Privacy policy

Data controller

Company: Kiinteistö Oy Utsun Otso, herafter Utsun Otso
Name: Jussi Airaksinen
Business ID: 1920941-0
Address: Utsunkutsu 6, 99130 Levi
Phone number: +358 400 431 747
Email: villa@utsunotso.fi

Purpose of the register

This Customer Data Protection and Privacy Policy applies to the processing of personal data for the purpose of providing our accommodation services to our customers and for the purpose of establishing and maintaining customer relationships. This Privacy Policy applies to personal data in Utsun Otso’s customer register; what, how and why this data is collected, what and how it is used and how long the collected data is stored.

Purpose of processing personal data

Personal data is processed for purposes related to the management, administration and development of the customer relationship, the provision and delivery of services, and the development and billing of services. Personal data is also processed for the purposes of dealing with possible complaints and other claims. In addition, with the customer’s consent, the data may also be used for marketing purposes.

The customer has the right to object to direct marketing directed at him/her.

The controller processes the data itself and uses subcontractors acting for and on behalf of the controller to process the personal data.

Legal grounds for processing

The legal bases for processing personal data are the following criteria under the EU General Data Protection Regulation (also referred to as “GDPR”):

  1. The data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes (Art. 6 Art. 1.a GDPR);
  2. processing is necessary for the performance of a contract to which the data subject is party or in order to carry out pre-contractual measures at the request of the data subject (GDPR Art. 6.1.b);
  3. processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party (GDPR Art. 6.1.f).

The aforementioned legitimate interest of the controller is based on a relevant and proper relationship between the data subject and the controller, resulting from the fact that the data subject is a customer of the controller, and where the processing is carried out for purposes which the data subject could reasonably have expected at the time of collection of the personal data and in the context of the relevant relationship.

What data is being collected

The customer register consists of the personal data of Utsun Otso’s accommodation customers, including name, address, telephone number, e-mail address, nationality, length of stay and other data related to the management of the reservation and the maintenance of the customer relationship. In addition, the register contains billing information, such as online billing addresses. When staying, the customer must fill in an electronic traveler’s declaration, which is kept for the authorities in accordance with government regulations.

We keep customer data in the register for three years from the last contact with Utsun Otso. However, the data will not be deleted if an authority has initiated a process in which the data is required or has otherwise ordered the data to be kept. In addition, if the customer has authorised the use of their data for marketing purposes, their data will be kept until the marketing authorisation is valid.

How is the data collected

The register collects information from the person themselves by telephone and email.

Some of the information in the register is obtained from sources other than directly from the customer. Other sources include Booking.com as a booking channel. For bookings made through this channel, we only receive part of the personal data of the customer who made the booking.

You can read Booking.com’s own customer privacy policy here.

Disclosure or transfer of data outside the EU or EEA

Personal data will not be disclosed to third parties and personal data contained in the register will not be transferred outside the EU or EEA.

The data is transferred over an SSL-secured connection. Electronic data is also protected by a firewall, usernames and passwords. Access to the data is restricted to those employees of the company who need the data for their tasks.

Our company is committed to maintaining confidentiality and secrecy with regard to the information obtained in connection with the processing of personal data.

Your rights

The data subject has the right to check what data concerning him or her has been stored in the personal data register. A written request for inspection should be sent to the person responsible for the register. The data subject has the right to request the rectification or erasure of inaccurate or outdated data or the transfer of data from one system to another. They also have the right to restrict or object to the processing of their data in accordance with Articles 18 and 21 of the EU General Data Protection Regulation.

Data subjects have the right to withdraw their prior consent to the processing of their data or to lodge a complaint with a supervisory authority about the processing of their personal data. Data subjects also have the right to object to the use of their data for direct marketing purposes.

Privacy policy is updated 12.3.2024.