Open Shores Saimaa is committed to complying with data protection principles by EU data protection legislation when processing personal data. We process personal information to serve our customers in the best possible way. Personal information includes, for example, first name, last name, e-mail address, telephone number, age, general health of the participant, and, if applicable, the participant’s previous experience of the activities. The primary basis for the processing of personal data is the customer relationship when booking a trip.
1. The controller
Open Shores Saimaa is a registrar within the customer register and the marketing register.
Open Shores Saimaa
Business ID: 3229678-2
2. Contact person responsible for the register
Matti Juhana Keltanen
+358 500 338 432
3. Purpose of the register and information to be stored in the register
The purpose of the processing of personal data is to communicate with customers, the smooth flow of information with the customer and the company, and to maintain the customer relationship.
The information stored in the register is received from the customer by e-mail. The information to be stored in the register is the person’s name, e-mail address, address, telephone number, age, previous experience of the activities, and the general health of the participant.
4. Right of inspection and duration of proceedings
Every person in the register has the right to check the information stored in the register and, if necessary, to request the correction of any incorrect information. The request for verification must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the timeframe set out in the EU Data Protection Regulation.
The data subject has the right to request the deletion of data if it is not necessary to process the data. It should be noted that the controller may have a statutory or another right not to delete the requested information. For example, the registrar is obliged to keep the accounting material by the period specified in the Accounting Act (Chapter 2, Section 10). Therefore, the accounting material cannot be deleted before the deadline.
We store the information in an electronic register. Using and processing the registry requires a secure connection, and processing requires a user ID. Access to the register is restricted to designated persons.
6. Prohibition of direct marketing
The data subject has the right to prohibit the use of the data for direct marketing.
7. Registry Security Principles
The register shall be handled with due care and the data processed by the information systems shall be adequately protected. When registry data is stored on Internet servers, the physical and digital security of their hardware is adequately addressed. The controller shall ensure that the data stored, as well as the access rights to the servers and other information critical to the security of personal data, are treated confidentially and only by the employees whose job description it belongs to.
Open Shores Saimaa has prepared a register and data protection report by the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared on 09.12.2021