Privacy policy
This is Vuoksen Lautturi Oy's register and data protection statement in accordance with the Personal Data Act (Sections 10 and 24) and the EU's General Data Protection Regulation (GDPR). Prepared on 29.12.2021 December XNUMX.
1. Registrar
Vuoksen Lautturi Oy, Varpasaarenpolku 12 55120 Imatra
[email protected]
2. Contact person for the register
Toni Kainulainen, [email protected]
3. Name of the register
Vuoksen Lautturi Oy's customer register
4. Legal basis and purpose of processing personal data
The personal data stored in the register is processed in accordance with the requirements of Section 8 of the Personal Data Act to manage Vuoksen Lautturi Oy's customer relations. Vuoksen lautturi Oy offers accommodation, restaurant and tourism services and engages in rental activities. The basis for the processing of personal data is the related customer relationship, the customer's consent, an order given by the customer or another relevant connection.
Vuoksen Lautturi Oy generally uses personal data for customer care and development, customer communication, marketing planning and targeting, customer service development, payment monitoring and service and business development. Vuoksen Lautturi Oy uses personal data for marketing purposes as permitted by the Personal Data Act.
In addition, the controller's partners may, subject to certain restrictions, have the right to use the information for the aforementioned purposes related to their own business, for example for the development and implementation of various joint services, concepts and business models.
5. Content of the register
Information stored in the register includes: person's name, position, company/organization, contact information (phone number, e-mail address, address), website addresses, IP address of the network connection, credentials/profiles in social media services, information about ordered services and their changes, billing information, other information related to the customer relationship and ordered services.
6. Regular sources of information
The information to be saved in the register is obtained from the customer, e.g. From messages sent via web forms, by e-mail, by phone, via social media services, contracts, customer meetings and other situations where the customer gives out their information. Personal data can also be collected, stored and updated from companies and authorities that offer update services.
7. Ordinary deliveries of data and transfer of data outside the EU or EEA
Information is not regularly disclosed to other parties. Information can be published to the extent agreed with the customer. The servers needed to use the programs are located in the EU or EEA area or in countries outside the EU and EEA as referred to in Section 22 of the Personal Data Act, where the EU Commission has determined that the level of data protection is adequate.
8. Principles of data protection
Careful handling of the registry is ensured and data processed by the information systems is adequately protected. When keeping records on Internet servers, the physical and digital security of their hardware is handled appropriately. The controller shall ensure that stored data, server access privileges and other critical data related to the security of personal data are processed confidentially and only by employees whose job description they belong to.
9. The right of inspection and the right to demand correction
Every person in the register has the right to check their information stored in the register and demand the correction of any incorrect information or the completion of incomplete information. If a person wants to check the information stored about him or demand correction, the request must be sent in writing to the controller. If necessary, the registrar may ask the requester to prove his identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within a month).
10. Other rights related to the processing of personal data
A person in the register has the right to request the removal of personal data about him from the register ("right to be forgotten"). Those registered also have other rights according to the EU's General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the registrar may ask the requester to prove his identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within a month).
