Monesko Privacy Policy

Effective from 1 June 2026.

This Privacy Policy explains how Monesko processes personal data in connection with registration, payment, timing, results service and event services.

1. Controller and contact details

Monesko is an auxiliary business name of Trail Monkeys Oy. Trail Monkeys Oy is responsible for the processing of personal data to the extent that Monesko acts as a controller.

Monesko
Trail Monkeys Oy
Business ID 2876069-3
Kenttätie 20 B22
90130 Oulu
Finland
Email: aika@monesko.fi
Website: https://monesko.fi/

For privacy-related matters, you can contact us at: aika@monesko.fi

2. Monesko’s role in the processing of personal data

Monesko processes personal data in different roles depending on the situation. In practice, this means that the event organiser is responsible for many decisions related to participant data, and Monesko processes data in order to provide the service.

When Monesko handles event registration, Race Result is used as the primary registration, timing and results service system.

Monesko may act as a processor on behalf of the event organiser when it processes participant data in connection with event registration, timing, results service or other event implementation.

Monesko acts as a controller when it processes personal data for its own purposes, such as customer service, service maintenance, payment processing, invoicing, accounting, prevention of misuse, fulfilment of contractual obligations or compliance with legal obligations.

The event organiser may act as an independent controller for participant data relating to its own event. The event organiser’s own processing of personal data may be described in the event organiser’s own privacy policy or event-specific instructions.

3. What personal data do we process?

The data processed varies depending on the event and the services used. Monesko may process, for example, the following data:

  • name
  • contact details, such as email address, phone number and address
  • date of birth, age or age group
  • gender or category information, if used by the event for categories or results
  • club, team, company or other background information provided by the participant
  • distance, category, start group or other event-specific selection
  • payment method, payment status and identifiers related to the payment transaction
  • payment data related to sports benefits or other employee benefits
  • information related to changes, transfers, cancellations or refunds of registrations
  • timing and results data, such as start time, split times, lap times, finish time, placing and DNF markings
  • messages related to participant communications and customer service
  • possible special information provided by the participant for the implementation of the event, such as allergy or dietary information, ICE contact, shirt size, licence information, guardian details for underage participants or other event-specific additional information
  • technical data related to the use of the service, such as log data, IP address, browser data, device data and cookie data

Monesko does not ask participants to send medical certificates or other unnecessary health data. If the implementation of an event requires, for example, allergy, dietary, accessibility or safety-related information, such data is processed only to the extent necessary for organising the event.

4. For what purposes is personal data used?

Personal data is used for the following purposes:

  • receiving and managing registrations
  • receiving payments, verifying payment transactions and handling possible refunds
  • participant communications before, during and after the event when Monesko handles communications on behalf of the event organiser
  • preparing participant lists, start lists, timing and results service
  • supporting event safety, arrangements and participant services
  • customer service and responding to enquiries
  • processing changes, transfers, cancellations and refunds of registrations
  • technical maintenance, development and security of the service
  • preventing and investigating misuse, errors and payment issues
  • accounting, reporting and compliance with legal obligations

5. Legal bases for processing personal data

Personal data is processed on the following legal bases:

Contract and steps prior to entering into a contract
Processing is necessary for registration, payment, participant services and the practical arrangements related to the event.

Legal obligation
Data is processed, for example, in connection with accounting, payments and statutory obligations.

Legitimate interest
Data may be processed for purposes related to service maintenance, security, prevention of misuse, customer service and service development.

Consent
If processing is based on consent, the participant may withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

6. To whom is personal data disclosed or transferred?

Personal data may be disclosed or transferred only to the extent necessary for providing the service, organising the event or complying with legal obligations.

Data may be disclosed or transferred, for example, to the following parties:

  • the event organiser and parties involved in organising the event
  • timing, registration and results service systems, such as Race Result
  • payment service providers, such as Paytrail and Stripe, as well as banks, card issuers and sports benefit providers such as Epassi, Smartum and Edenred
  • email, communication and customer service systems
  • providers maintaining websites, registration systems and other technical services
  • accountants, auditors or other parties involved in fulfilling statutory obligations
  • authorities, if required by law or an authority decision

The event organiser may have access to participant, registration and results data relating to its own event through the system in use.

Public start lists and results lists may include, for example, the participant’s name, club or team, category, start time, split times, lap times, finish time, placing, DNF markings and other information belonging to the event’s results service.

Events may be photographed or filmed by the event organiser. Event photography and the use of images are primarily governed by the event organiser’s own terms and instructions.

7. Processing of data by service providers and systems

Monesko uses external systems and service providers to provide its services. These may include registration, timing, results service, payment processing, sports benefit, email, website, analytics and customer service systems.

When Monesko handles participant communications, messages are usually sent in Monesko’s name through the Race Result system. Monesko currently does not have a separate newsletter.

Service providers process personal data on behalf of Monesko or the event organiser in accordance with the agreed purposes.

Data may also be processed outside the European Union or the European Economic Area if the service provider used operates, or uses subcontractors, in these areas. In such cases, data transfers are protected using safeguards required by data protection law, such as the European Commission’s standard contractual clauses or another applicable transfer mechanism.

8. Cookies, analytics and website use

Monesko’s website may use cookies and similar technologies for website functionality, usage measurement, analytics, marketing measurement and service development.

Necessary cookies are required for the website and service to function. Monesko may use tools such as Google Analytics and marketing measurement tools such as Meta Pixel if they are in use on the website. Non-essential cookies, such as analytics or marketing cookies, are used only in accordance with applicable law.

Users can manage cookies through their browser settings or through the cookie management tool used on the website, if available. Monesko updates its cookie practices and cookie management in accordance with the analytics and marketing tools in use.

9. How long is data retained?

Personal data is retained only for as long as necessary for the purposes described in this Privacy Policy or as required by law.

Retention periods are affected by factors such as event implementation, customer service needs, payment processing, possible complaints, accounting and statutory obligations.

Registration and event data may be retained for as long as required for event implementation, customer service, reporting and possible follow-up investigations.

Data related to accounting and payments is retained for the period required by accounting legislation.

Public results data may be retained long-term as part of the event’s results history unless there is a specific reason for removal.

10. How is data protected?

Monesko protects personal data using appropriate technical and organisational measures.

Data is processed only by persons and service providers who need to process the data based on their tasks.

Data protection measures may include, for example, access rights management, password protection, log data, backups, encrypted connections and service provider security practices.

11. Rights of the data subject

Participants and other data subjects have rights to their personal data under data protection law.

A data subject may have the right to:

  • receive information about the processing of their personal data
  • access personal data concerning them
  • request correction of inaccurate data
  • request deletion of data
  • request restriction of processing
  • object to the processing of personal data
  • request transfer of data from one system to another, if the applicable conditions are met
  • withdraw consent they have given

Requests may be handled depending on Monesko’s or the event organiser’s role. If the request concerns data controlled by the event organiser as controller, Monesko may forward the request to the event organiser or process it in accordance with the organiser’s instructions.

Data requests can be sent to aika@monesko.fi.

12. Right to lodge a complaint with a supervisory authority

If a data subject considers that their personal data has been processed unlawfully, they have the right to lodge a complaint with a supervisory authority.

In Finland, the supervisory authority is the Office of the Data Protection Ombudsman: https://tietosuoja.fi/en/home

13. Changes to this Privacy Policy

Monesko may update this Privacy Policy when services, systems, practices or legislation change.

The up-to-date Privacy Policy is available at https://monesko.fi/en/privacy-policy/.