Privacy policy
Customer register of Teatterihotelli Riihimäki
1. Data controller
AAP Group Oy/Teatterihotelli Riihimäki
Hämeenaukio 1
11100 Riihimäki
Finland
2. Contact person in matters pertaining to the customer register
In matters pertaining to the customer register and the rights of the data subject, please contact Arja Virtanen, tel. +358 (0)40 827 1805, arja.virtanen@aapgroup.fi
3. Name of the register
Customer register of Teatterihotelli Riihimäki
4. Legal basis of the processing of personal data
Processing of personal data in the customer register is based on the customer relationship of the consumer with Teatterihotelli Riihimäki.
5. Purposes of processing
The customer data included in the customer register are processed for the following purposes:
6. Personal data that are processed
Teatterihotelli Riihimäki processes the following personal data of its customers:
7. Sources of personal data
8. Recipients of personal data or recipient groups
9. Transfer of data to countries outside the EU
Customer data may be transferred to countries outside the EU, for example, if a foreign tour operator requests a confirmation of reservation with the customer’s data for a visa application.
10. Retention period
The retention period of personal data in the hotel system is 299 days.
11. Rights of the data subject
The personal data in the customer register are processed on the basis of the legitimate interests pursued by the controller (General Data Protection Regulation, EU/2016/679, Article 6, paragraph 1, subparagraph f). In this context, the legitimate interest is the customer relationship. The personal data are also processed in order to perform contracts between the hotel and the data subject (General Data Protection Regulation, EU/2016/679, Article 6, paragraph 1, subparagraph b).
The data subject shall have the right to object.
12. Right to lodge a complaint with the supervisory authority
The data subject has the right to lodge a complaint with the competent supervisory authority if the data subject takes the view that the data controller has not observed the applicable data protection regulation in the course of its operations.
13. Data requests
In matters pertaining to the processing of personal data and exercising the rights of the data subject, the data subject may contact the contact person of the data controller stated in section 2.
Any request related to the right of access or any other right of the data subject shall be made in writing to the data controller via post or email. The request can also be presented in person at the data controller’s premises.
The data controller may request the data subject to specify sufficiently which information or processing the request concerns.
In order to ensure that in exercising the rights of the data subject no personal data are disclosed to others than the data subject, the data controller may, if necessary, request a signed data request from the data subject. The data controller may also request the data subject to verify his/her identity with an official identity document or another reliable method.