This is Central Booking Office Pyhähippu Ltd.’s privacy policy document according to Personal Data Act (523) 10 & 24 §, and General Data Protection Regulation (GDPR). The document includes information about processing of the personal data and about the rights of the data subject (the person whose data is being processed).

Data Controller/Contact person
Central Booking Office Pyhähippu Ltd/Jarkko Vartioniemi
Business ID: 0703038-4
Kultakeronkatu 4, FI-98530 Pyhätunturi
+358 (0) 16 882 820
info@pyhahippu.fi

The aim of processing personal data
The meaning of processing personal data is to properly implement to share information, deliver products, access to the internet services, surveys and campaigns as well as to do marketing and advertising properly at the all channels used for this purpose.

In other words, the personal data is used for:
• Start and maintain of the customer relationship.
• Communication with the customer for example invoicing language, booking confirmation and discussion with the customer
by phone or e-mail.
• Identify the customer who will take a part to the competition or the campaign.
• Design and development the new services and products.
• Target marketing operations.
• The aim is to be customer-oriented service provider.

Legal basis for processing personal data
• GDPR article 6 (1), chapter b, c and f:
o A contract where data subject is a party.
o Processing is necessary for compliance with a legal obligation to the data controller.
o Processing is necessary for the legal rights of the data controller or third party.
o Finnish law 2006/308 obligates the data controller to store passenger cards

The data subject has the right at any time, free of charge, to prohibit the processing of personal data for marketing or to withdraw the consent previously given.

The data content of the register
The data content of the register various, depending about what kind actions the data subject will do or what kind of products/services a customer will purchase. This chapter specifies the stored data from the perspective of the purchasing customer.

When make booking following data will be stored
• Contact information
• First name and family name
• Address
• Country
• Language
• Phone number
• E-mail
• Customer number
• Online-service
o user ID
o password

In addition, in some cases:
• Name of the company
• Company ID

Additionally, some profiling data may be stored. Profiling data may be used on target marketing and improve customer service.

Profiling information
Private/company
Season: winter/ spring/ summer/ autumn

Information filled into the passenger card
• First name, family name, address and signature
• Date of birth
• Nationality
• Passport number (except the Nordic citizens and persons who live in Finland)
• Country of the entry to Finland
• The name and the day of birth for child and others, who is accommodating in the same cabin
• The day of arrival and departure
• Accommodation (cabin/apartment) name

Regular sources of information
Information is collected from the data subject in the following situations: when register to the online shop, using the web site and when booking services/products from the desk of Central Booking Office Pyhähippu Ltd, by e-mail or by phone. In addition to this information may be collected from the feedback form.

The information from visitors and from the visits in the web site and the online shop will be collected automatically. Such information is IP-address, device, internet browser, operating system, language, time (date and hours), pages displayed and information from clicks. The information is collected by analytics program. This information will be used to develop internet services and customer care.

The data transfers obligated by the law
The personal data is disclosed with a legal obligation to the public authorities for them to do their official mission. The data in the register will not transfer to the outside of the EU or EEA.

Use of cookies
We do not currently use cookies on our web pages.

Social media
Our sites may contain links to social media or content served by social media providers. If you have an account in a social media provider, the may be able to identify you from this content or by visiting their site. Such content may also identify you even if you do not use social media. Please, see social media provider´s terms of service or privacy to learn more about their practices.

The principles for protections of the data
The principles of protecting the data in the register are following: The data is used only by the employees who need data in their work assignments. The data is stored in the database. The database is protected by firewalls and passwords as well as other technical- and virtual systems. The servers are located in the high security server rooms.
The data controller is not responsible for information collected and stored by third parties, for example the travel agencies or internet booking-platforms, who offers Central Booking Office Pyhähippu Ltd.’s services/products to his own customers.

The data controller is responsible only for the data delivered directly into the Central Booking Office Pyhähippu Ltd.
Right to rectification and erasure the data and “right to be forgotten”. The data subject has a right to review and amend incorrect data from/to the register. The data subject has also a right to erasure the data from the register as know as “right to be forgotten”. Exception is Central Booking Office Pyhähippu Ltd.’s legal obligations to store the data for example data concerning accounting Act (1997/1336) and passenger card forms (when customer check-in) by the law 2006/308. The request for any amendment should be written.

Guidance, controlling and more information
The Office of the Data Protection Ombudsman (tietosuojavaltuutettu) is the official authority in Finland in case of the data security. It provides guidance and advising as well as supervising and controlling in case of the data security. More about: https://tietosuoja.fi/en/office-of-the-data-protection-ombudsman .