Privacy Policy

Privacy Policy

We process personal information at Petäys Resort (Etelä-Hämeen Lomat Oy) in order to serve our customers in the best possible way. We retain personal information about our hotel, restaurant, and program service customers, our business partners and our staff. Personal information includes, for example, first name, last name, phone number, email address, or information about the use of the service.

1.  Controller

Etelä-Hämeen Lomat Oy
Contact information: Petäyksentie 35
14620 Tyrväntö
[email protected]
Business ID (VAT): FI09702519
+358 3 673 301

2. Data subjects

Customers, potential customers, suppliers, and partners.

3. Grounds for and purpose of keeping the register

Based on laws and regulations
• Citizenship (Regulation EU 692/2011), Purchase Information or parts thereof for accounting purposes (Law 1336/1997) To protect the data subject
• Customer information related to reservations such as name and contact information
• Language codes, information about fellow travelers or attendees (boarding pass)
• Invoicing information or other information regarding payments or payment methods
• Pricing criteria, such as corporate customer information or other information affecting prices
• Purchase information and information on booked or used services
• The level of service booked, such as room type and other information about the desired services
• Correspondence
• Marketing communications

Purpose of the processing of personal data and use of the register

Personal data will only be processed for predefined purposes, which are:
• Room service, program service, wellness service, processing of bookings for tables and venues, service provision
• Customer identification
• Customer relationship management, customer care
• Customer communication related to reservations, contacting customers
• Marketing communications
• Detecting and reporting malfunctions
• Customer service development, research related to service development
• Safeguarding the rights of the parties and ensuring the correctness of the service

4. Personal data to be stored in the register

The customer register contains the following information:
• Customer information
• Information about purchased products/services

5. The rights of the data subject

The data subject has the following rights, requests for the use of which must be made to [email protected]

Right of inspection
The data subject can check the personal data we have stored.

Right of correction of data
The data subject may request the correction of incorrect or incomplete information concerning him or her.

Right of objection
The data subject may object to the processing of personal data if he/she feels that the processing of. personal data has been unlawful.

Prohibition of direct marketing
The data subject has the right to prohibit the use of the data for direct marketing.

Right of removal
The data subject has the right to request the removal of the data if the processing of the data is not necessary. We process the request for removal, after which we either remove the information or provide a valid reason why the information cannot be removed.

Please note that the controller may have statutory or other rights not to remove the requested information. The controller is obliged to keep the accounting records for a period (10 years) specified in the Accounting Act (Chapter 2, Section 10). Therefore, accounting material cannot be removed before the deadline has expired.

Withdrawal of consent
If the processing of personal data relating to the data subject is based solely on consent and not, for example, on a customer relationship or membership, the data subject may withdraw the consent.

The data subject may appeal against the decision to the Data Protection Officer
The data subject has the right to request that we restrict the processing of the disputed data until such time as the matter can be resolved.

Right of appeal
The data subject has the right to complain to the Data Protection Officer if he/she feels that we are violating personal data when processing personal data.

Contact details of the Data Protection Officer:

6. Regular sources of information

Customer information is obtained regularly
• from the customer himself/herself when establishing a customer relationship
• from the customer himself/herself through an online form

7. Sharing and disclosing the information collected by us

We will not sell your personal information and will only disclose your information as described in this privacy statement. Disclosure of data is subject to applicable data protection laws. Your personal data will not be transferred outside the European Union or the European Economic Area.

We may disclose your personal data within the Petäys Resort to those responsible for customer relations, sales, and marketing. We may transfer your personal data to service providers that provide us with services such as data processing and other information technology services, campaigning, competition and lottery services, and opinion and market research services. We do not allow such service providers to use or disclose your personal data for any purpose other than to provide services on our behalf.

If we decide to sell or transfer our business, in whole or in part, for strategic or other business reasons, we may pass on the information we collect and store, including customer information containing your personal data, to anyone involved in the sale or transfer of the business. We process information with our partners and service providers, who are committed to complying with the General Data Protection Regulation.

8. Duration of processing

We will retain the personal data collected by us only for as long as it is considered necessary for the purposes described in this privacy policy unless retention of data for a longer period is no longer required or permitted by law.

9. Data security

We keep your information in an electronic register and have taken appropriate measures to protect your personal data. Access to the registry, modifying, and processing the data requires user authentication and a secure connection. Access to the registry is restricted to designated individuals who are responsible for maintaining and managing the system and customer accounts. Registry information is protected from outside use and the use of the registry is monitored.

10. Changes to Privacy Policy

We may update this privacy policy and our privacy practices from time to time. If there are significant changes, we will notify you through our website or by other means, such as email. We hope that you read this leaflet regularly to ensure that you have the latest information on our privacy practices.