DATA PROTECTION REPORT
At Hotel & Spa Resort Järvisydän we process personal information in order to serve our customers in the best way possible. We register personal data on customers who use the services of our hotel, spa and activities as well as our personnel and business partners. Personal data includes a person’s first and surname, phone number, e-mail address and various user information accumulated when using our services.
2. Data subjects
Customers, potential customers, suppliers and business partners.
3. Basis and purpose for maintaining the registry
Based on laws and regulations
• Nationality (regulation EU 692/2011), purchasing data or parts thereof for accounting purposes (law 1336/1997) for protection of Data subject
• Booking-related customer data such as name and contact information
• Language codes, information on accompanying passengers or participants in events (passenger card)
• Information on invoicing or other payments and payment methods
• Basis for pricing, such as information on corporate customership or other factors influencing prices.
• Purchasing data and information on booked and used services
• Service level of booking, such as room type and other information on desired services
• Marketing communication
Use of personal data processing and registry
Personal data is processed only for predetermined purposes, which are the following:
• Processing booking of rooms, activity services, wellbeing services, restaurants and venues and the production of services
• Identification of customer
• Caring for customer relations, customer appreciation
• Booking-related communication, contacting customers
• Marketing communication
• Problem solving and communicating problems
• Customer service development, research related to customer service improvement
• Securing rights of parties involved and ensuring accuracy of services
4. Personal data stored in registry
Customer registry includes following data:
• Customer data
• Data on purchased products/services
5. Rights of data subject
The data subject has the following rights, the use of which must be applied for at the address firstname.lastname@example.org
Right to check
The data subject can check personal data registered by us.
Right to rectify data
The data subject can ask for correction of erroneous or inadequate data pertaining to them.
Right of opposition
The data subject can oppose processing of personal data if data subject feels that the personal data have been processed in breach of law.
Prohibition of direct marketing
The data subject has the right to prohibit the use of data for direct marketing.
Right of erasure
The data subject has the right to ask for removal of data if the data processing is not necessary. We shall process the erasure request after which we will delete the data or give a justified reason why data cannot be erased.
It is to be noted that the registrar can have a statutory or other right for not erasing the requested data. The registrar is obligated to conserve accounting data for a specified time (10 years) according to the accounting law (chapter 2, 10 §). Thus, accounting data cannot be deleted until the determined period has passed.
Cancellation of consent
If the processing of personal data is based only on consent and not, e.g. customership or membership, the data subject can cancel their consent.
The Data Subject can complain about the decision to the Data protection Supervisor
The Data Subject is entitled to demand that we restrict the use of disputed data until the issue is resolved.
The Data Subject is entitled to appeal to the Data protection supervisor if they feel that we are breaking the effective data protection legislation.
Contact info for Data protection supervisor: www.tietosuoja.fi/fi/index/yhteystiedot.html
5. Regular data sources
Customer data is acquired regularly
• from customer at the creation of the customer relationship
• from customer via an online form
6. Sharing and handing over collected data
We may transfer your personal data within the SaimaaHoliday network to persons in charge of customer relations as well as sales and marketing. We may transfer your personal data to service providers who offer us services such as data processing and other ICT services, campaigns, competitions and draws along with brand and market survey services. We do not allow such service providers to use your personal data or transfer them for any other purpose except to offer services on our behalf.
In case we, for strategic or other business reasons, decide to sell or transfer our business in part, or as a whole, we can, as a part of such a sale or transfer, hand over data collected and stored by us, including your personal information stored in customer data, to whomever as a participant of such a business sale or transfer.
We process data with our partners and service providers who are bound to comply with the requirements of the Data Protection Regulation.
7. Duration of processing
Data are transferred according to rules outside the EU or European Economic area. When data are transferred outside the EU or European Economic Area, we assure that security of personal data is at a sufficient level by e.g. agreeing to issues related to the confidentiality and processing of personal data in manners stipulated by legislation.
8. Data security
We store your data in a digital registry and have assured the appropriate procedures to secure your personal data. Use of the registry, changing and processing of information require user identification and a secure connection. Use of the registry is allowed only by authorized persons, whose task is to maintain and control the system and customer relationships. Registered data are protected from outside use and the usage of the registry is monitored.
9. Changes to the protection policy
We can update this data protection policy and our data protection procedures regularly. If changes are significant, we shall inform about these on our website or by other means, e.g., e-mail. We hope that you read this policy regularly, so that you always have the updated inform