Privacy policy

This document serves as the Privacy Policy and Register Description of Neogames Finland ry (hereinafter “the Association”) in accordance with the EU General Data Protection Regulation (GDPR). The statement is updated regularly, and its latest version can always be found on our website. The effective date of the most recent version: March 8, 2024.

Neogames Finland ry is committed to the principles of the EU General Data Protection Regulation. Our operations and services comply with the requirements of the regulation.

1) Data Controller

Neogames Finland ry (2500134-1)

Address: Eteläranta 10, 00130 Helsinki

2) Contact Person Responsible for the Register

Contact person: Koopee Hiltunen

Contact details: koopee@neogames.fi

3) Registers in Which We Collect Information

• The Association’s contact information register and register of domestic game industry companies
• The Association’s email newsletter
• Joint registers with social media services (Meta, LinkedIn, X, YouTube)

4) Legal Bases and Purposes of Processing Personal Data

• The Association’s contact information register and register of domestic game industry companies
  • The Association collects and maintains a register of game industry companies operating in Finland and their contacts for the purpose of mapping the industry.
  • The Association collects personal data of representatives of its stakeholders in its contact information register to maintain member and stakeholder relationships, for communication purposes, and for organizing events.
  • For representatives of companies and organizations, the legal basis for processing personal data under the GDPR is the legitimate interest of the data controller.
  • A balance test has been conducted in relation to the data controller’s legitimate interest.
• The Association’s email newsletter
  • The Association publishes an email newsletter to regularly communicate news about the domestic game industry. The newsletter is freely available for subscription on the Association’s website also by individuals. The Association collects personal data (email addresses) to deliver the newsletter to subscribers.
  • The legal basis for processing personal data of newsletter subscribers under the GDPR is the individual’s voluntary consent.
• Joint registers with social media services
  • The Association maintains profiles on social media services such as Meta (Facebook & Instagram), LinkedIn, X, and YouTube. In these services, the Association is a joint data controller with the service provider.
  • The purpose of using personal data in these services is for communication and information dissemination, receiving messages and feedback, purchasing visibility, and measuring the reach of communication in the channels.
  • For the Association, the basis for processing personal data in these situations is legitimate interest.
  • The use of the Association’s services on social media is possible only by registering as a user of the service and accepting the terms of use. Social media services process personal data in accordance with their privacy policies and are primarily responsible for compliance with data protection legislation and the security of data and the rights of the data subjects within the service. Users can manage their privacy settings through their user profiles.
  • More information about the privacy practices of the services:
    • Meta: https://www.facebook.com/privacy/center/
    • LinkedIn: https://www.linkedin.com/legal/privacy-policy
    • X: https://twitter.com/en/privacy
    • YouTube: https://www.youtube.com/intl/en_us/howyoutubeworks/user-settings/privacy/

5) Content of the Registers and Data Retention

• The Association’s contact information register and register of domestic game industry companies
  • Name, position, company/organization, contact details (phone number, email address, address), website addresses, profiles in social media services, billing information if related to membership or customer relationship, other information related to membership, customer relationship, and subscribed services, information related to event participation.
  • Sensitive data is not stored in the register. Dietary information may be collected in connection with event registration, which is necessary for organizing the event catering. Dietary information is deleted after the event.
  • Data is retained as long as the cooperation or communication between the Association and the stakeholder continues, and the person acts as a representative of the stakeholder. Company information is retained as long as the company is within the scope of our industry research activities. Personal data is retained as long as the company operates in the game industry.
• The Association’s email newsletter
  • Email address, information about newsletter subscriptions and changes.
  • Data is retained as long as the person is a subscriber to the newsletter.
• Joint registers with social media services (Meta, LinkedIn, X, YouTube)
  • Necessary information related to the use and operation of the service. The collected data and their retention periods can be found in the privacy statements of the services.

6) Regular Sources of Information

Information about contact persons of companies and other organizations may be collected via email, telephone, social media services, contracts, meetings, messages sent through web forms, events, and other situations where the person provides their information. Information about companies, organizations, and individuals in public roles may also be collected from public sources such as websites, directory services, and other companies.

Personal data of individuals is collected only in situations where the individual subscribes to the Association’s newsletter through a web form or interacts with Neogames Finland’s maintained websites and social network profiles.

7) Routine Disclosures of Information and Transfer of Data Outside the EU or EEA

• The Association’s contact information register
  • Personal data are processed and stored using the domestic Gruppo system. An agreement on data processing has been made between the Association and Gruppo Oy, stating that the service complies with the GDPR. Gruppo also asserts that its subcontractors’ services are compliant with the regulation. The primary servers and primary backup system of the service are located in Finland.
  • Information about the Association’s member schools and educational institutions offering game industry education in Finland is published on the Association’s website and in communications related to educational cooperation.
  • Information about actively operating game industry companies in Finland is published on the Association’s website.
• The Association’s maintained register of domestic game industry companies
  • Information is collected from companies and stored within the EU, in the Digitalocean service in Amsterdam. The database is encrypted, and its access keys are managed by the provider Utupuro Oy.
• The Association’s email newsletter
  • The delivery of the email newsletter and related services operate in a cloud-based system, where data processing also occurs outside the EU/EEA area. The service provider is committed to the EU’s standard contractual clauses for data processing.
• Joint registers with social media services
  • The Association does not transfer or disclose personal data from social media services to other services.
  • The ways social media services disclose and transfer personal data can be found in the privacy statements of each service.

8) Principles of Register Protection

The information collected by the Association is stored appropriately, and access is limited with personal access rights. When register data is stored on Internet servers, appropriate care is taken of the physical and digital security of the hardware. The cloud services used by the Association for storing documents and email communication are protected, for example, by firewalls. In addition, collaborators of the Association, such as the contact information and email newsletter system maintained by Gruppo, the company database managed by Utupuro Oy, accounting firms, and event organizers, limit access to the data provided to them only to those individuals for whom it is necessary for the provision of the service.

9) Right to Access, Right to Request Correction, and Deletion

Every individual in the register has the right to access their data stored in the register and to request correction of any inaccurate information or supplementation of incomplete information. If an individual wishes to check the data stored about them or request corrections, the request should be sent in writing to the data controller. The data controller may ask the requester to prove their identity if necessary. The data controller responds to the request within the timeframe stipulated in the GDPR (usually within one month).

Individuals in the register have the right to request the deletion of their personal data from the register (“the right to be forgotten”). Similarly, registered individuals have other rights under the GDPR, such as the right to restrict processing of personal data in certain situations. Requests should be sent in writing to the data controller. The data controller may ask the requester to prove their identity if necessary. The data controller responds to the customer within the timeframe stipulated in the GDPR (usually within one month).

10) Cookies

The websites maintained by Neogames Finland (www.neogames.fi and www.playfinland.fi) use cookies. The IP addresses of visitors to the website and cookies necessary for the operation of the service are processed on the basis of legitimate interest, for example, to ensure security and to collect statistical data about visitors in cases where they can be considered personal data. Consent is requested separately for third-party cookies.