The purpose of this document, together with the description of the data file, is to give an up-to-date overall picture of the personal data processing conducted by Santa Claus Holiday Village. In the processing of personal data, Santa Claus Holiday Village complies with the EU’s General Data Protection Regulation (EU 679/2016) and the supplementary national Data Protection Act. Santa Claus Holiday Village will provide descriptions of all data files containing personal data for which it is the controller. When processing personal data from another controller’s data file (an outsourced service), Santa Claus Holiday Village will comply with the personal data processing instructions provided by the controller.
It is the responsibility of the controller to look after the rights of the data subjects. The data subjects’ rights are listed in the description of the data file.
Any requests pertaining to the processing of personal data are to be submitted in written form to Santa Claus Holiday Village’s e-mail address. Responses related to personal data processing will be delivered in a format that is concise and easy to understand, and uses clear language. The information is generally delivered in written form without undue delay and, in any case, within one month of the request’s receiving date.
Santa Claus Holiday Village may use outsourced services, in which case personal data will be disclosed to the service provider. The service provider becomes a personal data processor, processing the personal data according to the instructions provided by the data file’s controller. An agreement about data processing may be attached to the service agreement. If any personal data is disclosed to service providers, it will be visible in the description of the data file.
A data protection breach is an event that results in the accidental or illegal destruction, loss or change of personal data that has been transferred, saved or otherwise processed. Unauthorised disclosure of data or access to data is also considered a data protection breach.
Santa Claus Holiday Village will notify the relevant authority of a personal data breach without undue delay and, whenever possible, within 72 hours of its discovery. This is not necessary if the personal data breach is not likely to be a risk to the data subjects’ rights and freedoms.
When the personal data processor discovers a personal data breach, they must notify the controller of the data file without undue delay.
Santa Claus Holiday Village documents all personal data breaches, their effects and corrective actions. With this documentation, the supervisory authority must be able to assess compliance with Article 33 of the Data Protection Regulation.
If the personal data breach is likely to pose great risk to the data subjects, they must be notified of the data protection breach without undue delay.
Santa Claus Holiday Village
Tähtikuja 2
96930 Rovaniemi
Marko Jääskö
Tähtikuja 2
96930 Rovaniemi
+358 40 175 7787
marko@schv.fi
Customer data file
The data file is used to maintain customer relations.
The data file contains personal data of customers
- name
- address
- credit card number
- telephone number
- e-mail address
The data saved in the data file is obtained during the creation and maintenance of the customer relationship based on information provided by the customer and from several providers offering accommodation booking services.
The recipients of the personal data will be the company’s personnel who need the customers’ contact information to carry out their work tasks. Personal data is generally not disclosed to third parties.
Data is not transferred outside the EU or the EEA.
Personal data on the contact persons of the customer will be stored for the duration of the customer relationship.
The principles of the data file’s protection
Any manual data from the data file is kept in the reception area in a surveilled storage space. The manual data is destroyed each calendar year after a year-long storing period..
The electronic data is stored in folders and applications with limited access on a server in the company’s premises. Only those employees who are entitled to process customer information due to their position have the right to access the folders and applications containing customer information. Each user has their own username and password.
The data is stored on a server that is strongly secured with firewalls, passwords and other technical means. The server and its backup copies are stored under a lock and the data can only be accessed by people who have been named in advance. Some of the applications are run from servers that are controlled by service providers (Tietotalo.infogate), in which case the data is stored on the service providers’ servers.
Santa Claus Holiday Village
Tähtikuja 2
96930 Rovaniemi
Marko Jääskö
Tähtikuja 2
96930 Rovaniemi
+358 40 030 6273
marko@schv.fi
Video surveillance data file
Video surveillance is used
- to ensure the personal safety of employees and/or other people on the premises of the employer
- to protect property
- to prevent or investigate any situations that pose a threat to people or property
In case of a disruption, data from the data file will be disclosed to authorities for investigative purposes.
The data file contains recorded video material from which individuals can be identified
Data in the data file is obtained from the recorded video material from the surveillance cameras that are installed in the company’s public areas and yard
The recipients of the personal data will be the company’s personnel who need the video surveillance material to carry out their work tasks. Personal data is generally not disclosed to third parties.
Personal data is not transferred outside the EU or the EEA
The personal data from the video surveillance is stored for a period of maximum 12 months from the moment it is recorded.
The principles of the data file’s protection
There is no manual data in the data file.
The electronic data is stored on a company server that is kept in the company’s premises. Access to video surveillance is restricted to named people. Only those employees who are entitled to process video surveillance data due to their position are entitled to use the server containing data from the data file. Each user has their own username and password.
The data is stored on a server that is strongly secured with firewalls, passwords and other technical means. The server and its backup copies are stored under a lock and the data can only be accessed by people who have been named in advance.