This document contains the Central Kymi special fishing area’s

• terms of use for internet sites
• declarations on customer and marketing registries.

The Central Kymi special fishing area adheres to practices and processes that protect personal data in accordance with the requirements of data protection legislation. This privacy statement includes the basis for data collection and the purposes for which collected data is used.

We may change this privacy statement to ensure that users of the internet site and individuals in the marketing registry are always aware of how their information is processed. The current privacy statement is always available on our website.

TERMS OF USE FOR THE INTERNET SITE

GENERAL

The Central Kymi special fishing area is committed to protecting the privacy of visitors on its internet site and related discussion forums and databases. This terms of use agreement is valid between us and the user of the service. If you do not accept these terms of use, do not use the Site. By using the Site, you accept the content of this terms of use agreement and commit to adhering to it.

NON-PERSONAL INFORMATION

We may collect information from users that is not classified as personal data in various ways. This information is necessary for monitoring the use of the Site, and we use the information to improve the Site.

PERSONAL DATA

We collect and process certain personal data of Site users and other information that the User has provided through various contact request forms on our site or by email.

Through the collection and processing of personal data, we may also send targeted marketing or informational messages to the User. If a user does not accept the use of their data as described above, they can prevent the use of their data by sending a written request to info@keski-kymenerityiskalastusalue.fi or by changing or deleting their data through links provided in marketing messages.

For more information on the processing of personal data and the user’s right, see below marketing and customer registry.

DATA DISCLOSURE

We may provide third parties with statistics including usage and user data as well as other than personal data, but these statistics do not contain identifying information.

SECURITY

The Site is protected by technical and organizational means. Site information is stored on servers and systems that are protected by firewalls, passwords, and other technical means. Access to personal data is granted only if it is necessary for data processing. All personal data processors are bound by confidentiality.

USE OF COOKIES

We also use cookies and other similar technologies on our websites. Read more about the use of cookies.

CONSENTS

When a user provides personal data through the Site, the user has given us and/or a third party the right to use the data as described on the site. The consent given on the Site applies only to user data stored on the Site. If the user has provided information to us in ways other than through the Site, the consent given on the Site does not affect the use of such information.

TRANSFER OF PERSONAL DATA OUTSIDE THE EU/EEA

We may transfer personal data outside the European Union or the European Economic Area when the partner managing the assignment is located outside these areas. In these cases, we ensure appropriate safeguards to protect the rights and freedoms of registrants in accordance with applicable data protection legislation, such as the General Data Protection Regulation (EU) 679/2016.

For example, a service provider implementing marketing or contact forms for us may transfer personal data to the United States in connection with the provision of the service. In this case, appropriate safeguards for personal data have been implemented so that the service provider has committed to the so-called Privacy Shield arrangement between the United States and the EU.

Read about the Privacy Shield scheme here https://www.privacyshield.gov/welcome.

OTHER SITES

Our site may contain links to other sites. We are not responsible for the privacy practices of other sites. We recommend users check the privacy statements of the sites they use.

Marketing and customer registries

REGISTRY CONTROLLER AND REGISTRIES

Registry Controller Central Kymi fishing destination association ry, Business ID FI21658020
c/o Kymen Tili&Tie Venehkorventie 30, 46930 HURUKSELA

Contact person for registry matters Data Protection Officer: Heimo Einola, info@keski-kymenerityiskalastusalue.fi

INFORMATION STORED IN THE REGISTRIES

The registries contain information that is either personal data of an individual or relates to the registrant’s role in a company, organization, or public office, as well as other information necessary for the purpose of the registry. These may include, among others, company basic information and the names and contact details of company decision-makers and key personnel.

Regular sources of information Marketing registry information is stored from catch report forms received through our public internet pages or from possible product orders. Additionally, personal data may also be obtained from other sources, within the scope allowed by applicable laws. Such sources include marketing and trade events or public sources such as the trade register.

You are not required to provide us with your personal data, but in that case, we may not be able to offer our service to you.

The Central Kymi special fishing area staff’s access rights information is transferred to the marketing registry through software user management.

Retention Personal data is retained only as long as necessary for the purposes defined in the registries.

Personal data is retained for the duration of the customer relationship. Personal data may also be retained as necessary after the end of the customer relationship to the extent allowed or required by applicable law. For example, we may retain personal data as necessary to comply with your direct marketing prohibition.

Personal data is deleted when its retention is no longer necessary for the law or for the rights or obligations of either party.

PURPOSE OF THE REGISTRIES AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

We collect and process personal data only as necessary for our operations, managing customer relationships, and appropriate commercial purposes.

We process your personal data for the following purposes: Sales and marketing We may contact you to inform you about new products or to market and sell other products or services to you. We may also process your personal data for market research and customer surveys. The processing of personal data is based on our legitimate interest to provide information as part of the service and to market our other services to you. You have the right to object to the processing of your personal data for direct marketing at any time.

Service development, information security, and internal reporting We also process personal data to ensure the security of the website and to improve the quality of the website. We may also compile internal reports based on personal data for management use for proper management of our operations. In these cases, the processing of personal data is based on our legitimate interest to ensure the proper information security of our products and website and to obtain sufficient and appropriate information for product development and management of our operations.

Other purposes to which you have consented We also process your personal data for other purposes if you have consented to such processing.

TRANSFERS AND DISCLOSURES OF PERSONAL DATA

Personal data is not disclosed to third parties, except for a legal request for information by authorities.

GENERAL PRINCIPLES FOR THE USE AND PROTECTION OF PERSONAL DATA

Our personnel’s access rights are managed through a role-based user management process, where each individual is given only the access rights necessary for their duties and job description.

Our subcontractors Analysis tools: Google Tag Manager and Google Analytics, see securing data

In marketing and communication, we may use social media services, Google, and Facebook & Instagram services.

License payment transactions are on external sites, which do not have a technical connection to our site. Therefore, no information from payment transactions is transmitted to our system.

RIGHTS OF THE DATA SUBJECT

According to the applicable data protection legislation, marketing and customer registries contain personal data, which constitutes a personal registry. Related to this, registered individuals have rights concerning their data as prescribed and recorded in law.

You have the right to inspect your personal data. You can also request the correction, update, or deletion of your personal data at any time. However, note that personal data necessary for the purposes defined in this Statement or required to be retained by law cannot be deleted.

When we process your personal data based on consent, you have the right to withdraw your consent at any time. After that, we will not process personal data unless there is another legal basis for processing.

You can exercise your rights by sending a request to us at info@keski-kymenerityiskalastusalue.fi or you can change or delete your data from the marketing registry upon receiving an email message. Such messages always include links for modification and deletion actions.

INFORMATION SECURITY

We implement appropriate measures (including physical, digital, and administrative measures) to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure. For this reason, access to personal data is limited to individuals who need it to perform their work duties.

CONTACTS

You can ask about this Statement or the processing of your personal data by contacting us by email at info@keski-kymenerityiskalastusalue.fi