Registry and Privacy Statement

This is the privacy and data protection policy of Anttooran Lomakylä Oy, in accordance with the Personal Data Act (sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Created on December 27, 2019. Last amendment on December 27, 2019.

1. Data Controller

Anttooran Lomakylä Oy
2091745-7
Finnintie 33, 28900 Pori, Finland

2. Contact Person for Register Matters

Hardy Dieter
+358 40 555 2553
info@anttoora.com

3. Name of the Register

Anttooran Lomakylä Oy Customer Register

4. Legal Basis and Purpose for Processing Personal Data

The purpose of processing personal data is to communicate with customers and maintain customer relationships.

The data is not used for automated decision-making or profiling.

5. Contents of the Register

The register may contain the following information:

  • contact information obtained from contact forms
    • person’s name
    • phone number
    • email address
    • address
  • network connection IP address
  • analysis and profile information (Google Analytics)
  • information on ordered services and their changes
  • billing information
  • other information related to the customer relationship and ordered services

6. Regular Sources of Information

The information stored in the register is obtained from the customer, for example, from messages sent via web forms, email, telephone, social media services, contracts, customer meetings, and other situations in which the customer discloses their information.

7. Cookies Used by Our Website

We use cookies on the anttoora.com site to maintain the user session. A cookie is a small text file sent to the client’s browser, usually containing an anonymous identification number. The pages can also be used without cookies, but some features may not function.

By using the site, you consent to the use of the aforementioned cookies. If you no longer wish to accept the use of cookies, you can disable cookies by changing your browser settings.

Our site uses Google Analytics to gather statistical analytics on website visits.

Google Analytics (Visitor statistics tracking)

8. Regular Disclosures of Information and Transfer of Data Outside of the EU or EEA

Information is not regularly disclosed to third parties. Information (for example, photos taken by the customer) can be published as agreed with the customer.

Information may also be transferred by the data controller outside of the EU or EEA.

Anttoora Holiday Village does not make regular disclosures of information to third parties nor transfer data outside of the EU or EEA.

9. Principles of Register Protection

Care is taken in the processing of the register, and data processed with the help of information systems is adequately protected. When register information is stored on Internet servers, the physical and digital security of their hardware is appropriately maintained. The data controller ensures that stored information, as well as server access rights and other critical information for the security of personal data, are handled confidentially and only by employees whose job description includes such tasks.

10. Right of Inspection and the Right to Demand Correction of Information

Every individual in the register has the right to check their stored information and demand the correction of any incorrect information or the completion of incomplete information. If an individual wishes to check the information stored about them or demand a correction, the request must be sent in writing to the data controller. The data controller may ask the requester to prove their identity if necessary. The data controller responds to the customer within the timeframe stipulated by the EU data protection regulation (generally within one month).

11. Other Rights Related to the Processing of Personal Data

An individual in the register has the right to request the deletion of their personal data from the register (“the right to be forgotten”). Similarly, registrants have other rights according to the EU General Data Protection Regulation, such as the right to restrict the processing of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may ask the requester to prove their identity if necessary. The data controller responds to the customer within the timeframe stipulated by the EU data protection regulation (generally within one month).