Privacy Policy

1. Data Controller of the Traveler RegisterHotel Aakenus Oy

Business ID: 9126612-9
Koskikatu 47, 96100 Rovaniemi, Finland
Phone: +358 16 34 22051
Website: www.hotelliaakenus.net

2. Contact Person for Traveler Data Processing Matters

For matters related to the register and exercising the rights of the data subject, contact:
Risto Maijanen
Phone: +358 40 536 6587
Email: maijanenristo@gmail.com

3. Name of the Register

Traveler Register

4. Legal Basis for Processing Traveler Data

The processing of traveler data and maintaining the traveler register is based on the Finnish law on accommodation and food service operations.

5. Purpose of Processing Traveler Data

Based on the law, the accommodation provider may maintain a traveler register—either manually or through automated processing—of the traveler data specified in section 6. The traveler data and register are used to maintain public order and security, prevent and investigate crimes, and compile statistics. Additionally, the accommodation provider may use the data for customer service and direct marketing purposes.
According to Section 29 of the Finnish Personal Data Act, the customer has the right to object to the use of their data for direct marketing or customer service.

6. Traveler Data Processed

The register includes traveler data specified by law, such as:

  • Traveler’s full name and Finnish personal identity code, or date of birth and nationality if no ID code is available
  • Names and identity codes or birth dates of accompanying spouse* and minor children
  • Traveler’s address
  • Arrival and departure dates (if known)
  • Country of origin (if traveler is not a resident of Finland)
  • Travel document number (not required from Nordic citizens or Finnish residents)
  • Voluntary information: purpose of stay (leisure, work, meeting, or other)

7. Source of Traveler Data

Traveler data is collected from the traveler registration form, which is completed and signed by the traveler or, in the case of a group, by the group leader.

8. Recipients or Categories of Recipients of the Data

Traveler data is not shared with third parties. Data may be disclosed to authorities as required by law.
According to the law, data concerning foreign travelers must be submitted without delay to the local police department.
Police may also request data on domestic travelers if needed for official duties.
Traveler data may be provided to the following authorities upon request for legally defined duties:

  • Border Guard
  • Customs
  • Rescue authorities
  • Health protection authorities
  • Finnish Defence Forces

9. Transfer of Traveler Data Outside the EU

Traveler data is not transferred outside the European Union.

10. Data Retention Period

Traveler data is retained in accordance with applicable laws. Registration forms are kept for one year from the date of signing and then destroyed.
Traveler data in the register is kept for one year from the date of entry and then deleted.
If data is used for customer service or marketing, the retention follows Section 29 of the Personal Data Act.
If the traveler has not objected, the data may be transferred to a customer or marketing register after one year.

11. Data Subject Rights Regarding Personal Data Processing

The processing of traveler data is legally required. However, the traveler has the following rights:

Right of Access

The traveler has the right to request access to their personal data to verify whether their data is being processed.

Right to Rectification

The traveler can request correction of inaccurate or incomplete data. Only data provided on the signed registration form is recorded. Hotel staff ensures the data matches the registration form. Incorrect data is corrected promptly, either on their own initiative or upon request.

Right to Erasure ("Right to be Forgotten")

As processing is legally mandated, erasure is only allowed once the legal retention period ends. The traveler may request deletion of data used for customer service or marketing if:

  • The data is no longer needed
  • They object to such use
  • The data was processed unlawfully

Even if one of the above applies, data will not be erased if required for legal obligations or to establish/defend legal claims.

Right to Object

The traveler cannot object to legally required processing. However, they may object to the use of data for marketing or customer service at the time of data collection or later.

Right to Restrict Processing

The traveler may request restriction of processing if:

  • They dispute the accuracy of the data
  • Processing is unlawful and they request restriction instead of deletion
  • The controller no longer needs the data, but the traveler requires it for legal claims
  • They have objected, and it is pending evaluation

During restriction, data may only be stored, unless needed for legal claims or public interest. The traveler will be informed before the restriction is lifted.

12. Right to Lodge a Complaint with a Supervisory Authority

The traveler has the right to lodge a complaint with the relevant data protection authority if they believe their rights have been violated.

13. Requests Related to Exercising Data Subject Rights

Inquiries or requests related to data processing or rights should be directed to the contact person listed in section 2.
Requests for access or rights must be submitted in writing, by email or post.
They can also be made in person at the controller’s office.
The controller may request clarification of the request and proof of identity (e.g. official ID or signed request).

Whatsapp - widget