Eteläpää

Menu

Eteläpää resort Oy DATA PROTECTION STATEMENT

1. General information

Eteläpää resort Oy is committed to ensuring the confidentiality and protection of personal data in its possession. This Privacy Policy applies to the personal data we collect in relation to our customer and marketing register (the “Register”). This Privacy Policy describes the personal data we collect and how we process it. As we continue to improve and develop our services and website, this Privacy Policy may be subject to change. If there are any material changes to the Privacy Policy, we will provide a clear notice where required by law. Please read our Privacy Policy from time to time to keep up to date with any changes. This Privacy Policy was last updated on 09.04.2025.

2. Data controller and data protection officer

Name: Eteläpää resort Oy
Address: Eteläpääntie 2 29810 Siikainen
Phone: +358 40 5139877
Business ID: 3510750-2
Eteleläpää resort Oy’s Data Protection Officer: Anni-Mari Haapakoski

3. Whose personal data do we collect?

We process customers’ personal data in our system

4. What types of personal data do we collect?

We collect the following personal data about you:
– name, address, telephone numbers, email addresses
– customer relationship information, such as identification, billing and payment information
– information you provide, such as requests and feedback
– information about your use of electronic services and content (e.g. subscribing to newsletters), technical information sent by your browser to our server (e.g. IP address, browser, browser version, website from which you accessed our website) and cookies sent to your browser and related data (for more information on cookies and related technologies, see section 12 below).
– any other data collected with your consent in relation to the purpose of the register

5. What sources do we collect personal data from?

We collect personal information from you (e.g. your requests to contact us via our website and other information you provide to us by telephone, in writing or orally). We also collect your personal information from the following sources:
– public sources (civil registry and other similar registries or service providers that offer identification, verification, address, update and credit information or credit services);
– trade shows and various events;
– other third parties from whom we collect personal information for marketing purposes, for example, through purchased marketing lists.

6. Grounds for processing your personal data, purposes of use and effects

The basis for processing your personal data is our legitimate interest based on our purposes of use as set out below. We will not further process your personal data for purposes other than those set out in this notice. If you are already our customer: For our existing customers, the purpose of processing your personal data is in particular to manage, develop and maintain customer relationships. In addition, your personal data is processed for the purposes of sales and direct marketing of our products and services and for the development of our products and services. The processing of your personal data therefore enables us to serve you better. There are no other purposes for the processing of your personal data. If you are a potential customer of ours. There are no other purposes for which we process your personal data.

7. Regular disclosures and transfers of your personal data to third parties

We may transfer your personal data to our partners and subcontractors. Our partners may process your personal data only for the purposes of the activities performed on our behalf and for the purposes described in this
Privacy Policy. We will ensure that our partners do not process the personal data transferred for any other purposes. We may also need to share your personal data with competent authorities in accordance with the law on the processing of personal data.

8. Transfers of your personal data outside the EU or the European Economic Area

In some cases, we may transfer your personal data outside the European Union or the European Economic Area in accordance with the law on the processing of personal data. In principle, customer data will not be transferred outside the European Union or the European Economic Area, but where necessary, data may be transferred outside the European Union or the European Economic Area, including to the United States, in accordance with and within the limits of data protection legislation. In all circumstances, we will only transfer your personal data outside the EU or EEA on one of the following lawful grounds: – the European Commission has determined that the recipient country in question ensures an adequate level of data protection;
– we have implemented appropriate safeguards for the transfer of your personal data using standard data protection clauses adopted by the European Commission. You have the right to obtain a copy of those standard clauses by contacting us as described in the Contact Us section; or
– you have given your explicit consent to the transfer of your personal data, or there is another legal basis for the transfer of your personal data outside the EU or the European Economic Area.

9. Principles for the retention of your personal data

We store your personal data in accordance with the principles described below. Your personal data may be kept for longer than the period specified herein if applicable law or our contractual obligations to third parties require a longer retention period. If you are already our customer. Your personal data will be kept for a maximum period of five years after the end of the customer relationship. If you are a potential customer. In this case, however, the direct marketing register may retain information on your opt-out from direct marketing.

10. Right of objection and other rights relating to the processing of personal data

You have the right to object at any time to the processing of your personal data for direct marketing purposes. You can also provide us with channel-specific direct marketing opt-outs (for example, to opt-out of marketing messages sent by email, but allow marketing messages sent by post). In addition, you have the right, in accordance with applicable data protection legislation, at any time to:
– be informed of the processing of your personal data;
– access your personal data and inspect the personal data we process about you;
– request the rectification of inaccurate or incorrect personal data and the completion of information;
– request the erasure of your personal data;
– object to the processing of your personal data on grounds relating to your particular personal situation; and
– request the restriction of the processing of your personal data. You should submit your request to exercise any of the above rights to us in accordance with the Contact Us section of this Privacy Policy. We may ask you to specify your request in writing and to verify your identity before processing your request. We may refuse to comply with your request on the grounds provided by applicable law.

You also always have the right to lodge a complaint with the relevant supervisory authority or with the supervisory authority of the EU Member State where you reside or work if you consider that we have not processed your personal data in accordance with the applicable data protection legislation.

11. Principles of register protection

We respect the confidentiality of your personal data. Manual data is stored in a locked room, accessible only to designated persons. Personal data processed digitally is protected and stored in our computer system, with access restricted to persons whose job entitles them to process customer data. These persons have personal usernames and passwords and their access rights are defined as adequate for their work, but as limited as possible. Information systems and their back-ups are protected by appropriate technical means and are located in locked premises.

12. About cookies and related technologies

Our website uses cookies. A “cookie” is a commonly used small text file that an internet browser stores on your computer or other terminal device when you visit a website. The browser sends information about your visit back to the website when you visit it again. All modern websites use cookies to provide you with a more personalised browsing experience. We use cookies and similar technologies to deliver services to you, provide you with a safe online environment, carry out marketing activities, enable you to have a better online experience, track analytics on our website and provide you with the most engaging content possible. The information is not used to identify individuals. You can choose in your browser settings whether or not to accept the use of cookies. If you do not accept the use of cookies, you can use our website, but this choice may limit the functionality of the site and services.

13. Contacts

Any questions about this Privacy Policy can be sent to info@etelapaa.fi. Requests to exercise the above rights must be made in writing during a personal visit to our offices, where your identity can be reliably verified. If you wish to object to the processing of your personal data for direct marketing purposes, you can do so by contacting us, for example by clicking on the link contained in each direct marketing message and following the instructions provided in the link.