Personal Data Act (523/99) 10 §
Date of issue 01.06.2021
1. PERSONAL DATA CONTROLLER
Frank & Vekka Ltd
Eteläkatu 5, 13100 Hämeenlinna
2. CONTACT INFORMATION IN MATTERS RELATED TO REGISTRY
040 900 0150
3. REGISTRY NAME
Frank & Vekka Ltd tietosuojarekisteri
4. PURPOSE FOR THE REGISTER AND THE PROCESSING OF PERSONAL DATA
Villamarenki.fi – personal data is being processed for predetermined purposes, which are: Customer service and customer relationship management, customer communication, informing about our products and services, marketing, and other online services.
Matin ja Maijan Majatalo’s customer registry personal data is saved to sirvoy.com-booking system. Matin ja Maijan Majatalo’s passenger cards are collected, stored, and disposed of in accordance with official guidelines.
Frank & Vekka Ltd employee personal data is stored in Maraplan.fi-payroll administration and finla.fi-occupational health administration database for salary payment and statutory occupational health care.
5. PERSONAL DATA RECORDED IN THE REGISTRY
The customer registry contains the following information:
6. REGULAR INFORMATION SOURCES
Registry holder registers the data the user themself states when using villamarenki.fi online store and sirvoy.com booking system. In the case of employees, the data submitted is registered. The data transferred to Sirvoy.com through Booking.com and Expedia.com is submitted by the customers themselves.
7. REGULAR DISCLOSURE OF DATA AND TRANSFERRING DATA OUTSIDE THE EU
The data is not disclosed for third parties complying with data protection legislation. Personal data is not transferred outside the EU or EEA. Sirvoy.com processes its data within the framework of its own rules.
8. PRINCIPLES OF REGISTRY PROTECTION
User and employee registry data is stored in the systems managed by the registrar which are protected by operating system security software. Access into the system requires username and password. The systems are also protected by firewalls and other technical means. The data stored in the registry is only available for authorized, predetermined registry employees that are under obligation of confidentiality.
9. THE DATA SUBJECT'S RIGHT TO DELETION
The data subject has the right to prohibit the registry from using their personal data. The prohibition must be written and addressed to the people responsible for registry matters.
10. THE DATA SUBJECT'S RIGHT TO ACCESS DATA
The data subject has the right to check their data that is recorded in the registry, and the right to get a copy of it. The request must be written and addressed to the people responsible for registry matters.
11. THE DATA SUBJECT'S RIGHT TO RECTIFICATION
The registry will delete, rectify inaccurate or incomplete personal data by their own initiative or at the request of the data subject. The data subject must contact the registry responsible for registry matters to rectify their data.