Customer Database Privacy Statement
Santa’s Hotels -organization consists of:
- Hotel Santa Claus Oy, 1614402-5
- Santa’s Hotel Santa Claus
Korkalonkatu 29
96200 Rovaniemi
p. 016 321 321 - Santa’s Igloos Arctic Circle
Joulumaankuja 8
96930 Rovaniemi
p. 0400 102 170 - Santa’s Hotel Rudolf
Koskikatu 41-43
96100 Rovaniemi
p. 016 321 321 - Santa’s Chalets Rakka
Urpiaisenkuja 4
99490 Kilpisjärvi
p. 0400 230 011
- Santa’s Hotel Santa Claus
- Saariselän Tunturihotellit Oy, 0942022-0
- Santa’s Hotel Tunturi
Lutontie 3
99830 Saariselkä
p. 016 68 111
- Santa’s Hotel Tunturi
- Hotel Aurora Oy, 1871193-5
- Santa’s Hotel Aurora
Luppokeino 1
99555 LUOSTO
p. 0400 102 200
- Santa’s Hotel Aurora
- Kalajoen kylpylähotelli Sani Oy, 1996583-0
- Santa’s Resort & Spa Hotel Sani
Jukupolku 5
85100 Kalajoki
p. 08 4692 500
- Santa’s Resort & Spa Hotel Sani
2 Contact Person in Matters Relating to the Personal Data File
Hannu Wärme, hannu.warme(at)santashotels.fi, tel. +358 400 986 945
3 Data Protection Officer
The data protection officer at Santa’s Hotels is Hannu Wärme, tietosuojavastaava(at)santashotels.fi, tel. +358 400 986 945.
4 Name of the Personal Data File
Customer database privacy statement
5 Purpose of Personal Data Processing
Personal data are collected for specified, explicit and legitimate purposes. The data are collected telemetrically and with the consent of the customers and stakeholders. Consent has been obtained from the customers and stakeholders with a separate form stating their truthful and genuine consent. The data are gathered for the purposes of customer relations.
The customers have been notified of profiling and it has been made clear that they have the right to withdraw their consent, in which case profiling will cease without delay. The personal data are gathered in accordance with this privacy statement and they will not be used, altered or transferred in ways not mentioned in this privacy statement. The personal data are collected only with means agreed to in advance, which have been communicated to customers and stakeholder prior to collecting the data and their proven consent for the collection and processing of the data has been obtained.
6 Content of the Data File
The data file contains personal data on the customers of Santa’s Hotels: first name, last name, email address, telephone number, language, personal id-code, indicator data related to profiling and the use of commodities, and data provided by customers and stakeholders directly to Santa’s Hotels.
7 Regular Sources of Personal Data
The personal data is collected from the customer and obtained from hotel partners.
8 Regular Destinations of Disclosed Data
Santa’s Hotels has decided not to transfer data in our possession to third parties or automatically to other Santa’s Hotels partners. Data can be transferred to marketing register of Santa´s Hotels. In individual cases, Santa’s Hotels discloses data of a customer or stakeholder to the designated party if the data subject so requests or if a competent authority requires Santa’s Hotels on legal grounds to disclose specified data in the database in our possession.
9 Data Transfer to Third Countries or International Organizations
Santa’s Hotels has decided not to transfer data in our possession automatically to third countries or international organizations. In individual cases, Santa’s Hotels discloses data to third countries or international organizations if the customer or stakeholder has mandated us for such a purpose and if we have together with the data protection officer and the Finnish data protection authority assessed the risks and the quality system of the actual data security level of the third country.
10 Principles of Securing the Data File
Santa’s Hotels secures the personal data file referred to in this privacy statement based on the required security level derived from risk assessment. The data protection officer participates in the risk assessment process and provides an objective statement of the final decision regarding data protection, which Santa’s Hotels will adhere to. In securing the personal data file, Santa’s Hotels observes technical security as well as the requirements of both administrative and information technology requirements.
11 Right of Access
Data subjects have the right to inspect what data on them have been stored in the file. In addition, after a sufficiently detailed and accurate request, data subjects have the right of access to the data on them stored in the data files. The request for access must be delivered in written form and with the subject’s signature and attached with a copy of personal id-card to the Data Protection Officer.
12 Right to Rectification and Erasure
The controller must rectify inaccurate data in the personal data file indicated by the data subject. The controller is also obligated to independently verify that the data in the data file are accurate and up to date. Data subjects may also request that the controller erases data on them from the file. This procedure is managed by the data protection officer.
13 Other Rights Pertaining to Personal Data Processing
Data subjects have the right to request a restriction of processing data on them. Data subjects also have the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. In addition, data subjects have the right to object to processing of personal data, automated decision-making and profiling.
14 Erasure of Data and Time of Storage
Santa’s Hotels removes data on a customer from the data file, when there no longer are operational grounds for their processing or if data subjects exercise their legal right to request from Santa’s Hotels the erasure of data on them. The data are erased by overwriting, when their processing or keeping is no longer justified. The data are not erased, however, if specific provisions have been issued by laws or regulations or if a competent authority has initiated a process that requires Santa’s Hotels to keep the data or if a Finnish court of law has been requested to decide on safeguarding the data.
15 Approval of the Privacy Statement
This privacy statement has been inspected and its continuation has been approved on 26.9.2018.