Every person values their privacy and so do we. However, our operations require the processing of personal data. We are committed to respecting your privacy and complying with applicable national and international regulations in our personal data processing procedures.
Tässä tietosuojaselosteessa kerromme, millaisia henkilötietoja käsittelemme liittyen omien palveluidemme toimittamiseen ja markkinointiin, asiakassuhteen hallintaan, laskutukseen ja markkinoinnin palvelujen kehittämiseen, sekä kenellä on pääsy tietoihin ja millä perusteella. Toivomme, että luet selosteen huolella. Voimme ajoittain muuttaa tätä tietosuojaselostetta julkaisemalla siitä uuden version verkossa.
Nallikari Seaside Oy
Leiritie 10, 90510 Oulu
p. +358 44 703 1353 , email@example.com
- Person responsible for the register
Nallikari Seaside Oy / CEO Sirpa Walter
Leiritie 10, 90510 Oulu
- Name of the register
The customer and marketing register, and newsletter register of Nallikari Seaside Oy.
- Legal basis for processing personal data
Contract: Owner of the register processes customer data based on an agreement between the owner of the register and the data subject. On this basis, personal data collected from the customer when making an accommodation reservation or for accommodation invoicing is processed.
Consent: The owner of the register can also use the passenger information and passenger register for customer service and direct marketing. According to § 29 of the Personal Data Act, the customer has the right to prohibit the use of their data for direct marketing or customer service.
- Purpose of processing personal information
The purposes using the customer data in the customer register are:
- Processing the reservations made by the customer
- Sale and implementation of services
- Processing of personal data related to payment, invoicing and monitoring and collection of payments
- Managing, implementing, developing and monitoring customer relations, customer service and related communication and marketing.
- The data collected include:
- Name and surname, date of birth of social security number, telephone number, address and email
- Information about reservations
- asiakkaan maksutapatiedot, tarvittaessa maksukorttitiedot, laskutustiedot, mahdolliset maksuviivetiedot
- The customer’s payment method information, if necessary, payment card information, invoicing information, possible payment delay information
- Information, if the customer has forbidden the use of data for direct marketing
- Information about the use of services and purchases
- Information regarding the customer’s choices and wishes (such as special wishes regarding the accommodation, accessibility)
- Customer feedback and claims
Owner of the register processes following personal data for the business customers:
- Contact person of the company: name, address, e-mail address, telephone number
- Direct advertising prohibition information provided by the company’s contact person in accordance with legislation
- Customer feedback and claims
- Data sources
The personal data of the registrants will be handed over to outside parties, only when required by mandatory legislation or when the authorities so legally require. However, in connection with the implementation of its services, the controller uses reliable service providers who process personal data under the data processing agreement required by common data protection legislation.
The owner of the register receives information directly:
a) From the registrant
- By phone
- By mail
- Through nallikari.fi accommodation inquiry and Nethotel – reservation page
b) Indirectly from the contact person handling the company’s accommodation reservations, from tour operators and from the reservation service companies according to agreement.
We do not send mass mailings, but focus our marketing on topics that interest you. We use the tools below to help create targeted marketing.
Cookies, Google Analytics and HubSpot
We use the US Mailchimp service to send newsletters. We use the information in targeting the newsletter and marketing the services. Information is not shared with outsiders. Subscription to the newsletter is voluntary and you can unsubscribe at any time from the link at the end of the newsletter. For more information about the data protection of the MailChimp service here.
DigitalGuest is a web app that enables hotels to maximize revenue, reduce prints and automate communication throughout the whole guest journey. DigitalGuest only sends accommodation-related information at different stages of the trip. The DigitalGuest service borrows data only for a specified period before arrival and 5 days after departure. The data is not stored anywhere and is not used for external purposes. Check the terms of data processing here.
- Recipients of personal data and registry protection
Information from the customer register will not be disclosed to third parties except based solely on requests for information made by authorities based on law.
All the systems/registries and files we use, in which personal data is stored, are protected by password protection, the use of which is supervised by the person responsible for registry matters.
The registrant uses the Hotellinx Cloud accommodation reservation and checkout system provided and maintained by Hotellinx Systems Oy to process personal data. The information received through the website’s accommodation inquiry form is stored in the WordPress system, which is primarily used to maintain website information. The offers we send to our customers by e-mail are stored on the server of Oulun Digi.
With your agreement, we may send newsletters and marketing letters, or process your other information based on your agreement. If we process your data based on your agreement, you can cancel your agreement at any time.
- Transfer of personal data outside the EU
Data is not transferred outside the EU.
- Personal data retention period
When storing passenger data, we comply with the legislation at any given time.
Passenger cards are kept safe for one year from the date of signing the card. The customer’s information is stored in the accommodation reservation system and the accommodation offers on the server owned by the Oulun Digi for approx. 2.5 years.
We completely delete the information collected in WordPress through accommodation inquiries every six months.
Information required by the accounting is stored as required by law. During the customer relationship, only information that is necessary for the defined purposes of use is processed. The registrar regularly performs inspections to remove unnecessary data
- Rights of the registrant
Personal data in the customer register is processed on the basis of the legitimate interest of the data controller (data protection regulation article 6 article 1 point e subsection). In this case, the legitimate interest is the customer relationship. Personal data is also processed on the basis of an agreement between the data controller and the data subject (data protection regulation, Article 6, paragraph 1, subparagraph b). This processing basis is explained in more detail in section 4 of the privacy statement.
When data is processed based on a legitimate interest and a contract, the data subject has the following rights:
- The registrant’s right to access his own information
- Right to rectification of data
- The right to delete data
- The right to object to data processing
- The right to request restriction of processing
- The right to transfer data from one system to another
- The right to file a complaint with the supervisory authority
The registrant has the right to file a complaint with the competent supervisory authority if the data subject considers that the data controller has not complied with applicable data protection regulations in its operations.
- Requests related to registrant’s rights
For questions related to the processing of personal data and in situations related to exercising one’s own rights, the registrant can contact the contact person mentioned in point 2.
A request regarding the right of inspection or other request regarding the data subject’s rights must be made to the personal responsible for the register by email or by post.
The register owner may ask the registrant to specify in a sufficient manner which information or processing actions the registrant’s request applies to.
In order to ensure that personal data is not disclosed to anyone other than the registered person in connection with the use of the registered person’s rights, the controller may, if necessary, ask the registered person to submit a signed inspection request. The registrar can also ask the person making the request to prove their identity with an official ID or another reliable way.