Privacy Policy

General

This Privacy Policy describes how HRI Loma Lapissa Oy (Business ID: 3203114-3) processes personal data. It explains what personal data the company collects, for what purposes the data is used, to whom the data may be disclosed, and how the data subject can influence the processing.

The company is committed to protecting the privacy of individuals and complies with the EU General Data Protection Regulation (2016/679) (“GDPR”) as well as other applicable data protection legislation and good data processing practices.

The term “personal data” refers to any information relating to an identified or identifiable natural person (“data subject”), as defined in the GDPR.

Controller and Data Protection Contact

Controller:
HRI Loma Lapissa Oy
Business ID: 3203114-3

Contact person for matters related to data protection:
Rauno Rahkonen
info@holidayinlapland.fi
+358 (0) 447133207

Purposes of Processing Personal Data

Personal data is processed for the following purposes, among others:

Ordering and booking the company’s products and services
Producing, maintaining, developing, and ensuring the quality of services
Ensuring service security and preventing and investigating misuse
Fulfilling legal obligations
Business planning and product development
Personalized customer service, targeted customer communication, and monitoring service usage
Marketing and targeted advertising to customers and potential customers
Risk management and the prevention of misuse

Legal Grounds for Processing Personal Data

The primary legal basis for processing personal data is the contractual relationship between the data subject and the company. Processing is also based on legal obligations, such as accounting requirements, customer identification requirements, and statutory reporting obligations.

Processing related to customer relationship management and direct marketing is based on the company’s legitimate interest.

In addition, electronic direct marketing, subscription to the company’s newsletter, and the storage of personal data collected via the company’s website for marketing purposes are based on the data subject’s consent.

Categories of Personal Data Processed, Data Content, and Sources of Information

The company collects only personal data that is relevant and necessary for the purposes described in this Privacy Policy.

The following types of data may be processed:

Data Category	Examples of Data Content
Contact Information	Name, address (if necessary), phone number, and email address.
Customer Relationship Data	Billing and payment information (if applicable) and other details identifying the customer relationship.
Customer Transactions, Contract & Product Data	Information on agreements between the company and the data subject, product and order details, customer feedback, and all communications or complaints between the data subject and the company.
Consents and Restrictions Provided by the Data Subject	Records of consent for electronic direct marketing and personal data processing, as well as information on withdrawals of consent and marketing restrictions. May also include consent for use of photographs in marketing.
Behavioral and Technical Identification Data	Data about the user’s online behavior and use of the company’s services via cookies or similar technical identifiers. This may include IP address, pages visited, browser type, referral URL, session duration, and time of visit. For more information, see the company’s Cookie Policy.

Personal data required for fulfilling the contractual or legal obligations between the company and the data subject will be clearly indicated in each specific context.

Data may be disclosed within HRI Loma Lapissa Oy for the purposes outlined in this Privacy Policy. Only information necessary to deliver a service will be disclosed to relevant service providers. Otherwise, data is shared only to the extent permitted or required by law—for example, disclosures to public authorities.

Primarily, personal data is collected directly from the data subject or from the company represented by the data subject, such as during quotation requests, contract formation, customer communications, marketing interactions, or through forms on the website. Data may also be provided by the data subject when entering a competition, using the website, or subscribing to the newsletter.

For marketing purposes, the company uses third-party service providers, who may process contact details on behalf of the company. These details are not permanently stored in the company’s internal registers.

Data may also be collected from organizations that the data subject represents. Additionally, where permitted by law, the company may collect and update information from third-party sources such as the Population Information System, Trade Register, or credit rating agencies.

Retention of Personal Data

The company retains personal data for as long as necessary to fulfill the purposes defined in this Privacy Policy, unless a longer retention period is required by law (for example, obligations related to specific legislation, accounting, or statutory reporting), or unless the company needs the data to establish, exercise, or defend a legal claim or resolve a similar dispute.

The retention period and criteria vary depending on the category of personal data and its intended use.

Personal data is processed for the duration of the customer or contractual relationship, and for a reasonable period after its termination, as needed.

Information related to potential customers is typically retained for 24 months.

For representatives of organizations, personal data is retained as long as the individual acts as a representative of the organization in relation to the company. The data will be deleted within a reasonable period after this role has ended.

When personal data is no longer needed for the purposes defined above, it will be deleted within a reasonable time, unless applicable legislation requires the company to retain it for a longer period.

Recipients of Personal Data

In accordance with this Privacy Policy, the Company may outsource the processing of personal data to service providers or subcontractors. The Company ensures, through adequate contractual obligations, that personal data is processed appropriately and lawfully.

Personal data may be disclosed within HRI Loma Lapissa Oy as necessary to fulfill the purposes outlined in this Privacy Policy. For the provision of services, only the data strictly necessary for service delivery will be shared with service providers. Otherwise, personal data is disclosed only within the limits permitted or required by law, such as statutory disclosures to authorities.

Personal data will not be disclosed for purposes of direct marketing, opinion polling, market research, or other similar analyses.

In special cases, personal data may be disclosed to public authorities when required or permitted by law.

In emergency or other unforeseen situations, the Company may disclose personal data to protect human life, health, or property. Furthermore, personal data may need to be disclosed if the Company is involved in legal proceedings or dispute resolution processes.

If the Company is involved in a merger, acquisition, or other corporate restructuring, it may need to transfer personal data to third parties. The privacy of the data subjects will be protected during such processes, and data subjects will be informed of the arrangements when necessary.

As a rule, data is transferred to third parties through electronic communication channels, but disclosures may also occur by other means such as by phone or post, if appropriate.

Transfer of Personal Data Outside the EU/EEA

Personal data is not transferred outside the European Union or the European Economic Area

Principles of Data Protection and Processing Security

The Company processes personal data in a manner that ensures the appropriate security of the data, including protection against unauthorized access, accidental loss, destruction, or damage.

To ensure this, the Company uses appropriate technical and organizational safeguards, such as firewalls, encryption technologies, secure data centers, proper access control systems, and access management. The personnel and subcontractors involved in the processing of personal data are provided with instructions and bound by contracts that include confidentiality clauses.

Contracts and original documents that must be preserved in physical format are stored in locked facilities with restricted access, limited only to authorized personnel.

All individuals involved in processing personal data are bound by confidentiality obligations under employment contracts and other agreements regarding matters related to the processing of personal data.

Data subject rights

Right of Access

The data subject has the right to obtain confirmation as to whether their personal data is being processed.

They also have the right to access their personal data and, upon request, receive a copy of the data in written or electronic format.

Right to Rectification and Erasure

The data subject has the right to request the correction of inaccurate or incorrect personal data. Additionally, the data subject may request the erasure of their personal data.

The data controller shall also, on its own initiative, correct, erase, or supplement any personal data that is found to be inaccurate, unnecessary, incomplete, or outdated for the purposes of processing.

Right to Data Portability, Restriction of Processing, and Objection

The data subject has the right to request the transfer of their personal data to another controller.

Furthermore, under conditions specified in data protection legislation, the data subject has the right to request the restriction of processing.

The data subject also has the right to object to the processing of their data for specific purposes. This includes the right to prohibit the use and processing of their data for direct marketing purposes.

Right to Withdraw Consent

If the processing of personal data is based on the data subject’s consent, they have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Exercising Rights

Requests concerning the rights of data subjects must be submitted electronically to the data protection officer named in this privacy statement. Identity verification is required before any information is provided. A response to the request will be given within a reasonable time and, where possible, within one month from the date of the request and identity verification.

If the request cannot be fulfilled, the data subject will be informed in writing of the reasons for refusal.

Right to Lodge a Complaint with a Supervisory Authority

The data subject has the right to lodge a complaint with a data protection authority if they believe that their personal data has been processed in violation of applicable data protection laws.

Changes to the Privacy Policy

The Company continuously develops its services and may therefore need to amend and update this privacy policy as necessary. Changes may also result from amendments to data protection legislation. We recommend reviewing the privacy policy regularly. Data subjects will be informed of any material changes.

This privacy policy was published on 25 Jly 2021.

Cookie Policy

General Information About Cookies

We use cookies on our website to enhance the user experience. Cookies are small text files that a web server stores on the user’s device. Once stored, the browser sends the data back to the server as part of a request, allowing the service to recognize and track web browsers.

Cookies help us understand how users interact with our website. We may use cookies to improve our services and website functionality, analyze site usage, and to optimize and target our marketing efforts. Website users can consent to or deny the use of cookies via their browser settings.

Types of Cookies

There are two main types of cookies: session cookies and persistent cookies.

Persistent cookies remain stored on your device until they are manually deleted or they expire.

Session cookies are deleted from your device when you close your browser.

Cookies in Use

Our website uses cookies for the following purposes:

To collect user data with Google Analytics tools
To enable content sharing via Facebook
To display personalized recommendations for users who have previously visited the site
To identify users upon login; anonymous users do not receive this cookie
To store the selected language preference

We also use Google AdWords to track purchasing decisions and to retarget ads. These are third-party cookies with a lifespan ranging from 90 days to two years, depending on the cookie type.

Third-Party Cookies

Google Analytics

We use the Google Analytics system to analyze the use of our website. Google Analytics generates statistics and other information about website usage through cookies stored on users’ devices. The collected data is used to compile reports on website usage. Below is a summary of the tasks performed by Google’s cookies:

Define the domain being tracked
Distinguish individual users
Remember the number and time of previous visits
Store information about traffic sources
Determine the start and end of sessions
Remember values of custom variables at the visitor level

Google stores and uses this data for a duration of 30 minutes to two years, depending on the type of cookie.

Google’s privacy policy is available at: http://www.google.com/privacypolicy.html

Allowing Cookies

Most web browsers automatically allow cookies.

By using this website and accepting its policy, you consent to our use of cookies in accordance with this cookie policy.

Blocking Cookies

Instructions on how to block cookies can be found in your browser’s help section:

Chrome (https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=fi )
Firefox (https://support.mozilla.org/fi/kb/evasteiden-paalle-ja-poiskytkeminen )
Internet Explorer (https://support.microsoft.com/fi-fi/help/17442/windows-internet-explorer-delete-manage-cookies )
Safari (https://support.apple.com/fi-fi/HT201265 )

Blocking cookies may impair the usability of some websites.

More information:

Rauno Rahkonen
info@holidayinlapland.fi
+358 (0) 447133207