Privacy policy

This is Inari-Saariselkä Tourism Ltd’s privacy policy pursuant to Finland’s Personal Data Act 523/1999 (Sections 10 and 24) and the EU’s General Data Protection Regulation (GDPR). Prepared on 1 January 2020. Last revised in November 2023.

1. Data controller

Inari-Saariselkä Tourism Ltd, Business ID 0923166-5
Sairaalantie 3 a, 99800 Ivalo, Finland

2. Person responsible for the register

Managing Director Hanna Kouri, hanna.kouri@laplandnorth.fi

3. Name of the register 

Inari-Saariselkä Tourism does not collect consumer or payment details and all on-line reservation and payment actions for products visible on our website are carried out through third-party interface. The terms of the third-party service can be seen here: https://bokun.io/terms/. The company maintains the following registers:

  •  the membership register
  • the register of the members of the board and the shareholders

The legal grounds for data processing pursuant to the General Data Protection Regulation is:

  • consent given by the data subject (documented with a membership agreement)
  • performance of duties (members of the board)
  • the data controller’s legitimate interest (membership)

The purpose of data processing is communications with the members and members of the board and shareholders. The data is not used for automated decision-making or profiling. 

5. Content of the register

The data stored in the register includes:

  • name, job title, company/organisation, contact information (telephone and email)
  • IP address, information on the services ordered and changes to them, and invoicing information

6. Sources of information for the register

Information stored in the register is collected from the customer by messages submitted via online forms, email and phone, from contracts, at customer meetings and in other situations in which the customer provides information.

7. Disclosure of information and transfer of information outside the EU or the EEA

As a rule, this information is not disclosed to external parties. Information may be disclosed to the extent that is agreed on with the customer.

With regard to the members of the board, information is disclosed to the trade register.

8. Principles of data protection

Care is taken in the handling of the register and the data processed with information systems is appropriately protected. If the data is stored on internet servers, their physical and digital security is ensured appropriately. The data controller is responsible for ensuring that the data, access rights to the servers and other information that is central to data security are processed confidentially and solely by those employees who need the data for the performance of their duties.

9. Right to inspect the data and to request it to be corrected

Data subjects have the right to inspect the data pertaining to them that is stored in the register and to request that any incorrect data be rectified or missing data be completed. Requests to inspect or correct data must be submitted in writing to the data controller. The data controller may request data subjects submitting such a request to prove their identity. The data controller responds to the data subject within the time limit specified in the General Data Protection Regulation (primarily within a month).

Data subjects have the right to request the deletion of the data pertaining to them (‘the right to be forgotten’). In addition, data subjects have all the rights pursuant to the EU’s General Data Protection Regulation, such as the right to restrict the processing of their data in certain circumstances. Such requests must be submitted in writing to the data controller. The data controller may request data subjects submitting such a request to prove their identity. The data controller responds to the data subject within the time limit specified in the General Data Protection Regulation (primarily within a month).

The website collects data on users through cookies. Get to know our cookie policy here.

The website includes links to other sites and services. We are not responsible for the privacy policies or content of these third-party sites.

12. Site Cookies