1. ABOUT US
Lapland Private Oy (Business ID: 3185652-2)
Email address: firstname.lastname@example.org
Address: Valtakatu 35, 96200 Rovaniemi (FINLAND)
We may collect and use behavioral information pertaining to the service users via the online services of Lapland Private. Cookies and other similar techniques may be used to collect data pertaining to the user’s computer and other devices. Cookies are small files sent from a website and stored on the user’s computer to enable the digital service to perform actions such as remembering the user’s password and username for later visits, with consent from the user. They contain an anonymous, numeric ID that we can use to count the number of browsers visiting our website. Mobile devices use numeric IDs that are similar to cookies with regard to their operating principle. Cookies and other similar techniques do not damage the user’s device or files. They cannot be used to spread viruses or to browse files stored on the user’s hard drive.
We may collect information in an automated manner on browsing behavior (e.g. the duration and time of the visit and the search phrases and words and the search engine used to access the website), the websites and parts thereof visited and technical matters related to the user’s computer or mobile device (e.g. the operating system, the geographical location and the browser).
We use the information gathered with cookies and other similar techniques for purposes such as enhancing the visibility of our services, producing more fitting marketing content and targeting the content of our services and marketing messages. Lapland Private’s adverts may be targeted at users on third-party services (for example, Google) outside the Lapland Private’s networks on the basis of the user’s visit to our service.
Lapland Private’s service providers or third parties (advertisers and advertising networks, media and marketing agencies, analytics and monitoring services) may gather information on browsing activities in conjunction with visits to the Lapland Private’s services. We may use behavioral information collected from outside our own website. We may use the Google Analytics marketing features (remarketing and similar audiences’ services, Google Analytics reports on target groups and topics). We take various physical, electronic and contractual measures to ensure that no unauthorized persons have access to the information gathered with cookies and that our service providers do not use the information for their own purposes. We also aim to ensure that third parties are committed to complying with the applicable laws and self-regulation guidelines. However, we do not monitor the practices of third parties and do not accept responsibility for them.
We may use community links on our services, including Facebook’s and Instagram’s buttons, the content of which comes directly from Facebook and Instagram. Facebook, Google, Instagram, Pinterest, Twitter, Youtube, WeChat, TikTok and other similar service providers may collect information on the user’s visit to the website in line with their own terms and conditions.
Some cookies remain on the user’s computer after the user has exited the website. Unless specifically deleted, they may remain on the computer for months or even years after the last visit to the website.
With regard to the collection and use of behavioral information, Lapland Private emphasizes commitment to IAB Europe’s self-regulation program for online behavioral advertising as a selection criterion for its marketing partners.
In addition to behavioral information, Lapland Private may collect anonymized information on the geographical location of the user’s device. This localization information may be used for statistics and geographically targeted marketing, on condition that the user has granted consent for the utilization of the information.
3. USER’S INFLUENCE ON INFORMATION COLLECTED WITH COOKIES
Users can disable cookies in their browser settings if they do not want us, or our partners, to target marketing or content based on their browsing behavior. By deleting cookies regularly, users can change the identification code used to form a user profile. However, deleting cookies does not stop the gathering of information; instead, it clears the profile formed based on previously collected information. Users should note that deleting or disabling cookies does not prevent advertising on the Lapland Private’s digital services and may interfere with or prevent the use of the services. Deleting or blocking cookies is always specific to each devise.
Other options for influence available to the user, including the right to inspect and rectify personal data and prohibit direct marketing, are described in more detail in Lapland Private’s company-specific privacy policies pertaining to customer information.
4. THE PURPOSE OF AND GROUNDS FOR THE PROCESSING OF PERSONAL DATA
The grounds for the processing of personal data include a contractual relationship between a customer or partner and Lapland Private Oy or a separate consent for the processing of customer information. The goal for the register is to manage personal data required for collaboration between Lapland Private Oy and its customers and partners, to ensure smooth-running customer services and the production and provision of services, and to enable marketing and the planning and development of business.
Personal data is collected and processed in collaboration with the customer or partner for the following purposes:
the realization and confirmation of purchases related to programme services
the provision of additional information related to purchases
the offering of discounts and commercial advantages
the production and delivery of entities agreed upon with a corporate customer, related invoicing and the management of the customer relationship
the analysis and development of products, services and business and the preparation of the necessary statistics
the collection of feedback and information on deviations and customer satisfaction
advertising, marketing and direct marketing. The data subject has the right to prohibit direct marketing
data on underage persons: Lapland Private Oy may request its customers of legal age to provide the ages and names of their underage children. The information on underage children is not used for purposes other than the delivery of the products or services ordered.
5. CONTENT OF THE DATA REGISTER
The register may contain the following information:
The type of the customer relationship
Customer contact details
Services ordered and delivered
Information accumulated in conjunction with services supplied by our partners
6. SOURCES OF INFORMATION FOR THE REGISTER
The primary source of personal data is information provided by the customer or partner at the start or in the course of the collaboration or information collected for the purpose of receiving feedback, analyzing customer satisfaction or conducting research.
Additionally, personal data is accumulated in conjunction with visits to the customer service points. Personal data may also accumulate in conjunction with the purchase of additional services offline or online.
7. DISCLOSURE OF INFORMATION
Registered data may be disclosed within the organization of the data controller and its subsidiaries and sister companies and to our third-party collaboration partners for the realization of the purposes described herein. Otherwise, data is only disclosed to the extent permitted or required by law.
Data is not transferred outside the EU or EEA, unless it is necessary for the realization of the service. In such a case, the data controller guarantees that the required level of data protection is ensured in accordance with the applicable legislation.
8. PROTECTION AND STORAGE OF DATA
The basis of data processing is respect for the rights and freedoms of data subjects in all stages of the processing and the fulfilment of the legal ground for processing. The data controller only collects and processes information that is necessary for its operations.
Digital material may only be accessed by authorized employees, sole traders and collaboration partners with a personal username and password. Various levels have been determined for access rights and each user is granted access rights on the level that is as restricted as possible but suffices for the performance of his or her tasks.
Information related to customers and partners is stored in the register for at least a year after the agreement has been terminated and all contractual obligations have been met unless otherwise agreed on or required by law.
9. DATA SUBJECTS’ OTHER RIGHTS RELATED TO DATA PROCESSING
Data subjects’ right to access the data (inspection right)
Data subjects’ right to rectification, erasure and the restriction of processing.
Data subjects are entitled to require a controller to rectify any errors in their personal data as soon as they notice the error or become aware of it by other means. If the data subject is able to rectify the error, he or she must rectify, erase or complete the erroneous, unnecessary or outdated information. If the data subject is not able to do so, a request for rectification must be submitted.
Data subjects also have the right to restrict the processing of their data, for example if a request for rectification or erasure is pending.
Lapland Private Oy reserves the right to limit the number of free rectification and erasure requests to one a year.
Data subjects’ right to transfer the data pertaining to them to another system.
Insofar as the data subject has provided personal data to the customer register and data processing is performed on the grounds of consent or assignment from the data subject, the individual has the right to receive this data primarily in a machine-readable format and to transfer the data to another data controller.
When the request for data transfer is made in writing, the data controller must deliver the data specified in the section on the right of access within reasonable time taking into account the extent of the information to be delivered. The data subject submitting the request must be prepared to verify his or her identity in accordance with the instructions provided by the data controller.
Data subjects have the right to lodge a complaint with a supervisory authority if they consider that the processing of personal data relating to them infringes the applicable data protection regulations.
Last updated: March 2021