Privacy Policy and Passenger Register 2024/1

EnjoyNature B&B Customer Register

Privacy policy concerning the processing of personal data in EnjoyNature B&B’s customer register, in accordance with the EU General Data Protection Regulation.

1. Data Controller

EnjoyNature B&B
Ehtootie 26, 16730 HOLLOLA
Business ID: 0974330-2

2. Contact Person Regarding the Register

For questions related to the register and exercising data subject rights, the contact person is Roland Tolksdorf.

3. Name of the Register

EnjoyNature B&B’s customer register in the Sirvoy hotel booking system.

The processing of personal data stored in the register is based on the customer relationship between consumer customers and EnjoyNature B&B.

4. Purpose of Processing Personal Data

The purposes for processing personal data in the customer register include:

  • customer service and relationship management
  • processing of customer reservations
  • customer communications
  • sales and delivery of services
  • handling payments, invoicing, monitoring, and collection related to accommodation and other services
  • development of the controller’s business operations and customer service
  • special requests and dietary information are only used to ensure the proper provision of services during the customer’s stay
  • data is used for marketing only if the customer has given consent or requested it

6. Personal Data Processed

EnjoyNature B&B processes the following customer data in its register:

  • customer’s first and last name, date of birth, address, phone number, email address
  • nationality
  • reservation details
  • payment method, invoicing, possible payment reference information
  • consent or objection to direct marketing
  • purchase and use of services
  • special room requests, accessibility needs, and other special requirements
  • customer feedback and complaints

7. Source of Personal Data

Directly from the customer or from a third party making a reservation on the customer’s behalf.

8. Recipients or Categories of Recipients of Personal Data

  • Data may be disclosed to authorities based on legal data requests
  • To a security company or related party if there is suspicion of misconduct or danger
  • To third parties or service providers only with the customer’s permission

9. Transfer of Data Outside the EU

Customer data is only transferred outside the EU upon the customer’s request or to a party authorized by the customer.

10. Storage Period of Personal Data

Personal data is stored in the hotel booking register system for five (5) years from the date of the most recent reservation.

11. Data Subject Rights

Personal data in the customer register is processed based on the controller’s legitimate interest (GDPR Article 6(1)(f)). In this case, the legitimate interest is the customer relationship.

Data is also processed under the contract between EnjoyNature B&B and the data subject (Article 6(1)(b)). The data subject has the right to object.

12. Right to Lodge a Complaint with a Supervisory Authority

The data subject has the right to lodge a complaint with the competent supervisory authority if they believe that the controller has not complied with applicable data protection regulations.

13. Requests to Exercise Data Subject Rights

The data subject may contact the contact person mentioned in section 2. A request to access or otherwise exercise rights must be submitted in writing by email or post, or presented in person.

The controller may request a signed request and proof of identity if necessary.

Privacy Notice Regarding the Passenger Register

In accordance with Articles 12–14 and 19 of the EU General Data Protection Regulation 2016/679, and Section 7 of the Act on Accommodation and Catering Operations.

1. Data Controller

EnjoyNature B&B
Ehtootie 26, 16730 HOLLOLA
Business ID: 0974330-2

2. Name of the Register

Passenger Register

3. Purpose of Processing Personal Data

Based on legislation and regulation, customer identification information is collected and retained for at least one (1) year, as required by law. Other booking-related customer data is collected based on the contract and retained for up to five (5) years.

This is a passenger register as defined in the Act on Accommodation and Catering Operations (308/2006, “MaRaL”), and the personal data of guests is processed in accordance with Section 6 of MaRaL for the purpose of submitting a passenger notification, maintaining public order and safety, preventing and investigating crimes, and for statistical purposes.

MaRaL obligates EnjoyNature B&B to identify its customers and retain guest information for one year. EnjoyNature B&B uses door codes for access, which requires guests’ email addresses and phone numbers to be provided. In addition, personal data may be processed to improve EnjoyNature B&B’s customer service or for direct marketing purposes, if the customer has given consent.

4. Legal Basis for Processing Personal Data

Customer identification data is collected and retained for at least one (1) year, as required by law. Other booking-related customer data is collected and retained for up to five (5) years based on the contract.

5. Data Content of the Register

The following passenger data is stored in the register in accordance with Section 6 of MaRaL and under the specified conditions:

  • Full name and Finnish personal identity code, or if not available, date of birth and nationality
  • Full names and Finnish personal identity codes or, if not available, dates of birth of accompanying spouse and underage children
  • Address details of the passenger
  • Country from which the passenger is arriving in Finland (if the residence is outside Finland)
  • Travel document number (e.g. passport, visa), unless the passenger is a Nordic citizen or resident of Finland
  • Arrival and departure dates at the accommodation
  • Purpose of stay (e.g. leisure, work, or other reason), if provided by the passenger
  • Passenger’s email address and phone number

The data is retained for one (1) year from the time of entry into the register and is then deleted.

6. Regular Data Sources

The information is collected from the registered individual when filling out the passenger notification.

Additionally, data may be collected, stored, and updated from publicly and freely available data services to meet the requirements of MaRaL.

7. Regular Disclosures of Data

Personal data may be disclosed to authorities to the extent required by MaRaL.

Data may also be stored on servers administered by the service provider to the extent required for processing.

8. Transfer of Data Outside the EU or EEA

Data is not primarily transferred outside the EU or EEA. However, such transfer may be justified in legally permitted cases.

9. Principles of Register Protection

A. Manual Data

Stored in locked facilities. Only employees whose duties involve processing personal data have access to it.

B. Electronically Processed Data

Technically protected and stored securely. The servers are located in locked premises with restricted access.

10. Rights of the Data Subject

A. Right of Access and Rectification

Passengers have the right to access the data stored about them. Requests must be submitted in writing and signed, addressed to the contact provided in section 2. Incorrect information will be corrected upon request or on the controller’s own initiative.

The passenger also has the right to lodge a complaint with the supervisory authority if they believe their personal data has been processed in violation of applicable regulations.

B. Right to Object

The passenger has the right to prohibit the use of their data for direct marketing, market research, or opinion surveys. If such consent has been requested, a clear method for withdrawing consent must be provided.

Shall we plan an unforgettable
day together?

Tell us what kind of event you’re planning,
and we’ll help make it truly unforgettable.

Get in touch