Data Protection | Santa Claus Holiday Village

The Data Protection Principles of Santa Claus Holiday Village

General information

The purpose of this document, together with the description of the data file, is to give an up-to-date overall picture of the personal data processing conducted by Santa Claus Holiday Village. In the processing of personal data, Santa Claus Holiday Village complies with the EU’s General Data Protection Regulation (EU 679/2016) and the supplementary national Data Protection Act. Santa Claus Holiday Village will provide descriptions of all data files containing personal data for which it is the controller. When processing personal data from another controller’s data file (an outsourced service), Santa Claus Holiday Village will comply with the personal data processing instructions provided by the controller.

The rights of data subjects

It is the responsibility of the controller to look after the rights of the data subjects. The data subjects’ rights are listed in the description of the data file.

Any requests pertaining to the processing of personal data are to be submitted in written form to Santa Claus Holiday Village’s e-mail address. Responses related to personal data processing will be delivered in a format that is concise and easy to understand, and uses clear language. The information is generally delivered in written form without undue delay and, in any case, within one month of the request’s receiving date.

Outsourcing data processing

Santa Claus Holiday Village may use outsourced services, in which case personal data will be disclosed to the service provider. The service provider becomes a personal data processor, processing the personal data according to the instructions provided by the data file’s controller. An agreement about data processing may be attached to the service agreement. If any personal data is disclosed to service providers, it will be visible in the description of the data file.

Data protection breaches

A data protection breach is an event that results in the accidental or illegal destruction, loss or change of personal data that has been transferred, saved or otherwise processed. Unauthorised disclosure of data or access to data is also considered a data protection breach.

Santa Claus Holiday Village will notify the relevant authority of a personal data breach without undue delay and, whenever possible, within 72 hours of its discovery. This is not necessary if the personal data breach is not likely to be a risk to the data subjects’ rights and freedoms.

When the personal data processor discovers a personal data breach, they must notify the controller of the data file without undue delay.

Santa Claus Holiday Village documents all personal data breaches, their effects and corrective actions. With this documentation, the supervisory authority must be able to assess compliance with Article 33 of the Data Protection Regulation.

If the personal data breach is likely to pose great risk to the data subjects, they must be notified of the data protection breach without undue delay.

DESCRIPTION OF DATA FILE, CUSTOMER DATA FILE

Controller of the data file

Santa Claus Holiday Village
Tähtikuja 2
96930 Rovaniemi

Contact person for the data file

Marko Jääskö
Tähtikuja 2
96930 Rovaniemi
+358 40 175 7787
marko@schv.fi

The name of the data file

Customer data file

The purpose of processing personal data

The data file is used to maintain customer relations.

Contents of the data file

The data file contains personal data of customers

- name
- address
- credit card number
- telephone number
- e-mail address

Sources of data

The data saved in the data file is obtained during the creation and maintenance of the customer relationship based on information provided by the customer and from several providers offering accommodation booking services.

Recipients of data

The recipients of the personal data will be the company’s personnel who need the customers’ contact information to carry out their work tasks. Personal data is generally not disclosed to third parties.

Transfer of data outside the EU or the EEA

Data is not transferred outside the EU or the EEA.

The storing period of personal data.

Personal data on the contact persons of the customer will be stored for the duration of the customer relationship.

Rights of data subjects

right to access personal data (Article 15)
right to data rectification (Article 16)
right to data erasure (Article 17)
right to restrict processing (Article 18)
right to objection (Article 21)
right to transfer data from one system to another (Article 20)
right to withdraw consent, if the right to process data is based on consent (Article 7)
right to lodge a complaint with a supervisory authority (Article 77)

The principles of the data file’s protection

Any manual data from the data file is kept in the reception area in a surveilled storage space. The manual data is destroyed each calendar year after a year-long storing period..

The electronic data is stored in folders and applications with limited access on a server in the company’s premises. Only those employees who are entitled to process customer information due to their position have the right to access the folders and applications containing customer information. Each user has their own username and password.

The data is stored on a server that is strongly secured with firewalls, passwords and other technical means. The server and its backup copies are stored under a lock and the data can only be accessed by people who have been named in advance. Some of the applications are run from servers that are controlled by service providers (Tietotalo.infogate), in which case the data is stored on the service providers’ servers.

DESCRIPTION OF DATA FILE, VIDEO SURVEILLANCE DATA FILE

Controller of the data file

Santa Claus Holiday Village
Tähtikuja 2
96930 Rovaniemi

Contact person for the data file

Marko Jääskö
Tähtikuja 2
96930 Rovaniemi
+358 40 030 6273
marko@schv.fi

The name of the data file

Video surveillance data file

The purpose of processing personal data

Video surveillance is used
- to ensure the personal safety of employees and/or other people on the premises of the employer
- to protect property
- to prevent or investigate any situations that pose a threat to people or property

In case of a disruption, data from the data file will be disclosed to authorities for investigative purposes.

Contents of the data file

The data file contains recorded video material from which individuals can be identified

Sources of data

Data in the data file is obtained from the recorded video material from the surveillance cameras that are installed in the company’s public areas and yard

Recipients of data

The recipients of the personal data will be the company’s personnel who need the video surveillance material to carry out their work tasks. Personal data is generally not disclosed to third parties.

Transfer of data outside the EU or the EEA

Personal data is not transferred outside the EU or the EEA

The storing period of personal data.

The personal data from the video surveillance is stored for a period of maximum 12 months from the moment it is recorded.

Rights of data subjects

right to access personal data (Article 15)
right to data rectification (Article 16)
right to data erasure (Article 17)
right to restrict processing (Article 18)
right to objection (Article 21)
right to transfer data from one system to another (Article 20)
right to withdraw consent, if the right to process data is based on consent (Article 7)
right to lodge a complaint with a supervisory authority (Article 77)

The principles of the data file’s protection

There is no manual data in the data file.

The electronic data is stored on a company server that is kept in the company’s premises. Access to video surveillance is restricted to named people. Only those employees who are entitled to process video surveillance data due to their position are entitled to use the server containing data from the data file. Each user has their own username and password.