Privacy Policy

This privacy policy has been created 24.5.2018 and updated 23.3.2021 

Every person values ​​their privacy and so do we. However, our operations require the processing of personal data. We are committed to respecting your privacy and complying with applicable national and international regulations in our personal data processing procedures.

Tässä tietosuojaselosteessa kerromme, millaisia henkilötietoja käsittelemme liittyen omien palveluidemme toimittamiseen ja markkinointiin, asiakassuhteen hallintaan, laskutukseen ja markkinoinnin palvelujen kehittämiseen, sekä kenellä on pääsy tietoihin ja millä perusteella. Toivomme, että luet selosteen huolella. Voimme ajoittain muuttaa tätä tietosuojaselostetta julkaisemalla siitä uuden version verkossa.

This privacy policy will explain what kind of personal data we process with our own marketing and service processes, customer relationship management, invoicing and development of marketing services, as well as who has access to the data and on what basis. We hope you read the description carefully. We may change this privacy policy from time to time, therefore, we recommend that you review any changes as appropriate to your needs.

  1. Registrar

Nallikari Seaside Oy
Leiritie 10, 90510 Oulu
p. +358 44 703 1353 , 

  1. Person responsible for the register

Nallikari Seaside Oy / CEO Sirpa Walter
Leiritie 10, 90510 Oulu 

  1. Name of the register

The customer and marketing register, and newsletter register of Nallikari Seaside Oy.

  1. Legal basis for processing personal data

Contract: Owner of the register processes customer data based on an agreement between the owner of the register and the data subject. On this basis, personal data collected from the customer when making an accommodation reservation or for accommodation invoicing is processed.

Consent: The owner of the register can also use the passenger information and passenger register for customer service and direct marketing. According to § 29 of the Personal Data Act, the customer has the right to prohibit the use of their data for direct marketing or customer service.

  1. Purpose of processing personal information

The purposes using the customer data in the customer register are:

  1. The data collected include:

Owner of the register processes following personal data for the business customers:

  1. Data sources

The personal data of the registrants will be handed over to outside parties, only when required by mandatory legislation or when the authorities so legally require. However, in connection with the implementation of its services, the controller uses reliable service providers who process personal data under the data processing agreement required by common data protection legislation.  

The owner of the register receives information directly:

a) From the registrant

b) Indirectly from the contact person handling the company’s accommodation reservations, from tour operators and from the reservation service companies according to agreement.

We do not send mass mailings, but focus our marketing on topics that interest you. We use the tools below to help create targeted marketing.

Cookies, Google Analytics and HubSpot

We use cookies on our website. We use cookies to collect information about website visitors. The information is used to develop our website. Users’ personal data is not combined with visitor data. We also use Google Analytics and HubSpot to collect information about visitors to our website. The purpose of data collection is to develop our site even better and target relevant marketing to our site visitors. The purpose of the marketing automation we use is to help us serve our site visitors even better. Read more about Google’s use of cookies here and HubSpot’s privacy policy here.  

Meta advertisement 

With Meta Conversion Tracking Pixel service, Nallikari Holiday Village monitors the effectiveness of ads on Meta channels such as in Facebook and Instagram. Meta Inc.’s Pixel service uses cookies and related technologies to track the behavior of website visitors after they have been directed to the website via Meta channels. Nallikari Holiday Village uses the information produced by the Meta Tracking Pixel to better target advertising and create target groups. Check out the privacy policy here. You can also manage your personal advertising settings on Meta channels here.


We use the US Mailchimp service to send newsletters. We use the information in targeting the newsletter and marketing the services. Information is not shared with outsiders. Subscription to the newsletter is voluntary and you can unsubscribe at any time from the link at the end of the newsletter. For more information about the data protection of the MailChimp service here.


DigitalGuest is a web app that enables hotels to maximize revenue, reduce prints and automate communication throughout the whole guest journey. DigitalGuest only sends accommodation-related information at different stages of the trip. The DigitalGuest service borrows data only for a specified period before arrival and 5 days after departure. The data is not stored anywhere and is not used for external purposes. Check the terms of data processing here.

  1. Recipients of personal data and registry protection

Information from the customer register will not be disclosed to third parties except based solely on requests for information made by authorities based on law.

All the systems/registries and files we use, in which personal data is stored, are protected by password protection, the use of which is supervised by the person responsible for registry matters.

The registrant uses the Hotellinx Cloud accommodation reservation and checkout system provided and maintained by Hotellinx Systems Oy to process personal data. The information received through the website’s accommodation inquiry form is stored in the WordPress system, which is primarily used to maintain website information. The offers we send to our customers by e-mail are stored on the server of Oulun Digi.

With your agreement, we may send newsletters and marketing letters, or process your other information based on your agreement. If we process your data based on your agreement, you can cancel your agreement at any time.

In invoice payment reminder and collection situations, we hand over the information about the invoice or the customer to Visma Financial Solutions Oy, which processes the information it receives based on its own privacy policy.

  1. Transfer of personal data outside the EU

Data is not transferred outside the EU.

  1. Personal data retention period

When storing passenger data, we comply with the legislation at any given time.

Passenger cards are kept safe for one year from the date of signing the card. The customer’s information is stored in the accommodation reservation system and the accommodation offers on the server owned by the Oulun Digi for approx. 2.5 years.

We completely delete the information collected in WordPress through accommodation inquiries every six months.

Information required by the accounting is stored as required by law. During the customer relationship, only information that is necessary for the defined purposes of use is processed. The registrar regularly performs inspections to remove unnecessary data

  1. Rights of the registrant

Personal data in the customer register is processed on the basis of the legitimate interest of the data controller (data protection regulation article 6 article 1 point e subsection). In this case, the legitimate interest is the customer relationship. Personal data is also processed on the basis of an agreement between the data controller and the data subject (data protection regulation, Article 6, paragraph 1, subparagraph b). This processing basis is explained in more detail in section 4 of the privacy statement.

When data is processed based on a legitimate interest and a contract, the data subject has the following rights:

  1. The right to file a complaint with the supervisory authority

The registrant has the right to file a complaint with the competent supervisory authority if the data subject considers that the data controller has not complied with applicable data protection regulations in its operations. 

  1. Requests related to registrant’s rights

For questions related to the processing of personal data and in situations related to exercising one’s own rights, the registrant can contact the contact person mentioned in point 2.

A request regarding the right of inspection or other request regarding the data subject’s rights must be made to the personal responsible for the register by email or by post.

The register owner may ask the registrant to specify in a sufficient manner which information or processing actions the registrant’s request applies to.

In order to ensure that personal data is not disclosed to anyone other than the registered person in connection with the use of the registered person’s rights, the controller may, if necessary, ask the registered person to submit a signed inspection request. The registrar can also ask the person making the request to prove their identity with an official ID or another reliable way.