Skip to content

Privacy Notice

Privacy Notice

Updated 24 June 2026

This Privacy Notice describes how Visit Tampere Ltd processes personal data in its online services and related digital services.

This Privacy Notice applies in particular to the visittampere.fi website, online forms and enquiries, newsletters and other communications, event registrations, the photo bank, and the Choose Responsibly tool.

Information concerning the joint Customer Relationship Management System for Businesses (Business CRM) of the City of Tampere, Business Tampere and Visit Tampere is described in a separate Privacy Notice.

1. Data controller

Visit Tampere Ltd
Frenckellinaukio 1
33100 Tampere, Finland

www.visittampere.fi

2. Contact person for data protection matters

Markus Autio
Controller / Data Protection Officer
Visit Tampere Ltd

markus.autio@visittampere.fi
+358 40 706 7980

3. Purposes of processing personal data

Personal data are processed for the following purposes:

  • ensuring the functionality, usability and security of the website
  • analysing and developing the use of the website
  • responding to enquiries and providing customer service
  • delivering newsletter and communication services
  • partnership, event and stakeholder communications
  • managing the photo bank user register
  • conducting surveys, competitions and prize draws
  • enabling the use of the Choose Responsibly tool, storing submitted responses, delivering summaries, and maintaining and developing the tool.

4. Legal bases for processing personal data

Depending on the situation, personal data are processed on the following legal bases:

Consent

Processing based on consent may take place, for example, when non-essential cookies are accepted.

Contract or steps prior to entering into a contract

Personal data may be processed where processing is necessary to provide a service requested by the data subject. This may concern, for example, delivering a summary generated through the Choose Responsibly tool or managing access rights to the image bank.

Legitimate interest

Personal data may be processed on the basis of legitimate interest for purposes such as ensuring website security and technical functionality, handling enquiries, developing services, and carrying out partnership and stakeholder communications related to a person’s work duties.

The data subject has the right to object to processing based on legitimate interest by contacting the data controller.

5. Personal data processed

The personal data processed depend on the service used. Personal data may include, for example:

  • name
  • email address
  • telephone number
  • organisation, company, job title or other information related to a person’s work duties
  • billing information
  • the content of an enquiry and related correspondence
  • information related to partnership and stakeholder communications
  • information related to event invitations, registrations and participation, such as dietary requirements
  • information related to photo bank user accounts, access rights and registration requests
  • information submitted in surveys, competitions and prize draws
  • technical and analytics data related to website use, browser, device and cookies
  • IP address and log data necessary for the operation and security of the online service.

6. Regular sources of personal data

Personal data are primarily obtained directly from the data subject, for example through:

  • emails and other enquiries
  • registration for the photo bank
  • joining the Visit Tampere Partners -partnership network
  • event registrations
  • participation in surveys, competitions or prize draws
  • use of the Choose Responsibly tool
  • use of the website through cookies, logs and analytics tools.

For partnership and stakeholder communications, contact details may also be obtained from the person’s employer, public sources or in connection with other cooperation.

7. Recipients and processors of personal data

Personal data are processed by employees of Visit Tampere Ltd whose work duties require the processing of such data.

Visit Tampere uses external service providers which may, when providing certain services, process personal data on behalf of Visit Tampere. Such partners include, for example, providers and administrators of the organisation’s information systems.

These service providers may include, for example:

  • providers of website maintenance, hosting and security services
  • providers of form, email, newsletter, marketing and communication services
  • providers of image bank, survey, analytics and cookie management services.

Service providers process personal data in accordance with agreements and applicable data protection legislation.

Personal data from Visit Tampere’s registers are not disclosed without the explicit consent of the data subject.

8. Transfers of data outside the EU or EEA

Personal data are not regularly disclosed to external parties without the consent of the data subject unless required by law.

Third-party services used on the website, such as analytics services, may process data outside the EU or EEA in accordance with the service providers’ own privacy practices and applicable data protection legislation.

9. Retention period of personal data

Personal data are retained only for as long as necessary for the purposes described in this Privacy Notice or as required by law.

More specific retention periods are determined according to the purpose of use:

  • contact details used for partnership and stakeholder communications: for as long as the data are up to date and there is an ongoing need for cooperation or communication
  • image bank user accounts: for the duration of the user account
  • event registrations: 24 months after the end of the event
  • surveys, competitions and prize draws: no later than 30 days after the end of the survey, campaign or prize draw
  • responses and summary information from the Choose Responsibly tool: 12 months from the delivery of the summary
  • cookie-based data: for the period stated in the Cookie Notice.

10. Protection of personal data

Personal data are processed with due care and in secure systems. Access to personal data is limited to persons and service providers whose work duties or service delivery require the processing of such data.

Personal data are protected through appropriate technical and organisational measures, such as access management, passwords and access restrictions.

11. Rights of the data subject

A person whose data are held in the register has the right to request the deletion of their personal data from the register (“the right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as the right to restrict the processing of personal data in certain situations.

Requests must be submitted in writing to the data controller. Where necessary, the data controller may request the person submitting the request to verify their identity. The data controller will respond to the data subject within the time limits set out in the EU General Data Protection Regulation, generally within one month.

The data subject also has the right to lodge a complaint with the Data Protection Ombudsman if they consider that the processing of personal data violates applicable data protection legislation.

12. Is providing personal data mandatory?

Providing personal data is voluntary. However, in some services, the provision of certain data may be necessary in order to provide the service.

For example, an email address may be necessary to respond to an enquiry, send a newsletter or deliver a summary generated through the Choose Responsibly tool. If the required data are not provided, the requested service may not be available.

13. Automated decision-making and profiling

Personal data are not used for automated decision-making that would have legal or similarly significant effects on the data subject.

Visit Tampere Ltd does not carry out profiling based on personal data.

14. Cookies and analytics

The website uses cookies and similar technologies to support the functionality, security, user experience and analysis of website use.

Necessary cookies are used to ensure the technical functionality and security of the website. Where required, consent is requested through the cookie banner for cookies other than necessary cookies, such as analytics and marketing cookies.

Cookie settings can be changed or withdrawn at any time through the website’s cookie settings.

Further information about the cookies used, their retention periods and service providers is available in the Cookie Notice.