Privacy Policy
Customer Register of Teatterihotelli Riihimäki
This document provides information on the processing of personal data in the customer register of Golden Cat Oy / Teatterihotelli Riihimäki, in accordance with the EU General Data Protection Regulation (GDPR).
1. Data Controller
Golden Cat Oy/Teatterihotelli Riihimäki
Hämeenaukio 1
11100 Riihimäki, Finland
2. Contact Person in Data Protection Matters
For matters related to the register and the exercise of data subject rights: Sinikka Niskanen tel. 0100 7721, sinikka.niskanen@teatterihotelli.fi
3. Name of the Register
Customer Register of Teatterihotelli Riihimäki
4. Legal Basis for Processing
Processing of personal data in the customer register is based on the customer relationship between private customers and Teatterihotelli Riihimäki.
5. Purposes of Processing
Personal data in the customer register is processed for the following purposes:
- Managing and developing customer relationships
- Customer communication
- Handling of reservations made by customers
- Sale and delivery of services
- Payment processing, invoicing, payment monitoring and collection
- Marketing of the controller’s services
- Business and customer service development
- Processing of special dietary information, only for food preparation and serving purposes
6. Categories of Personal Data Processed
Teatterihotelli Riihimäki processes the following personal data:
- First and last name, date of birth, address, phone number, email address
- Nationality
- Reservation details
- Payment method details, invoicing details, reference information
- Marketing preferences (e.g., opt-out of direct marketing)
- Data on use of services and purchases
- Customer preferences and requests (e.g., room requests, accessibility needs)
- Customer feedback and complaints
- Special dietary information (only for food preparation and serving)
7. Sources of Data
Personal data may be obtained from:
- Directly from the customer
- From a friend making a reservation for the customer
- From the customer’s employer
- From booking service providers
8. Recipients of Personal Data
Personal data may be disclosed to:
- Authorities, based on legal requests
- Security company representatives, if inappropriate behaviour is suspected
- Third parties – subcontractors/service partners
9. Data Transfers Outside the EU
Personal data may be transferred outside the EU, for example if a foreign tour operator requests a booking confirmation with customer details (e.g., for a visa application).
10. Data Retention
Customer data is retained in the hotel system for a minimum of 299 days.
11. Rights of the Data Subject
the customer relationship, and on the basis of a contract between Teatterihotelli Riihimäki and the customer (GDPR Article 6(1)(b)).
The data subject has the right to object to the processing of their personal data in certain situations.
12. Right to Lodge a Complaint
The data subject has the right to lodge a complaint with the competent supervisory authority if they consider that the controller has not complied with applicable data protection legislation.
13. Requests Related to Rights of the Data Subject
For questions related to data processing and the exercise of rights, the data subject may contact the data controller’s contact person listed in section 2.
Requests to exercise rights (such as access, rectification, or erasure) must be made in writing by email or post. Requests may also be submitted in person at the data controller’s premises.
The controller may ask the data subject to specify the request sufficiently (e.g., what data or processing activities it concerns).
To ensure that personal data is not disclosed to anyone other than the data subject, the controller may request a signed request, proof of identity with an official ID, or other reliable verification.
