Privacy policy
Customer register of Teatterihotelli Riihimäki
1. Data controller
AAP Group Oy/Teatterihotelli Riihimäki
Hämeenaukio 1
11100 Riihimäki
Finland
2. Contact person in matters pertaining to the customer register
In matters pertaining to the customer register and the rights of the data subject, please contact Arja Virtanen, tel. +358 (0)40 827 1805, arja.virtanen@aapgroup.fi
3. Name of the register
Customer register of Teatterihotelli Riihimäki
4. Legal basis of the processing of personal data
Processing of personal data in the customer register is based on the customer relationship of the consumer with Teatterihotelli Riihimäki.
5. Purposes of processing
The customer data included in the customer register are processed for the following purposes:
- maintenance and development of customer relationships
- customer-facing communications
- processing of reservations made by customers
- selling and providing services
- payments, invoicing, receivables and debt collection
- marketing of services provided by the controller
- development of the business of and customer service provided by the controller
- Information regarding possible special diets of customers is only used for preparing and serving food
6. Personal data that are processed
Teatterihotelli Riihimäki processes the following personal data of its customers:
- first and last name, date of birth, address, telephone number, e-mail address
- nationality
- reservation details
- payment method information, invoicing information, possible payment reference information
- direct-marketing opt-in or opt-out status
- information regarding use of services and purchases
- customer choices and preferences, such as those regarding the room or accessibility
- customer feedback or complaints
- special diets for the purposes of preparing and serving food
7. Sources of personal data
- Customer
- Friend making the reservation on behalf of the customer
- Company for whom the customer works
- Booking agencies
8. Recipients of personal data or recipient groups
- Public authorities based on their legal inquiries
- Security company representative, in case of suspected inappropriate behaviour
- Third parties – service providers and business partners
9. Transfer of data to countries outside the EU
Customer data may be transferred to countries outside the EU, for example, if a foreign tour operator requests a confirmation of reservation with the customer’s data for a visa application.
10. Retention period
The retention period of personal data in the hotel system is 299 days.
11. Rights of the data subject
The personal data in the customer register are processed on the basis of the legitimate interests pursued by the controller (General Data Protection Regulation, EU/2016/679, Article 6, paragraph 1, subparagraph f). In this context, the legitimate interest is the customer relationship. The personal data are also processed in order to perform contracts between the hotel and the data subject (General Data Protection Regulation, EU/2016/679, Article 6, paragraph 1, subparagraph b).
The data subject shall have the right to object.
12. Right to lodge a complaint with the supervisory authority
The data subject has the right to lodge a complaint with the competent supervisory authority if the data subject takes the view that the data controller has not observed the applicable data protection regulation in the course of its operations.
13. Data requests
In matters pertaining to the processing of personal data and exercising the rights of the data subject, the data subject may contact the contact person of the data controller stated in section 2.
Any request related to the right of access or any other right of the data subject shall be made in writing to the data controller via post or email. The request can also be presented in person at the data controller’s premises.
The data controller may request the data subject to specify sufficiently which information or processing the request concerns.
In order to ensure that in exercising the rights of the data subject no personal data are disclosed to others than the data subject, the data controller may, if necessary, request a signed data request from the data subject. The data controller may also request the data subject to verify his/her identity with an official identity document or another reliable method.
Teatterihotelli Riihimäki
Hämeenaukio 1
11100 Riihimäki
