1 Name of register:
Muumimaailma Oy’s customer register
Muumimaailma Oy (Business ID 0925595-8)
Kaivokatu 5, 21100 Naantali
(+358) 02 511 1111
Person responsible for matters relating to the register: Jarkko Kuitunen, Administrative Director, firstname.lastname@example.org
The Controller may employ subcontractors and service providers for the processing of personal data. The Controller shall enter into a written agreement with subcontractors and be responsible for ensuring that the subcontractors used comply with the terms and conditions described here and the Controller’s instructions.
Tietotalo Infocenter Oy (Business ID 1008465-8)
Keilaranta 17 C-talo, 02150 Espoo
(+358) 040 5461110
The electronic register is realised and maintained by: Tietotalo Infocenter Oy / Jarno Malaprade, (+358) 040 5461110
4 Purpose of the processing of personal data and its legal basis
The register stores information on the use and involvement of the Controller’s mobile application, the online store, the cash register system, the MM 2.0 system and customer relationship management. Personal data is processed in order to deliver the communications service between the Controller and the data subject, to produce various eservices, to enable measures based on the data subject’s consent connected with the management of orders, registrations, contact requests, transactions, reports and other customer relations matters, and to plan and develop the business.
The information on use and involvement that is processed in the register as well as location data may also be used to raise profiles, improve marketing and develop customer communications to attract the interest of data subjects. Personal data is also processed when sending out newsletters and in connection with events and other marketing measures.
Processing is undertaken with the data subject’s consent in the case of direct marketing, and to guarantee the legitimate interest of the Controller.
5 Groups associated with the register, information content and personal data categories
The register is used to process the Moominworld mobile application user's name and contact information in connection with the device's unique identifier. The collection of personal data relies on the provision of information by the data subjects themselves and the process is undertaken with their consent.
Some of the data is forwarded to the Moominworld customer relationship management system. The data processed includes:
- Email address
- Marketing authorisation
- Child’s (children’s) year of birth
Location data is not automatically transmitted outside the mobile application’s management system. The following information is also saved when recording location data:
Beacon-based data via a Bluetooth connection on the user’s device is only collected when the user allows that to happen and when the Bluetooth function is activated on their device (Moominworld). When the user is using the mobile application, the register saves information on which beacon transmitter area the device's user has visited at a given time and what content the beacon has activated in the user's application. The register also monitors the use of digital coupons loaded onto the user’s device. The data processed includes:
- The device’s UUID
- The device’s model and operating system
- The application’s choice of language
- The receipt of Bluetooth Low Energy and Bluetooth Smart Beacon-based notifications and push messages
- The visited BLE Beacon device’s’ identifiers
- Time and date of the visit to the Beacon transmitter area
- Beacon -messages display information
- Information on the use of Beacon coupons and draws and other Beacon-based content and functions, dates and times
Online store (Lippukone & Bokun)
The register saves the online store user’s name and contact details with reference to the order.. The collection of personal data relies on the provision of information by the data subjects themselves and the process is undertaken with their consent.
Some of the data is forwarded to the Moominworld customer management system. The data processed includes:
- Marketing authorisation
- Order details(Bokun)
- Services and products purchased
- Order date
Cash register system
The register only saves details of the data subject’s purchases via the Moominworld cash register system if the data subject wants it to. Authentication relies on an individual identifier issued to the data subject when registering in the Muumimaailma Oy customer register. The cash register system only produces a purchase history, and does not automatically forward it to other systems.
The cash register system receives the data subject’s details automatically from the customer relationship management system. These details are:
- Customer number
- Customer category
MM 2.0 system
So-called RFID-based data is used when the customer registers an identifier with an RFID chip, which is used for functions in the park and for authentication at the cash register. These functions may be effects, information boards and other functions providing personalised content. In such cases the following information on the customer is also saved:
- the RFID identifier
- the visit site
- information on use, i.e. date and time
Customer relationship management (CRM)
Customer relationship management lies at the heart of Muumimaailma Oy’s customer register. The register contains master data on those registered. The CRM system also ensures the accuracy of data and prevents its fragmentation and replication. Data on someone registered is transferred from the CRM system to the other systems that require it. The CRM system is also used for the registration of a customer via a separate portal, where customers can also manage their own data later on.
The collection of personal data relies on the provision of information by the data subjects themselves and the process is undertaken with their consent.
The CRM system’s data content:
- Customer number
- Telephone number
- Marketing authorisation
- Order history at the online store
- RFID identifier
- Customer category
- Customer messages
- Marketing messages
- Other communications
- Year of birth
6 Regular sources of information
The personal data saved in the register is mainly that the users have recorded themselves. Customers are able to save data via the Moominworld application, customer portal or online store.
Some of the information is saved automatically when the user carries out various actions during a visit. Examples are the use of the application and RFID services.
The personal data is saved and combined with the information on the device’s use when the user registers the application. In addition, data is collected automatically on the device's unique identifier, the receiving times of beacon transmitter signals, the device's operating system, and beacon nudge screen and use information.
7 Regular disclosure of data
Personal data is not disclosed to outsiders without the consent of the data subject, with the exception of subcontractors connected with the Controller’s service and maintenance of the application. Furthermore, information on the winners of the draws may be disclosed to a partner of the Controller (e.g. the external organiser of the draw) for the prize to be sent. The Controller may also disclose information, where the law allows and within the legal limits, to reply to requests for information on the part of authorities.
Personal data is not disclosed to any party outside the European Union or European Economic Area. The technical management and development of the register platform can be conducted via remote connections outside the EU, while adhering to the requirements of the Personal Data Act.
8 Retention period for personal data
Personal data is kept for as long as data subjects use the mobile application, or for as long as data subjects have given their consent for their personal data to be processed, or for as long as is necessary for the Controller to manage customer relations.
9 Principles of register protection
The material is in digital format. No physical sections from the register are used. The saved data is passed from the mobile application to the register encrypted. The electronic register is kept in an environment that is protected against outside unauthorised contact.
Only the designated personnel of the Controller and its subcontractors, and where it is in their job description, have the right to process and maintain data in the register. Users are bound by an obligation of confidentiality. Data is stored in a manner that is technically secure, and physical access to it is prevented by means of access control and other security measures. The data kept in the register is backed up securely and can be retrieved when needed. The level of information security is audited at repeated intervals either by an external or internal auditor.
10 Rights of the data subject
A person recorded in the register has the right, inter alia, to:1) ask the Controller for access to the personal data on that person, and the right to ask for it to be amended or deleted, or for its processing to be restricted, or to oppose its processing and the right to transfer the data from the system to another;
2) inspect what information is held on that person in the register and, if necessary, have it corrected. The request must be made in writing to the Controller. A person entered in the register has the right to ask for changes to be made to details on that person that have been recorded in the register wrongly.
3) where the processing of personal data is with the consent of the data subject, withdraw one’s consent at any time without this affecting the legality of the processing undertaken with consent prior to its withdrawal;
4) lodge a complaint with a supervisory authority about the processing of personal data.
Customers always have the right to refuse to allow their data to be used for direct marketing and marketing studies. This refusal can be set up when the application and service starts to be used, both in the management of one’s own data and in the Moominworld application’s settings.
However, some of the cookies are necessary for the technical operation of the site. In addition, cookies and third-party cookies are used to personalise the user experience of the site, to collect information as to how the site is used, to identify visitors who visit the site frequently and to target advertising.
If they so wish, users can prevent targeted advertising in third-party services. More information: