PRIVACY POLICY
Galerie Forsblom (“we”) collects and processes personal data of its customers and users of
Galerie Forsblom’s websites (collectively, the “Users”). Galerie Forsblom provides a space for
artists to exhibit their artworks and for customers to buy art. This Privacy Policy applies to our
customer and marketing registers, i.e. to personal data we obtain from Users through our
website, galerie and other physical access points (e.g. exhibitions). Pesonal data is collected
for example when a User fills in an e-mail address when subscribing to Galerie Forsblom’s
mailing list or newsletter. Personal data is also collected through other forms of
communication between Users and Galerie Forsblom.
Our Privacy Policy explains what data we process, how we do that and how the data subjects
may use their rights (e.g. right to object, right of access).
This Privacy Policy constitutes a description of the data file as set out in the Finnish Personal
Data Act (Sections 10 and 24).
This Privacy Policy may be updated if required in order to reflect the changes in data
processing practices or otherwise. The current version can be found on our website
www.galerieforsblom.com. We will not make substantial changes to this Privacy Policy or
reduce the rights of Users under this Privacy Policy without providing a notice thereof.
This Privacy Policy only covers data processing carried out by Galerie Forsblom. The Privacy
Policy does not address, and we are not responsible for, the privacy practices of any third
parties. Galerie Forsblom disclaims all responsibility for the processing carried out by third
parties.
Privacy, security and online safety are important for us, and we process all personal data with
due care.
1. CONTROLLER’S CONTACT DETAILS
Name: Globart Projects Oy Business ID: 1095930-3
Correspondence address: Lönnrotinkatu 5, 00120 Helsinki E-mail address:
info@galerieforsblom.com
Website: www.galerieforsblom.com
2. PERSONAL DATA PROCESSED AND SOURCES OF DATA
We collect the following data from Users: (i) customer data from persons purchasing artworks
(“Customers”); (ii) and personal data of persons who subscribe to our mailing list or order our
newsletter (“Subscriber”); (iii) technical data (“Technical Data”) by way of cookies and other
basic website analytic tools.
Galerie Forsblom may collect and process for example the following personal data: (i) first
and last name; (ii) address, (iii) e-mail address, (iv) delivery address for purchased artwork;
(vi) other personal data Users provide themselves. Personal data is received directly from the
Users.
Although we do not normally use Technical Data to identify individuals, sometimes
individuals can be recognized from it, either alone or when combined or linked with other
personal data. In such situations, Technical Data can also be considered to be personal data
under applicable laws and we will treat the combined data as personal data.
3. PURPOSES AND LEGITIMATE GROUNDS FOR PROCESSING OF PERSONAL
DATA
Purposes
To provide a space for exhibitions and carry out our contractual obligations
We process personal data in the first place to be able to run, maintain and develop our
business. We provide a space to exhibit and sell artworks. For Customers, we provide access
to art and a possibility to buy artworks. Personal data is processed in order to carry out our
contractual obligations towards Customers.
As regards personal data of Subscribers, we process the personal data in order to send
newsletters and other communication regarding our exhibits, events and other services. We
only process personal data of Subscribers when the person has provided his/her personal
details when joining our mail list.
For customer communication
We may process personal data for the purpose of contacting and informing Customers and
Subscribers about our services. If a User contacts us, we will use the provided information for
answering questions and solving possible issues.
Legitimate grounds for processing
We process personal data to perform our contractual obligations towards Customers, and to
comply with legal obligations. Furthermore, we process personal data to pursue our legitimate
interest to run, maintain and develop our business.
In some cases, Users may be requested to grant their consent for the processing of personal
data. In this event, Users may withdraw their consent at any time.
COOKIES
We use technologies to collect and store Technical Data and other information when Users
visit our wesites, including cookies. Cookies allow us to calculate the aggregate number of
people visiting our websites and monitor the use of the websites. This helps us to improve our
websites and better serve our Users. We may also use cookies that make the use of the
website easier, for example by remembering preferences. We may use tracking and analytics
cookies to see how well our websites are being received by our Users.
Users may choose to set their web browser to refuse cookies, or to alert when cookies are
being sent. This can usually be done through Internet browser’s settings. Information about
how to manage cookies can be found online.
Please note that some parts of our websites may not function properly if use of cookies is
refused.
4. TRANSFER TO COUNTRIES OUTSIDE EUROPE
We do not transfer personal data collected and processed under this Privacy Policy to
countries outside the European Economic Area.
More information regarding the transfers of personal data may be obtained by contacting us
on addresses mentioned in this Privacy Policy.
5. RECIPIENTS
We only share personal data within Galerie Forsblom’s organization if and as far as reasonably
necessary to perform and develop our services. We do not share personal data with third
parties outside of Galerie Forsblom’s organization unless one of the following circumstances
applies:
It is necessary for the purposes set out in this Privacy Policy
To the extent that third parties need access to personal data to perform the Services, Galerie
Forsblom has taken appropriate contractual and organisational measures to ensure that
personal data are processed exclusively for the purposes specified in this Privacy Policy and
in accordance with all applicable laws and regulations.
For legal reasons
We may share personal data with third parties outside Galerie Forsblom’s organization if we
have a good-faith belief that access to and use of the personal data is reasonably necessary
to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or
otherwise address fraud, security or technical issues; and/or (iii) protect the interests,
intellectual property rights or other properties or safety of Galerie Forsblom, our Users or the
public in accordance with the law. When possible, we will inform Users about such transfer
and processing.
To authorized service providers
We may share personal data to our authorized service providers. Our agreements with our
service providers include commitments that the service providers agree to limit their use of
personal data and to comply with privacy and security standards at least as stringent as the
terms of this Privacy Policy. Please bear in mind that if you provide personal data directly to a
third party the processing is typically based on their policies and standards.
For other legitimate reasons
If Galerie Forsblom is involved in a merger, acquisition or asset sale, we may transfer personal
data to the third party involved. However, we will continue to ensure the confidentiality of all
personal data. We will give notice to all Users concerned when the personal data are
transferred or become subject to a different privacy policy as soon as reasonably possible.
With explicit consent
We may share personal data with third parties outside Galerie Forsblom’s organization for
other reasons than the ones mentioned before, when we have the User’s explicit consent to do
so. By giving the consents and permissions, User warrants and represents that User is allowed
and permitted to give such consents and permissions. The User has the right to withdraw this
consent at all times.
6. STORAGE PERIOD
Galerie Forsblom does not store personal data longer than is legally permitted and necessary
for the purposes of providing our services or the relevant parts thereof or complying with
a legal requirement applicable to our operations. The storage period depends on the nature
of the information and the purposes of processing. The maximum period may therefore vary
per use.
Typically, we will store Customer’s personal data for as long as we have a legal obligation to
store the data of purchases of artwork. As regards Subscribers, we will process the personal
data until the Subscriber requests to be removed from our mailing list (by e.g. using the
unsubscribe link provided in each e-mail or other communication). We do not store any
personal data longer than is permitted by law or required for reporting and reconciliation
purposes.
7. USERS’ RIGHTS
Right to access
Galerie Forsblom offers access for the Users to the personal data processed by Galerie
Forsblom. This means that the Users may contact us and we will inform what personal data
we have collected and processed regarding the said User and the purposes such data are
used for.
Right to withdraw consent
In case the processing is based on a consent granted by User, User may withdraw the consent
at any time. Withdrawing a consent may lead to fewer possibilities to use our Services.
Right to correct
Users have the right to have incorrect, imprecise, incomplete, outdated, or unnecessary
personal data we have stored about the User corrected or completed.
Right to deletion
Users may also ask us to delete the User’s personal data from our systems. We will comply
with such request unless we have a legitimate ground to not delete the data. We may not
immediately be able to delete all residual copies from our servers and backup systems after
the active data have been deleted. Such copies shall be deleted as soon as possible.
Right to object
Users may object to certain use of personal data if such data are processed for other purposes
than purposes necessary for compliance with a legal obligation.
Users may also object any further processing of personal data after prior given consent. If
User objects the further processing of personal data, this may lead to fewer possibilities to
use our services and receive communication from us.
Notwithstanding any consent granted beforehand for the purposes of direct marketing, User
has the right to prohibit us from using User’s personal data for direct marketing purposes,
market research and profiling by contacting us on the addresses indicated above or by using
the unsubscribe possibility offered in connection with any direct marketing messages.
Right to restriction of processing
Users may request us to restrict certain processing of personal data, this may however lead to
fewer possibilities to use our services or to receive communication from us.
Right to data portability
Users have the right to receive their personal data from us in a structured and commonly used
format and to independently transmit those data to a third party.
How to use the rights
The above mentioned rights may be used by sending a letter or an e-mail to us on the
addresses set out above, including the following information: name, address, phone number.
We may request the provision of additional information necessary to confirm the identity of
the User. We may reject requests that are unreasonably repetitive, excessive or manifestly
unfounded.
8. LODGING A COMPLAINT
In case User considers our processing of personal data to be inconsistent with the applicable
data protection laws, a complaint may be lodged with the local supervisory authority for data
protection.
9. INFORMATION SECURITY
We will take all reasonable and appropriate security measures to protect the personal data we
store and process from unauthorised access or unauthorised alteration, disclosure or
destruction.
Should despite of the security measures, a security breach occur that is likely to have
negative effects to the privacy of Users, we will inform the relevant Users and other affected
parties, as well as relevant authorities when required by applicable data protection laws,
about the breach as soon as reasonably possible.