Name of the register
Customer register of the Finnish National Gallery’s sales team
Finnish National Gallery
Business ID: 0800570-3
Data protection officer
Mari Alijoki, Sales Director
Tel: +358 294 500 343
Purpose and legal basis of processing personal data
The processing of personal data provided to the Finnish National Gallery is legally based on Article 6 of the EU’s General Data Protection Regulation (GDPR) and the Finnish Data Protection Act (1050/2018). The data is retained for as long as the functional connection to the original purpose is maintained. Some of the data is stored in accordance with the norms established for data storage. The basis is to minimise data retention periods so that unnecessary data is not retained.
The processing of personal data is also based on the Finnish National Gallery Act issued on 13 December 2013. Accordingly, the Finnish National Gallery was established to strengthen the significance of art in society (Finnish National Gallery Act 889/2013, section 1). The task of the gallery is to take care of and to expand the national art collection, to organise exhibitions and other art museum activities, and to participate in the development of the museum field. While carrying out its tasks, the Finnish National Gallery shall strengthen the societal impact of the visual arts (Finnish National Gallery Act, section 2). The museums of the Finnish National Gallery are the Ateneum Art Museum, the Museum of Contemporary Art Kiasma and the Sinebrychoff Art Museum.
In addition to the above, the processing of personal data may also be based on a customer relationship or the customer’s consent.
The purpose of the register is to maintain the customer register of the Finnish National Gallery's museum shop and to process and archive customer orders. The information in the register can be used in connection with developing the operations of the Finnish National Gallery's sales team, collecting customer feedback, statistical purposes and marketing.
Contents of the register
The personal data file contains the following data where applicable:
- First and last name of the person
- E-mail address
- Address (Street address, Postal code, City, Country)
- Telephone number
- Business ID
- Data about processed orders (products ordered, order total, discount codes used)
- Payment methods and related data for orders
- Data provided on forms and in data fields
- IP address
- Data generated by website usage (e.g. Google Analytics)
Regular sources of information
Information is gathered from registered stakeholders who are important for the operations of the Finnish National Gallery and public registers within the limits permitted by law (e.g. Finnish Trade Register, Business Information Register, Tax Administration Registers, Population Register Centre).
Other regular sources of information:
- telephone conversations
- use of digital sales channel and orders made using this sales channel
Regular disclosures of information
Information is not disclosed outside the Finnish National Gallery. The personal data of the data subject is destroyed at the request of the user.
Principles in accordance to which the data file has been secured (system access control, roles, and access rights to information)
- The system is technically secure and used with a secure connection. The system is protected by usernames and passwords.
- There are limited user rights to the registry/system and user rights are managed by the system administrators.
- Access to and processing the data in the registry/system is limited to authorised personnel within the Finnish National Gallery and its museums.
- The information in the registry is protected from unauthorised viewing, alteration, and destruction.
- Security is based on the management of user authorisations, the technical security of databases and servers, the physical security of the premises, access control, data security and data backups.
How to inspect personal data
More detailed information on how to inspect, change or delete personal data can be found on the Finnish National Gallery's “Accessibility and Privacy Policies” page: