This is the register and privacy statement of Yöpuu Yhtiö Oy, prepared in accordance with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Drafted on May 25, 2018. Last updated on May 27, 2018.
Register Description
1. DATA CONTROLLER
Yöpuu Yhtiö Oy
Yliopistonkatu 23
40100 Jyväskylä
info(at)hotelliverso.fi
2. CONTACT PERSON RESPONSIBLE FOR THE REGISTER
Aino Pärnänen
+358 44 427 0253
aino.parnanen(at)yopuuyhtio.fi
3. NAME OF THE REGISTER
Yöpuu Yhtiö Oy Customer Register
4. LEGAL BASIS AND PURPOSE OF PERSONAL DATA PROCESSING
Under the EU General Data Protection Regulation (GDPR), the legal basis for processing personal data is:
– the individual’s consent (documented, voluntary, specific, informed, and unambiguous)
The purpose of processing personal data is to maintain contact with customers, manage the customer relationship, and for marketing purposes.
5. CONTENT OF THE REGISTER
The register contains the following information: the individual’s name, position, company/organization, contact details (phone number, email address, postal address), website addresses, IP address of online connections, social media account/profile information, details of services ordered and any changes to them, billing information, and other information related to the customer relationship and ordered services.
The data is retained for two years from the date it was last updated.
6. REGULAR SOURCES OF INFORMATION
The information recorded in the register is obtained from the customer via messages sent through online forms, email, phone, social media services, contracts, customer meetings, and other situations where the customer provides their information.
7. REGULAR DISCLOSURES OF DATA AND TRANSFERS OUTSIDE THE EU OR EEA
Data is not regularly disclosed to third parties. Information may be shared only to the extent agreed upon with the customer.
Data may also be transferred by the data controller outside the EU or EEA.
Data may be disclosed to the following parties:
– Facebook
– Google
– MailChimp
The reason for disclosing the data is to enable better and more targeted marketing.
8. PRINCIPLES OF REGISTER SECURITY
The processing of the register is carried out with care, and information handled via information systems is appropriately protected. When register data is stored on internet servers, both the physical and digital security of the hardware is properly maintained. The register controller ensures that stored data, server access rights, and other information critical to the security of personal data are handled confidentially and only by employees whose duties require such access.
9. RIGHT OF ACCESS AND RIGHT TO REQUEST CORRECTION OF INFORMATION
Every individual in the register has the right to review the information stored about them and to request correction of any inaccurate data or completion of incomplete data. If a person wishes to inspect their stored information or request a correction, the request must be submitted in writing to the register controller. The controller may, if necessary, require the requester to verify their identity. The controller will respond to the customer within the timeframe specified by the EU General Data Protection Regulation (generally within one month).
10. OTHER RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA
Individuals in the register have the right to request the deletion of their personal data from the register (“right to be forgotten”). They also have other rights under the EU General Data Protection Regulation, such as the right to restrict the processing of their personal data in certain situations. Requests must be submitted in writing to the register controller. The controller may, if necessary, require the requester to verify their identity. The controller will respond to the individual within the timeframe specified by the EU GDPR (generally within one month).
Privacy Statement
You can download the comprehensive privacy policy in accordance with the General Data Protection Regulation (GDPR) here:
Purpose of a Separate Privacy Policy
This privacy policy provides transparent information, communication, and detailed rules in accordance with the EU General Data Protection Regulation (EU) 2016/679, enabling the provision of information to data subjects under Articles 13 and 14, as well as all processing-related information under Articles 15–22 and 34, in a concise, transparent, easily understandable, and accessible format using clear and simple language.
Yöpuu Yhtiö Oy is a hospitality and restaurant services company that provides accommodation and dining services to its customers. This privacy policy outlines the principles of personal data processing and protection, through which Yöpuu Yhtiö, as the data controller, safeguards personal data in various situations.
In this privacy policy, the data controller is hereinafter referred to as “Yöpuu Yhtiö” or “the controller.”
