Privacy Policy
1. Data Controller of the Traveler RegisterHotel Aakenus Oy
Business ID: 9126612-9
Koskikatu 47, 96100 Rovaniemi, Finland
Phone: +358 16 34 22051
Website: www.hotelliaakenus.net
2. Contact Person for Traveler Data Processing Matters
For matters related to the register and exercising the rights of the data subject, contact:
Risto Maijanen
Phone: +358 40 536 6587
Email: maijanenristo@gmail.com
3. Name of the Register
Traveler Register
4. Legal Basis for Processing Traveler Data
The processing of traveler data and maintaining the traveler register is based on the Finnish law on accommodation and food service operations.
5. Purpose of Processing Traveler Data
Based on the law, the accommodation provider may maintain a traveler register—either manually or through automated processing—of the traveler data specified in section 6. The traveler data and register are used to maintain public order and security, prevent and investigate crimes, and compile statistics. Additionally, the accommodation provider may use the data for customer service and direct marketing purposes.
According to Section 29 of the Finnish Personal Data Act, the customer has the right to object to the use of their data for direct marketing or customer service.
6. Traveler Data Processed
The register includes traveler data specified by law, such as:
- Traveler’s full name and Finnish personal identity code, or date of birth and nationality if no ID code is available
- Names and identity codes or birth dates of accompanying spouse* and minor children
- Traveler’s address
- Arrival and departure dates (if known)
- Country of origin (if traveler is not a resident of Finland)
- Travel document number (not required from Nordic citizens or Finnish residents)
- Voluntary information: purpose of stay (leisure, work, meeting, or other)
7. Source of Traveler Data
Traveler data is collected from the traveler registration form, which is completed and signed by the traveler or, in the case of a group, by the group leader.
8. Recipients or Categories of Recipients of the Data
Traveler data is not shared with third parties. Data may be disclosed to authorities as required by law.
According to the law, data concerning foreign travelers must be submitted without delay to the local police department.
Police may also request data on domestic travelers if needed for official duties.
Traveler data may be provided to the following authorities upon request for legally defined duties:
- Border Guard
- Customs
- Rescue authorities
- Health protection authorities
- Finnish Defence Forces
9. Transfer of Traveler Data Outside the EU
Traveler data is not transferred outside the European Union.
10. Data Retention Period
Traveler data is retained in accordance with applicable laws. Registration forms are kept for one year from the date of signing and then destroyed.
Traveler data in the register is kept for one year from the date of entry and then deleted.
If data is used for customer service or marketing, the retention follows Section 29 of the Personal Data Act.
If the traveler has not objected, the data may be transferred to a customer or marketing register after one year.
11. Data Subject Rights Regarding Personal Data Processing
The processing of traveler data is legally required. However, the traveler has the following rights:
Right of Access
The traveler has the right to request access to their personal data to verify whether their data is being processed.
Right to Rectification
The traveler can request correction of inaccurate or incomplete data. Only data provided on the signed registration form is recorded. Hotel staff ensures the data matches the registration form. Incorrect data is corrected promptly, either on their own initiative or upon request.
Right to Erasure ("Right to be Forgotten")
As processing is legally mandated, erasure is only allowed once the legal retention period ends. The traveler may request deletion of data used for customer service or marketing if:
- The data is no longer needed
- They object to such use
- The data was processed unlawfully
Even if one of the above applies, data will not be erased if required for legal obligations or to establish/defend legal claims.
Right to Object
The traveler cannot object to legally required processing. However, they may object to the use of data for marketing or customer service at the time of data collection or later.
Right to Restrict Processing
The traveler may request restriction of processing if:
- They dispute the accuracy of the data
- Processing is unlawful and they request restriction instead of deletion
- The controller no longer needs the data, but the traveler requires it for legal claims
- They have objected, and it is pending evaluation
During restriction, data may only be stored, unless needed for legal claims or public interest. The traveler will be informed before the restriction is lifted.
12. Right to Lodge a Complaint with a Supervisory Authority
The traveler has the right to lodge a complaint with the relevant data protection authority if they believe their rights have been violated.
13. Requests Related to Exercising Data Subject Rights
Inquiries or requests related to data processing or rights should be directed to the contact person listed in section 2.
Requests for access or rights must be submitted in writing, by email or post.
They can also be made in person at the controller’s office.
The controller may request clarification of the request and proof of identity (e.g. official ID or signed request).