Privacy Policy
General
This Privacy Policy describes how HRI Loma Lapissa Oy (Business ID: 3203114-3) processes personal data. It explains what personal data the company collects, for what purposes the data is used, to whom the data may be disclosed, and how the data subject can influence the processing.
The company is committed to protecting the privacy of individuals and complies with the EU General Data Protection Regulation (2016/679) (“GDPR”) as well as other applicable data protection legislation and good data processing practices.
The term “personal data” refers to any information relating to an identified or identifiable natural person (“data subject”), as defined in the GDPR.
Controller and Data Protection Contact
Controller:
HRI Loma Lapissa Oy
Business ID: 3203114-3
Contact person for matters related to data protection:
Rauno Rahkonen
info@holidayinlapland.fi
+358 (0) 447133207
Purposes of Processing Personal Data
Personal data is processed for the following purposes, among others:
- Ordering and booking the company’s products and services
- Producing, maintaining, developing, and ensuring the quality of services
- Ensuring service security and preventing and investigating misuse
- Fulfilling legal obligations
- Business planning and product development
- Personalized customer service, targeted customer communication, and monitoring service usage
- Marketing and targeted advertising to customers and potential customers
- Risk management and the prevention of misuse
Legal Grounds for Processing Personal Data
The primary legal basis for processing personal data is the contractual relationship between the data subject and the company. Processing is also based on legal obligations, such as accounting requirements, customer identification requirements, and statutory reporting obligations.
Processing related to customer relationship management and direct marketing is based on the company’s legitimate interest.
In addition, electronic direct marketing, subscription to the company’s newsletter, and the storage of personal data collected via the company’s website for marketing purposes are based on the data subject’s consent.
Categories of Personal Data Processed, Data Content, and Sources of Information
The company collects only personal data that is relevant and necessary for the purposes described in this Privacy Policy.
The following types of data may be processed:
Data Category | Examples of Data Content |
---|---|
Contact Information | Name, address (if necessary), phone number, and email address. |
Customer Relationship Data | Billing and payment information (if applicable) and other details identifying the customer relationship. |
Customer Transactions, Contract & Product Data | Information on agreements between the company and the data subject, product and order details, customer feedback, and all communications or complaints between the data subject and the company. |
Consents and Restrictions Provided by the Data Subject | Records of consent for electronic direct marketing and personal data processing, as well as information on withdrawals of consent and marketing restrictions. May also include consent for use of photographs in marketing. |
Behavioral and Technical Identification Data | Data about the user’s online behavior and use of the company’s services via cookies or similar technical identifiers. This may include IP address, pages visited, browser type, referral URL, session duration, and time of visit. For more information, see the company’s Cookie Policy. |
Personal data required for fulfilling the contractual or legal obligations between the company and the data subject will be clearly indicated in each specific context.
Data may be disclosed within HRI Loma Lapissa Oy for the purposes outlined in this Privacy Policy. Only information necessary to deliver a service will be disclosed to relevant service providers. Otherwise, data is shared only to the extent permitted or required by law—for example, disclosures to public authorities.
Primarily, personal data is collected directly from the data subject or from the company represented by the data subject, such as during quotation requests, contract formation, customer communications, marketing interactions, or through forms on the website. Data may also be provided by the data subject when entering a competition, using the website, or subscribing to the newsletter.
For marketing purposes, the company uses third-party service providers, who may process contact details on behalf of the company. These details are not permanently stored in the company’s internal registers.
Data may also be collected from organizations that the data subject represents. Additionally, where permitted by law, the company may collect and update information from third-party sources such as the Population Information System, Trade Register, or credit rating agencies.
Retention of Personal Data
The company retains personal data for as long as necessary to fulfill the purposes defined in this Privacy Policy, unless a longer retention period is required by law (for example, obligations related to specific legislation, accounting, or statutory reporting), or unless the company needs the data to establish, exercise, or defend a legal claim or resolve a similar dispute.
The retention period and criteria vary depending on the category of personal data and its intended use.
Personal data is processed for the duration of the customer or contractual relationship, and for a reasonable period after its termination, as needed.
Information related to potential customers is typically retained for 24 months.
For representatives of organizations, personal data is retained as long as the individual acts as a representative of the organization in relation to the company. The data will be deleted within a reasonable period after this role has ended.
When personal data is no longer needed for the purposes defined above, it will be deleted within a reasonable time, unless applicable legislation requires the company to retain it for a longer period.
Recipients of Personal Data
In accordance with this Privacy Policy, the Company may outsource the processing of personal data to service providers or subcontractors. The Company ensures, through adequate contractual obligations, that personal data is processed appropriately and lawfully.
Personal data may be disclosed within HRI Loma Lapissa Oy as necessary to fulfill the purposes outlined in this Privacy Policy. For the provision of services, only the data strictly necessary for service delivery will be shared with service providers. Otherwise, personal data is disclosed only within the limits permitted or required by law, such as statutory disclosures to authorities.
Personal data will not be disclosed for purposes of direct marketing, opinion polling, market research, or other similar analyses.
In special cases, personal data may be disclosed to public authorities when required or permitted by law.
In emergency or other unforeseen situations, the Company may disclose personal data to protect human life, health, or property. Furthermore, personal data may need to be disclosed if the Company is involved in legal proceedings or dispute resolution processes.
If the Company is involved in a merger, acquisition, or other corporate restructuring, it may need to transfer personal data to third parties. The privacy of the data subjects will be protected during such processes, and data subjects will be informed of the arrangements when necessary.
As a rule, data is transferred to third parties through electronic communication channels, but disclosures may also occur by other means such as by phone or post, if appropriate.
Transfer of Personal Data Outside the EU/EEA
Personal data is not transferred outside the European Union or the European Economic Area
Principles of Data Protection and Processing Security
The Company processes personal data in a manner that ensures the appropriate security of the data, including protection against unauthorized access, accidental loss, destruction, or damage.
To ensure this, the Company uses appropriate technical and organizational safeguards, such as firewalls, encryption technologies, secure data centers, proper access control systems, and access management. The personnel and subcontractors involved in the processing of personal data are provided with instructions and bound by contracts that include confidentiality clauses.
Contracts and original documents that must be preserved in physical format are stored in locked facilities with restricted access, limited only to authorized personnel.
All individuals involved in processing personal data are bound by confidentiality obligations under employment contracts and other agreements regarding matters related to the processing of personal data.
Data subject rights
Right of Access
The data subject has the right to obtain confirmation as to whether their personal data is being processed.
They also have the right to access their personal data and, upon request, receive a copy of the data in written or electronic format.
Right to Rectification and Erasure
The data subject has the right to request the correction of inaccurate or incorrect personal data. Additionally, the data subject may request the erasure of their personal data.
The data controller shall also, on its own initiative, correct, erase, or supplement any personal data that is found to be inaccurate, unnecessary, incomplete, or outdated for the purposes of processing.
Right to Data Portability, Restriction of Processing, and Objection
The data subject has the right to request the transfer of their personal data to another controller.
Furthermore, under conditions specified in data protection legislation, the data subject has the right to request the restriction of processing.
The data subject also has the right to object to the processing of their data for specific purposes. This includes the right to prohibit the use and processing of their data for direct marketing purposes.
Right to Withdraw Consent
If the processing of personal data is based on the data subject’s consent, they have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Exercising Rights
Requests concerning the rights of data subjects must be submitted electronically to the data protection officer named in this privacy statement. Identity verification is required before any information is provided. A response to the request will be given within a reasonable time and, where possible, within one month from the date of the request and identity verification.
If the request cannot be fulfilled, the data subject will be informed in writing of the reasons for refusal.
Right to Lodge a Complaint with a Supervisory Authority
The data subject has the right to lodge a complaint with a data protection authority if they believe that their personal data has been processed in violation of applicable data protection laws.
Changes to the Privacy Policy
The Company continuously develops its services and may therefore need to amend and update this privacy policy as necessary. Changes may also result from amendments to data protection legislation. We recommend reviewing the privacy policy regularly. Data subjects will be informed of any material changes.
This privacy policy was published on 25 Jly 2021.
Cookie Policy
General Information About Cookies
We use cookies on our website to enhance the user experience. Cookies are small text files that a web server stores on the user’s device. Once stored, the browser sends the data back to the server as part of a request, allowing the service to recognize and track web browsers.
Cookies help us understand how users interact with our website. We may use cookies to improve our services and website functionality, analyze site usage, and to optimize and target our marketing efforts. Website users can consent to or deny the use of cookies via their browser settings.
Types of Cookies
There are two main types of cookies: session cookies and persistent cookies.
Persistent cookies remain stored on your device until they are manually deleted or they expire.
Session cookies are deleted from your device when you close your browser.
Cookies in Use
Our website uses cookies for the following purposes:
- To collect user data with Google Analytics tools
- To enable content sharing via Facebook
- To display personalized recommendations for users who have previously visited the site
- To identify users upon login; anonymous users do not receive this cookie
- To store the selected language preference
We also use Google AdWords to track purchasing decisions and to retarget ads. These are third-party cookies with a lifespan ranging from 90 days to two years, depending on the cookie type.
Third-Party Cookies
Google Analytics
We use the Google Analytics system to analyze the use of our website. Google Analytics generates statistics and other information about website usage through cookies stored on users’ devices. The collected data is used to compile reports on website usage. Below is a summary of the tasks performed by Google’s cookies:
- Define the domain being tracked
- Distinguish individual users
- Remember the number and time of previous visits
- Store information about traffic sources
- Determine the start and end of sessions
- Remember values of custom variables at the visitor level
Google stores and uses this data for a duration of 30 minutes to two years, depending on the type of cookie.
Google’s privacy policy is available at: http://www.google.com/privacypolicy.html
Allowing Cookies
Most web browsers automatically allow cookies.
By using this website and accepting its policy, you consent to our use of cookies in accordance with this cookie policy.
Blocking Cookies
Instructions on how to block cookies can be found in your browser’s help section:
- Chrome (https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=fi )
- Firefox (https://support.mozilla.org/fi/kb/evasteiden-paalle-ja-poiskytkeminen )
- Internet Explorer (https://support.microsoft.com/fi-fi/help/17442/windows-internet-explorer-delete-manage-cookies )
- Safari (https://support.apple.com/fi-fi/HT201265 )
Blocking cookies may impair the usability of some websites.
More information:
Rauno Rahkonen
info@holidayinlapland.fi
+358 (0) 447133207