Terms of Service | CoreGo Shop

Terms of Service

In this privacy statement, we describe how the Uppsala Marathon (the "Registrar") in cooperation with CoreGo Oy (the "Data Processor" or "CoreGo") processes the personal data of its customers and users of its online services (the "Registrant") and how the processing of personal data may be affected. The Registrar and the Data Processor shall comply with the applicable data protection legislation in their operations.

Registrar

Uppsala Marathon

Data processor

CoreGo Oy (Y-tunnus 2683401-1)
Messuaukio 1
00520 Helsinki

asiakaspalvelu@corego.fi

Information collected

The Registrar and CoreGo will only process personal data to the extent necessary to fulfill the purposes described in this privacy statement. The personal data collected, and the extent of their processing vary depending on the relationship between the Registrar and the Registrant the permissions granted, and the privacy settings of the browser used by the Registrant.

Customer and participant information

The information is collected from the Registrant when they make a purchase or reservation on the online service, when registering for an event or registering for the online service, or when joining a marketing list, for example. The necessary information is collected from the personal data groups mentioned below. Some of the information may be voluntary.

Basic information such as name
Contact information such as mailing address, email address, phone number detailed personal information such as date of birth, gender, municipality, occupation
Details related to participation in the event, such as groups of participants, background information or choices related to participation in the event
Identifiers and validity information for customer cards, such as membership cards or loyalty cards
Credentials, such as encrypted username and password information or other similar identifiers
Any other additional information provided by the Registrant

In certain situations, the information may be provided by an authorised person, such as a contact person in a group, instead of the Registrant themselves.

Order information

Order information is collected when the Registrant makes a purchase, reservation or registration online or by email, telephone or in person. Ordering information is:

The source information of the order, for example, how the order was placed
The desired method of payment and delivery, as well as information on the payment made
The content and products of the order and the changes and cancellations made to them
Other additional information related to order processing, such as billing information or processing history
Information related to the event visit

Information related to the Registrant’s visit may be collected during or after the event. Examples of data to be collected are:

Information related to the visit time, such as the arrival and departure time of the event
Information related to movement, such as a ticket office or visits to various service points
Information related to the development of customer service, such as feedback provided during the event
Usage Information of the Web Services

The usage information of the web services is collected when the Registrant is using the web service that CoreGo is providing for the Register Holder. The collected information is for instance:

Information collected from the used device or application, e.g., browser version, device type, screen size and IP address
Information about the web services usage, e.g., site downloads, time spent and moving around on the service

Users of online services can be identified, for example, by social networking or an e-mail identifier.

Personal Information Usage and Legal Rights

The Register Holder uses the collected information for different operations that are necessary for taking care of customer relations. Those include e.g., organizing the event in a proper and safe way, delivering the products or services, and providing customer service and other support. The collected information can also be used for customer communications and relations. Personal information usage is based on the agreement between the Registrant and the Register Holder about delivering the product or service (e.g., ticket or merchandise order) and the legitimate advantage of handling the information as a result of action that created the customer or employee relationship (e.g., signing up for an event).

The Register Holder can use the registered personal information for marketing, advertising and other commercial purposes if the Registrant has given permission to do so. Usage of personal information for commercial purposes regarding the digital direct marketing is based on the Registrant’s agreement.

The Register Holder can use the collected information for developing the products and services, and for improving the service provision. Acts regarding development and improvement are for instance product recommendations and personalization of communications. Information usage is then based on the Register Holder’s legitimate advantage to use the collected information for the benefit of the Registrant.

Sharing and Handing Over Personal Information

The Register Holder and CoreGo have made an agreement about handling the personal agreement as described in this privacy policy and in a suitable data protection act. CoreGo is acting as the information operator and only for the Register Holder’s knowledge. CoreGo does not hand information over to a third party if the Register Holder does not give written advice on that. Some information regarding web service usage is making an exception, and the web service user can prevent handing over information in the ways described in the Cookie Policy.

Besider CoreGo the Register Holder might use other third-party services for handling personal information. In these cases, the Register Holder is ensuring the legal handling of personal information with contractual arrangements and written advice given to the third party.

In addition, the Register Holder and CoreGo can hand over personal information for third parties, in case the suitable legislation is so obliging, or if it is necessary for implementing the rights or safety of the Register Holder, CoreGo or the Registrant.

Transfering of the personal information outside the EU/ETA area

The Register Holder or CoreGo cannot transfer personal information outside the EU/ETA area, and the personal information is otherwise not handled outside the EU/ETA area. If the information is, exceptionally, transferred outside the EU/ETA area, the information is handled as this privacy policy and the legislation are requiring.

Cookie Usage

To improve the user experience of our web services, and to follow and ease the usage, we are using cookies. The cookies enable saving short text-framed data for the user to use later.

Collecting and Usage of the Location Data

The Register Holder or CoreGo are not collecting or using the exact location data of the Registrant.

While using the web services, the IP address of the user saved, which can be compounded with the geographical location usually in the city level. Additionally, for example while service usage during the event, can be saved data that can be compounded in a specific location, e.g., the entrance of a ticket checking point.

Keeping Personal Information

The Register Holder or CoreGo are keeping the personal information only for so long it is necessary for providing the service requested. The valid accounting or other compelling legislation can nonetheless require the Register Holder or CoreGo to keep the information for longer. In these situations, we are following the legislation of the storing time.

Information collected while using the web services are kept for around 12 months in a form where an individual user can be identified.

The Registrant’s basic information, contact information, permission and denial information, specified personal information, and the information about the Registrant joining the certain event or the information of the order made by the Registrant are kept mainly for 36 months from when the Registrant has operated with the Register Holder or CoreGo.

Detailed, order-related and event-specified visiting and registering information of the Registrant specific event are mainly kept for 36 months after the event has ended.

The order-related information is mainly kept for 36 months after the event has ended, or if the order is not event-related, after the order. The information about cancelled orders are kept mainly for 36 months after the event or the cancellation.

Information about payments, e.g., copies of the receipts are kept according to the legislation.

Rights and Influencing Possibilities of the Registrant

The Registrant has the right to access their own private information and to verify and correct the information considering to them. In addition, the Registrant has the possibility to ask information about themselves in those parts that it is possible within other legislation. The Registrant has also the right to transfer their personal information to the other Register Holder.

The Registrant has the right to deny direct marketing and prohibit for their private information to be used to the direct marketing purposes.

Requests concerning the usage of these rights have to be presented to the Register Holder according to the contact information given in this privacy policy.

Information Security

The Register Holder and CoreGo are taking care of the secure handling of the personal information with appropriate physical and technical security operations to secure the information from disappearing, destroying, misusage and illegal usage and delivery. The Register Holder and CoreGo are striving for secure handling of the private information for instance by limiting the access to the information and ensuring that the employees and subcontractors are using the information within the given advice, deals and legislation.