Långvik considers data protection to be extremely important, and we wish to be open and transparent about the processing of your personal data. We have defined the operating methods according to which your personal data is processed and protected.
WHO SUPERVISES YOUR PERSONAL DATA?
Långvik Congress Wellness Hotel (”Långvik”) operates as the supervisor of your personal data and is responsible for your personal data in accordance with the applicable data protection act. In this context, personal data refers to all data which can be directly or indirectly linked to a certain natural person.
LÅNGVIK CONGRESS WELLNESS HOTEL
Ryokan Oy is responsible for the business operations of Långvik Congress Wellness Hotel.
Business ID: 2705969-4
USE AND PROCESSING OF PERSONAL DATA
We only collect and process personal data to the extent that they are necessary in terms of Långvik’s business operations for the following purposes:
- to develop, produce, deliver and offer services
- to manage customer relationships
- to manage customer service and event arrangements
- for invoicing and credit history management
- for information purposes
- for advertising and marketing services and products, e.g. direct marketing and targeting it to our customers
- to offer, target and develop marketing communications
- for statistical purposes
- to ensure security (camera surveillance)
We collect and process personal data in accordance with currently valid data protection legislation and our legitimate interests.
Personal data is mainly collected directly from you by phone, email or by means of electronic/printed forms for the purpose of managing customer relationships. In customer service situations, communications between you and Långvik, such as emails, can be saved for the purpose of developing customer service and to verify its content.
ACCOMMODATION, CONFERENCE, WELLNESS AND RESTAURANT SERVICES
We process the following data on the basis of the agreement concluded between the customer and the data controller, and its implementation: contact details (first and last name, address, postal code, city, country, email address, phone number) and payment details (credit card number, name on credit card, expiry month and year of card). We may also process the following data on the basis of a customer’s consent:
When booking restaurant and conference services, possible allergy information is collected from the customer in addition to contact and payment details.
On the grounds of the data controller’s legitimate interest*, details about the customer’s gender and title, nationality, as well as a possible returning customer number and VIP status are collected in connection with offering accommodation services. The title and gender details are used to greet and communicate with the customer. Public details can also be collected from the customer to the customer profile, such as details about pets, arrival method and time.
The processing of passenger cards is based on the data controller’s statutory obligation.
Data to be processed: customer’s name, social security number or date of birth, nationality, accompanying adults’ and minors’ names, Finnish social security numbers (or in lack of, dates of birth), address, arrival country to Finland, travel document’s number and arrival and departure dates. In addition, the purpose of accommodation may be recorded (such as leisure, business or other reason).
We process the following data on the basis of the agreement concluded between the customer and the data controller, and its implementation: the customer’s contact details (first and last name, address, postal code, city, country, email address, phone number).
On the basis of consent, we also process details concerning the customer’s health status in addition to contact details, such as information about allergies, illnesses or other disabilities that affect the production of a service.
Marketing and advertising
We process, for example, the customer’s email address to deliver a newsletter to the customer (electronic direct marketing), in which case the processing is based on the customer’s consent.
Marketing and advertising are also based on the data controller’s legitimate interest* (e.g. in the preparation of B2B business operations and events)
Långvik carries out the profiling of its customers in connection with targeted marketing, in which case you may be offered services that are of interest to you on the basis of your previous purchase behaviour and data saved to your customer details. Profiling is based on your consent and you have the right to withdraw such consent at any time. If you have any questions related to profiling, please contact us: firstname.lastname@example.org
In targeted marketing, the customer’s email address, name and domicile, any subjects of interest and previous purchase behaviour are used. On the basis of previous purchase behaviour, we can offer e.g. anniversary discounts for customers who have booked a wedding package.
In addition, we use customised target groups via Facebook Inc. in online marketing that is based on subjects of interest, in connection with which our website has an incorporated tracking pixel. A tracking pixel is an analytical tool, which allows us to create target groups for advertising and ensures that our advertisements are visible to the right target groups (such as age and subjects of interest). The collected information remains anonymous, and we cannot view personal data of an individual user. Facebook does however save and process the collected data.
Data collected by the website
When browsing our website, we receive information about e.g. your IP address. We use IP addresses to analyse the use of our website, e.g. for solving any server problems, for managing the website and for monitoring users’ actions for statistical purposes.
For analysing the use of the website and for producing statistics, Långvik uses a service called Google Analytics, which is an online analysis service offered by a third party, Google Inc. Google Analytics collects certain data about site visitors with the help of cookies, so that your use of the website can be analysed and improved. This data includes, how the user has reached the website and how he/she used the website. The data collected by these cookies is transferred and stored on Google’s servers, and some of the servers may be located outside the EU.
Långvik uses recording camera surveillance, which use is based on the data controller’s legitimate interest*. The aim of camera surveillance is to ensure the legal protection and safety of Långvik’s employees, to protect the employer’s, employees’ and customers’ data and property, as well as to prevent and resolve any crimes. The data can also be used to prove the reason for terminating an employment in situations referred to in Section 17 Subsection 2:1-3 of the Act on the Protection of Privacy in Working Life (759/2004), for resolving or proving any disturbance or harassment referred to in the Act on Equality between Men and Women (609/1986) or harassment and inappropriate behaviour referred to in the Occupational Safety and Health Act (738/2002), as well as to resolve any occupational accident or other situation that has caused danger or threat as referred to in the Occupational Safety and Health Act (738/2002).
The camera surveillance register includes photo material, which is formed from the areas monitored by the cameras connected to Långvik’s camera surveillance systems.
* Legitimate interest refers to processing that is essentially associated with the data controller’s operations, which the customer can reasonably consider belonging to the data controller’s operations. The data controller must often process personal data in order to complete tasks related to business operations. In this context, the processing of personal data may not be able to be based on a statutory obligation or agreement. The processing of personal data may, however, be justified on the grounds of “legitimate interests”. In this case, the processing of data on the grounds of legitimate interest must always be assessed in advance, to ensure that operations in accordance with the legitimate interest do not cause serious harm to the data subjects’ rights and freedom.
Special personal data groups, i.e. so-called “sensitive personal data” refers to such personal data, which indicate race or ethnic background, political opinions, religion or philosophical beliefs or the membership of a trade union, genetic or biometric data, or data concerning a natural person’s health or sexual behaviour or orientation.
The processing of sensitive data is only allowed if such processing is necessary for us to comply with our statutory obligations, or with your specific consent. Långvik also processes its customers’ sensitive personal data in certain situations that have been described below.
Wellness services: In order to safely offer wellness services, such as Spa services, we need data from our customers about their health status. In connection with Spa services, health data that is directly relevant to the production of services is collected from the customer in connection with performing the service. The processing of health status data from wellness service customers is based on the customer’s consent.
Processing of other health data: Indirect health data may be accumulated when a customer indicates a disability as well as when booking an accessible room. The processing of data is based on the customer’s consent.
Memberships entitled to discounts
Members entitled to discounts may book a room booking at a membership price. The processing is based on the customer’s consent.
DISCLOSURE AND TRANSFER OF DATA
Långvik is committed to processing your personal data in a confidential manner. Your data may be transferred within Långvik to manage your customer account and to improve your customer experience. We may also transfer your data, if it is necessary due to our legitimate interest, for example to ensure safety or to investigate and prevent misbehaviour on the basis of the customer’s undesired previous behaviour. We never disclose, sell or exchange your data to third parties for marketing purposes.
Långvik shall disclose the passenger card data of its non-Finnish customers to the police authorities in accordance with its statutory obligation. In addition, we may have to disclose some data to authorities or legal representatives, when this is otherwise required by law.
In the processing of data that we have collected, we also use subcontractors and service providers (e.g. for technical maintenance or the implementation of campaigns and direct marketing), which only have the right to process your information to the extent required by the agreed services. This means that they are not permitted to use your data for their own purposes.
Information is also disclosed to third parties for the implementation of services, and to distributors in connection with the delivery of your order. To payment service providers for your payments. To credit institutions for verification and credit history checks, as well as to collection agencies. Please note that many of these recipient companies have an independent right or obligation to process your personal data.
Other important points
If you have made your booking via a booking portal (Booking.com, Hotels.com, TRIVAGO, etc.), these service providers have access to your personal data, and when you registered for these services, you have agreed to the said portal’s terms and conditions.
Personal data that we have collected from you is mainly stored within the European Economic Area. The data we collect is partly stored and processed outside the European Economic Area, for example when a service provider (Google or Facebook) we use is located, or stores information, outside the European Economic Area.
We have implemented appropriate technical and organisational data security measures to protect your personal data from loss, misuse or other equivalent unauthorised access. Such measures include, e.g. the use of firewalls, encryption technologies and secure IT areas.
Only such persons employed by Långvik, who need the data for carrying out their work duties, have the right to use and access personal data. The personal data registers are protected with usernames and passwords.
ACCESS TO DATA AND USE OF RIGHTS
You have the right to review what information we have collected about you in our register, and influence how we use it. You can decide, if you wish to receive direct marketing, and in certain situations, you also have the right to be forgotten. In this chapter, we explain what rights you have under current legislation and how you can exercise your rights.
Right to review
You have the right to review information about yourself. The right to review is free to exercise once a year. The request to review must be personally made in writing with a signed letter or in person by visiting the data controller. You can review the information about yourself by sending a signed request to review to the following address: Långvik Congress Wellness Hotel, Tanskarlantie 9, 02420 Kirkkonummi.
Right to rectification
You have the right to request for your incorrect personal data to be rectified and for any missing personal data to be added. A request to rectify should be made in writing and in a sufficiently detailed manner.
Right to erasure
You have the right to erase any personal data processed by Långvik at any time, except in the following situations.
- you have an open case that is being processed by customer service
- you have an open order, which has not yet been delivered or has only partially been delivered
- you have an unpaid debt to Långvik, regardless of the payment method
- you are suspected to have misused our services
- your debt has been sold on to a third party in the last three years, or in case of late customers in the past twelve months
- if you have made any purchases, we retain your personal data relevant to the purchase on the basis of accounting regulations
You have the right to refuse direct marketing
You can refuse direct marketing in the following ways:
- by following the instructions to withdraw your consent to direct marketing, which can be found in all marketing messages
- by sending a signed request concerning your data to the following address: Långvik Congress Wellness Hotel, Tanskarlantie 9, 02420 Kirkkonummi.
Right to lodge a complaint with a supervisory authority
If you believe Långvik is processing your personal data in an unauthorised manner, you can contact us. You also have the right to lodge a complaint with a supervisory authority.
We retain your personal data for the duration required for the purpose of processing, for as long as legislation requires us to retain such information, or until we receive a request to erase data. The retention time of data begins from the receipt of such information.
We shall retain your information for as long as it is necessary within the limits imposed by current legislation. After this, your information shall either be discarded or made unidentifiable by changing them permanently in to such form, where an individual person is no longer identifiable.
- how we use them, and
1. What are cookies?
Cookies are small text files that can be used by web sites to make a user’s experience more efficient. Cookies help us to identify your device once you enter the site, remember your personal preferences and improve your user experience as well as adjust the adverts on our site and on other web services.
Cookies are stored on the user’s device on the first entry to the site and when re-entering the site, the cookies are transmitted back to our web site, or other, where they are identified. More information on cookies is available on AboutCookies.org.
2. What type of cookies are used on this site?
This site uses different types of cookie. They can be categorised based on the duration and the purpose of use.
This site uses both transient and permanent cookies. The transient cookies are stored in the computer’s memory only during a user’s browsing session and are automatically deleted from the user’s computer when the browser is closed. The permanent cookies are stored on the user’s computer and are not deleted when the browser is closed.
The law states that we can store cookies on your machine if they are essential to the operation of this site. These cookies do not track individual users or identify them for marketing purposes.
This site may use Facebook and Twitter cookies. The information generated by these cookies may be transmitted to and stored by their servers outside the EU.
Functional cookies help us to remember your personal preferences (e.g. username, language or location) and improve your user experience with distinctive features.
Some third party cookies may be set on this site by services, such as Twitter and Facebook, that appear on our pages.They relate to the ability of users to share content on this site, as indicated by the push-button icons. They are set by the operators of that service and are not in our control.
3. How to control and delete cookies?
If you want to disable future cookies or delete cookies that are already on your computer, please refer to the instructions for your file management software to locate the file or directory that stores cookies (Usually this can be found in the “Tools”, “Options” or “Edit” menu). More detailed instructions on how to block cookies or delete them, can be found at AboutCookies.org.
Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our site.