Data Protection Statement

1 DEFINITIONS

“LAURI”, as specified in the Offer or Order Confirmation of all LAURI Products, Activities and Rentals, is the following company and property located in the following address: Hilla House Oy, business ID 2860272-4; address: Pohjolankatu 25, 96100 Rovaniemi, Finland.

“Consumer” is a natural or legal person, who has delivered the Order.

“Order” is any documentation in written form, from the Consumer to LAURI to order and pay for an Activity, a Rental or a Product.

“Order Confirmation” is any documentation from LAURI to the Consumer including prices and specifications of the Products, Activities or Rentals and confirming their availability.

“Activities” includes all services offered by LAURI, except Rentals.

“Rentals” includes overnight accommodation services and facilities rental offered by LAURI.

“Products” are items offered by LAURI.

2 DATA CONTROLLER
Name: Hilla House Oy (Business ID: 2860272-4)
Address: Pohjolankatu 25, 96100 Rovaniemi, FINLAND
Telephone: +358 44 70 600 60
Email address: laurihouse@outlook.com

3 DATA PROTECTION OFFICER
Name: Lukas Allemann
Address: Pohjolankatu 25, 96100 Rovaniemi, FINLAND
Telephone: +358 44 70 600 60
Email address: laurihouse@outlook.com

4 NAME OF REGISTER
Customer-, partnership and marketing register.

5 PURPOSE OF PROCESSING PERSONAL DATA
The grounds for processing personal data are based on contractual customer or partner relationship, or explicit consent of the customer. The main purpose for the register is to manage personal data required for cooperation between LAURI and its customers and partners and to ensure smoothness of customer service and purchased services and goods.

Personal data are handled for the following purposes:
· Products, Activities and Rentals purchases and their implementation and verification
· Products, Activities and Rentals purchased through web shop, their implementation and verification
· business planning and product development
· marketing communication, newsletters, targeting advertising and other advertising
· improvement of website user experience
· market research and other researches and analysis

As the data controller LAURI takes care, that data subject’s benefits and rights are carefully assessed. Personal data is collected according to the privacy policy and they are not handled, changed or moved in a different way than mentioned in this privacy policy.

6 CONTENT OF REGISTER
The register may include the following details:
· Contact details incl. name, phone number, email address, accommodation name and address in travel destination
· Nationality
· Ages of children
· Possible allergies and special diets, that substantially affect implementation of the service
· Medical information that substantially affects the implementation of the service
· Credit card details when providing Rentals services
· Information of the services and goods customer has purchased and their delivery and invoicing
· Data subject’s inquiries, comments or other reactions in network
· Material sent by the data subject (for example a photo)
· Customer feedback, permits, agreements and prohibitions
· Business ID, contact person’s position in the company and invoicing details (in the case of corporate customers)

LAURI requests adults to inform their underage children’s ages to secure a safe and smooth customer service. In addition, customers are requested to inform possible allergies, special diets and medical information in cases when they can substantially affect the ordered service’s safety and smoothness.

Technically collected information of the use of network can be IP-address and country or city of location, use and timing of network, information of used device, type of operating system and software version, browser type and language settings, interaction of customer service in different service channels and external sites from where the user has arrived and where the user transfers from LAURIs network. LAURI may collect information of the use of services with cookies.

7 REGULAR DESTINATIONS OF DISCLOSED DATA
Personal data is disclosed to suppliers and partners of LAURI only when the owner of personal data (data subject) is participating a purchased or offered service which is organized partially or wholly by supplier or partner of LAURI In isolated cases, LAURI discloses customer’s or stakeholder’s date to the addressed party, if the data subject requests LAURI to do so or if the competent authority demands LAURI to disclose separately identified information from the register of LAURI based on current legislation.

8 TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
The data are not transferred to third countries or international organizations. In isolated cases, LAURI discloses data to third parties or international organizations, if a customer or stakeholder has given a mandate for this purpose and LAURI together with Data Protection Officer and Finnish Data Protection Authority has concluded an assessment of risks and quality system of the third country’s actual security level.

9 PRINCIPLES OF SECURING REGISTER
LAURI protects personal data carefully through their whole life cycle by using proper means of privacy policy and data security. Data controller collects and processes personal data that is necessary for its operations.

Access to digital material has been restricted with personal usernames and passwords, and in addition, restricted according to each employees’ job description and its demands. Documents are stored in locked facilities, access to personal data has been restricted and personnel has a duty of secrecy. System suppliers process personal data in data secure server facilities. Data are disposed of according to data security guidelines.

10 RIGHT TO ACCESS
The data subject has the right to know what personal data is saved in the register. In addition, after an accurate enough inspection request, the data subject has the right to know the information of himself and information of possible recordings. Inspection request should be assigned in written and signed form to Data Protector Officer (paragraph 2).

11 RIGHT TO RECTIFICATION AND ERASURE
As a data controller, LAURI is entitled to fix incorrect data in the register pointed out by the data subject. Data controller has obligation to check the relevance and timeliness of the data by self-acting. The data subject may demand to remove all data concerning himself from the register. Data Protection Officer leads the processing operation.

12 OTHER RIGHTS PERTAINING TO PERSONAL DATA PROCESSING
The data subject has the right to demand to restrict the process personal data. Data subject also has the right to receive personal data of himself that he has originally sent to LAURI, in organized, commonly used and machine-readable form and has the right to transfer that data to other data controller. In addition, the data subject has the right to resist data processing, automatic decision making, and profiling.

13 ERASURE OF DATA AND TIME OF STORAGE
Personal data are stored in the register at least one year after the contractual obligations have finished unless otherwise agreed or required by law. LAURI removes customer personal data also when requested separately except in cases when the law says differently, or the competent authority has initiated a process which requires LAURI to retain data or other party has applied from Finnish court a safety protection decision for the data.

14 CHANGES TO PRIVACY POLICY
LAURI may make changes to this privacy policy. To ensure that the users are aware of how their personal data is processed, the updated privacy policy is available in our website.

Last updated 12 March 2019.

OTA YHTEYTTÄ - CONTACT US

Hilla House Oy, y-tunnus 2860272-4

|

Pohjolankatu 25, 96100 Rovaniemi, Finland

|

Tel: +358 44 70 600 60