Privacy Policy and Register Description

This is the privacy policy and register description of Camping Hiekkasärkät Oy in accordance with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).
Prepared on 25 May 2018. Last updated on 28 May 2018.

1. Data Controller

Camping Hiekkasärkät Oy
Tuomipakkaintie 20
85100 Kalajoki
Tel. +358 8 4659 200
myynti@kalajokicamping.fi
www.kalajokicamping.fi

2. Contact Person Responsible for the Register

Risto Apuli
Tel. +358 40 559 3989
myynti@kalajokicamping.fi

3. Name of the Register

Camping Hiekkasärkät Oy Customer Register.

4. Legal Basis and Purpose of Processing Personal Data

The legal basis for processing personal data under the EU General Data Protection Regulation is:

• Maintaining the customer relationship between the customer and Camping Hiekkasärkät Oy
• Contracts between the data controller and customers
• Act on Accommodation and Catering Operations 308/2006
• Processing accommodation reservations made by the customer
• Sale and provision of services
• Processing of personal data related to payment, invoicing, and payment monitoring and collection
• Development of the data controller’s customer service and business

The purpose of processing personal data is to maintain contact with customers, ensure order and safety, prevent and investigate crimes, and compile statistics. Data may be disclosed to authorities based on legally valid requests.

5. Data Content of the Register

The register stores the following data: name, contact details (phone number, email address, address), date of birth, nationality, information about ordered services and changes to them, billing information, and other information related to the customer relationship and ordered services.

Data provided in connection with accommodation is stored for one year.

6. Regular Sources of Data

Data stored in the register is obtained from the customer through, for example, website forms, email, telephone, social media services, contracts, customer meetings, and other situations where the customer provides their information.

7. Regular Disclosures of Data and Transfers Outside the EU or EEA

Data is not transferred outside the EU or the EEA.

8. Principles of Register Protection

Due care is taken in processing the register, and data processed using information systems is appropriately protected. When register data is stored on Internet servers, both the physical and digital security of the hardware is properly ensured. The data controller ensures that stored data, server access rights, and other information critical to personal data security are handled confidentially and only by employees whose duties require it.

9. Right of Access and Right to Rectification

Every person in the register has the right to check the data stored about them and request correction of any incorrect data or completion of incomplete data. Requests must be sent in writing to the data controller. The data controller may request proof of identity if necessary. The data controller will respond within the time specified by the EU GDPR (generally within one month).

10. Other Rights Related to the Processing of Personal Data

A person in the register has the right to request the deletion of their personal data (“right to be forgotten”). Data subjects also have other rights under the EU GDPR, such as the restriction of processing in certain situations. Requests must be sent to the data controller. The data controller may request proof of identity if necessary and will respond within the time specified by the EU GDPR (generally within one month).