Suomen Keskusvaraamo Oy
85100 Kalajoki, Finland
+358 8 4694 449
+358 8 466 618
NAME OF THE DATA FILE
Suomen Keskusvaraamo Oy:n asiakastietorekisteri
DATA COLLECTION AND PROTECTION
The purpose of the processing of personal data is to distribute information, to offer and deliver products and services, to carry out research, to conduct campaigns and competitions, and to provide advertising and marketing content to users contacted through the data controller’s website, online store, telephone and email. Processing of personal data relating to payments, invoicing, payment monitoring and collection. The customer’s payment information, debit card details, billing information, and late payment information.
In other words personal data is processed:
Legal basis for processing personal data
The Data Protection Regulation, Article 6 (1), paragraphs b, c and f
Fulfilling a contract in which the data subject is a party
Compliance with the legal obligation of the data controller
Implementation of the legitimate interests of the data controller or a third party
The Finnish Act on Accommodation and Catering Operations (2006/308), which requires the retention of passenger information
The data subject has the right at any time, free of charge, to prohibit the processing of their personal data for marketing purposes or to withdraw a consent previously given
Content of the data file
User-specific data content of the data file can vary based on how the user uses the service. This section specifies the information stored about purchasing customers.
The following data will be stored when purchasing a service (when making a booking):
First name and last name
For online services: username and password
In some cases, company name and business ID are also required.
In addition, profiling information about the customer may be stored for direct marketing purposes and to improve customer service.
Profiling information include the following:
Private / company / association
Season: winter / spring / summer / autumn
Personal data is collected from users when they register for and/or use the service. Personal data is also collected from users in connection with sales transactions made via telephone, email or at a point of sale. In addition, personal data may also be collected through customer feedback forms.
Disclosure of data
Upon request, passenger information will be disclosed to authorities as required by law.
Personal data will not be transferred outside the EU or EEA.
Data protection principles
The use of the data file is governed by guidelines, the information contained in the data file is only accessible to persons whose job necessitates the handling of the data, the information is collected in electronic databases protected by firewalls, passwords and other up-to-date technical means, and the servers containing the information are located in locked premises with appropriate access control. Potential external service providers are contractually bound to maintain the confidentiality of personal information and to comply with the security measures specified above.
The data controller is not responsible for any information collected and maintained by third-party operators (e.g. online booking sites). The data controller is solely responsible for the information provided to Suomen Keskusvaraamo Oy.
Right of access, rectification and erasure of personal data
The data subject has the right to access their personal data retained by the data controller and to request the rectification of inaccurate or incomplete data. The data subject also has the right to request the deletion of their personal data (“right to be forgotten”).
As an exception, Suomen Keskusvaraamo Oy is bound by obligations such as the Accounting Act and the retention of passenger information. Requests for the exercise of the above rights must be made in writing to the data controller.
Section 6 of the Act on Accommodation and Catering Operations (2006/308) concerning passenger information: https://www.finlex.fi/fi/laki/ajantasa/2006/20060308#a308-2006
Guidance, supervision and further information on privacy issues
As the data protection authority, the Data Protection Ombudsman provides guidance and advice on the processing of personal data and supervises the processing of personal data. The Data Protection Ombudsman also resolves certain issues more specifically laid down by law regarding the exercise of the right of access to personal data and the rectification of data. More information on data protection authorities is available at https://tietosuoja.fi/en/home