Data Protection Notice

Data Controller

City of Jyväskylä, Corporate Group Administration,
Visit Jyväskylä
Kilpisenkatu 1
40100 Jyväskylä


Individual in charge of personal data file

Susanne Rasmus, Tourism Director
susanne.rasmus (at)
Kilpisenkatu 1
40100 Jyväskylä
tel. +358 400 885 786

Name of the data file

Visit Jyväskylä Marketing Data File

Purpose of processing personal data

Personal data may be processed for the following consumer marketing purposes

To send information requested by visitors and add them to the mailing list of Visit Jyväskylä Region. By completing the form on our website, the user gives consent to the controller to store and process their personal data as described in this data protection notice. The marketing data file may also include personal data based on the customer relationship (e.g. a contact form). The primary purpose of the data file is to enable marketing communication via email. The data files are also used to support internal research and statistical analysis by Visit Jyväskylä Region.

The data recorded by contact forms or other data gathering forms on this website will automatically be deleted by the Visit Jyväskylä Region content management system after 14 days.

An external email system is used for email marketing and the email data file is stored on their server. Visit Jyväskylä Region uses the Campaign Monitor system in its e-mail marketing. Campaign Monitor Privacy Statement.

Customer service

Our website offers various means of contacting us, including Contact Us forms and e-mail. You can also contact us through social media services such as Facebook. If you contact us over these channels, we must process the information you provided to answer your questions. Information submitted to us through the Contact Us form on this website will be automatically and permanently deleted after 14 days.

Our website uses the Elisa Chat service. When chatting with end users, our customer service representatives can see their location city, the operating system they use, and other information. For the purposes of the Finnish Data Protection Act, Visit Jyväskylä is the controller of the personal data held in the service and Elisa the processor of the same. Personal data processed in the service may be transferred outside the EU/EEA area. Elisa is committed to ensuring any countries processing personal data guarantee sufficient a sufficient level of data protection pursuant to the decision of the European Commission. Alternatively, any transferred data will be protected in an appropriate legal manner, such as a contract fulfilling the requirements of EU Standard Contractual Clauses for personal data transfer outside the EEA area. The data to be transferred is defined as any data necessary to carry out the service. The conversation between the customer service representative and the end user will be preserved in the system for 60 days, after which it will be automatically deleted.

Personal information may be processed in stakeholder communication as follows:

  • keeping an up-to-date record of contact information and personnel
  • communications and joint marketing
  • maintenance of cooperative relationships

Personal information may be processed in stakeholder communication as follows

Promoting national and international media visibility, communiques, media visit invitations, etc.

Personal information may be processed in stakeholder communication as follows

Communications, invitations to travel operators, promotion (offering tourism products from the Jyväskylä Region for sale).

In addition, the data files support the internal research and statistical activities of Visit Jyväskylä Region.

Other use

Office 365

As part of the processing of personal data, the data can also be processed in the Jyväskylä Office 365 environment (Office 365 Privacy Statement (in Finnish)). In principle, the processing of customer data always takes place in the customer system.

The Office 365 environment may handle operational support material and, for a short period of time, temporary materials for internal use, which may also contain personal information about staff and customers. In the case of Visit Jyväskylä Region, this means e.g. the storage of documents related to procurement (photographs, videos, influencer collaboration, and other goods and services) and visits (blogger and media visits).

Commenting on websites

When a visitor submits a comment on the website, we collect any information submitted in the contact form, as well as the user’s IP address and browser version data to ease spam filtering. When a visitor submits a comment on this website, we collect any information submitted in the contact form, the user’s IP address, as well as browser version data. An anonymised hash generated from the user’s e-mail address may be submitted to the Gravatar service to identify if the commenter is a registered user of the service. You may view the Gravatar privacy policy at

Content of the data file

  • Personal data based on consent given by individuals. In the case of individuals, the contents typically include items, such as their name, address, email and telephone number. Individuals added to the data file may also be asked to provide profile information based on their consent.
  • Data disclosed by companies and collected from public sources. In the case of companies, the contents include their business ID, first and last names of contact persons (including any prefix) and title, company/organisation grouping information (e.g. mailing groups), address information, company and contact phone number(s) and email address(es), Website addresses as well as any additional information provided by the customer. Following the introduction of the customer management system, the contents will also include customer history, log data (e.g. contacts with customers) and any mailing bans (email and post).
  • The data file contains information disclosed by the media and collected from public sources. In the case of the media, the contents typically include the name of the media channel/company, name of contact, email and country.
  • The data file contains information provided by tourism professionals and collected from public sources. Typically, the contents include company name, contact name, country and email.

Regular sources of data

Customer-related information is received from sources such as:

  • Forms completed by users on the Visit Jyväskylä website.
  • Through various campaign pages where users complete forms.
  • During various events, trade fairs and sales tours, when users supply their information and give their consent to store their personal data.
  • By email when customers supply their information and ask for their contact data to be added in the customer data file.


Our website uses cookies to ensure a good user experience. A cookie is a short text file temporarily saved on the user’s hard disk drive. Cookie data may include e.g. website functions you have used, page visits or data about the visiting users’ devices. Cookies are user-specific, but the user cannot be identified based on the cookies, unless they have voluntarily given additional information, e.g. through a web form. Almost all websites use cookies, and the correct functioning of the web is not guaranteed without cookies. Please note that if you block cookies, all functionality on our website may not be at your disposal as intended.

The user can select their cookie preferences through the settings of their web browser, as well as e.g. clear their browser cookies. If you prevent cookies from being saved or block them altogether, some of our website functionality may not be available. Deactivating a cookie or a class of cookies will not delete the cookie from your browser; you must use your own browser to do this. If you want your browser to block cookies, adjust your settings as directed by your browser provider.

For more information about cookie practices in Finland, please see the website of the Finnish Transport and Communications Agency’s National Cyber Security Centre.

Analytics and social media services

We use cookie data in e.g. remarketing as well as displaying content to website visitors. In addition, we collect data for website analytics. Our objective is to ensure our website visitors have the best possible experience of the website and its functionality and content, as well as that content is targeted to the visitors’ own preferences. Services we use include Google services (Google advertising and Google Analytics) as well as social media services (e.g. Facebook, Instagram, Twitter, LinkedIn). Our website also incorporates widgets designed to ease sharing our content in different online environments and social media. Interacting with these widgets may result in a cookie being issued to your device by the service you have chosen. These cookies are not under our control. You can learn more about third-party cookies by visiting the respective websites of those third parties. Our website also contains embedded content from social media channels. These services may also push cookies to your browser.

Regular data disclosures

Contact information (marketing authorisations) collected with the consent of users in connection with various joint marketing activities may be disclosed to Visit Jyväskylä’s partners. In such a case, however, the individuals concerned will be told, at the time of giving consent, to whom and for what purpose the information will be disclosed.

In cases other than the above, personal or corporate information will not be disclosed outside Visit Jyväskylä.
The owners/administrators of the systems used by Visit Jyväskylä have access to the data content, but they do not have the right to process or use the data for their own purposes.

Transfer of data outside the EU or EEA

he data will not be disclosed or transferred outside the EU or the European Economic Area unless it is technically necessary for Visit Jyväskylä or its partner.

Principles of data file protection

The information contained in data files is only available to Visit Jyväskylä. The system partly relies on external servers belonging to Visit Jyväskylä’s service provider. To use the available systems, network drives and email, users need a personal user ID and password. Users will lose access when they no longer attend to duties for which they have been granted access. Access rights are restricted to specific duties.

Rights of the data subject

The data subject has the right to check their personal information stored in the data file. The data subject has the right to prohibit the controller from processing their personal data and leave the mailing list. For this purpose, there is a link at the end of each email saying “I no longer wish to receive communications from you”. Just click this link to remove your address from our data file. To prohibit communications based on cookies, use the settings of your browser.