Community, experiences and the future
– Together We Create More

1. Data Controller

Odyssey

2. Contact Person for the Register

Mikael Go

mikael@odyssey.fi

3. Name of the Register

Odyssey’s customer register, communication register, stakeholder register, web service user register.

4. Legal Basis and Purpose of Processing Personal Data

The legal basis for processing personal data under the EU General Data Protection Regulation (GDPR) is the individual’s consent (documented, voluntary, specific, informed, and unambiguous), for example, by voluntarily filling out a form on the website. The purpose of data processing is also to maintain contact with volunteers, partners, sponsors, and similar parties.

Odyssey’s organization acts as the data processor of the personal data in accordance with the applicable data protection legislation.

5. Data Content of the Register

We process the following personal data in the register:

5.1 Registered person’s name (first names, surname)
5.2 Registered person’s contact information (email address, phone number, postal address, company name, business ID, date of birth (day and year, excluding personal identification number), nickname, special dietary requirements)
5.3 Any consents and prohibitions
5.4 Other possible information collected with the registered person’s consent.

6. Regular Sources of Information

The data stored in the register is obtained from the customer, for example, through web forms, emails, phone calls, social media services, contracts, customer meetings, and other situations where the customer provides their information.

7. Regular Disclosures and Transfers of Data Outside the EU or EEA

Data is not regularly disclosed to third parties. Data may be published to the extent agreed upon with the customer. Personal data and information provided by the customer are NOT transferred by the data controller outside the EU or EEA. If the customer has explicitly consented to the publication of certain data (for example, partner, sponsor, displaying a photo in advertisements), the customer accepts that in such cases where the data is used for public purposes and cooperation with other parties (such as media, advertising), any transfers by these parties are not the responsibility of Odyssey.

8. Principles of Register Protection

Care is taken in handling the register, and data processed through IT systems is adequately protected. When register data is stored on internet servers, the physical and digital security of the hardware is ensured appropriately. The data controller ensures that stored data, server access rights, and other information critical to the security of personal data are handled confidentially and only by employees whose job descriptions include such tasks.

9. Data Retention Periods or Criteria for Determining Them

We retain personal data for as long as necessary for the purpose of the data. The retention period (or criteria for determining it) may also be derived from mandatory (legally regulated) retention periods and the code of conduct of the data controller’s industry. Odyssey internally assesses the necessity of data retention in accordance with applicable legislation. Individuals have the right to request the deletion of their data from the register.

10. Right of Access and Right to Request Correction

Every person in the register has the right to review their data stored in the register and request the correction of incorrect data or completion of incomplete data. If a person wishes to review the data stored about them or request corrections, the request must be sent in writing to the data controller. The data controller may request the requester to prove their identity if necessary. The data controller responds to the customer within the timeframe stipulated by the EU Data Protection Regulation (usually within one month). A person in the register also has the right to request the deletion of their personal data (the “right to be forgotten”), provided there is no other legal obstacle. The person also has the right to withdraw consent or terminate an agreement at any time.

 11. Cookies

Mandatory cookies are always enabled (for example, cookies that ensure site security and basic functionality).

12. Right to Lodge a Complaint with a Supervisory Authority

Every data subject has the right to lodge a complaint with a supervisory authority, particularly in the member state where they have their habitual residence or place of work, or where the alleged violation of the GDPR has occurred.