Saariselkä Booking’s privacy policy and statement

• Dates
• Name of the register
• Data controller
  • Contact person
• The aim of processing personal data
• Legal basis for processing personal data
• Data content of the register
• When make booking following data will be stored
  • Contact information
  • Profiling information
  • Information concerning the purchased product/service
• Information fill into the passenger card 
• Regular sources of information
• Data transfers obligated by the law
• Principles for protection of the data
• Right to rectification and erasure the data and ’right to be forgotten’
• Guidance, controlling and more information 

This is Saariselkä Booking’s privacy policy document according to Personal Data Act (523) 10 & 24 §, and General Data Protection Regulation (GDPR). The document includes information about processing of the personal data and about the rights of the data subject (the person whose data is being processed).

Dates

• Updated 26^th Mar 2018
• Created 11^th Apr 2009

The name of the register

• saariselka.com -register

Data controller

Saariselkä Booking (Saariselän Keskusvaraamo Ltd.)
Business id: 0651213-8
Honkapolku 2, FI-99830 Saariselkä
+358 16 554 0500
booking@saariselka.com

Contact person

Nina Saniola
Saariselkä Booking (Saariselän Keskusvaraamo Ltd.)
Honkapolku 2,FI-99830 Saariselkä
+358 16 554 0500
booking@saariselka.com

The aim of processing personal data

The meaning of processing personal data is to properly implement to share information, deliver products, access to the internet services, surveys and campaigns as well as to do marketing and advertising properly at the all channels used for this purpose.

In other words the personal data is used for:

• Start and maintain of the customer relationship.
• Communication with the customer for example invoicing language, booking confirmation and discussion with the customer by phone or by e-mail.
• Identify the customer who will take a part to the competition or the campaign.
• Design and development the new services and products.
• Target marketing operations.

The aim is to be customer-oriented service provider.

Legal basis for processing personal data

• GDPR Article 6 (1), chapter b, c and f:
  • A contract where the data subject is a party.
  • Processing is necessary for compliance with a legal obligation to the data controller.
  • Processing is necessary for the legal rights of the data controller or third party.
• Finnish law 2006/308 obligates the data controller to store passenger cards.

The data subject has the right at any time, free of charge, to prohibit the processing of personal data for marketing purposes or to withdraw the consent previously given.

The data content of the register

The data content of the register various, depending about what kind actions the data subject will do or what kind of products/services a customer will purchase. This chapter specifies the stored data from the perspective of the purchasing customer.

When make booking following data will be stored

Contact information

• First name and family name
• Address
• Country
• Language
• Phone number
• E-mail
• Customer number
• Online service
  • user ID
  • password

In addition, in some cases:

• Name of the company
• Company ID
• Account number
• VAT duty and VAT %

Additionally some profiling data may be stored. Profiling data may be used on target marketing and improve customer service.

Profiling information

• Private / company
• First visit in the area / contact / family / couple / skier / nature lover / with friends
• Season: winter / spring / summer / autumn
• Criteria: cross country ski / trekking / slalom ski / mtb / snowmobile / peace full / event /

Information concerning the purchased product/service

Part of the products or the services needs more information. Example snowmobile and husky safaris or slalom school needs following information to safely operate the activity.

• Size for the clothes and for the shoes
• Limitations with the food (food allergies)
• Some other personal detail which is important to notice during the safari
• Skill level

Information fill into the passenger card

• First name, family name, address and signature
• Date of birth
• Nationality
• Passport number (except the Nordic citizens and persons who live in Finland) 
• Country of the entry to Finland
• The name and the day of birth for child and others, who is accommodating in the same cabin
• The day of arrival and departure

Regular sources of information

Information is collected from the data subject in the following situations: when register to the online shop, using the web site and when booking services/products from the front desk of Saariselkä Booking, by e-mail or by phone. In addition to this information may be collected from the feedback form.

The information from visitors and from the visits in the web site and the online shop will be collected automatically. Such information is IP-address, device, internet browser, operating system, language, time (date + hours), pages displayed and information from clicks. The information is collected by analytics program. This information will be used to develop internet services and customer care.

The web site uses cookies to improve the user experience.

The data transfers obligated by the law  

The personal data is disclosed with a legal obligation to the public authorities for them to do their official mission. The data in the register will not transfer to the outside of the EU or EEA.

The principles for protection of the data

The principles of protecting the data in the register are following:
The data is used only by the employees who need the data in their work assignments. The data is stored in the database. The database is protected by firewalls and passwords as well as other technical – and virtual systems. The servers are located in the high security server rooms.

The data controller is not responsible for information collected and stored by third parties, for example the travel agencies or internet booking-platforms, who offers Saariselkä Booking’s services/products to his own customers. The data controller is responsible only for the data delivered directly into the Saariselkä Booking.

Right to rectification and erasure the data and ’right to be forgotten’

The data subject has a right to review and amend incorrect data from/to the register. The data subject has also a right to erasure the data from the register as known as ‘right to be forgotten’. Exception is Saariselkä Booking’s legal obligations to store the data for example data concerning accounting Act (1997/1336) and passenger card forms (when customers check-in) by the law 2006/308. The request for any amendment should be made written.

Guidance, controlling and more information

The Office of the Data Protection Ombudsman (Tietosuojavaltuutettu) is the official authority in Finland in case of the data security. It provides guidance and advising as well as supervising and controlling in case of the data security. More about: https://tietosuoja.fi/en/office-of-the-data-protection-ombudsman.

Update 25.5.2018