1 Data privacy statement of Lapland Hotels & Lapland Safaris Travel Business operations
This data privacy statement pertains to the data privacy of Lapland Hotels Oy, Lapland Safaris Oy, SantaClaus Office and their subsidiaries and sibling companies (hereinafter ‘Travel Business’). For the Travel Business, the management of data protection is a central activity. In our Travel Business, we place a high value on the privacy of the customers who use our services and we strive to offer them a safe and secure user experience.
We aim to understand the needs of the customers who use our services and to create entities that best meet their interests. To achieve this, we collect information related to the service users from various sources, pertaining, for example, to their actions on our websites. Data processing enables us to generate added value primarily for our customers but also for our partners.
In this summary, we explain in more detail how the companies that belong to the Travel Business section collect and use information. By using the services provided by the Travel Business, the customer accepts the processing of data, as described herein. Accepting these practices is required for the use of the services. In addition to these terms, the terms and conditions presented on each service provider’s website are applied to the services provided by our partners (for example, www.tripadvisor.com, www.booking.com, www.facebook.com and www.laplandhotels.com).
1.1 Data processing
The Travel Business’s principles and practices related to data processing respect the privacy of customers, partners and personnel and comply with the national data protection regulations, including the requirements and principles set forth in the EU’s General Data Protection Regulation (GDPR). We process personal data on the grounds of a customer relationship, contract or consent and in accordance with the ground. Additionally, data may be processed for reasons of marketing or other similar purposes. We primarily collect personal data from the users, for example, in conjunction with registration to the service or event reservation. We may also collect information on customers who use our services in a manner described below.
We process data for the purposes described in the data privacy policies related to the Travel Business’s customer information. We only process personal data to the extent that is necessary for the purpose specified for each register. To facilitate risk management, the personal data is classified on the basis of how critical it is. We process personal data for purposes such as the realisation of services, the delivery of orders and the improvement of the user experience via customised products and events (e.g. event recommendations and personal offers) and targeted digital content. Additionally, we process data in order to analyse resources, rectify problems, prevent fraud, develop business and support product development. For the realisation of these purposes, we may combine information that the user has provided to various companies belonging to the Travel Business group and information gathered in conjunction with the use of the Travel Business’s services within the framework permitted by risk management and data classification.
We do not need to process data in a format that allows individuals to be recognised for all of our operations. If the identification of individuals is not necessary, the information can be pooled or anonymised for purposes such as preparing marketing statistics.
The data privacy requirements set for the processing of personal data have been made known to the company’s partners and subcontractors. In addition to the processing we perform ourselves, we may transfer and disclose information pertaining to our service users to third parties, for example to service providers, to enable the production of the service. We may also send adverts pertaining to events and services provided by our partners. Additionally, we may disclose information to authorities pursuant to applicable legislation.
In the processing of payment information, we comply with the applicable laws and the terms and conditions set and monitored by payment institutions.
The Travel Business’s privacy policies are available on its websites and upon request by email to email@example.com. More information on the processing of data related to each service can be requested by sending email to the same email address.
1.2 Utilisation of cookies and similar techniques and device-specific localisation information
We may collect and use behavioural information pertaining to the service users via the Travel Business’s online services. Cookies and other similar techniques may be used to collect data pertaining to the user’s computer and other devices. Cookies are small files sent from a website and stored on the user’s computer to enable the digital service to perform actions such as remembering the user’s password and username for later visits, with consent from the user. They contain an anonymous, numeric ID that we can use to count the number of browsers visiting our website. Mobile devices use numeric IDs that are similar to cookies with regard to their operating principle. Cookies and other similar techniques do not damage the user’s device or files. They cannot be used to spread viruses or to browse files stored on the user’s hard drive.
We collect information in an automated manner on browsing behaviour (e.g. the duration and time of the visit and the search phrases and words and the search engine used to access the website), the websites and parts thereof visited and technical matters related to the user’s computer or mobile device (e.g. the operating system, the geographical location and the browser).
We use the information gathered with cookies and other similar techniques for purposes such as enhancing the visibility of our services, producing more fitting marketing content and targeting the content of our services and marketing messages. The Travel Business’s adverts may be targeted at users on third-party services (for example, Google) outside the Travel Business’s networks on the basis of the user’s visit to our service.
If the user has registered for one of the Travel Business’s digital services, behavioural information may be linked to personal data collected from the user by other means, on condition that the user is notified of it personally. Several of the Travel Business’s services can be used without registration. If the user has not registered for any of the Travel Business’s digital services, we cannot link information gathered with cookies to the user’s name or other information provided by the user.
Personal data collected through the chat service on our website is used for maintaining the customer relationship, for making order inquiries and for developing the customer experience and customer service. The following personal data is collected through the chat service:
- Customer data (such as name, e-mail address, phone and mobile phone numbers, customer identification number)
- Business customer or partner data (such as name, city, phone and mobile phone numbers, e-mail address)
- Contents of chat interaction
- User’s IP address
- User’s Google Analytics ID from cookies
Collected personal data and chat interactions will be stored in the chat service provider’s system for three months.
The Travel Business’s service providers or third parties (advertisers and advertising networks, media and marketing agencies, analytics and monitoring services) may gather information on browsing activities in conjunction with visits to the Travel Business’s services. Correspondingly, we may use behavioural information collected from outside our own website. We use the Google Analytics marketing features (remarketing and similar audiences’ services, Google Analytics reports on target groups and topics). We take various physical, electronic and contractual measures to ensure that no unauthorised persons have access to the information gathered with cookies and that our service providers do not use the information for their own purposes. We also aim to ensure that third parties are committed to complying with the applicable laws and self-regulation guidelines. However, we do not monitor the practices of third parties and do not accept responsibility for them. The Internet is an open system, which makes it impossible to guarantee that unauthorised third parties cannot bypass the safety measures or use the information for unauthorised purposes.
We may use community links on our services, including Facebook’s Like button, the content of which comes directly from Facebook. Facebook, Google, Instagram, Twitter and other similar service providers may collect information on the user’s visit to the website in line with their own terms and conditions.
Some cookies remain on the user’s computer after the user has exited the website. Unless specifically deleted, they may remain on the computer for months or even years after the last visit to the website.
With regard to the collection and use of behavioural information, the Travel Business emphasises commitment to IAB Europe’s self-regulation programme for online behavioural advertising as a selection criterion for its marketing partners. For further information on the self-regulation programme, visit IAB’s website.
In addition to behavioural information, the Travel Business may collect anonymised information on the geographical location of the user’s device. This localisation information may be used for statistics and geographically targeted marketing, on condition that the user has granted consent for the utilisation of the information.
1.2.1 How the user can influence information gathered with cookies
Users can disable cookies in their browser settings if they do not want us, or our partners, to target marketing or content on the basis of their browsing behaviour. By deleting cookies regularly, users can change the identification code used to form a user profile. However, deleting cookies does not stop the gathering of information; instead, it clears the profile formed on the basis of previously collected information. Users should note that deleting or disabling cookies does not prevent advertising on the Travel Business’s digital services and may interfere with or prevent the use of the services. Deleting or blocking cookies is always device-specific.
Other options for influence available to the user, including the right to inspect and rectify personal data and prohibit direct marketing, are described in more detail in the Travel Business’s company-specific privacy policies pertaining to customer information.
1.3 Changes to the terms and condition and contact information
We reserve the right to change the privacy practices described herein and to update terms accordingly. With regard to any questions related to the Travel Business’s services, users may contact us by email to firstname.lastname@example.org
This description was last updated on 18 May 2018.