Skip to content
Descriptions of registers Notification channel

Privacy statement – the Finnish Fair Corporation’s notification channel

Prepared 12 April 2023.

1. Controller

Messukeskus, Finnish Fair Corporation
Messuaukio 1, 00520 Helsinki, Finland
Tel. +358 40 450 3250
Business ID: 01163223

2. Contact person responsible for the file

Messukeskus customer service
Messuaukio 1, 00520 Helsinki, Finland
Tel. +358 40 450 3250

3. Name of the file

The Finnish Fair Corporation’s notification channel

4. Legal basis and purpose of processing personal data

The processing of personal data is based on the European Union’s directive on the protection of persons who report breaches of Union law (EU 2019/1937) approved on 23 October 2019.

The directive obliges companies to provide, for example, a reliable notification channel that enables notifications of misconduct and unethical behaviour. The processing of personal data is necessary in order to fulfil the obligations imposed by the directive.

5. Contents of the register

The following personal data is processed in the service:

The data stored in the register is obtained from the notifier. There are no other regular sources of data.

7. Regular disclosure of data and transfer of data outside the EU or the EEA

If an anonymous notification requires further investigation and personal data has been provided in the notification, it may be disclosed to the organisation’s designated investigative bodies.

Personal data will not, in principle, be disclosed outside the Group. However, data is disclosed to the police in cases of suspected crime as required by applicable legislation and, for example, to the authorities to the extent permitted and required by the legislation in force at the time, the regulations of the authorities, and the instructions of trade associations.

The data in the register will not be transferred outside the EU or the EEA.

8. Registry protection principles

Care is taken when processing the register, and the information processed with the help of information systems is properly protected. When registry data is stored on Internet servers, the physical and digital security of their hardware is taken care of accordingly. The controller ensures that the stored data, server access rights and other information critical to the security of personal data are treated confidentially and only by the employees whose job description it belongs to.

Notification data is stored in the database in encrypted form. The data processor does not have access to the stored data, and the data is only available to the notification processors appointed by the controller. The controller may restrict access to notifications on the basis of different notification types.

9. Your rights as a data subject

The Act on the Protection of Persons Reporting Infringements of European Union and National Law (1171/2022) restricts the data subject’s rights concerning the restriction of the processing of personal data and the right of access to data (Section 31). The Finnish Fair Corporation complies with these limitations and related practices.

The Finnish Fair Corporation offers you the right to inspect the personal data we process about you. You can contact us in writing and ask us to tell you what personal data we process about you and the grounds for processing the data. The Finnish Fair Corporation is entitled to verify the identity of the enquirer.  If less than 12 months has elapsed since your previous information request, we may require a fee to be paid for the work involved in realising the request.

In accordance with the General Data Protection Regulation, the data subject has the right to demand that the Finnish Fair Corporation correct, erase or supplement personal data in the register that is incorrect, unnecessary, incomplete or outdated in terms of the purpose of data processing. The data subject also has the right, under certain conditions, to restrict and object to the processing of personal data and to receive notification of a personal data breach.

You can exercise your rights by sending an email to

or by contacting us at the addresses specified above. The request must primarily be sent from the email address registered in the user data, and the response to the request will be sent to the same email address.

In addition to the foregoing rights and your other rights, legislation also guarantees you the right to submit a complaint to the supervisory authority, particularly in the Member State where you are permanently resident or working, or where the alleged contravention of the GDPR has taken place. The supervisory authority in Finland is the Data Protection Ombudsman.