Privacy statement
This is a report on the processing of personal data in accordance with the EU General Data Protection Regulation (679/2016).
Registrar
Going Nowhere resort
Business ID: 3289369-1
Contacts regarding data protection matters
Anu Maatraiva
040 8231 206
In all questions related to the processing of personal data and in situations related to exercising one's own rights, the registrant is advised to contact the data protection officer.
Basis and purpose of personal data processing
The legal basis for processing personal data is:
- Consent given by the registrant to the processing of personal data
- Contractual relationship between the registered and the controller
- Fulfillment of the legal obligations of the registrar
- Customer relationship management and development
- taking care of reservations
- payment, payment control and collection
- marketing of the data controller's products and services
- development of the data controller's business and related customer service development
Regular data sources
The processed personal data is regularly obtained from the following sources:
- From registered self
Personal data to be processed
The registrar collects only such personal data from the registrants that are relevant and necessary for the purposes described in this privacy statement.
The following information is processed about the registered:
customer information
reservation information
essential information related to managing the customer relationship
other additional information provided by the customer himself
Disclosure of personal data
Personal data will not be disclosed to outsiders, unless the law imposes an obligation to do so. Information can therefore exceptionally be disclosed, for example, to the authorities as required by law.
Transfers of personal data to third countries
Personal data is not transferred outside the EU and the European Economic Area.
Protection of personal data
The controller processes personal data in a way that aims to ensure appropriate security of personal data, including protection against unauthorized processing and accidental loss, destruction or damage.
The controller uses appropriate technical and organizational safeguards to ensure this goal, including the use of firewalls, encryption technologies and secure device spaces, appropriate access control, careful management of user IDs in information systems, and instructing personnel involved in the processing of personal data.
Based on the Employment Contracts Act (55/2001) and the confidentiality agreements that supplement them, all employees who process personal data have a duty of confidentiality regarding matters related to the processing of registered personal data.
Data retention period
The controller processes personal data for 12 months. At the end of this period, the data controller will delete or anonymize the data within one (1) month in accordance with its deletion processes.
The controller may have an obligation to process some of the personal data included in the register longer than stated above in order to comply with legislation or official requirements.
Profiling
Personal data is not used for profiling or other automatic decision-making.
Rights of the registrant
The right to access personal data
The registered person has the right to receive confirmation as to whether personal data concerning him or her is being processed, and if processed, the right to receive a copy of his/her personal data.
Right to rectification
The registered person has the right to request that inaccurate and incorrect personal data concerning him be corrected. The registered person also has the right to have incomplete personal information completed by submitting the necessary additional information.
Right to erasure
The registered person has the right to request the deletion of personal data concerning him/her, if
a. personal data are no longer needed for the purposes for which they were collected;
b. the data subject withdraws the consent on which the processing of personal data was based, and there is no other legal basis for the processing; or
c. personal data has been processed illegally.
Right to restriction of processing
The registrant has the right to restrict the processing of personal data concerning himself, if
a. the data subject denies the accuracy of his personal data;
b. the processing is against the law, and the data subject objects to the deletion of his personal data and instead demands the restriction of their use; or
c. the controller no longer needs the personal data for the original purposes of the processing, but the data subject needs them to prepare, present or defend a legal claim.
Right to object
The registered person has the right to object to the processing of personal data concerning him at any time on grounds related to his personal special situation.
The controller may no longer process the data subject's personal data, unless the controller can demonstrate that there is a significantly important and justified reason for the processing that overrides the interests, rights and freedoms of the data subject, or if it is necessary to prepare, present or defend a legal claim._cc781905-5cde-3194 -bb3b-136bad5cf58d_
If personal data is processed for direct marketing, the data subject has the right at any time to object to the processing of personal data concerning him for such marketing, including profiling when it is related to such direct marketing.
Right to withdraw consent
The registered person has the right to withdraw his consent to the processing at any time without affecting the legality of the processing carried out prior to this consent.
The right to transfer data from one system to another
The registered person has the right to receive the personal data concerning him and that he has provided himself in a structured, commonly used and machine-readable format and the right to transfer the data in question to another controller.
The right to lodge a complaint with the supervisory authority
The national supervisory authority for personal data matters is the Office of the Data Protection Commissioner operating in conjunction with the Ministry of Justice. You have the right to submit your case to the supervisory authority if you consider that the processing of personal data concerning you violates the relevant legislation.
Changing Privacy Policy
The controller is constantly developing its operations and may therefore have to change and update its data protection policies as necessary. The changes may also be based on changes in the legislation on data protection.
If the changes contain new purposes for the processing of personal data or otherwise change significantly, the controller will notify them in advance and, if necessary, request consent.
Any questions?
If there's something that puzzled you, contact us either by e-mail info@gnresort.fi or by using the link below!