REGISTER AND DATA PROTECTION POLICY

This is a register and data protection policy, in accordance with the Company Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Created 18/5/2018. Last modified 14/6/2019.

1. Register controller

SSA Hotels Oy
Business ID: 2638922-9
Äyritie 8A, 01510 Vantaa, Finland
Gate8 Business Park, Alto

Name of the register: SSA Hotels Oy Stakeholder Register.

2. General information

In order to serve you best, we are required to collect and process some data about you. However, we greatly value your privacy and are committed to protecting it. This data protection policy contains information about the personal data we collect, how we process it, and what rights and control you have over your own data. SSA Hotels Oy will process personal data about you in accordance with this data protection policy and the applicable law. We may also make updates to this data protection policy as our business or legislation changes, thus we request that you periodically review the contents of this data protection policy. By accessing our services, our websites or by contacting us, you accept that we will process the personal data about you in accordance with this data protection policy. In so far as you do not accept these terms and conditions, we may not be able to serve you.

3. Legal basis and purpose of the processing of personal data

The processing of personal data is based on SSA Hotels Oy’s legitimate interest, an agreement or other material connection. The purpose of the use of personal data is to manage, maintain, develop, analyze and compile the relationship between SSA Hotels Oy and its customers and partners. In addition, the data can be used for marketing and profiling, as well as to plan and develop the business and services of SSA Hotels Oy. The data is not used for automated decision making or profiling.

4. Data sources and content of the register

The data in the register is regularly collected from the customers themselves in connection with making an agreement, as well as during the agreement periods. Data can also be collected from customers’ websites and brochures. In addition, data stored in the register may be obtained, for example, from messages sent via web forms, emails, telephone calls, social media services, agreements, customer meetings and other situations during which a customer discloses information. In addition, personal data may be collected and updated from the population, credit and other similar public and private registers. We also collect visitor data from our website to help us analyze and improve our site and target relevant marketing towards our visitors.

The data stored in the register may be, among other things, the individual’s name, position, company / organization
contact information (phone number, email address, address)
contact details of a company

With a company, the collection and processing of data is limited to what is necessary. Unnecessary and outdated data will be deleted. Personal data is handled by our company staff through the course of their work. We will not store your personal data for longer than is deemed necessary for the purpose for which it is used or as required by an agreement or by law. However, the retention periods of personal data may vary depending on the purpose and the situation. In principle, data is retained for as long as the data is needed to maintain the relevant relationship.

5. Regular disclosures and transfers of data to outside the EU or EEA

There are no regular disclosures of data to other parties. The data may be published to the extent agreed upon with the customer. In addition, data may occasionally be disclosed in accordance with Finnish law. In principle, data is not transferred outside the EU, but, if necessary, the register controller may also transfer it outside the EU or the EEA. Should this occur, we will ensure that the processing, transfer and storage of your data is carried out in accordance with the requirements of the law and with adequate safeguards

6. Registry protection principles

The register shall be handled with care and the data processed by the data systems shall be appropriately protected. Access to the registers is restricted to employees whose job description includes access to the register. Each authorized user has their own username and password for the service. Saved data, access rights to registers and other information critical to the protection of personal data will be treated confidentially.

7. Right of inspection and right to have the data corrected

Every person in the register has the right to verify their data stored in the register and to request the correction or complementation of any inaccurate or incomplete information. If a person wishes to check or rectify the information stored about themselves, the request must be sent in writing to the register controller. If necessary, the controller may ask the applicant to prove their identity. The register controller will respond to the customer within the time limit set by the EU Data Protection Regulation (as a rule within one month).

8. Other rights related to the processing of personal data

A person in the register has the right to request that personal data relating to themselves be removed from the register (“the right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests should be sent in writing to the register controller. If necessary, the register controller may ask the applicant to prove their identity. The register controller will respond to the customer within the time limit set by the EU General Data Protection Regulation (as a rule within one month).

9. Contact persons responsible for the register
Teemu Kinnunen and Ilari Pisto
teemu.kinnunen@ssagroup.fi ilari.pisto@ssagroup.fi
+358 40 961 2127 /Teemu +358 50 435 7814 /Ilari58 40