Controller: (and the contact person for issues related to personal data processing, if needed) 

Name: Oulu University of Applied Sciences 

Address: Kotkantie 1, 90250 Oulu 

Other contact details (phone number, e-mail): 


Name: RTG Sales Oy 

Address: Lönnrotinkatu 14 a 16, 87100 Kajaani 

Other contact details (phone number, e-mail): 

Data protection officer (processor) and contact details 

Mikko Soininen, 

Name of the register 

Arctic Education Forum 2020 register 

The purpose of processing personal data 

RTG Sales Oy handles personal data of the participants of Arctic Education Forum 2020 event, 17.-20.2.2020 according to a separate agreement with the event organizer (controller of the data). 

The data will be collected and handled in order to provide services during the Arctic Education Forum 2020 event.

Groups of the registered and the personal data being processed 

The groups of the registered are: participants, company staff members, organizers, staff in the event and speakers.

The following personal data will be collected:

  • Name

  • Title

  • Organization

  • Email address

  • Phone number

  • Address

  • Special diet

  • Clothing size

  • Gender

In addition to personal data collected photographs and video will be taken at the event. PINO Network may use the photographs and video for marketing (Facebook, Twitter, Instagram, PINO Network website and newsletters) and reporting purposes of Arctic Education Forum events. The material will not be given to any third parties.

Sources of personal data

Personal data is collected on the registration form designed specifically for the event in question. The registration form is filled in by the participant her/himself or by an authorized party.  

The recipients of personal data - also international organisations and organisations located in third countries 

The personal data will not be transferred to other organisations, unless it is necessary in providing the services during Arctic Education Forum 2020. These organisations may include:

  • Lapland Hotels Oulu

  • Restaurants

  • Outdoor activity organizers

Information of participants (name, title, organisation, email address) can be shared with other participants and exhibitors with the permission of the participant.

MailChimp service is used for email notification and email list management, with which we have an agreement on data protection. The MailChimp provider is committed to complying with the US Department of Commerce and the EU-approved Safe Harbor Privacy and Privacy Policy, which guarantees an adequate level of data protection.

Technical and organisational safety procedures 

Employees have a confidentiality agreement. The system where the personal data is handled is secured and well protected. The physical prints (if any needed) are kept in locked cupboards. Access to the personal data is granted only to those employees that need the information in their work. 

Planned storage times for data groups  

The personal data is stored only as long as it is needed for organizing the event. The storage times are defined in a separate agreement between the controller and processor RTG Sales Oy.  

Rights of the data subjects 

Rights of the data subjects according to legislation are described in the Rights of the data subject and they have been described more closely in the agreements by the controller. 

Controllers instructions to the processor 

The controller has given separate instructions to the processor about processing the personal data. 

Reporting personal data breaches 

To the controller 

Personal data breaches must be reported to the controller without undue delay after the processor has become aware of the breach. 

To the data subject 

Data subjects must be notified of personal data breaches if they are likely to cause a high risk to their rights and freedoms. 

To the supervisory authorities 

All personal data breaches that can cause a risk to the rights and freedoms of natural persons, must be reported to the Office of the Data Protection Ombudsman without any undue delay and, where feasible, not later than 72 hours after the controller has become aware of the personal data breach.