FINFRINGE ry. is committed to managing personal data according to privacy laws and good data processing practices. Privacy laws here refer in particular to the EU's General Data Protection Regulation and national personal data legislation.
Written 12.12.2019. Last change 02.12.2020.
Name: FINFRINGE ry.
Business ID: 2909247-1
Address: Itäinen Rantakatu 60a C 55, 20810 Turku
Name of the register
FINFRINGE Artist Call Register
Kristina Vahvaselkä, +358452039080
Email address: first firstname.lastname@example.org
The purpose, legal basis and data sources of personal data processing
The collected data is used for processing, evaluation, decisions and communications concerning the applications sent in by the participants of the artist call. The data provided by the applicants in their applications are recorded into the register.
The legal basis for the processing is the applicant's voluntary, ascertained, informed and unambiguous expression of consent with which they approve of the processing of their data.
The data is gathered from the applicants. For the sake of clarity, it must be noted that the applicants are registered data subjects according to privacy legislation. Saving and processing the data is based on the consent of the applicant. The registration of all the data subjects is based on the voluntary, ascertained, informed and unambiguous consent with which they approve the processing of their personal data.
The register's data content
The applicant's data
The applicant's name, birthplace, address, phone number, email address, place of residence, nationality, language, sex and native country for foreign applicants.
Data concerning the applicant’s project/performance
The name of the project and previous performances of the same project, the names of the participants and producers, their place of residence, language and sex.
Appendices and their data
A project plan, a CV, biographies, pictures and films of the works, social media accounts.
The personal data will be processed by the jury of FINFRINGE, and FINFRINGE’s administration and artist coordinator. Access is controlled by limiting it to read-only rights or to updating only those fields that are required by the user's tasks.
The register's encryption and safety measures
The data is collected into the Google Form and saved into a Google Drive folder that is shared only with the aforementioned users of the system.
The data is stored and encrypted so that outsiders will not be able to access the data and it cannot be destroyed, altered, released, transferred or accidentally or otherwise illegally processed. Obsolete documents are destroyed with a shredder and/or by permanently removing them from the server.
FINFRINGE ry. is committed to following adequate safety measures in all its operations in order to secure personal data. For the sake of clarity, it must be noted that adequate safety measures refer not only to technical measures such as virus protection, firewalls and physical access controls, but also organizational measures such as maintaining sufficient and specialized resources and the sufficient briefing of personnel. FINFRINGE ry. processes the personal data confidentially and ensures that its staff and/or subcontractors have signed a non-disclosure agreement and/or they are otherwise bound by a non-disclosure obligation.
When necessary, personal data may be transferred outside FINFRINGE ry. within and outside the EU region according to the guidelines and aims defined by FINFRINGE ry. Chosen artists and groups are published on FINFRINGE’s home page.
Deleting applications and personal data
1. Successful applications and chosen artists
FINFRINGE ry. keeps personal data and appendices during the time leading up to the festival. FINFRINGE ry. deletes received applications and their personal data and any additions to them within a month after the festival, not including personal data necessary for administrative purposes which is stored only for the sake of statistics. This includes the genre, name and nationality of the performance. An e-mail address is also kept for future artist call marketing purposes (either the project’s own address or the contact person’s address).
2. Incomplete applications
FINFRINGE ry. deletes incomplete applications, their appendices, related personal data and any additions to them immediately when the applicant cancels their participation in the artist call.
3. Rejected applications
FINFRINGE ry. deletes all the applications, appendices, personal data and any additions to them that have not been chosen for the festival within a month after decisions are made. For the sake of statistics, FINFRINGE ry. saves data on applications’ genre and nationality, but deletes any personal data, thus rendering it anonymous or pseudonymous. An e-mail address is also kept for future artist call marketing purposes (either the project’s own address or the contact person’s address).
4. The application's evaluation criteria
FINFRINGE ry. deletes the applications' evaluation information and its appendices within a month after the decisions are made.
5. Payment information
Payment information related to the applications is stored for a necessary period taking into account notices to the authorities and possible audits.
6. Report data
Report data remains in long-time storage for statistical purposes, but it is rendered anonymous or pseudonymous so that the data cannot be connected to any specific person.
Messages related to the application are deleted when the application is deleted.
Data subject rights
The registered data subjects are entitled to view stored information about themselves, they have the right to demand changes to erroneous information and incomplete information to be completed or deleted if there are no legal grounds to store the information. The data subjects are also entitled to request restrictions to the processing of their information, to oppose the processing of information pertaining to them and the right to transfer information pertaining to them from one system to another.
It must be noted that if the processing is based on the data subject's consent, the data subject has the right to withdraw their consent at any time provided the withdrawal does not affect the legality of previous processing done on the basis of the previous consent.
However, the applicant does not retain the above rights for the application's evaluation data. Re- quests for reviews and corrections must always be presented to the contact person responsible for issues related to the register
Right to complaints
The applicant and grant recipient have the right to issue a complaint to the supervising authorities if they suspect their personal data has been processed erroneously.