1. Use and processing of personal data
We only collect and process a customer’s personal data when it is necessary for Haawe’s business operations and for the delivery of the customer’s desired service, and we have the customer’s consent. The personal data we process is primarily collected directly from the customer by telephone, email or electronic/printed forms.
The data in the personal data register is used for the following purposes:
- developing, delivering and offering our services
- managing customer relationships and customer service
- advertising and marketing services and products
- ensuring safety
Based on an agreement between the customer and the controller, and its execution, we process the following data:
Contact information: first and last name, address, postcode, city, country, email address, phone number
Payment data: credit card number, name on the credit card, card expiry month and year
The processing of traveller notifications is based on the statutory obligation of the controller.
Data processed in a traveller notification: the customer’s name and Finnish personal identity code or date of birth and nationality, the names and Finnish personal identity codes of the spouse and underage children accompanying the customer, the customer’s address, the country from which the customer has arrived to Finland, the number of the customer’s travel document and the dates of arrival and departure. In addition, the customer may specify the reason for the accommodation.
Marketing and advertising
We process data disclosed by the customer, e.g. email address, for direct marketing purposes, such as sending newsletters and possible feedback queries to the customer.
2. Disclosure and transfer of data
We are committed to processing personal data confidentially. Personal data about a data subject may be disclosed to Haawe Oy’s staff and partners for the delivery of the agreed service. Even in this case, personal data will only be processed to the extent required for the agreed service. Otherwise, data will only be disclosed as permitted and required by law.
Data will not be disclosed outside the EU or EEA unless required for providing the service. If data is disclosed, its level of protection will be ensured in accordance with the valid legislation.
3. Data security
The data collected in connection with the room reservation is stored on the server of the service provider responsible for our booking system (Sirvoy Limited). The service provider is committed to complying with the GDPR and also requires the same commitment from its subcontractors. The service provider carries out all normal technical measures to prevent the misuse of data and the access to the data by unauthorised third parties.
4. Exercising the data subject’s rights and access to data
The data subject has the right to access the data pertaining to him/her stored in the register. The access request shall be submitted in writing to the controller whose contact information can be found in section 7. The data subject should be prepared to prove his/her identity in accordance with the instructions given by the controller.
The data subject has the right to request his/her data to be corrected if the data has changed or he/she discovers errors in the data. In this case, the request for correction shall be submitted in writing to the controller mentioned in section 7. The data subject should be prepared to prove his/her identity in accordance with the instructions given by the controller.
The data subject also has the right to withdraw his/her consent to, e.g. electronic direct marketing. In addition, in certain situations he/she has the right to be forgotten, in which case we will erase all data collected about him/her. However, we may have statutory obligations to store personal data. For example, the Finnish Act on Accommodation and Food Service Operations may require us to store the traveller notification data for a specific period of time.
5. Storage of data
Personal data is stored for the period required for the purpose of the data, as long as we are required to do so by law or until we receive a request to erase the data. The data storage period begins once the data has been received. We store traveller notifications for 1 year and personal data relating to requests for bids for a maximum of 2 years.
Google Analytics and Google Tag Manager are used for tracking visitors and generating statistics. Both are web analytics services maintained by Google Inc. (later Google). The services store cookies on the user’s device in order to analyse how the website is used. The data collected on the cookie is sent to the service provider and stored on the service provider’s servers. Google’s servers may be located outside the EU or EEA. The data allows Google to assess the use of the website and compile website usage reports for the owner of the website. The data also enables the targeting of online advertising to site users. The service provider may disclose the information to third parties if required to do so by law.
We also use the Facebook pixel on our website. The Facebook pixel is a small piece of code embedded into a website. The pixel enables showing targeted Facebook ads to the website visitors.
7. Contact information of the controller and the person responsible for the register
Valtakatu 22, 96200 Rovaniemi, Suomi Finland