Register and Privacy Statement
This is Yöpuu Yhtiö Oy’s register and privacy statement in accordance with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared on May 25, 2018. Latest update on May 27, 2018.
Register statement
1. Data Controller
Yöpuu Yhtiö Oy
Yliopistonkatu 23
40100 Jyväskylä
info(at)hotelliverso.fi
2. Contact Person Responsible for the Register
Aino Pärnänen
+358 44 427 0253
aino.parnanen(at)yopuuyhtio.fi
3. Name of the Register
Yöpuu Yhtiö Oy Customer Register
4. Legal Basis and Purpose of Personal Data Processing
Under the EU General Data Protection Regulation (GDPR), the legal basis for processing personal data is
– the individual’s consent (documented, voluntary, specific, informed, and unambiguous)
The purpose of processing personal data is to communicate with customers, maintain the customer relationship, and marketing.
5. Contents of the Register
Information stored in the register includes: the person’s name, position, company/organization, contact details (phone number, email address, address), website addresses, IP address of the internet connection, usernames/profiles on social media services, information about subscribed services and changes thereto, billing information, and other data related to the customer relationship and subscribed services.
The data is retained for two years from the last time any changes were made to the information.
6. Regular Sources of Information
The data stored in the register is obtained from the customer through messages sent via web forms, email, phone, social media services, contracts, customer meetings, and other situations where the customer provides their information.
7. Regular Disclosures of Information and Transfer of Data Outside the EU or EEA
Information is not regularly disclosed to other parties. Data may be shared to the extent agreed upon with the customer.
Data may also be transferred by the data controller outside the EU or EEA.
Information may be disclosed to the following parties:
– Facebook
– Google
– MailChimp
The reason for disclosing information is improved and targeted marketing.
8. Principles of Register Protection
The register is handled with care, and data processed through information systems is properly protected. When register data is stored on internet servers, appropriate physical and digital security measures are in place. The data controller ensures that stored information, server access rights, and other security-critical personal data are treated confidentially and only by employees whose job duties require it.
9. Right of Access and the Right to Request Correction of Information
Every individual in the register has the right to review their stored information and request correction of any inaccuracies or completion of incomplete data. To do so, a written request must be sent to the data controller. The data controller may require the requester to verify their identity. The data controller will respond within the timeframe stipulated by the EU Data Protection Regulation (generally within one month).
10. Other Rights Related to the Processing of Personal Data
Individuals in the register have the right to request the deletion of their personal data from the register (“right to be forgotten”). They also have other rights under the EU General Data Protection Regulation, such as the right to restrict processing in certain situations. Requests must be submitted in writing to the data controller. The data controller may require the requester to verify their identity. The data controller will respond within the timeframe set by the EU GDPR (generally within one month).
Privacy Statement
You can download the comprehensive privacy statement compliant with the General Data Protection Regulation (GDPR) here:
Purpose of a Separate Privacy Statement
This privacy statement implements transparent information, communication, and detailed rules in accordance with the EU General Data Protection Regulation (EU) 2016/679, enabling the provision of information required by Articles 13 and 14, as well as all processing-related information under Articles 15–22 and 34, in a concise, transparent, easily understandable, and accessible format using clear and simple language. Yöpuu Yhtiö Oy is a hospitality company providing accommodation and restaurant services to its customers. This privacy statement describes the principles of personal data processing and protection through which Yöpuu Yhtiö, as the data controller, safeguards personal data in various situations.
In the privacy statement, the data controller is hereafter referred to as “Yöpuu Yhtiö” or “the data controller.”
