Privacy policy - Hotel Kruunupuisto

This is Kruunupuisto Oy’s data file description and privacy statement and complies with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).
Created: 15 November 2010, updated 25 May 2018

Controller
Kruunupuisto Oy
Vaahersalontie 44
58450 Punkaharju
Tel. +358 44 7639130
www.kruunupuisto.fi

Contact person
Hotel Manager Birgitta Ojasalo
Kruunupuisto Oy
Vaahersalontie 44
58450 Punkaharju
Tel. +358 50 4688421
birgitta.ojasalo@kruunupuisto.fi

Jorma Kudjoi, Data Protection Officer
Verve Oy
Kasarmintie 13
90130 Oulu
Tel. +358 400 957858
jorma.kudjoi@verve.fi

Name of the data file
Hotel system customer register

Purpose of the data file
Storing of traveller data under the Act on Accommodation and Food Service Activities 2006/308, Section 6, storing of customer data required by the customer services team, maintenance of customer relationships. Direct marketing when the customer has not objected to the processing of their data for this purpose.

Data content
Information on the traveller registration form and details provided by customers.

Sources of data
Information provided by customers.

Disclosure and transfer of data
Personal data are only disclosed to authorities who are entitled to the data under law. Personal data will not be transferred outside the EU or the EEA.

Retention period
Under the Act on Accommodation and Food Service Activities, data are retained for one year from the signing of the traveller registration form. Traveller data necessary for customer service operations and direct marketing may be retained in the file for longer than one year for customers who have not exercised their right of object to the processing of their personal data.

Principles of protecting the data file
Manual records: material in manual form is stored on Kruunupuisto Oy’s premises, which are locked and monitored.
Electronic material: access to the file is limited to those persons employed by Kruunupuisto Oy who need the data when performing their duties. The file is protected by user names and passwords. Access to the file via the public network is blocked. Physical protection: F-Secure workstations. A DNA firewall.

Right to inspect and exercising this right
Everyone has the right to inspect information concerning themselves. A request for inspection must be made in writing by a signed letter or in person at the data controller’s office (proof of identity). The request must be addressed to the controller’s contact person.

Rectification of data
Everyone has the right to demand any incorrect information in the file to be rectified. A request for rectification must be made in writing, itemising the points to be rectified. The request for rectification must be addressed to the controller’s contact person.

Other rights
Customers have the right to object to the use of their data for direct marketing, distance selling and other direct advertising purposes. A notification of this objection must be addressed to the controller’s contact person.