Collector: Äksyt Ämmät Ltd.
Salmenkyläntie 81, 75500 Nurmes
Business ID: FI10408907
Contact person: Ms. Minna Murtonen
Mobile +358 400 877 085
Data content of register
The reason for collecting personal information is to determine and allocate the quantity and quality of meals, rooms, staff, transfers, equipment etc. so that we can provide you with the quality performance of the experience booked.
We only collect information that is voluntarily provided to us at:
· booking a room or a holiday
· at the guesthouse
Upon booking we collect the following personal information directly from the customer
· name of the booker
· phone number and/or email address
Upon checking in we ask you to fill in Passenger Card. All accommodation services are required to collect passenger card information from all accommodation passengers. Accommodation service provider is designated information holder of this information in order to comply with Finnish law (see details below).
Upon payment: the accommodation may be paid with cash or by card via iZettle. No record of card details is kept by us.
Outdoors excursions, courses and tours
To provide quality customer service and operate our excuriosions smoothly and safely we request the following information:
· Shoe size
· Mobile number (not necessary)
· Date of Birth (not necessary)
The guest may or may not provide the following information
· health/dietary requirements
These are the pieces of information the travel agents collect directly from customers and forward to us. We will in turn forward some of this information to our network of service providers. You consent to this information transfer upon purchasing the service.
We cannot be held responsible for any information that third parties, for example reservation websites or travel agents, collect and use regarding your reservation. We are responsible of only the information provided directly to us.
Name lists of customers are being stored until the end of each fiscal year (ending of 30th of April) after which they are deleted from computer. Physical name/room arrangement/dietary lists are burned in the oven soon after the excursion is over.
Passenger Card (applies to international guests only)
Collecting passenger card information is based on Finnish law 28.4.2006/308 ”Law regarding accommodation and restaurant services”.
Passenger cards are collected and handled for general safety as well as to collect data for Finnish tourism statistics. Accommodation providers may use the collected information for direct marketing when opted-in by the customer.
Accommodation provider is obliged that all accommodation customers fill passenger card accurately. Group reservation can be handled as one passenger notice. Passenger card must state company details, contacts and address. Passenger card must contain following information:
· Full name of the passenger as well as a personal identification number or date of birth
· Full names of all other passenger travelling with the primary traveller and their personal identification number or dates of birth
· Permanent address
· Country of entry to Finland
· Check-In and Check-Out date
· Passenger may also state the reason for journey (business/leisure/conference/other).
Physical copies of passenger cards are being handed over to the Finnish Authorities for further processing and no copies are being stored by us.
We send newsletters to our business partners twice a year with the help of MailChimp (compliant to Privacy Shield). A newsletter may be send via email to a private person if the person subscribes to our mailing list. The Email Service Provider (Mailchimp) provides clear procedures for unsubscribing from the list for those who do not wish to receive our newsletter. An email newsletter is send to private persons who have requested to be added to our newsletter list and can unsubscribe at any time by following the Unsubscribe link. Once you subscribe, we will keep you on our email newsletter list until you request to unsubscribe.
We will never forward, rent or sell customer information for third parties.
Names and contact details are only forwarded if you ask us to book or use third party services for you. Passenger card information is forwarded to police at the end of the year and no copies of them is stored at Äksyt Ämmät.
Source of informationDirectly from the client, our partners or from an International Travel Agent.
- Regular disclosures of information and recipient categoriesData may be disclosed to Äksyt Ämmät Ltd’s co-operation partners for for the purpose of arranging room, transfers and food during the holiday. This data is in printed form and shall be disposed after the group has stayed overnight. All accommodation services are required to collect passenger card information from accommodation passengers. Accommodation service provider is designated information holder of this information in order to comply with Finnish law.
Äksyt Ämmät Ltd may use the collected information for direct marketing if the client consents to this by ticking the box in the passenger card or by signing up the Newsletter subscription list at the website.
Transfer of data outside of the EU or EEA
Personal data may be transferred outside of the European Union or the European Economic Area as we use the services of Google, Microsoft, Mailchimp and WordPress in accordance with the data protection legislation and within the boundaries imposed by same. If the transfer does constitute a transfer to the United States in accordance with the Privacy Shield system, the transfer shall occur by means of employing the standard clauses approved by the European Commission.
Personal data retention period
We shall erase data concerning a person from the register latest if there have been no active measures in relation to a client for a period of [one] year and the person is not related to any pending matter.
Information concerning practical arrangements provided for the purposes of holiday arrangements (such as food/accommodation, etc. details) shall be erased once there is no longer any need to process the event information.
The erasing shall take place by means of deleting the information in its entirety, by rendering the data passive so that the data are no longer processed and access to the data is restricted, by means of encrypting or overwriting.
Profiling of any sort is not conducted.
Data subject’s rights
Data subject’s right to object to the processing of personal data. The data subject shall have the right, in connection with their personal specific circumstances, to object to profiling pertaining to themselves and to other processing measures directed by the data controller at the data subject’s personal data to the extent the data processing is based upon the data processor’s legitimate interests.
Data subject’s right to obtain access to the information (Right of Access)
Data subject’s right to require the rectification or erasure of data or restriction of processing
The data subject shall, without any undue delay, after becoming aware of the error, or, having detected the error themselves, rectify, erase or supplement any piece of information found in the register being contrary to the purpose of the register, erroneous, un-necessary, deficient or outdated. The data subject shall also have the right to require the data controller to restrict the processing of their personal data. Data subject’s right to object to direct marketing. The Data Subject may issue the Data Controller consents or prohibitions pertaining to direct marketing on a channel-specific basis, including profiling taking place for direct marketing purposes.
Data subject’s right to lodge a complaint with the supervisory authority
The data subject may present their claim regarding the objection. In conjunction with the claim, the data subject must specify the specific circumstances based on which they are objecting to the processing. The data controller may refuse to carry out the request pertaining to the objection on the grounds stipulated for under the legislation.
The data subject shall have the right to lodge a complaint with the competent supervisory authority, if the data controller has not complied with the applicable data protection regulation in its operations.
Principles for protecting the register
The environment has been protected with appropriate firewalls and other technical safeguards. The data controller’s personnel have undertaken confidentiality obligations.
In all questions concerning the processing of personal data and situations related to the exercise of the data subject’s rights, the data subject should contact the data controller. The data subject may exercise their rights by contacting firstname.lastname@example.org .