Arctic Skylight Lodge Oy (“Arctic Skylight Lodge”)
Address: Sivulantie 8, 95970 Äkäslompolo, Finland
Phone: +358 40 506 35 95
2. Name of register
Arctic Skylight Lodge customer registry.
Arctic Skylight Lodge Oy
95970 Äkäslompolo, Finland
Phone. +358 50 544 27 69
4. Reasons for collecting personal data and how they are used
How we collect data:
Personal data is processed based on the customer relationship (eg. hotel booking, table reservation, purchase of service)
Personal data is processed based on consent (eg. contact information collected at fairs, consent and subscriptions in forms)
How personal data is used
Information in our customer registry can be used:
- to offer, develop and execute services offered by the Arctic Skylight Lodge
- to manage and maintain customer relationships
- to manage bookings
- for accounting (incl. controlling and collecting payments, owner settlement)
- for direct marketing
Arctic Skylight Lodge also uses personal data provided in bookings and contact forms:
- for administrative purposes and other legal obligations
- to develop and manage products and services
- to develop and manage sales and marketing measures
- to improve user experience
Who processes personal data
The registrar and its employees process the personal data collected. We may also outsource the processing of said data to a third-party, whereby we ensure by contractual agreements, that the personal data is processed within the GDPR guidelines and also otherwise in a proper manner.
5. Data we collect
We may collect, process and save the following personal data to our customer registry:
- Contact information (phone number, e-mail, address)
- Language of customer
- Start date of customer relationship
- Date of editing personal data
- Customer type (company, private)
- Billing information
- Direct marketing permission or prohibition
- Booking information and booking history
- Other data collected, with the consent of the customer, which are essential for executing our services (eg. allergies, restricted mobility)
Arctic Skylight Lodge corrects, deletes and completes faulty, unnecessary, missing or outdated personal information in the register on its own initiative or by the registered’s request.
Duration of data processing
In general, personal data stored in the register will be processed as long as the customer relationship is active.
6. Regular sources of information
Information is collected with the consent of:
- the customers themselves when booking or purchasing our services.
- the customers themselves when filling in forms on- or offline.
- the customers themselves at fairs and other events.
7. Rightful data transfer
Arctic Skylight Lodge does not transfer personal data to outside parties for marketing purposes, surveys or marketing research. Arctic Skylight Lodge may conduct direct marketing measures to customers through mail, e-mail or telephone (sms).
Information may be transferred to partners of Arctic Skylight Lodge, which process data on behalf of Arctic Skylight Lodge, on the basis of contractual agreements between the two parties. In this case, the data processor has no right to process the transferred data for his own account in his / her own personal registers.
We transfer data to Arctic Syklight Lodge’s partner companies for the following purposes:
- execution of purchased services
- management and maintenance of registry (incl. IT-support)
- mailing of marketing material
We have ensured that all of our service providers comply with the privacy laws.
Activity guides have the right to see the names of their own safari customers, as well as other information relevant to the execution and safety of their activities (incl. allergies, injuries, illnesses).
In general personal data is not transferred outside of the EU or outside of the European Economic Area. However, if it is necessary for the purpose of processing personal data, the transfer of data is subject to the requirements of the General Data Protection Regulation.
8. Principles of registry protection
The customer register is located in Arctic Skylight Lodge’s booking system hosted by Hotellinx Systems Oy. Access to the customer register is only available to people working for Arctic Skylight Lodge who need customer records in their work.
Persons dealing with information in the customer register are bound by the confidentiality obligation under the General Data Protection Regulation. The customer registry information is protected against external data hacking with firewalls and personal user IDs and passwords.
Databases and their backups are located in locked premises where unauthorised access is denied.
9. Rights of the data subject
Right to inspect personal data
The registered has the right to view their personal data stored in our customer registry. The inspection request should be sent in writing and signed to the contact of the customer registry: Eija Pakkanen, Arctic Skylight Lodge Oy, Äkäslompolontie 2745, 95970 Äkäslompolo. Arctic Skylight Lodge will send written response to the inspection request to the customer within 30 days of the receipt of the request.
Right to correct personal data
The registered may contact the contact person of the customer registry to correct personal data. The request for correction should be sent in writing to the registry’s contact person mentioned above.
Right to withdrawal of consent
If the customer relationship is only consent-based, and not customer-based, the registered may withdraw their consent at any time.
Right to restriction of processing
The registered may restrict the processing of personal data after the customer relationship has ended (eg. cabin rental agreement has ended), or if they feel that personal data has been processed unlawfully.
Right to object
The registered has the right to deny Arctic Skyligth Lodge the right to process their personal data for direct marketing, telephone sales and other marketing measures. Objections must be sent in writing to the customer registry’s contact person.
Right to be forgotten
The registered has the right to have their personal data erased from the customer registry and marketing lists. We will inform the registered separately in case the deletion of personal data is not possible due to legal obligations.
The registrar is obliged to keep the accounting records in accordance with the Accounting Act (Chapter 2, Section 10) for a period of time (10 years). Therefore, accounting records can not be removed before the deadline expires.
Right to appeal
The registrar has the right to file a complaint with the Data Protection Ombudsman if he or she feels that we are in violation of our personal data when processing the applicable privacy legislation.
Contact details of the Data Protection Ombudsman: www.tietosuoja.fi/en/index/yhteystiedot.html
10. Automated individual decision-making and profiling
We do not use personal data for automated decision-making or profiling.