Privacy Policy - Hotelli Linnasmäki

PRIVACY POLICY 7.10.2019

Data Controller

Turku Christian Institute, 0915313-4
Turku Christian Institute Foundation sr
Lustokatu 7
20380 Turku
Tel. +358 2 4123 500
info@linnasmaki.fi

Entity Managing the Register

Turku Christian Institute
Turku Christian Institute Foundation sr
Lustokatu 7
20380 Turku
Tel. +358 2 4123 500
info@linnasmaki.fi

Name of the Register

Turku Christian Institute’s customer register. Purpose and legal basis for processing personal data. The purpose of processing personal data is to manage and maintain the customer relationship between the company and the business customer, as well as for marketing. The information in the register is used for the company’s own direct marketing unless the customer has prohibited direct marketing. Purchase and transaction data, as well as location data processed in the register, can also be used for profiling and targeting marketing activities and customer communications to interest the registered individual. The information is also processed in connection with sending newsletters and participation in events and other marketing activities. The data is processed to ensure the legitimate interest of the data controller. If the registered person does not provide the requested information in the contact form, the data controller cannot accept the registered person’s contact form or commit to the agreement between the data controller and the registered person concerning it.

Retention Period of Personal Data

Personal data is retained as long as required by the actions related to the contact form filled by the registered person. The retention period depends on the collected information; for example, billing information must be retained for six years according to the Accounting Act. We retain the contact form information only with the consent of the registered person.

Description of the Group of Registered Individuals and Data Content

The register contains personal data of the company’s business customers. The form data entered by the registered person may include, among other things, email address, phone number, or address.

Regular Sources of Information

Information provided by the contact person and the customer information system and billing database.

Regular Disclosure of Information

Personal data is generally not disclosed outside the organization. Personal data required for accounting is disclosed to the accounting firm used by Turku Christian Institute. However, personal data may be disclosed based on the agreement between the customer and Turku Christian Institute, the customer relationship between the customer and Turku Christian Institute, or applicable legislation, e.g., to authorities. Data is not transferred outside the EU or EEA.

Principles of Register Protection

The information is stored in a technically protected manner. Physical access to the data is prevented through access control and other security measures. Access to the information requires sufficient rights and multi-factor authentication. Unauthorized access is also prevented by firewalls and technical protection. Only the data controller and specifically named technical personnel have access to the register data. Only designated individuals have the right to process and maintain the register data. Users are bound by confidentiality. The register data is securely backed up and can be restored if necessary.

Rights of the Registered Individual

The registered individual has the right to inspect the data concerning themselves stored in the register and to obtain copies of it. The inspection request must be made in writing and addressed to the entity responsible for register matters (see section Entity Managing the Register).
The entity managing the register will correct, delete, or supplement personal data in the register that is incorrect, unnecessary, incomplete, or outdated for the purpose of processing, either on its own initiative or at the request of the registered individual. The registered individual must contact the entity responsible for the register matters in writing to correct the information (see section Entity Managing the Register).
To the extent that the processing of personal data is based on the consent of the registered individual, the registered individual has the right to withdraw consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
The registered individual has the right to lodge a complaint with the supervisory authority regarding the processing of personal data.