless the controller can
      demonstrate that there are compelling legitimate grounds for the processing that override the
      interests, rights, and freedoms of the data subject, or if it is necessary for the establishment, exercise,
      or defense of legal claims.

      If personal data is processed for direct marketing purposes, the data subject has the right at any time
      to object to the processing of personal data concerning him or her for such marketing.

      Right to lodge a complaint with a supervisory authority

      The data subject has the right to lodge a complaint with a supervisory authority if they believe the
      controller is acting in violation of applicable legislation regarding the processing of personal data and
      data protection. In Finland, a complaint may be lodged with the Office of the Data Protection
      Ombudsman, which acts as the supervisory authority.

      Measures taken by the data controller and exercising rights

      The data controller must provide the data subject with information regarding the measures taken in
      response to a request concerning the rights listed above without undue delay and, in any case, within
      one month of receiving the request. The time limit may be extended by up to two months if necessary,
      taking into account the complexity and number of requests. The controller must inform the data
      subject of any such extension within one month of receiving the request, along with the reasons for the
      delay. If the data subject submits the request electronically, the information must be provided
      electronically where possible, unless the data subject requests otherwise.

      To exercise their rights, the data subject must contact the data controller by sending an email to
      info(at)tampereenkauppakamari.fi. The data controller will endeavor to respond to the inquiry as soon
      as possible and resolve the matter. If the request is unreasonable or unfounded, the controller may
      refuse the request.

      11. Use of Cookies

      You can read more about the cookies used on the controller’s website under “Cookie Settings.”

      12. Which country’s laws apply to data processing?

      This personal data register and the processing of the personal data it contains are subject to Finnish
      law as well as EU legislation directly applicable in Finland, such as the EU General Data Protection
      Regulation.

      13. Updating the Privacy Policy

      This Privacy Policy was last updated on June 16, 2026.

      The data controller reserves the right to amend this Privacy Policy at any time.

      fiFI
      en_USEN fiFI
      Scroll to Top