Privacy Policy and Register Description

This is the privacy policy statement for Middle8 Live in accordance with the European Union's General Data Protection Regulation (GDPR).

  1. Controller of the Register
    AV Pro Oy (2596534-3), Kiitoradankuja 6, 001530 Vantaa, Finland.

  2. Contact Person for Matters Concerning the Register
    Ville Häivälä, ville.haivala@middle8.com.

  3. Purpose and Legal Basis of Data Processing
    The purpose of this register is to maintain the organization's customer register, manage services and products ordered by customers, archive and process data, and manage customer relationships. The information may be used for business development, statistical purposes, marketing, and for producing more personalized content on our online services. "Customers" in this context refer to entities with existing customer relationships, including those with previous relationships, even if there are no ongoing assignments at the moment. Additionally, customers include entities targeted for marketing to establish a customer relationship.


    The controller has obtained information for the register either directly from the data subject, from a representative of the data subject, or from common contacts shared between the controller and the representative, or from public sources such as websites.

    The processing of personal data is based on the legitimate interests of the controller, which, in this context, include conducting business, marketing, and promoting sales. If the data subject does not provide their contact information, the controller may not be able to establish or continue a contractual relationship with the organization represented by the data subject, or the data subject may not be able to act as the representative of their organization towards the controller.

  4. Content of the Register
    Information collected in the customer register includes:

    - First and last name
    - Title
    - Phone number
    - Email address
    - Represented organization
    - Organization's address
    - Information about previous orders/agreements
    - Billing information
    - The personal identification number or date of birth of individuals included in production.

  5. Regular Data Sources
    We primarily receive information directly from individuals. Additionally, personal data may be collected and updated for the purposes described in this privacy policy from publicly available sources, authorities, or other third parties within the limits of applicable law. Such updating of information is done manually or by automated means.

  6. Regular Disclosures and Recipients of Data
    The customer register data is only available to the organization, except when utilizing IT, marketing, and communication service partners for processing personal data. Personal data may be disclosed to authorities if required by mandatory legislation. The controller may use subcontractors for processing personal data.

  7. Transfer of Data Outside the EU or EEA
    Personal data is not primarily transferred outside the EU or EEA unless necessary for the technical implementation of the organization or its partner. When transferring personal data outside the EU or EEA, we ensure through agreements or otherwise that the transfers comply with legal requirements. We also ensure and require our processors to ensure that your personal data remains protected even when transferred outside the EU or EEA.
    Regarding the processing of personal data, data may also be transferred by the controller outside the EU or EEA to entities (e.g., cloud services) committed to complying with the requirements of the General Data Protection Regulation in ways that ensure adequate protection for the processing of personal data.
    The register description should also mention if personal data is transferred outside the EU or EEA. If so, it is good to be aware if it is, for example, a transfer under the Privacy Shield arrangement, which means that certain rules are committed to regarding the transfer and processing of data.

  8. Retention Period of Personal Data and Data Deletion
    Data collected in the register is retained only for as long and to the extent necessary in relation to the original or compatible purposes for which the personal data was collected. Personal data stored in the register is deleted when there is no longer a legal basis for processing them.

  9. Principles of Register Protection
    Carefulness is observed in the processing of the register, and information processed via data systems is appropriately protected. When registry data is stored on internet servers, both physical and digital security of the hardware is adequately ensured. The controller ensures that stored data, maintenance credentials, and other information critical for the security of the service are handled confidentially and only by employees whose job description includes such tasks.

  10. Right of Inspection for the Data Subject
    Everyone has the right to inspect the information they have in the register. Inspection is done by sending a request for inspection to the contact person of the register from the email address registered in the register. The identity of the requester is verified before providing the information.

  11. Right to Rectification and Deletion of Data
    Everyone has the right to demand correction of incorrect personal data. Personal data that is incorrect, unnecessary, incomplete, or outdated for the purposes of processing must be corrected, deleted, or supplemented. A request for correction must be made by a signed written request to the controller of the personal register. The request should specify which information needs to be corrected and on what basis.
    The data subject has the right to request the deletion of personal data concerning them from the register. The identity of the requester is verified if necessary before the actions are taken. Data subjects also have other rights under the EU General Data Protection Regulation.

  12. Other Rights Related to the Processing of Personal Data
    The data subject has the right to request restriction of processing according to Article 18 of the General Data Protection Regulation. A request for restriction of processing can be made by sending a request by email to the controller's contact person, providing a rationale for the request. If processing is based on consent, the data subject has the right to withdraw the consent given for processing at any time by notifying the controller's contact person by email. In some cases, data subjects may have the right to data portability, meaning they have the right to receive their personal data in a commonly used and machine-readable format and to request that their data be transferred to another controller, if technically feasible.

  13. Other rights related to the processing of personal data
    The data subject also has the right to lodge a complaint with a supervisory authority if the data subject believes that the processing of their personal data violates applicable data protection laws. Data in the register is not used for purposes other than those described in this statement.