Privacy policy

This is a privacy policy based on Sections 10 and 24 of the Personal Data Act (523/1999).

Suomen Keskusvaraamo Oy
Matkailutie 312
85100 Kalajoki, Finland
+358 8 4694 449

Paula Palola
General Manager
+358 8 466 618

Suomen Keskusvaraamo Oy:n asiakastietorekisteri

The purpose of the processing of personal data is to distribute information, to offer and deliver products and services, to carry out research, to conduct campaigns and competitions, and to provide advertising and marketing content to users contacted through the data controller’s website, online store, telephone and email. Processing of personal data relating to payments, invoicing, payment monitoring and collection. The customer’s payment information, debit card details, billing information, and late payment information.

In other words personal data is processed:

  • Establishment and maintenance of customer relationships.
  • Planning and targeting of products and services.
  • Communication with customers (e.g. information concerning the language of invoices and credit transfer forms, booking confirmation, and desired communication medium).
  • Identification of a person participating in a competition or campaign.
  • Storage of customers’ payment information, debit card details, billing information, and late payment information.
  • Processing of customer feedback and complaints.
  • Direct advertising, distance selling and other direct marketing purposes, as well as opinion polling and market research, to the extent permitted by law, if specifically authorised by the data subject.
  • To operate in a customer-oriented manner and to understand the purchasing habits of customers.

Legal basis for processing personal data

The Data Protection Regulation, Article 6 (1), paragraphs b, c and f
Fulfilling a contract in which the data subject is a party
Compliance with the legal obligation of the data controller
Implementation of the legitimate interests of the data controller or a third party
The Finnish Act on Accommodation and Catering Operations (2006/308), which requires the retention of passenger information
The data subject has the right at any time, free of charge, to prohibit the processing of their personal data for marketing purposes or to withdraw a consent previously given

Content of the data file

User-specific data content of the data file can vary based on how the user uses the service. This section specifies the information stored about purchasing customers.

The following data will be stored when purchasing a service (when making a booking):

First name and last name
Telephone number
Customer number

For online services: username and password

In some cases, company name and business ID are also required.

In addition, profiling information about the customer may be stored for direct marketing purposes and to improve customer service.

Profiling information include the following:
Private / company / association
Season: winter / spring / summer / autumn

Personal data is collected from users when they register for and/or use the service. Personal data is also collected from users in connection with sales transactions made via telephone, email or at a point of sale. In addition, personal data may also be collected through customer feedback forms.

Information about users’ visits to the website and online store is automatically collected. This identification data includes the user’s IP address, device type, web browser, operating system, language settings, time (date + hrs), pages viewed, and information about clicks. The data collected by the analytics tool is used to develop online services and customer service. The website uses cookies to improve user experience.

Disclosure of data

Upon request, passenger information will be disclosed to authorities as required by law.
Personal data will not be transferred outside the EU or EEA.

Data protection principles

The use of the data file is governed by guidelines, the information contained in the data file is only accessible to persons whose job necessitates the handling of the data, the information is collected in electronic databases protected by firewalls, passwords and other up-to-date technical means, and the servers containing the information are located in locked premises with appropriate access control. Potential external service providers are contractually bound to maintain the confidentiality of personal information and to comply with the security measures specified above.

The data controller is not responsible for any information collected and maintained by third-party operators (e.g. online booking sites). The data controller is solely responsible for the information provided to Suomen Keskusvaraamo Oy.

Right of access, rectification and erasure of personal data

The data subject has the right to access their personal data retained by the data controller and to request the rectification of inaccurate or incomplete data. The data subject also has the right to request the deletion of their personal data (“right to be forgotten”).
As an exception, Suomen Keskusvaraamo Oy is bound by obligations such as the Accounting Act and the retention of passenger information. Requests for the exercise of the above rights must be made in writing to the data controller.

Section 6 of the Act on Accommodation and Catering Operations (2006/308) concerning passenger information:

Guidance, supervision and further information on privacy issues

As the data protection authority, the Data Protection Ombudsman provides guidance and advice on the processing of personal data and supervises the processing of personal data. The Data Protection Ombudsman also resolves certain issues more specifically laid down by law regarding the exercise of the right of access to personal data and the rectification of data. More information on data protection authorities is available at