Kanresta Oy’s Helsinger reservation register applies the EU’s General Data Protection Regulation (GDPR) to all processing of personal data. Policy updated on 7.6.2021.
- DATA CONTROLLER
Name: Kanresta Oy (Y-tunnus: 0986855-1)
Address: Arkadiankatu 21 B, 00100 Helsinki
Contact information: 09 4366 5300, www.kanresta.fi, email@example.com
- DATA PROTECTION REPRESENTATIVE
Name: Niina Kilpeläinen
Address: Arkadiankatu 21 B, 00100 Helsinki
Other contact information: Phone 050 413 8158, email firstname.lastname@example.org
- NAME OF THE REGISTER
- PURPOSE OF PERSONAL DATA PROCESSING
Managing the customer relationship and possible invoicing, implementing the rights and obligations of the customer and Kanresta Oy, and processing personal data according to the Personal Data Act for operations related to customer invoicing and customer relationship management or research purposes. The data can be used for Kanresta Oy’s and/or their partners’, advertisers’ etc. advertising and/or direct marketing on the basis of the register through Kanresta Oy’s services and media.
- PROCESSING OF PERSONAL DATA
The personal data is processed by salespersons, headwaiters, invoicing representatives and system managers.
- REGISTER’S DATA CONTENT
The following information is collected and stored about the customers making a reservation: name, email, phone number, company name and business ID. No sensitive information as determined by law is collected in the register. The customer is asked to accept the terms of the reservation.
In addition, an order and invoicing history is maintained of the customers.
The data will be kept for at least the duration of the customer relationship.
- REGISTER’S REGULATORY DATA SOURCES
The information to be collected is obtained when the customer makes an order at: www.thehelsinger.fi
- REGULATORY DATA DISCLOSURE
The data controller does not disclose customers’ personal data to third parties without an official order. If necessary, the information will be given to subcontractors in respect of the company providing the payment interface, who will hold a duplicate of the information, when it comes to invoicing and payment processes. If the disclosure of customers’ information outside Kanresta Oy becomes topical, customers will be asked to give their consent in advance.
- TRANSMISSION Of DATA OUTSIDE THE EU OR THE EEA
The register data will not be disclosed outside the European Union or the European Economic Area.
- REKISTERÖIDYN OIKEUDET
RIGHT OF THE DATA SUBJECT TO ACCESS THE DATA (RIGHT TO INSPECTION)
The data subject has the right to check what data about him or her have been stored in the register. The request for inspection must be sent in writing and signed to the address mentioned in section 1. The right of inspection may be denied on the grounds laid down by law. The exercise of the right of inspection is, in principle, free of charge.
THE DATA SUBJECT’S RIGHT TO DEMAND THE CORRECTION, DELETION OR RESTRICTION OF PROCESSING OF THE DATA
To the extent that the data subject can act on their own, they must, without undue delay, upon being informed of an error or, after finding an error, correct, delete or supplement the information that is in the register and that contradicts the purpose of the register, is incorrect, unnecessary, incomplete or outdated.
Insofar as the data subject cannot themselves correct the information, the request for correction must be sent, in writing and signed, to the address mentioned in section 1.
The data subject also has the right to require the data controller to restrict the processing of their personal data, for example, when the data subject is waiting for the data controller to reply to the request for rectification or erasure of data concerning the data subject.
DATA SUBJECT’S RIGHT TO TRANSFER INFORMATION FROM ONE SYSTEM TO ANOTHER
In so far as the data subject themselves has provided information to the register that is processed for the execution of the contract between the data controller and the data subject, the data subject has the right to receive such information, as a general rule, in a machine-readable form and has the right to transfer the data to another data controller.
THE DATA SUBJECT’S RIGHT TO MAKE A COMPLAINT TO THE SUPERVISING AUTHORITY
The data subject has the right to make a complaint to the competent supervising authority if the data controller has not complied with the applicable data protection regulation in their operations.
If personal data are processed on the basis of the data subject’s consent, the data subject has the right to withdraw their consent by informing the data controller in writing and with signature to the address mentioned in section 1.
In all questions related to the processing of personal data and in situations related to exercising their rights, the data subject should contact the data controller. The data subject can exercise their rights by emailing the data controller’s contact person.
- PRINCIPLES OF REGISTER PROTECTION
The data in the register are treated as strictly confidential and the register is properly protected from outsiders. The electronic register is protected from external intrusions with firewall hardware and passwords. In case of disruption, backups are regularly taken from the register data, which are also protected by firewall hardware.
The register is not kept in paper form. If the information in the register must be printed in a manual form in order to prepare the order, etc., the material will be destroyed after use by shredding or putting it in a security container.