PRIVACY POLICY

The following the Company’s privacy policy in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Drafted in Lahti, 18 August 2020. 

1. Data controller

Folks Hotels Oy
Business ID: 2859494-7
Päijänteenkatu 9 A 3, 15140 Lahti

Name of register: Customer and stakeholder register of Folks Hotels Oy.

2. General

In order to serve you as best we can, we need to collect and process some data concerning you. However, we value your privacy and are committed to protecting it in a responsible and trustworthy manner. This Privacy Policy contains information about what personal data we collect about you, what principles we follow when we process such data, and your rights and possibilities to influence the use of your data. Folks Hotels Oy processes personal data concerning you in accordance with this Privacy Policy and the applicable laws. We reserve the right to make updates to this Privacy Policy when developing our operations, or when legislation changes or so requires. We would therefore ask you to review the contents of this Privacy Policy on a regular basis. By using our services, websites or contacting us, you accept that we process personal data concerning you in accordance with this Privacy Policy. If you do not agree to the terms and conditions herein, this may affect our ability to provide you with services.

3. Legal basis and purpose of the processing of personal data

The processing of personal data is based on Folks Hotels Oy’s pursuit of its legitimate interests, on contracts, or on some other relevant context. Folks Hotels Oy uses personal data for the purposes of managing, maintaining, developing, analysing, and generating statistics on, the relationship between Folks Hotels Oy and its customers and partners. Data may also be used for marketing, customer segmentation and profiling. In addition, data may be used for the planning and development of Folks Hotels Oy’s business and services. Data will not be used for automated decision-making or profiling.

4. Data sources and data content of register

As a rule, data in the register is collected from the customer during the conclusion of a contract and from the information received at that time. Data may also be independently gathered from customers’ websites and brochures. In addition, data stored in the register is obtained, for example, from messages sent via online forms (www), by email, telephone, through social media services, and from contracts, customer meetings and other situations in which the customer discloses their data. Personal data may also be collected and updated from the population register, credit register and other, corresponding public and private registers. We also collect data on visitors to our website in order to analyse and improve our website and its performance and to target relevant and personalised marketing at website visitors.

We store the following data in our register:

However, we limit the collection of data within our Company to indispensable and necessary data. We delete any data that has become unnecessary or has otherwise expired. Personal data is processed only by our company’s employees, as part of their duties. We do not store your Personal Data or other data for longer than is necessary for our operations, or as required for contractual purposes or by law. The retention periods of personal data may vary, depending on the purpose and circumstances in question. In principle, data is stored for as long as necessary to maintaining a customer or contractual relationship.

5. Regular transfers of data and transfer of data outside the EU or EEA

Data is not, as a rule, disclosed to third parties. Data may be published to the extent that this has been agreed in advance with the customer or partner in question. In addition, we may occasionally disclose the data we hold, in accordance with Finnish law. In principle, we do not disclose data outside the EU, but the controller may also transfer data outside the EU or EEA if necessary. If this happens, we will ensure that the processing, transfer and storage of your Data are carried out in accordance with the principles required by law and with adequate safeguards.

6. Principles for the protection of the register

Processing of the register is done while exercising due care and caution, and data processed by means of information systems is appropriately protected. Access to registers is restricted to persons for whom use of the register is an integral part of their job description. Each person with access to the data uses their own username and password for the systems maintaining the data. Stored data, access to registers and other information critical to the security of personal data are treated as confidential.

7. Right of inspection and right to request rectification

Each person, company or organisation on the register has the right to inspect their data stored in the register and to request the rectification of any incorrect data, or the completion of incomplete data. If a person wishes to inspect, or request the rectification of, data stored about them, such a request must be sent to the controller in writing, by email. If necessary, the controller may ask the person making the request to use accepted credentials to prove their identity. The controller shall respond to the person’s request within the time limit laid down by the EU’s General Data Protection Regulation (as a rule, within one month from receipt of the request).

8. Other rights related to the processing of personal data

A person on the register has the right to request the erasure from the register of any personal data concerning them (“right to be forgotten”). The data subject, company or organisation also has other rights under the EU’s General Data Protection Regulation, such as restricting the processing of personal data in certain circumstances.

9. Contact persons responsible for the register

Ville Siltala
ville.siltala@folkshotels.fi 
+358 45 271 0383