Privacy notice

1 General

The purpose of this notice is to provide the information required by the EU General Data Protection Regulation (“GDPR“) to the data subject.

Data subjects referred in this notice may include Oy Rabbit Films Ltd’s customers and other contractual partners’ contact persons, newsletter subscribers as well as persons participating in programmes or in the production of programmes.

2 Data controller and contact details

Oy Rabbit Films Ltd acts as the data controller in accordance with this privacy notice.

The contact person of the controller and the contact details:

3 purposes of processing and applicable legal basis for processing

The following table provides a summary of the different purposes of uses and the applicable legal bases as well as the categories of personal data processed.

Purpose of UseLegal BasisCategories of Personal Data
Management of contractual relationsThe performance of a contract Legitimate interests of the controller
Name and contact details of the contractual partners’ contact persons
Production of programmesThe performance of a contract Legitimate interests of the controllerName and contact details of the studio audience and the contestants participating in a programme Other persons participating in the production such as production designers, cinematographers, and subcontractors
Sending newslettersConsentName and contact details of the newsletter recipients

4 Retention of personal data

The personal data of the contact person relating to the management of the contractual relationship will be retained for the duration of the relevant contract or as longs as the person in question acts as a contractual liaison.

The personal data of the newsletter subscribers will be retained for as long as they have a valid subscription. Personal data will be deleted when the subscriber cancels the subscription to the newsletter or otherwise objects to the related processing.

As a rule, the personal data concerning the production of a programme will not be stored in the controller’s systems. However, the controller has the right to view this personal data stored in the television company’s systems. For additional information on the processing of personal data by the television company, please see the relevant television company’s privacy notice.

5 Recipients and categories of recipients of personal data

The names and contact details of the persons participating in a production and a programme may be disclosed to other persons participating in the production to carry out the production of the programme and enable necessary communication. Additionally, to carry out the production of the programme, the abovementioned personal data may be disclosed to the television company broadcasting the programme.

Personal data is not transferred outside the European Economic Area.

6 Transfer of personal data

The data controller uses subcontractors in the processing of personal data. However, personal data is not transferred outside the EU or the EEA.

To ensure the appropriate protection and security of data the controller enters into an agreement required by the GDPR with the subcontractors used for processing data.

7 Sources of personal data

Personal data is collected mainly from the data subject himself/herself. Personal data relating to the production of a programme is also obtained from the relevant television company.

If a person participating in a programme does not provide the controller with necessary personal data, access for instance to the studio audience of the programme may be denied.

8 Rights of the data subject

8.1 Right of Access and Right of Data Portability

The data subject has the right to receive a confirmation from the data controller as to whether or not personal data concerning the data subject is being processed, or whether personal data has been processed. Where the data controller processes personal data concerning the data subject, the data subject has the right to receive the information contained in this document and a copy of the processed personal data and the personal data undergoing processing. The controller may charge a reasonable administrative fee for any additional copies requested by the data subject. If the data subject makes the request electronically, the information shall be provided in a commonly used electronic form, unless otherwise requested by the data subject. Furthermore, under the GDPR, the data subject may in certain circumstances request the transmission of the personal data, which he or she has provided to the controller, to himself or herself or to another controller in a machine-readable format.

8.2 Right of Rectification, Right of Erasure and Right to Object to Processing

The data subject also has the right to request from the controller rectification or erasure of personal data concerning him or her and the right to prohibit the processing of personal data for direct marketing purposes. In certain cases, the data subject also has the right to request the restriction of processing of personal data or otherwise object to processing.

8.3 Right to Withdraw Consent

Where the controller processes personal data of the data subject on the basis of his or her consent, the data subject has the right to withdraw his or her consent. The withdrawal of consent does not affect the lawfulness of processing based on consent prior to withdrawal.

8.4 The Right to Lodge a Complaint with the Supervisory Authority

In the case where the data subject finds the processing of his or her personal data unlawful, he or she has the right to lodge a complaint with the competent supervisory authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman with the following contact details:

8.5 Using the Rights

All the requests mentioned herein shall be provided to the contact person of the controller mentioned in section 2 above. If necessary, be prepared to prove your identity when exercising your rights as a data subject.

9 Protecting personal data / Security of processing

The location and security of the equipment intended for storing files are carefully managed and stored in a locked space or in secured systems. Access control is arranged on the premises appropriately.