This is Yöpuu Yhtiö Oy’s register and privacy statement in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared on May 25, 2018. Last modified on May 27, 2018.
REGISTER DESCRIPTION
1. DATA CONTROLLER
Yöpuu Yhtiö Oy
Yliopistonkatu 23
40100 Jyväskylä
info@hotelliverso.fi
2. CONTACT PERSON RESPONSIBLE FOR THE REGISTER
Aino Pärnänen
+358 44 427 0253
aino.parnanen@yopuuyhtio.fi
3. NAME OF THE REGISTER
Yöpuu Yhtiö Oy Customer Register
4. LEGAL BASIS AND PURPOSE OF PERSONAL DATA PROCESSING
The legal basis for processing personal data in accordance with the EU General Data Protection Regulation is
– the data subject’s consent (documented, voluntary, specific, informed, and unambiguous)
The purpose of processing personal data is communication with customers, customer relationship management, and marketing.
5. DATA CONTENT OF THE REGISTER
The data stored in the register includes: person’s name, position, company/organization, contact information (phone number, email address, address), website addresses, IP address of the network connection, identifiers/profiles in social media services, information about ordered services and their changes, billing information, and other information related to the customer relationship and ordered services.
The data is stored for two years from the date of the last modification.
6. REGULAR DATA SOURCES
Data stored in the register is obtained from the customer through messages sent via web forms, by email, by phone, through social media services, from contracts, customer meetings, and other situations where the customer provides their data.
7. REGULAR DISCLOSURES OF DATA AND TRANSFER OF DATA OUTSIDE THE EU OR EEA
Data is not regularly disclosed to other parties. Data may be published to the extent agreed upon with the customer.
Data may also be transferred outside the EU or EEA by the data controller.
Data may be disclosed to the following parties:
– Facebook
– Google
– MailChimp
The reason for data disclosure is improved and targeted marketing.
8. PRINCIPLES OF REGISTER PROTECTION
Care is observed in the processing of the register, and data processed using information systems is appropriately protected. When register data is stored on Internet servers, the physical and digital data security of their hardware is properly maintained. The data controller ensures that stored data, server access rights, and other information critical to the security of personal data are handled confidentially and only by employees whose job description includes it.
9. RIGHT OF ACCESS AND RIGHT TO DEMAND RECTIFICATION OF DATA
Every person in the register has the right to inspect their data stored in the register and to demand the correction of any incorrect data or the completion of incomplete data. If a person wishes to inspect their stored data or demand its rectification, the request must be sent in writing to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond to the customer within the time stipulated by the EU General Data Protection Regulation (generally within one month).
10. OTHER RIGHTS RELATED TO PERSONAL DATA PROCESSING
Every person in the register has the right to request the erasure of their personal data from the register (”right to be forgotten”). Likewise, data subjects have other rights under the EU General Data Protection Regulation, such as the restriction of personal data processing in certain situations. Requests must be sent in writing to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond to the customer within the time stipulated by the EU General Data Protection Regulation (generally within one month).
PRIVACY STATEMENT
You can download the comprehensive privacy statement in accordance with the General Data Protection Regulation (GDPR) here:
Purpose of the separate privacy statement
This privacy statement implements transparent information, communication, and detailed rules in accordance with the EU General Data Protection Regulation (EU) 2016/679, enabling the provision of information to data subjects as per Articles 13 and 14, and all processing-related information as per Articles 15–22 and 34, in a concise, transparent, easily understandable, and accessible format, using clear and plain language. Yöpuu Yhtiö Oy is an accommodation and catering company that provides accommodation and restaurant services to its customers. This privacy statement describes the principles of personal data processing and protection, by which Yöpuu Yhtiö, as the data controller, protects personal data in various situations.
In this privacy statement, the data controller is hereinafter referred to as ”Yöpuu Yhtiö” or ”the data controller”.
