This data privacy statement concerns the processing of personal data by Levin Iglut/Luisu Oy in order to provide services to their customers and for the acquisition and maintenance of customer relationships. Levin Iglut/Luisu Oy is committed to protecting the privacy of their customers and comply with the valid legislation and data protection practices in processing personal data. This data privacy statement is applied to personal data about the customers of Levin Iglut, subscribers of the newsletters and persons visiting the Levin Iglut website and webshop. The controller of personal data covered by this data privacy statement is Levin Iglut. The controller’s contact information is presented in section 7 of this data privacy statement.

1. Use and processing of personal data

We collect and process our customers’ personal data only when necessary from the point of view of Levin Iglut’s business operations and we have your consent to it. The personal data we process is primarily collected directly from the customer by telephone, e-mail or electronic/printed forms for managing the customer relationship.

The data in the personal data file is used for the following purposes: development, provision and offering of our services, managing customer relationships and customer service, advertising and marketing services and products, communications and ensuring safety.

Accommodation, meeting and restaurant services

We process the following data based on an agreement between the customer and controller and its execution:

Contact information: first and last name, address, postcode, city/town, country, e-mail address, telephone number

Payment data: credit card number, name on the credit card, card expiry month and year

Traveller notifications

The processing of traveller notifications is based on the controller’s statutory obligation.

Data processed in a traveller notification: customer’s name, personal identity code or date of birth, nationality, names of spouse and underage children travelling with them, Finnish personal identity codes, address, country from which arriving in Finland, travel document number and dates of arrival and departure. In addition, the purpose of accommodating may be recorded.

Marketing and advertising

We process data disclosed by the customer, e.g. e-mail address, for direct marketing, such as sending the newsletter to the customer.

2. Data disclosure and transfer

We are committed to processing personal data confidentially. Data about the subject may be disclosed to the personnel and partners of Levin Iglut for fulfilling the described purpose of use, such as marketing. Even then, the personal data will only be processed to the extent required for the agreed services. In other respects, data will only be disclosed where permitted and required by law.

Data will not be transferred outside the EU or EEA, unless required for providing the service. If data is disclosed, its level of protection will be ensured in accordance with the valid legislation.

3. Data security

The data in the file is stored on a Levin Iglut server secured with the operating system protection software. Access to the system requires entering a user ID and password. The system is also protected using firewalls and other technological measures. Only certain pre-defined employees of the controller have access to the data contained in the file stored in the system and are authorised to use it. The files are located on locked premises.

The webshop databases are stored on servers located within the EU secured with protection measures commonly used in the industry.  Hotellinx has secured the hardware and server using methods commonly accepted in the industry with firewalls, anti-virus protection and other data security practices commonly used in the industry. The server on which the customer’s database is located is also secured with access control in addition to the above measures. Browser-based software, such as NetReservations and Housekeeping, are on a server secured with SSL technology.

4. Exercising the subject’s rights and access to data

Subjects have the right to access the data about them stored in our file. An access request shall be made in writing and submitted to the controller whose contact information is presented in section 7. The data subject should prepare to prove their identity as instructed by the controller.

Data subjects have the right to request their data to be corrected in case of changes in the data or errors. In this case, the request for correction shall be made in writing to the controller mentioned in section 10. The data subject should prepare to prove their identity as instructed by the controller.

Data subjects also have the right to withdraw their consent to e.g. electronic direct marketing. In addition, in certain situations they have the right to be forgotten, in which case we erase all data collected about the subject. However, we may have statutory obligations to store your personal data. For example, the Finnish Act on Accommodation and Food Service Operations (308/2006) may require us to store the data in a traveller notification for a specific period.

5. Storage of data

Personal data is stored for the period required by the purpose of the data, as long as the law requires us to store it or until we request a data erasure request. The data storage period commences once the data has been received. We store traveller notifications for 1 year and personal data relating to requests for bids for a maximum of 2 years.

6. Cookies

We use cookies on our website. A cookie is a small text file stored by the web browser on the user’s device. Our site uses cookies for tracking the visitors to the sites, compilation of statistics and development of the site. Users’ personal data is not linked to visitor data. Cookies can be disabled from the browser settings.

Google Analytics and Google Tag Manager are used for tracking visitors and compiling statistics. Both are web analysis services maintained by Google Inc (hereinafter referred to as “Google”). The services store cookies on the user’s device so that it can analyse the use of a website. The data added to the cookie is transmitted to the service provider and stored on the service provider’s server. Google’s servers can be located outside the EU or EEA. Google uses the data to assess the use of the website, compiles use reports to the owner of the site and can facilitate the targeting of online advertising to site users. The service provider may disclose the data to third parties if required by the law.

Additional information about Google’s use of cookies is available here.

You can read Google’s detailed data privacy policy here.

Contact information of the controller and party responsible for the file

Controller:

Levin Iglut – Golden Crown/Luisu Oy

Harjatie 2, FI-99130 Sirkka, Finland

Tel. +358 45 162 5606

E-mail: [email protected]

Postal address:

Kylänpääntie 6, FI-04310 Tuusula, Finland

Contact person responsible for the file:

Kristiina Kylmälahti

E-mail: [email protected]

Tel. +358 50 313 5637