1 DATA CONTROLLER
Lapland Hotels Oy (Business ID: 2199747-9)
2 CONTACT DETAILS FOR MATTERS RELATED TO THE REGISTER
Email address: firstname.lastname@example.org
Address: Yrjökokontie 4, 99300 Muonio
3 NAME OF THE REGISTER
Customer, partnership and marketing register.
4 THE PURPOSE OF AND GROUNDS FOR THE PROCESSING OF PERSONAL DATA
The grounds for the processing of personal data include a contractual relationship between a customer or partner and Lapland Hotels Oy or a separate consent for the processing of customer information. The goal for the register is to manage personal data required for collaboration between Lapland Hotels Oy and its customers and partners, to ensure smooth-running customer services and the production and provision of services, and to enable marketing and the planning and development of business.
Personal data is collected and processed in collaboration with the customer or partner for the following purposes:
- the realisation and confirmation of purchases related to hotel rooms, cabins, programme services, ski-lift passes and other services and goods
- the provision of additional information related to purchases
- the offering of membership benefits
- the realisation and confirmation of online purchases to the customer
- the production and delivery of entities agreed upon with a corporate customer, related invoicing and the management of the customer relationship
- the analysis and development of products, services and business and the preparation of the necessary statistics
- the collection of feedback and information on deviations and customer satisfaction
- advertising, marketing and direct marketing. The data subject has the right to prohibit direct marketing
- data on underage persons
In its order forms, Lapland Hotels Oy may request its customers of legal age to provide the names or nicknames of their underage children. The information on underage children is not used for purposes other than the delivery of the products or services ordered.
Most browsers have a menu option that explains how cookies can be disabled, how the browser warns the user each time a cookie is being sent and how cookies can be deleted. If cookies are disabled, the use of the website may be restricted or become slower.
5 CONTENT OF THE REGISTER
The register may contain the following information:
- The type of the customer relationship: customer/partner/Club member
- Customer number
- Contact person(s)
- The role of the contact persons (corporate customers)
- Invoicing information
- Membership bonus balance (Club members)
- Services ordered and delivered
- Information accumulated in conjunction with services supplied by our partners
6 SOURCES OF INFORMATION FOR THE REGISTER
The primary source of personal data is information provided by the customer or partner at the start or in the course of the collaboration or information collected for the purpose of receiving feedback, analysing customer satisfaction or conducting research.
Personal data is also collected through customer service (such as call centres, e-mail, customer service counters and the chat service) and transactions.
Personal data may also accumulate in conjunction with the purchase of additional services.
Registers are purchased for marketing purposes.
7 DISCLOSURE OF INFORMATION
Registered data may be disclosed within the organisation of the data controller and its subsidiaries and sister companies and to our collaboration partners for the realisation of the purposes described herein. Otherwise, data is only disclosed to the extent permitted or required by law.
Data is not transferred outside the EU or EEA, unless it is necessary for the realisation of the service. In such a case, the data controller guarantees that the required level of data protection is ensured in accordance with the applicable legislation.
8 PROTECTION AND STORAGE OF DATA
The basis of data processing is respect for the rights and freedoms of data subjects in all stages of the processing and the fulfilment of the legal ground for processing. The data controller only collects and processes information that is necessary for its operations.
Digital material may only be accessed by authorised employees, sole traders and collaboration partners with a personal username and password. Various levels have been determined for access rights and each user is granted access rights on the level that is as restricted as possible but suffices for the performance of his or her tasks.
Information related to customers and partners is stored in the register for at least a year after the agreement has been terminated and all contractual obligations have been met unless otherwise agreed on or required by law.
9 DATA SUBJECTS’ OTHER RIGHTS RELATED TO DATA PROCESSING
Data subjects’ right to access the data (inspection right)
Data subjects’ right to rectification, erasure and the restriction of processing
Data subjects are entitled to require a controller to rectify any errors in their personal data as soon as they notice the error or become aware of it by other means. If the data subject is able to rectify the error, he or she must rectify, erase or complete the erroneous, unnecessary or outdated information. If the data subject is not able to do so, a request for rectification must be submitted.
Data subjects also have the right to restrict the processing of their data, for example if a request for rectification or erasure is pending.
Lapland Hotels Oy reserves the right to limit the number of free rectification and erasure requests to one a year.
Data subjects’ right to transfer the data pertaining to them to another system
Insofar as the data subject has provided personal data to the customer register and data processing is performed on the grounds of consent or assignment from the data subject, the individual has the right to receive this data primarily in a machine-readable format and to transfer the data to another data controller.
When the request for data transfer is made in writing, the data controller must deliver the data specified in the section on the right of access within reasonable time taking into account the extent of the information to be delivered. The data subject submitting the request must be prepared to verify his or her identity in accordance with the instructions provided by the data controller.
Data subjects have the right to lodge a complaint with a supervisory authority if they consider that the processing of personal data relating to them infringes the applicable data protection regulations.
10 CONTACTING THE DATA CONTROLLER
With regard to questions and requests related to personal data, the data subject must contact the operator responsible for the data controller’s register referred to in section 2.
11 THIRD-PARTY WEBSITES AND SERVICES