Contact details of the Data Controller

Giraffe-Events (Aftersunset Oy)
Mäenrinne 3E, 42
02160 Espoo
Finland
Contact details:
info@giraffe-events.com
+358456384305

Purpose of personal data processing

We process your personal data for managing, managing and developing the customer relationship. We need your personal data to implement our services, such as the delivery and invoicing of tickets and products. We also process personal data to implement customer communications, such as when announcing changes or possible cancellations of an event. In addition, we use your personal data for our and our partners' advertising, distance sales and other marketing as well as market and opinion surveys.

In order to offer interesting content, we can target our marketing communications by analyzing the data processed in our register, such as the usage data of our services. We do not perform automated decision-making through profiling or otherwise.

Online advertising and analytics tools are used to collect information about online store users. We use cookies that allow us to target third-party marketing on websites outside the Service, for example, based on which items you have searched for or which pages you have viewed. We also process personal data for the analysis and development of our services and for statistical purposes.

The information we collect directly from you

• When you register to the service, we collect your name, e-mail address, and password. This information is collected for identification, communication, and implementation of the service. We do not store passwords in a readable form. For marketing purposes, we ask for a separate consent.
• The information required for payments is not stored in our system. We do keep the tokens of the payment cards that you saved, their type, validity, and last 4 digits. The information does not include the complete card number, security code, or other information required for online payments. Giraffe-events does not charge the card. All of the payments are handled by a PCI Certified Payment Provider Level 1 – the Stripe, Inc. Payment procedure in their service is secure, as all of the payment information is transmitted using encrypted connection so that no third party can access it.
• We store your purchase history (receipts), which is required by the Accounting Act, and we use that information for the use of purchase behavior profiling. We will anonymize the data if you withdraw the consent.
• When you contact our customer support through an email, we collect the information you provide us in order to be able to help you with your case. We may also store that information to develop our customer support.

We collect the aforementioned information directly from you. You hand over information by signing up, signing in, using the service, adding a payment card, making purchases or making a customer service request. This information is used for communication and to either develop or provide services.

Data automatically collected from the use of the website

• We process your personal data when you shop on our website, even if you have not registered as our customer or logged into our service.
• When you go to the website, we process your following information using cookies:
  • Information about your terminal device and your online behavior
  • Time of browsing and session duration
  • What links or ads you click on and what ads or other content you've viewed
  • Information derived with the help of analytics

Data Processors and Cross-Border Processing

Data processing is being done by employees of Giraffe-Events, in accordance with the current Personal Data Act. Giraffe-Events reserves the right to outsource the processing of personal data to a third party, thereby guaranteeing contractual arrangements that personal data will be processed in accordance with the Personal Data Act and otherwise appropriately.

Information related to purchase transactions is transferred to our payment service provider, Stripe, for charging. Stripe, Inc contact information can be found here: Stripe: Help & Support

Otherwise, data will not be combined with other registers and will not be disclosed to third parties, unless required by law (e.g. the Accounting Act).

Right of inspection

You have the right to check what information about you is stored in the register. In addition, after making an inspection request, you have the right to receive information about yourself. The inspection request must be addressed in writing to the controller's contact person.

The right to demand correction and deletion of information

The register keeper must correct incorrect information in the register indicated by the person concerned. The registrar also has the obligation to check the accuracy and timeliness of the information in the register through independent activities. You also have the right to demand that the data controller delete your information from the register.

Other rights related to the processing of personal data

You have the right to demand the restriction of the processing of personal data. You also have the right to receive the personal data concerning you that you have provided to the data controller in a structured, commonly used and machine-readable format and the right to transfer the data in question to another data controller. In addition, you have the right to object to data processing.

Data deletion and retention period

The registrar will delete the customer's data from the register within three years from the last time the data was processed, or if you require the registrar to delete the data about you based on the law itself. However, the data will not be deleted if the law stipulates otherwise, or a competent authority has started a process that requires the data controller to keep the data, or another entity has applied to the Finnish court for a security protection decision for the data.