Privacy Statement

PRIVACY STATEMENT FOR THE PASSENGER REGISTER

In accordance with the EU General Data Protection Regulation (GDPR) and Section 10 of the Finnish Personal Data Act (523/99)

Date of preparation: 03.03.2025

Data Controller

Gate of Lapland / Angegroup Oy, 2663906-4
Alkkulanraitti 123, 95600 Ylitornio

Contact Person

Jari Angeria, jari@ange.fi
Sotamiehentie 8, 95600 Ylitornio

Customer and Marketing Register

Processing of Personal Data

Based on laws and regulations, customer identification data is collected and must be retained for at least one (1) year. Other customer data related to reservations is collected based on agreements and retained for a maximum of five (5) years.

This is a passenger register as defined in the Act on Accommodation and Catering Operations (308/2006) ("MaRaL"), in which the personal data of travelers is processed for the purpose of filing a travel notification in accordance with Section 6 of MaRaL. The data is used to maintain public order and safety, prevent and investigate crimes, and compile statistics.

The data controller is required to identify customers and retain accommodation records for one year. The doors of the Gate of Lapland hotel operate with door codes, which require the collection of guests’ email addresses and phone numbers for delivery.

The processing of personal data is based on customer relationships, contractual relationships, the consent of the data subject, or other legitimate grounds. Personal data may be processed for fulfilling contractual obligations, other communication with the data subject, marketing communications, business planning, product development, sending newsletters and notifications, improving the website user experience, providing personalized customer service and targeted advertising, as well as conducting market and other research and analyses.

Contents of the Register

The following information may be stored about the data subject:

  • Name, address, phone number, and email address

  • Company/business ID, position in the organization

  • Information on ordered services and products and billing details

  • Inquiries, comments, and other user interactions on online services

  • Content submitted by the user (e.g., photographs)

  • Customer feedback, permissions, consents, and restrictions

  • Profiling and interest data provided by the user

Technical data collected on website usage may include:

  • IP address and country or city of location

  • Website usage details and timestamps

  • Device information, operating system type, and software versions

  • Browser type and language settings

  • Customer service interactions across different service channels

  • External websites from which the user has arrived or to which they navigate from the data controller’s website

Sources of Information

Data is obtained directly from the data subjects when they complete the passenger registration form. Additionally, information may be collected, stored, and updated from publicly available data services provided by a registered data controller to meet the requirements of MaRaL.

Disclosure of Data

Personal data is not disclosed to third parties without a justified purpose (e.g., official authority requests).

Register Security

Manual Records

Personal data in physical format is stored in locked premises. Access to such data is restricted to authorized personnel whose job responsibilities require processing personal information. Unauthorized individuals cannot access these records.

Electronically Processed Data

The register is properly secured within the data controller’s facilities and on a protected server and service. Only authorized personnel who require access to the data for their job duties have the right to process personal information. Register data is protected from external parties using technical solutions and applications. The data controller will notify the relevant authorities or the user of any potential data breaches in accordance with applicable laws.

Review, Correction, and Deletion of Personal Data

Every individual has the right to review their personal data stored in the register. Requests for correction or deletion of incorrect personal data must be submitted to the contact person of the data controller using the contact details provided above. The request must be made in writing, either physically signed or electronically signed by the data subject.

Rights Regarding Personal Data Processing

Data subjects have the right to withdraw their consent for the processing of their personal data.

Data subjects have the right to prohibit the use of their data for direct marketing, telemarketing, and other direct advertising, as well as for market and opinion research.

Requests for withdrawal of consent or prohibition of data use must be addressed to the contact person of the data controller using the contact details provided above. The request must be made in writing and signed by the data subject.

Data stored in the marketing register is retained indefinitely. Other personal data is stored in compliance with applicable laws and only for as long as necessary to fulfill the purposes described in this privacy statement.

Personal data may be retained after the termination of the customer relationship or other legal basis for processing if required by accounting or other mandatory legislation, in accordance with the provisions of the applicable law.

Visitors to the website can clear or block cookies and other tracking mechanisms via their browser or device settings. However, this may degrade the user experience or cause malfunctions in the website’s functionality. Clearing cookies does not completely stop data collection.