Data protection description
De Gamlas Hem Hotel & Restaurant Customer and marketing register
We store and handle personal information in accordance with the EU’s GDPR. We may alter this data protection description from time to time, either by giving advance notice of this or without giving notice. We recommend that you visit this data protection description page from time to time to take note of changes.
De Gamlas Hem Resort Ltd
Vat number FI28718233
Kirkkokatu 54, 90120 Oulu
Tel. +358 75 325 7600
Person responsible for register matters:
De Gamlas Hem Resort Ltd
Veli-Pekka Pohjola, CEO
The purpose of the handling of personal information:
Our operations are based on lawful business operations, and thus we also comply with the EU regulation on the storage of personal information – in brief, this is the following six points:
• The information that we store about a person is lawful, reasonable and transparent in terms of its handling. This means that you can have access to your information at any time.
• The information is limited to the purpose of use – for example, information that we collect about people is limited to only a particular usage purpose. We will not pass on your information to external parties unless there is an appropriate reason for doing so.
• We will minimise the information we store – we will only store what is necessary.
• We will seek to keep our information accurate.
• We will limit the storage of information – a usage period is defined for the information, after which it is deleted, either automatically or as a matter of routine, unless there is a legally-grounded reason to keep it.
• We store intact and reliable information, secured through back-up copies, for example.
We collect and store information based on customer relationships or associated with business operations, on possible new customers. The principal purposes for the usage of information are: Internet marketing, reporting, production of services, customer communications, the planning and targeting of marketing, analysis, development of customer service, tracking of payments and the development of the service and business, as well as for other comparable usage purposes.
The data content of the register:
We store the minimum amount of information relating to the customer relationship, which typically includes the individual name of the person and contact details, such as their e-mail address and telephone number.
Normal sources of information:
Sources of information used include the following:
• LinkedIn, Google Analytics, our booking engine and the web forms on the website.
• Personal information is collected from the registered person themselves in the register controller’s own operations, in association with dealing with customers, including by phone, in the online service and at customer events.
• In addition, with regard to our business operations, e.g. in connection with the acquisition of new customers, we may use names taken from the media, for example, which we may contact with a view to doing business.
Normal passing on of information:
We use the services of third parties for the handling and storage of such data which may include personal information. However, third parties act purely as handlers of personal information who have a right to handle such information only within the scope of the services agreed on, and De Gamlas Hem Hotel & Restaurant remains the only register controller of this kind of information.
We shall pass on personal information in a limited manner to other parties – in practice, this means the following:
• We use the tools of e-mail marketing. What is stored in these is only the name, company and e-mail address.
• In order to take care of customer relationships, we use a CRM tool, in which we store, in a minimised form, things including the following: the name of the person, their contact details and features related to the customer relationship, such as meetings and other activities.
• We use an invoicing system, in which we store, in a minimised form, things including the following: the personal name of the customer, their contact details and features related to the customer relationship, such as invoicing and the accounts ledger.
• In order to take care of new customerships, we use a CRM tool, in which we store, in a minimised form, things including the following: the name of the person, their contact details and features related to the customer relationship, such as report requests from the site.
• In order to take care of customer relationships, we use our website, on which we store, in a minimised form, things including the following: the name of the person, their contact details and features related to the customer relationship, such as report requests from the site.
• Information can be passed on to the authorities within the limits in accordance with prevailing legislation or when decrees demand it, for example in order to investigate malpractices.
Transferral of information outside the EU or EEA
THE ALTERNATIVE IF IT IS TRANSFERRED
In the handling of data in accordance with the purposes specified in this data protection policy, we use partners and in association with this, we may pass on the personal information that we handle outside the EU or EEA, complying with the legislation that is in force in any given situation. In the case of countries where a sufficient level of data protection has not been ensured, transferrals are based on appropriate protective measures, such as the standard contract clauses approved by the European Commission or a monitoring authority.
THE ALTERNATIVE IF IT IS NOT TRANSFERRED
Information will not be transferred as a rule outside EU and the European Economic Area.
Register protection principles
De Gamlas Hem Hotel & Restaurant as appropriate technical and organisational security practices and processes to secure personal information against loss, misuse or other comparable illegal access.
The personal information contained in the register is stored confidentially. There are guidelines in the organisation of the register controller on the use of the register and access to the person register is restricted so that only those employees who have the right to do so with regard to their work tasks, and as far as their tasks require, have access to the information contained in the register stored in the system and are authorised to use it. The personnel who handle personal information are under an obligation of secrecy.
The system is protected with protection software. Access to the system requires entering a user ID and password from each user of the register. The server environment is protected with passwords and an appropriate firewall. The data traffic between the server and the computer of the user is transmitted in an encrypted form. In addition, the data network and equipment where the register is located are protected with a firewall and through other technical measures. Destroying of materials containing personal information is done is a data-secure manner.
You have the right to get access to your personal information and have erroneous information that concerns you corrected. You have the right to demand deletion of your personal information at any time unless the interests that we are entitled to, or a requirement laid down by law, prevent the deletion of some personal information. Information shall be handed over in a form that is comprehensible to the customer, and in writing if so required. Requests are to be addressed with a personally signed letter to De Gamlas Hem Hotel & Restaurant / Tietosuoja, Kirkkokatu 54, 90100 Oulu.
The right to demand correction of information
The register controller shall correct, delete or supplement information in the register that is, in terms of handling, erroneous, unnecessary, deficient or out of date, either independently or when demanded to do so by the registered person. In addition, personal information can be deleted if the customer misuses the service or, with the aid of the service, carries out criminal or other prohibited actions. The registered person must contact the register controller for the correction of information. Requests are to be addressed with a personally signed letter to De Gamlas Hem Hotel & Restaurant / Tietosuoja, Kirkkokatu 54, 90100 Oulu.
Other rights relating to the handling of personal information
A registered person also has the right to prohibit the register controller from handling information relating to them for the purposes mentioned in this register description, unless it is agreed otherwise between the register controller and the registered person. Requests for correction of information pertaining to marketing prohibitions (calls, printed direct marketing, text messages and e-mail) are to be addressed with a personally signed letter to De Gamlas Hem Hotel & Restaurant / Tietosuoja, Kirkkokatu 54, 90100 Oulu..
Analyses of web pages and advertising cookies
In order to obtain additional information about the traffic on our website, we use an analysis tool and advertising provided by a third party.
IF GOOGLE ANALYTICS IS USED
You can prevent the collection of information by Google and the usage of information (cookies and IP addresses) by downloading and installing a browser add-on program, which can be obtained here: https://tools.google.com/dlpage/gaoptout?hl =en or by using other advertising and tracking blocking tools.
We also use Google Analytics in order to analyse the information of the AdWord and DoubleClick Cookies services. You can prevent the handling of this information through the privacy settings of Google here: https://myaccount.google.com/
Päivitetty 8.10.2018/Veli-Pekka Pohjola