Privacy policy
Combined description of data file and information document / EU General Data Protection Regulation (GDPR, entry into force 25/05/2018)
and description of data file in accordance with section 10 of the Personal Data Act (Henkilötietolaki 523/1999)
1. CONTROLLER
Petäjäkylä Ky (Hotelli Kuusanka), 1718149-3, Ouluntaival 2, 93600 Kuusamo.
2. CONTACT PERSON
Harri Kallunki, info(at)kuusanka.fi, Ouluntaival 2, 93600 Kuusamo.
3. NAME OF DATA FILE
Customer register
4. PURPOSE OF AND LAWFUL BASIS FOR PERSONAL DATA PROCESSING KILÖTIETOJEN KÄSITTELUN PERUSTE JA TARKOITUS
Personal data processing is based on a customer relationship, contractual relationship, the data subject’s explicit consent or another justified reason. Personal data may be processed in order to fulfil contractual obligations and for other contact with the data subject, in marketing communications and in information provision.
5. CONTENT OF THE DATA FILE
Data that may be stored about the data subject include the data subject’s name and necessary contact information, such as address, telephone number and email address, company/business ID, organisational position, information on products ordered by the customer, their invoicing, and customer feedback.
Data on online service use collected through technology can include IP address and city or country of location, use and time of the use of the online service, information on the device used, type and version of operating system, browser type and language settings, customer service interaction through various service channels and external websites from which the user arrived or where the user goes after using the controller’s online service.
The controller may collect data on the use of its services on its website using cookies.
6. REGULAR SOURCES OF DATA
Data stored on the data file is obtained from the data subject themselves, from the data subject’s use of online and digital services via technology, from third-party analytics services such as Google Analytics, from public data sources, or from public data service providers.
7. REGULAR DISCLOSURE OF DATA
Personal data is not regularly disclosed to outsiders. Disclosure is however possible for justified purposes
8. TRANSFER OF DATA OUTSIDE THE EU OR EEA
Personal data is not regularly transferred outside of the EU or EEA.
9. PRINCIPLES OF DATA FILE PROTECTION
MANUAL MATERIAL
Material is stored in a locked space and destroyed when it is no longer needed; for example, if it has been converted into a digital format.
DIGITAL MATERIAL
The data file is appropriately protected in the controller’s premises and on an appropriately protected server and service.
Members of staff who are employed by the controller and who require data in order to perform their work are authorised to process personal data.
Data file data is protected using external technical solutions and programs.
An SSL-encrypted connection is used to collect and transfer confidential data, such as credit card and bank data.
Data on the data file is regularly backed up and the data back-up is regularly ensured.
The controller will notify the authorities or user directly of any possible data security breach in accordance with applicable legislation.
10. RIGHT OF ACCESS
Everyone primarily has the right to check the data saved on them in the data file. Requests for access should be directed to the controller’s contact person using the contact information above and must be signed and submitted in writing or digitally.
11. RIGHT TO RECTIFICATION AND ERASURE
Everyone has the right to request the rectification or erasure of inaccurate personal data concerning themselves. The request should be directed to the controller’s contact person using the contact information above and must be signed and submitted in writing or digitally.
12. OTHER PERSONAL DATA PROCESSING RIGHTS
The data subject has the right to request that their personal data is transferred in a digital format to another service provider.
The data subject has the right to withdraw their consent to personal data processing.
The data subject has the right to object to the processing of their personal data for direct advertising or marketing, and for market and opinion survey purposes.
The data subject’s request, withdrawal of consent and notice of objection should be directed to the controller’s contact person using the contact information above and must be signed and submitted in writing or digitally.
Data on the marketing register is stored indefinitely.
The controller stores other personal data on the data subject in accordance with valid legislation and only for as long as the storage is necessary in order to fulfil the purposes outlined in this privacy policy.
Data may be also be stored after the customer relationship ends or after another basis for data processing ends if it is necessary to comply with bookkeeping legislation or other legislation, or for other compelling legal reasons.
A website guest can clear or block cookies and other tracking in their browser or device settings, but this can weaken the user experience or cause functionality issues with the use of the website. Clearing the cookie cache will not fully stop data collection.