Privacy Policy

1. Controller

Hotelli Ivalo Oy

Ivalontie 34

99800 Ivalo

2. Contact person regarding register matters

For matters concerning the register and the exercise of data subject rights, the contact person is:
Christin Sieppi, +358 16 688 111, christin.sieppi@hotelivalo.fi

3. Name of the register

Customer Register of Hotelli Ivalo Oy

4. Legal basis for processing personal data

The processing of personal data in the customer register is based on the customer relationship between consumer customers and Hotelli Ivalo Oy.

5. Purpose of processing personal data

The purposes for processing customer data include:

– Managing and developing customer relationships

– Customer communication

– Processing of bookings made by the customer

– Sale and provision of services

– Processing of personal data related to payment, invoicing, monitoring, and collection

– Marketing of the controller’s services

– Development of the controller’s business operations and customer service

– Use of any special dietary information strictly for food preparation and service

6. Processed personal data

Hotelli Ivalo Oy processes the following personal data of its customers:

– Customer’s first and last name, date of birth, address, phone number, email address

– Nationality

– Booking information

– Payment method details, invoicing details, any payment reference details

– Information on opt-out from direct marketing

– Data on service usage and purchases

– Information about customer preferences and requests (e.g., room preferences, accessibility needs)

– Possible feedback and complaints

– Any special dietary requirements (used solely for food preparation and service)

7. Sources of personal data

– Directly from the customer

– From a friend of the customer making a booking

– From the company the customer works for

– From booking service providers

8. Recipients or categories of recipients of personal data

– Data may be disclosed to authorities based on legal information requests

– To a security company representative if inappropriate behavior is suspected

– To third parties, such as service subcontractors or partners

9. Transfer of data outside the EU

– Customer data may be transferred outside the EU, for example, if a foreign tour operator requests a booking confirmation with customer details for purposes such as visa applications.

10. Retention period of personal data

– Personal data is retained in the hotel system for a minimum of 299 days.

11. Rights of the data subject

Personal data is processed based on the controller’s legitimate interest (GDPR Article 6, paragraph 1, point f), which in this case is the customer relationship. Personal data is also processed based on a contract between Hotelli Ivalo Oy and the data subject (GDPR Article 6, paragraph 1, point b).

The data subject has the right to object to the processing.

12. Right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with the competent supervisory authority if they believe that the controller has not complied with applicable data protection regulations.

13. Requests related to the exercise of data subject rights

For questions about the processing of personal data or to exercise data subject rights, the data subject may contact the controller’s contact person mentioned in section 2.

Requests for access or other rights must be made in writing either by email or post. The request may also be made in person at the controller’s premises.

The controller may ask the data subject to clarify which data or processing activities the request concerns.

To ensure that personal data is not disclosed to anyone other than the data subject, the controller may request a signed request or proof of identity via official ID or another reliable method.

Friday 2nd of May, 2025