REGISTER AND DATA PROTECTION POLICY

REGISTER AND DATA PROTECTION POLICY

This is a register and data protection policy in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).

Jyväskylä, April 15, 2021

1. Controller

Time Hostel & Apartments Finland Oy (hereinafter referred to as Time Hostel)
Business ID: 1003701-8
c/o Family Saxberg Nisulankatu 56 40720 JYVÄSKYLÄ

    Name of the register: Time Hostel’s customer and stakeholder register.

    2. General

    In order to serve you to the best of our ability, we must collect and process some information about you. However, we value your privacy and are committed to protecting it responsibly and with trust in our operations. This privacy policy contains information about what personal data we collect about you, what principles we follow when processing it, and what rights and opportunities you have to influence your data. Time Hostel processes your personal data in accordance with this privacy policy and applicable legislation. We reserve the right to make updates to this privacy policy as we develop our operations or when legislation changes or requires it. We therefore ask you to familiarize yourself with the content of this privacy policy regularly. By using our services, websites or by contacting us, you agree that we process your personal data in accordance with this privacy policy. If you do not accept these terms, we may not be able to serve you.

    3. Legal basis and purpose of processing personal data

    The processing of personal data is based on Time Hostel’s legitimate interest, agreement or other relevant connection. The purpose of using personal data is to manage, maintain, develop, analyze and compile statistics on the relationship between Time Hostel and its customers and partners. In addition, the data can be used for marketing, customer segmentation and profiling. The data can also be used to plan and develop Time Hostel’s business and services. The data will not be used for automated decision-making or profiling.

    4. Data sources and data content of the register

    The data in the register is regularly collected from the customer in connection with and during the conclusion of the contract. Data can also be collected independently from customer websites and brochures. In addition, the data stored in the register is obtained, for example, from messages sent via web forms (www), by email, by telephone, through social media services, from contracts, customer meetings and other situations in which the customer provides their data. Personal data can also be collected and updated from the population register, credit information register and other similar public and private registers. We also collect information about our website visitor data in order to be able to analyze and develop our website and its operations even better and to target them with suitable and personalized marketing.

      We store the following information in our register, among others:

      Name of the person, company, organization or entity and position within it
      Contact information (such as telephone number, email address and address)
      Company contact information (including address and email address information)

      However, we limit the collection of information in our company to only necessary and necessary information. Information that is no longer necessary or otherwise outdated is deleted. Personal data is only processed by people who are part of our company’s staff as part of their work duties. We do not store your Personal Data or other information for longer than is necessary for our operations or as required or required by a contract or law. The retention periods for personal data may vary depending on the purpose of use and the situation. In principle, the data is stored for as long as the data is needed to maintain the customer or contractual relationship.

      5. Regular disclosure of data and transfer of data outside the EU or EEA

      Data is not routinely disclosed to third parties. Information may be published to the extent that it has been agreed in advance with the customer or contractual partner. In addition, we may occasionally disclose our information in accordance with Finnish law. In principle, information is not disclosed outside the EU, but if necessary, information may also be transferred by the controller outside the EU or EEA. If this happens, we will ensure that the processing, transfer and storage of your information is carried out on the grounds required by the applicable law and with sufficient protection mechanisms.

      6. Principles of register protection

      The register is processed with care and caution, and the information processed using information systems is protected appropriately. Only persons whose job description requires the use of the register have access to the registers. Each person with access rights uses their own username and password for the systems that maintain the data. Stored data, access rights to registers and other information critical to the security of personal data are treated confidentially.

      7. Right to inspection and right to demand correction of data

      Every person, company or entity in the register has the right to check their data stored in the register and demand correction of any incorrect data or completion of incomplete data. If a person wishes to check the data stored about them or demand correction, the request must be sent to the controller in writing, by email. If necessary, the controller may ask the person making the request to prove their identity with approved identity documents. The controller will respond to the person’s request within the time period stipulated in the EU Data Protection Regulation (generally within one month of receiving the request).

      8. Other rights related to the processing of personal data

      A person in the register has the right to request that personal data concerning him or her be deleted from the register (“right to be forgotten”). The registered person, company or entity also has other rights under the EU General Data Protection Regulation, such as the restriction of the processing of personal data in certain situations.

      9. Contact person responsible for the register

      Margo Saxberg
      margo (at) timetostay.fi
      +358 50 349 7070