1. Data controller
Folks Hotels Oy
Business ID: 2859494-7
Päijänteenkatu 9 A 3, 15140 Lahti
Name of register: Customer and stakeholder register of Folks Hotels Oy.
3. Legal basis and purpose of the processing of personal data
The processing of personal data is based on Folks Hotels Oy’s pursuit of its legitimate interests, on contracts, or on some other relevant context. Folks Hotels Oy uses personal data for the purposes of managing, maintaining, developing, analysing, and generating statistics on, the relationship between Folks Hotels Oy and its customers and partners. Data may also be used for marketing, customer segmentation and profiling. In addition, data may be used for the planning and development of Folks Hotels Oy’s business and services. Data will not be used for automated decision-making or profiling.
4. Data sources and data content of register
As a rule, data in the register is collected from the customer during the conclusion of a contract and from the information received at that time. Data may also be independently gathered from customers’ websites and brochures. In addition, data stored in the register is obtained, for example, from messages sent via online forms (www), by email, telephone, through social media services, and from contracts, customer meetings and other situations in which the customer discloses their data. Personal data may also be collected and updated from the population register, credit register and other, corresponding public and private registers. We also collect data on visitors to our website in order to analyse and improve our website and its performance and to target relevant and personalised marketing at website visitors.
We store the following data in our register:
- The person’s name, company, organisation or community and position therein
- Contact information (such as the phone number, email address and address)
- Company contact information (including address and email address)
However, we limit the collection of data within our Company to indispensable and necessary data. We delete any data that has become unnecessary or has otherwise expired. Personal data is processed only by our company’s employees, as part of their duties. We do not store your Personal Data or other data for longer than is necessary for our operations, or as required for contractual purposes or by law. The retention periods of personal data may vary, depending on the purpose and circumstances in question. In principle, data is stored for as long as necessary to maintaining a customer or contractual relationship.
5. Regular transfers of data and transfer of data outside the EU or EEA
Data is not, as a rule, disclosed to third parties. Data may be published to the extent that this has been agreed in advance with the customer or partner in question. In addition, we may occasionally disclose the data we hold, in accordance with Finnish law. In principle, we do not disclose data outside the EU, but the controller may also transfer data outside the EU or EEA if necessary. If this happens, we will ensure that the processing, transfer and storage of your Data are carried out in accordance with the principles required by law and with adequate safeguards.
6. Principles for the protection of the register
Processing of the register is done while exercising due care and caution, and data processed by means of information systems is appropriately protected. Access to registers is restricted to persons for whom use of the register is an integral part of their job description. Each person with access to the data uses their own username and password for the systems maintaining the data. Stored data, access to registers and other information critical to the security of personal data are treated as confidential.
7. Right of inspection and right to request rectification
Each person, company or organisation on the register has the right to inspect their data stored in the register and to request the rectification of any incorrect data, or the completion of incomplete data. If a person wishes to inspect, or request the rectification of, data stored about them, such a request must be sent to the controller in writing, by email. If necessary, the controller may ask the person making the request to use accepted credentials to prove their identity. The controller shall respond to the person’s request within the time limit laid down by the EU’s General Data Protection Regulation (as a rule, within one month from receipt of the request).
8. Other rights related to the processing of personal data
A person on the register has the right to request the erasure from the register of any personal data concerning them (“right to be forgotten”). The data subject, company or organisation also has other rights under the EU’s General Data Protection Regulation, such as restricting the processing of personal data in certain circumstances.
9. Contact persons responsible for the register
+358 50 356 1110
+358 40 574 3314