Privacy policy

Privacy policy pertaining to Lapland Safaris Group Oy’s customer, partnership and marketing information.

1 DATA CONTROLLER

Lapland Safaris Group Oy (Business ID: 0892158-4)

2 CONTACT DETAILS FOR MATTERS RELATED TO THE REGISTER

Email address: gdpr.tietosuoja@laplandhotels.com

Address: Koskikatu 1, 96200 Rovaniemi, Finland

3 NAME OF THE REGISTER

Customer, partnership and marketing register.

4 THE PURPOSE OF AND GROUNDS FOR THE PROCESSING OF PERSONAL DATA

The grounds for the processing of personal data include a contractual relationship between a customer or partner and Lapland Safaris Group Oy or a separate consent for the processing of customer information. The goal for the register is to manage personal data required for collaboration between Lapland Safaris Group Oy and its customers and partners, to ensure smooth-running customer services and the production and provision of services, and to enable marketing and the planning and development of business.

Personal data is collected and processed in collaboration with the customer or partner for the following purposes:

• the realisation and confirmation of purchases related to programme services, rooms, ski-lift passes and other services and goods
• the provision of additional information related to purchases
• the offering of membership benefits
• the realisation and confirmation of online purchases to the customer
• the production and delivery of entities agreed upon with a corporate customer, related invoicing and the management of the customer relationship
• the analysis and development of products, services and business and the preparation of the necessary statistics
• the collection of feedback and information on deviations and customer satisfaction
• advertising, marketing and direct marketing. The data subject has the right to prohibit direct marketing
• data on underage persons

In its order forms, Lapland Safaris Group Oy may request its customers of legal age to provide the names or nicknames of their underage children. The information on underage children is not used for purposes other than the delivery of the products or services ordered.

• The company uses cookies to provide a faster website, to make logging in simpler and to target the website content so that it is more suitable for the user. All the information collected with cookies may be used for targeting the services produced by Lapland Safaris Group Oy at the user. Lapland Safaris Group Oy only uses cookies to monitor the information that the cookie installs on the user’s computer. Most browsers have a menu option that explains how cookies can be disabled, how the browser warns the user each time a cookie is being sent and how cookies can be deleted. If cookies are disabled, the use of the website may be restricted or become slower.

5 CONTENT OF THE REGISTER

The register may contain the following information:

• The type of the customer relationship: customer/partner/Club member
• Customer number
• Contact person(s)
• The role of the contact persons (corporate customers)
• Address
• Invoicing information
• Membership bonus balance (Club members)
• Services ordered and delivered
• Information accumulated in conjunction with services supplied by our partners
• The use of cookies

6 SOURCES OF INFORMATION FOR THE REGISTER

The primary source of personal data is information provided by the customer or partner at the start or in the course of the collaboration or information collected for the purpose of receiving feedback, analysing customer satisfaction or conducting research.

Additionally, personal data is accumulated in conjunction with visits to the customer service points.

Personal data may also accumulate in conjunction with the purchase of additional services.

Registers are purchased for marketing purposes.

7 DISCLOSURE OF INFORMATION

Registered data may be disclosed within the organisation of the data controller and its subsidiaries and sister companies and to our collaboration partners for the realisation of the purposes described herein. Otherwise, data is only disclosed to the extent permitted or required by law.

Data is not transferred outside the EU or EEA, unless it is necessary for the realisation of the service. In such a case, the data controller guarantees that the required level of data protection is ensured in accordance with the applicable legislation.

8 PROTECTION AND STORAGE OF DATA

The basis of data processing is respect for the rights and freedoms of data subjects in all stages of the processing and the fulfilment of the legal ground for processing. The data controller only collects and processes information that is necessary for its operations.

Digital material may only be accessed by authorised employees, sole traders and collaboration partners with a personal username and password. Various levels have been determined for access rights and each user is granted access rights on the level that is as restricted as possible but suffices for the performance of his or her tasks.

Information related to customers and partners is stored in the register for at least a year after the agreement has been terminated and all contractual obligations have been met unless otherwise agreed on or required by law.

9    DATA SUBJECTS’ OTHER RIGHTS RELATED TO DATA PROCESSING

Data subjects’ right to access the data (inspection right)

Data subjects have the right to know what information pertaining to them is stored in the register. A signed inspection request must be delivered in writing to the register’s contact point specified in section 2 of this privacy policy. The data subject submitting the request must be prepared to verify his or her identity in accordance with the instructions provided by the data controller.

Data subjects’ right to rectification, erasure and the restriction of processing

Data subjects are entitled to require a controller to rectify any errors in their personal data as soon as they notice the error or become aware of it by other means. If the data subject is able to rectify the error, he or she must rectify, erase or complete the erroneous, unnecessary or outdated information. If the data subject is not able to do so, a request for rectification must be submitted.

Insofar as the data subject is unable to rectify the information, a request for rectification must be submitted in writing to the register’s contact point specified in section 2 of this privacy policy. The data subject submitting the request must be prepared to verify his or her identity in accordance with the instructions provided by the data controller.

Data subjects also have the right to restrict the processing of their data, for example if a request for rectification or erasure is pending.

Lapland Safaris Group Oy reserves the right to limit the number of free rectification and erasure requests to one a year.

Data subjects’ right to transfer the data pertaining to them to another system

Insofar as the data subject has provided personal data to the customer register and data processing is performed on the grounds of consent or assignment from the data subject, the individual has the right to receive this data primarily in a machine-readable format and to transfer the data to another data controller.

When the request for data transfer is made in writing, the data controller must deliver the data specified in the section on the right of access within reasonable time taking into account the extent of the information to be delivered. The data subject submitting the request must be prepared to verify his or her identity in accordance with the instructions provided by the data controller.

Other rights

Data subjects have the right to lodge a complaint with a supervisory authority if they consider that the processing of personal data relating to them infringes the applicable data protection regulations.

10  CONTACTING THE DATA CONTROLLER

With regard to questions and requests related to personal data, the data subject must contact the operator responsible for the data controller’s register referred to in section 2.