1. Data controller
Inari-Saariselkä Tourism Ltd, Business ID 0923166-5
Sairaalantie 3 a, 99800 Ivalo, Finland
2. Person responsible for the register
Managing Director Marja Kumpuniemi, firstname.lastname@example.org
3. Name of the register
Inari-Saariselkä Tourism does not collect consumer or payment details and all on-line reservation and payment actions for products visible on our website are carried out through third-party interface. The terms of the third-party service can be seen here: https://bokun.io/terms/. The company maintains the following registers:
- the membership register
- the register of the members of the board and the shareholders
4. Legal grounds and purpose of data processing
The legal grounds for data processing pursuant to the General Data Protection Regulation is:
- consent given by the data subject (documented with a membership agreement)
- performance of duties (members of the board)
- the data controller’s legitimate interest (membership)
The purpose of data processing is communications with the members and members of the board and shareholders. The data is not used for automated decision-making or profiling.
5. Content of the register
The data stored in the register includes:
- name, job title, company/organisation, contact information (telephone and email)
- IP address, information on the services ordered and changes to them, and invoicing information
6. Sources of information for the register
Information stored in the register is collected from the customer by messages submitted via online forms, email and phone, from contracts, at customer meetings and in other situations in which the customer provides information.
7. Disclosure of information and transfer of information outside the EU or the EEA
As a rule, this information is not disclosed to external parties. Information may be disclosed to the extent that is agreed on with the customer.
With regard to the members of the board, information is disclosed to the trade register.
8. Principles of data protection
Care is taken in the handling of the register and the data processed with information systems is appropriately protected. If the data is stored on internet servers, their physical and digital security is ensured appropriately. The data controller is responsible for ensuring that the data, access rights to the servers and other information that is central to data security are processed confidentially and solely by those employees who need the data for the performance of their duties.
9. Right to inspect the data and to request it to be corrected
Data subjects have the right to inspect the data pertaining to them that is stored in the register and to request that any incorrect data be rectified or missing data be completed. Requests to inspect or correct data must be submitted in writing to the data controller. The data controller may request data subjects submitting such a request to prove their identity. The data controller responds to the data subject within the time limit specified in the General Data Protection Regulation (primarily within a month).
10. Other rights related to data processing
Data subjects have the right to request the deletion of the data pertaining to them (‘the right to be forgotten’). In addition, data subjects have all the rights pursuant to the EU’s General Data Protection Regulation, such as the right to restrict the processing of their data in certain circumstances. Such requests must be submitted in writing to the data controller. The data controller may request data subjects submitting such a request to prove their identity. The data controller responds to the data subject within the time limit specified in the General Data Protection Regulation (primarily within a month).
11. Cookies and links
The website includes links to other sites and services. We are not responsible for the privacy policies or content of these third-party sites.