Description of the Personal Data File of Blue Holidays Finland Oy’s (“BHF”) webpage and online services (“Service”) in accordance with Section 10 of the Finnish Personal Data Act (523/1999).
According to the General Data Protection Regulation, the personal data controller of a register is obligated to inform the register’s data subjects in a clear manner. This statement fulfills this informing obligation.
DATA FILE CONTROLLER
Blue Holidays Finland Oy
Business ID 2860978-2
REPRESENTATIVE OF THE CONTROLLER
NAME OF THE DATA FILE
BHF’s User Register of the Service (”User Register”)
PURPOSE OF THE DATA FILE
Personal data is processed only for the purposes of invoicing, debt collection, customer inquiries, transactions, customer surveys, service improvements, reporting, marketing and other measures related to the customership. The collection and processing of personal data is therefore necessary for providing the Service and in order to fulfill the obligations set out in the laws and regulations within the field of accommodation and food services (especially the Finnish Act 28.4.2006/308; “laki majoitus- ja ravitsemistoiminnasta”) as well as in the agreement between the User and BHF. The data subject has the right to prohibit the controller to process personal data for the purposes of marketing.
BHF’s customers and/or users of the Service (”Users”)
CONTENTS OF THE DATA FILE
Personal data of the User:
The following information shall be collected from the User for the purposes of a traveler notification (depending e.g. on the User’s country of origin):
1) the traveler’s full name and Finnish social security number, or if not available, the date of birth and nationality;
2) the full names and Finnish social security numbers of the traveler’s spouse and underage children, if they are traveling with the traveler, or if not available, their dates of birth
3) the traveler’s address;
4) the country, from which, the traveler arrives to Finland;
5) the ID number of the traveler’s passport/travel documentation; and
6) the date of arrival to the accommodation service as well as the date of departure if known.
In addition, also other information may be inquired from the User, which are necessary for the identification of the User or for the fulfillment of the agreement with the User. In any case, only the first and last name of the User, the address, telephone number and e-mail address, country of residence and travel group size; how many adults and children and pets are travelling; are collected in connection with the reservation. The data shall be stored for the time required by applicable laws and regulations. If the reservation is cancelled, and the User has not given his/her consent to use the information for marketing purposes, the information shall be destroyed without undue delay.
Travelers’ passenger declarations are usually made as paper printouts. If required, passenger declarations are submitted to the authorities or stored the time required by law (one year). If the customer has completed the passenger notification in advance electronically, the copy will be sent to the owner of the property. The identity will be controlled, and the passenger notification should be signed during the check-in. Passenger declaration’s protection and preservation of the information contained are handled by the owners of the properties.
Payments made on BHF’s Service are made over a secure SSL-connection via the payment agent Bambora (“Payment Agent”). BHF does not have access to the User’s payment card information and no such information is stored in BHF’s User Register.
Sensitive data (as defined in the Personal Data Act) is not collected by BHF with the exception of the Finnish social security number required by the Finnish Act 28.4.2006/308 (“laki majoitus- ja ravitsemistoiminnasta”). BHF shall not check the validity of the data provided by the Users.
SOURCES OF DATA
Data is acquired directly from the User when the User makes a reservation through BHF’s Service.
COOKIES AND THIRD PARTY FUNCTIONALITIES
Third party functionalities/add-ons may be utilized in the Service. With third party functionalities, the User may for example link his/her information to his/her social media. While utilizing these functionalities/add-ons, the Users must accept the terms and conditions and/or separate privacy policies for such functionalities/add-ons (e.g. Facebook and AddThis).
REGULAR DESTINATIONS OF DISCLOSED DATA
The data is not generally disclosed for marketing purposes outside Blue Holidays Finland Oy. BHF has the right to disclose the User’s information to the owner of the property, which is used for the accommodation service, or to the entity responsible for it (hereinafter together “Owner”). The information shall only be disclosed as required (please see above) and in order to:
- provide the Service/fulfill the agreement;
- carry out practical issues related to the accommodation service; and
- fulfill the obligations set out in the Finnish Act 28.4.2006/308; “laki majoitus- ja ravitsemistoiminnasta”.
BHF does not process the User’s credit card or other payment information. All card payments are facilitated by Bambora PayForm (Paybyway Oy, business-id FI24865594). The Paybyway Oy is a payment facilitator authorized by the Financial Supervisory Authority of Finland. The payment process is conducted in the online service of the Bambora. Bambora or Paybyway Oy is shown as the payment received in the bank account listing and in the invoice.
The Service is offered via BHF’s subcontractor’s PROGETTOWEBFIRENZE’S (“Server Provider”) servers and application platform.
The User acknowledges that the use of the Service and its functions may require the processing of information provided by the User and the processing of the User’s credit card information by the Server Provider and/or by the Payment Agent.
BHF does not disclose any information collected by itself to entities residing outside of EU/ETA area.
AUTOMATIC DECISION-MAKING AND PROFILING
We are not using the data for automatic decision-making or profiling.
THE RIGHTS OF THE USER AND THEIR UTILISATION
In accordance with Section 26 of the Personal Data Act, the User has a right of access to the information stored in the User Register.
In accordance with Section 29 of the Personal Data Act, the controller shall without undue delay, and on its own initiative or due to the request of the User rectify, erase or supplement any erroneous, unnecessary, incomplete or obsolete personal data contained in the personal data file.
If information regarding the User is erroneous, the User may request BHF in writing to rectify the erroneous information. Such a request must be sent to the representative of the controller.
The User also has, in accordance with Section 30 of the Personal Data Act, the right to prohibit the controller to process personal data for the purposes of direct advertising, distance selling, other direct marketing, market research and opinion polls. In order to use the right to prohibit processing, the User shall send the request via a letter and/or e-mail to the abovementioned representative of the controller.
In order to use the abovementioned rights, the User must make the request in writing and in a signed document sent to the following address:
Blue Holidays Finland Oy
The requested information concerning the User’s data shall be given in writing and shall be sent by email and/or post to the address of the User, which has been specified in the request. Request can also be submitted by using the GDPR account of this site.
In addition, the User has the right to:
- request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
- withdraw possibly given consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; and
- lodge a complaint with a supervisory authority. Contact information of the data protection supervisor: tietosuoja.fi/en/index/yhteystiedot.html
UPDATING OF THE DATA
The stored data of the User may be updated using the GDPR account in the site.
DATA FILE PROTECTION
The User Register is kept confidential and is processed only with one adequately protected computer. The User Register is properly secured with adequate technical and organizational measures and one electronic backup is kept of it. The data is not stored as printouts, and it is printed out manually only when so needed. All printouts will be destroyed immediately when they are not needed anymore. Passenger declaration’s protection and preservation of the information contained are handled by the owners of the properties.