Privacy Policy

Information document on the processing of personal data in the customer file of Motelli Kontio Oy in accordance with the EU General Data Protection Regulation (GDPR)

Controller
Motelli Kontio Oy (business ID: 3239923-9), Huoltamontie 8, 80770 Kontiolahti

Contact person in matters relating to the file
The contact information in matters relating to the file and the rights of the data subject:
Tanja Pesonen
email: majoitus@motellikontio.fi

Name of the file
Motelli Kontio Oy – customer file

Legal basis for processing of personal data
The processing of personal data is based on a legitimate interest, i.e. the processing of personal data in the customer file is based on the customer relationship between consumer customers or corporate customers and Motelli Kontio Oy. The controller also processes customer information based on a contract between the controller and the data subject. This is the basis for processing personal data collected from a customer when booking a room, or for service and room invoicing.

Purposes for processing personal data
Customer information contained in the customer file is used for the following purposes:

processing reservations made by the customer
managing and developing the customer relationship
customer communication
sales and provision of services
marketing of services
processing of personal data relating to payments, invoicing and the monitoring and recovery of payments
development of the controller’s business operations and development of customer services.

Possible information on a customer’s special dietary needs is only used for preparing and serving food.

Processed personal data

The following personal data is processed by the controller:

the customer’s first and last name, birth date, telephone number, address, e-mail address
citizenship
reservation details
information on service use and purchases
information on the customer’s payment methods, invoicing and any payment delays
information on the customer’s choices and preferences
any customer feedback and complaints

With regard to corporate customers, the controller processes the following personal data:

name, address, e-mail address and telephone number of the corporate customer’s contact person
any customer feedback and complaints
information on direct advertising prohibition made by the company’s contact person in accordance with the law

Sources of personal data

The controller obtains personal data from:

the data subjects directly via e-mail or phone or at promotional events, for example
information obtained from the use of services and during visits
external hotel reservation service providers
the data subject’s employer in connection with service booking
public registers

Recipients or groups of recipients of personal data
The data in the customer file is only processed by employees whose work essentially involves the processing of data. Separate IDs and passwords are required to access the file. No data will be disclosed to third parties. However, data may be disclosed to the authorities based on of their legal requests for information.

Transfer of data outside the EU

For the provision of services, we use subcontractors who may be established outside the EU or the European Economic Area. When transferring data outside the EU or the EEA, we ensure an adequate level of personal data protection by means such as agreeing on the confidentiality and processing of personal data as required by law.

Retention periods for personal data
The customer’s personal data contained in the customer file is processed during the customer relationship. The controller considers the customer relationship to have ended if the customer has not used the company’s services for two (2) years.

However, personal data may be stored and processed after the end of the customer relationship if necessary for a legitimate reason or for handling complaints. The retention period for the personal data in the customer file is governed by law, such as the Accounting Act. Information required by the Accounting Act is retained for as long as required by the Act.

The contact person data for corporate customers is deleted in a similar way after the company’s account is considered to have terminated. However, the data may continue to be retained if there is some other justification for it.

When personal data is processed on the basis of a contract between the controller and data subject, the data is retained for as long as it is needed to execute the contract. Once the contract has been performed, the data is retained for as long as the account relationship exists or there is some other justification for the processing (e.g. complaints cases or the Accounting Act).

Only personal data that is necessary for the specified uses is processed during the account relationship. The controller will regularly carry out periodic inspections to remove unnecessary data.

Rights of the data subject
The data subject has the right to request access to his/her personal data and the right to require rectification of the data if it is inaccurate. At the request of the data subject, the processing of personal data may be restricted or the data may be removed from the file entirely. The data subject has the right to object to the use of personal data for direct marketing purposes, for example.

Right of appeal to a supervisory authority
The data subject has the right to lodge a complaint with the competent supervisory authority if the data subject considers that the controller has not complied with the data protection rules applicable to its activities.

Requests to exercise the rights of the data subject

In matters relating to the processing of personal data and the exercise of their rights, data subjects may contact the contact person of the controller referred to in beginning of this file.

The request to exercise the right of inspection or some other right of the data subject must be made to the controller in writing by e-mail or post. The request may also be made in person at the controller’s place of business. The controller may ask the data subject to provide sufficient details on which personal data or processing actions the data subject’s request concerns.

In order to ensure that personal data is not disclosed to others than the data subject for exercising the rights of the data subject, the controller may, if necessary, request the data subject to submit the inspection request in signed form. The controller may also ask the requestor to prove their identity with an official identity card or in some other reliable manner

last change 17.3.2022

Cookie	Duration	Description
Cookie Law Info Consent		Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
cookielawinfo-checkbox-analytics		Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies
cookielawinfo-checkbox-functional		The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary		Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-other		Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies
viewed_cookie_policy		This cookie is used to check whether the visitor has set the cookie policy on the site. The cookie is used by the "GDPR Cookie Consent" add-on and does not store personal information.

Cookie	Duration	Description
_gat	1 minute	Third-party cookies related to the reservation system. Google Universal Analytics sets this cookie to restrain request rate and thus limit data collection on high-traffic sites.
pll _language		The pll _language cookie is used by Polylang to remember the language selected by the user when returning to the website, and also to get the language information when not available in another way.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Third-party cookies related to the reservation system. Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_gcl_au		Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Third-party cookies related to the reservation system. Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.