This is a description of file and statement in accordance with the GDPR regarding the processing of personal data for the Hotel Sunday Morning Resort’s (SMR) customer register.

1. Controller

Sunday Morning Resort / Loipposet Oy
Huhanniemi 1, 98530 Pelkosenniemi

2. Contact

Petri Haverinen, Resort Manager, petri@sundaymorning.fi

3. Name of register

Customer and Marketing Register

4. Justification and purpose for processing of personal data

The processing of personal data is required to maintain SMR’s relationship with their consumer and corporate customers, to fulfil contractual obligations, or based on the data subject’s express consent or other reasonable cause. The processed data includes personal data that is gathered during room, program or table booking or billing processes. Express consent is not required for data processing when said processing is based on SMR’s legitimate interests or contracts.

The personal data may be used to fulfil contractual obligations, for communications with the data subject, for marketing communications, business and product development, improving customer service and website user experiences, processing of payments and billing, maintaining customer relationships and promoting SMR’s services.

Any dietary information provided by the customers is used only for the purposes of preparing and serving their meals. If customers disclose relevant information about their state of health (e.g. allergies, physical impairments) when requesting services, the information is used only to provide said services.

5. Content of register

SMR may store the data subject’s name, date of birth, necessary contact information (phone number, address, email address, business ID), nationality and all information regarding their booking, including payment method and billing information as well as knowledge of overdue payments. SMR may also store data related to the data subject’s use of services and purchases, including special requests, feedback and reclamations as well as the data subject’s refusal to receive direct marketing messages via email. SMR may also store the data subject’s comments on online services and any provided profiling and interest data for the purposes of developing SMR’s marketing and communications with the data subject.

6. Source of data

The data is received from
  • the data subject (in person, on the phone, via email)
  • third party booking services or booking sites
  • third party booking service companies (travel agencies, tour operators)
  • third parties (employer, organisation etc.) who are booking services on the data subject’s behalf
  • other third parties the data subject has contacted in order to book services
  • other public data sources and contact information providers

7. Sharing of data

The stored data is not shared with third parties. We will share necessary information only when customers wish to book services from third parties, such as program services or transportation, to facilitate the booking.

When booking accommodation, restaurant or program services through the www.sundaymorning.fi website, the data subject is providing their information through a third party booking channel. Likewise, when contact requests are submitted through the SMR website, the data subject’s name and email address will be passed through the hosting service.
Personal data may be shared with the authorities following valid legal requests.

8. Sharing of data outside the EU or EEA

No data is transmitted outside the EU or EEA.

9. Protection

Written materials are stored in a protected or locked space and disposed of when no longer needed (e.g. once converted to electronic format).

Electronic content is appropriately protected on the Controller’s property as well as their servers and services. The data is processed by the Controller’s employees who need the information to perform their duties. The Customer and Marketing Register is stored indefinitely.

The Controller stores other personal data according to current legislation and only for as long as it is necessary to serve the purposes stated in this Data Protection Statement. However, if accounting law or other legislation deems it necessary, personal data may be stored after the justification for storing has expired based on customer relationships or other purposes.

10. Right to inspect

Data subjects have the right to inspect and demand correction of their information. Requests for inspection and corrections must be signed and delivered on paper or electronically to the Controller’s contact.

SMR reserves the right to amend this Data Protection Statement according to changes in legislation or our services.

Updated 15 Nov 2019