{{----}}

Privacy policy

REGISTER AND PRIVACY POLICY

Kanresta Oy’s Helsinger reservation register applies the EU’s General Data Protection Regulation (GDPR) to all processing of personal data. Policy updated on 7.6.2021.

 

  1. DATA CONTROLLER

Name: Kanresta Oy (Y-tunnus: 0986855-1)

Address: Arkadiankatu 21 B, 00100 Helsinki

Contact information: 09 4366 5300, www.kanresta.fi, kotisivut@kanresta.fi

 

  1. DATA PROTECTION REPRESENTATIVE

Name: Niina Kilpeläinen

Address: Arkadiankatu 21 B, 00100 Helsinki

Other contact information: Phone 050 413 8158, email kotisivut@kanresta.fi

 

  1. NAME OF THE REGISTER

Helsinger tilanvarausrekisteri

 

  1. PURPOSE OF PERSONAL DATA PROCESSING

Managing the customer relationship and possible invoicing, implementing the rights and obligations of the customer and Kanresta Oy, and processing personal data according to the Personal Data Act for operations related to customer invoicing and customer relationship management or research purposes. The data can be used for Kanresta Oy’s and/or their partners’, advertisers’ etc. advertising and/or direct marketing on the basis of the register through Kanresta Oy’s services and media.

 

  1. PROCESSING OF PERSONAL DATA

The personal data is processed by salespersons, headwaiters, invoicing representatives and system managers.

 

  1. REGISTER’S DATA CONTENT

The following information is collected and stored about the customers making a reservation: name, email, phone number, company name and business ID. No sensitive information as determined by law is collected in the register. The customer is asked to accept the terms of the reservation.

 

In addition, an order and invoicing history is maintained of the customers.

 

The data will be kept for at least the duration of the customer relationship.

 

  1. REGISTER’S REGULATORY DATA SOURCES

The information to be collected is obtained when the customer makes an order at: www.thehelsinger.fi

 

  1. REGULATORY DATA DISCLOSURE

The data controller does not disclose customers’ personal data to third parties without an official order. If necessary, the information will be given to subcontractors in respect of the company providing the payment interface, who will hold a duplicate of the information, when it comes to invoicing and payment processes. If the disclosure of customers’ information outside Kanresta Oy becomes topical, customers will be asked to give their consent in advance.

 

  1. TRANSMISSION Of DATA OUTSIDE THE EU OR THE EEA

The register data will not be disclosed outside the European Union or the European Economic Area.

 

  1. REKISTERÖIDYN OIKEUDET

RIGHT OF THE DATA SUBJECT TO ACCESS THE DATA (RIGHT TO INSPECTION)

The data subject has the right to check what data about him or her have been stored in the register. The request for inspection must be sent in writing and signed to the address mentioned in section 1. The right of inspection may be denied on the grounds laid down by law. The exercise of the right of inspection is, in principle, free of charge.

 

THE DATA SUBJECT’S RIGHT TO DEMAND THE CORRECTION, DELETION OR RESTRICTION OF PROCESSING OF THE DATA

To the extent that the data subject can act on their own, they must, without undue delay, upon being informed of an error or, after finding an error, correct, delete or supplement the information that is in the register and that contradicts the purpose of the register, is incorrect, unnecessary, incomplete or outdated.

 

Insofar as the data subject cannot themselves correct the information, the request for correction must be sent, in writing and signed, to the address mentioned in section 1.

 

The data subject also has the right to require the data controller to restrict the processing of their personal data, for example, when the data subject is waiting for the data controller to reply to the request for rectification or erasure of data concerning the data subject.

 

DATA SUBJECT’S RIGHT TO TRANSFER INFORMATION FROM ONE SYSTEM TO ANOTHER

In so far as the data subject themselves has provided information to the register that is processed for the execution of the contract between the data controller and the data subject, the data subject has the right to receive such information, as a general rule, in a machine-readable form and has the right to transfer the data to another data controller.

 

THE DATA SUBJECT’S RIGHT TO MAKE A COMPLAINT TO THE SUPERVISING AUTHORITY

The data subject has the right to make a complaint to the competent supervising authority if the data controller has not complied with the applicable data protection regulation in their operations.

 

OTHER RIGHTS

If personal data are processed on the basis of the data subject’s consent, the data subject has the right to withdraw their consent by informing the data controller in writing and with signature to the address mentioned in section 1.

 

CONTACTS

In all questions related to the processing of personal data and in situations related to exercising their rights, the data subject should contact the data controller. The data subject can exercise their rights by emailing the data controller’s contact person.

 

  1. PRINCIPLES OF REGISTER PROTECTION

The data in the register are treated as strictly confidential and the register is properly protected from outsiders. The electronic register is protected from external intrusions with firewall hardware and passwords. In case of disruption, backups are regularly taken from the register data, which are also protected by firewall hardware.

 

The register is not kept in paper form. If the information in the register must be printed in a manual form in order to prepare the order, etc., the material will be destroyed after use by shredding or putting it in a security container.