Data Protection Officer
Kyläkaivontie 6 D, 01350 Vantaa
040 658 2939
Kyläkaivontie 6 D, 01350 Vantaa
1. Purpose of processing personal data
The controller processes personal data of customers and client companies for the following purposes:
- managing and developing customer relationships
- handling reservations
- payment, payment control and recovery
- marketing of the services of a controller
- developer business development and related customer service development
- tracking, analyzing, and developing customer service choices and wishes related to customer accommodation
- taking into account requests of loyal customers and developing customer service and targeting supply
- in order to fulfill our statutory obligations, such as accounting, or to carry out statutory requests for information from authorities (such as the police).
2. Information content of the register
The following information is collected and stored from customers:
- customer information: name, contact details (mobile phone number, email, address), date of birth, social security number or travel document number, nationality and language, co-travelers’ names, billing contact information, business and community ID, payment card information
- customer feedback information
- booking information (e.g., information on previous, future and canceled bookings and their number and booking path)
- information related to the customer’s wishes and choices
- customer payment method and payment behavior information (including payment delay information) and billing information
- bans on direct mail, teleshopping, and other direct marketing in accordance with applicable laws
- other information that is collected with the customer’s consent (e.g., information about physical limitations, injuries and illnesses reported by the customer to perform the service that he / she has requested)
- if necessary, surveillance material of surveillance cameras if we suspect a crime or abuse
- employment information if the company has a co-operation agreement with the controller
- passenger card details, which the guest is required to fill in by law, and the copy of which is handed to the Finnish Police
3. Sources of personal data
We collect information about customers and customer companies with the customer ‘s consent. Customer information is obtained with the customer’s consent for the services that he / she desires.
As a rule, we collect and process personal information we receive as follows:
- the customer directly communicates with us and hand over the information by phone, email or other means.
- the customer is contacting the dealer (eg Booking.com) and submitting the information to them.
- a customer-filled passenger declaration during the stay.
- from other sources to the extent permitted by applicable law (eg Commercial Register, Population Information System or Postal Address System)
4. Retention and deletion of personal data
Personal data will only be retained for as long as is necessary for the purposes specified herein. Personal information is removed, and the paper details will be deleted when their storage is no longer necessary to carry out the law, or either party’s rights or obligations. If the customer does not use the services of the house, he will be interpreted as a potential customer 2 years after the last product has been used. The customer information is then anonymized.
5. Regular disclosure of data
We may disclose personal information to other potential affiliates within the limits permitted by applicable law for the purposes described herein, including the marketing of products and services. We may also disclose personal information to third parties to the extent permitted by law or required, for example, to execute a request for information made by a competent authority or in connection with legal proceedings; when our partners process personal information about our assignment for us and according to our instructions.
The register report is on website www.20rooms.fi and hotel l in the overhead for at Kyläkaivontie to 6 D, Vantaa, Finland.
The data in the register are not transferred or transferred and are not processed outside the EU or the EEA.
6. Customer rights
The customer has the right to inspect their personal information and may at any time request rectification, updating or deletion. Personal data that is necessary for the purposes specified in this document or for which preservation is required by law may not be removed.
The customer has the right to prohibit the controller to process personal data relating to him direct advertising, distance selling and other direct marketing, as well as to withdraw his consent to the processing of data if the processing is based on consent.
The customer has the right to object or limit the processing of personal data to the extent required by applicable law.
When we process personal information on the basis of consent, the customer has the right at any time to withdraw the consent it has given. We will not then process personal information unless there is another legal basis for the processing.
The customer may use their rights by sending a request to us at firstname.lastname@example.org.
The customer has the right to transfer information about him / her from one system to another.
The customer has the right to appeal to the Supervisory Authority for the processing of data concerning him.
8. Registry Security
We take appropriate measures, including physical, digital, and administrative, to protect personal data from loss, destruction, abuse, and unauthorized access or disclosure. Access to personal information is restricted to persons who need them to perform their duties.
Passenger declarations are stored in a locked state and access to the computer is restricted to a password.
Please note that appropriate measures may not prevent all possible security breaches. In case of personal data breach, we will notify the customer in accordance with applicable laws.
9. Personal data of employees
We collect and maintain the following information for employees:
name, personal identification number, home address, telephone number, e-mail address, payroll account number, tax information, employment contract and other documents and information relevant to the employment relationship.
We comply with the statutory retention periods in official vouchers, such as payroll, work certificates, and insurance information. Other employee information will be retained during and after the employment relationship, as long as we consider it necessary for e.g. future communications. The information will not be passed on except as required by the Finnish authorities or by the employee himself.
10. Changing the Register Description
We reserve the right to change this notice.