Privacy statement of Staycation Willa Rauha / Sipesa Oy

Data protection statement in accordance with the EU data protection regulation.

1. Registrar
Sipesa Oy
Y-ID: 3104671-4
Pappliantie 19, 91980 Lumijoki
Phone: 041 314 8305 / 020 7346 800
Email: info@staycationwillarauha.fi

2. The person handling registry matters
Name: Jenny Rahkola; info@staycationwillarauha.fi
Reserve: Sirpa Hirvasniemi; sirpa.hirvasniemi@taloustulkki.fi

3. Names of registers
of Sipesa Oy
• Employee register
• Customer register

4. Purpose of use of personal data
Personal data is processed to fulfill obligations defined by law, contract or authority order.

Employee register: The personal data of the persons who have signed the employment contract are processed in order to fulfill the obligations specified in the employer’s employment contract. Processing is based on the Employment Contracts Act (2001/55, special chapter 2).

Customer register: Personal data is processed for the management and analysis of customer and other relevant relationships, service provision, business development and planning as well as marketing, distance sales, opinion and market research and customer communication, which can also be carried out electronically and in a targeted manner.

5. Data content of registers

The employee register contains the following information:
basic employee information such as
• first and last names
• social security number
• Finnish social security number or date of birth
• foreign social security number or date of birth
• home address, phone number and email address
• information related to the employment relationship
• information regarding the quality of the employment or service relationship
• information related to the person’s taxation
• information related to statistics

The customer register can process the following information about all registered users:
• first and last name
• contact information (postal address, telephone number, e-mail address)
• the time and method of beginning and ending the customership and/or substantive relationship
• direct marketing permits and prohibitions
• Y-ID (companies) or personal ID
• information regarding the use of electronic services and content (e.g. subscription to newsletters)
• information related to marketing and sales promotion, such as marketing measures aimed at the data subject and participation in them

In addition to those listed above, the customer register can process the following information about those who have purchased a product and/or service:
• customer number
• social security number or social security number
• billing and collection information
• contact persons (name, phone, email)
• information related to handling and maintaining contact and classification of the customer and other relevant matters (e.g. purchase and cancellation information of products and services, delivery information, feedback, complaints and recordings of customer service events, such as phone calls, e-mails and support messages)

6. Regular sources of information
Employee register: Personal information about the registrant is collected from the registrant himself.
Customer register: Personal information about the registrant is collected from the registrant himself, from various services that the registrant uses and in connection with various marketing measures such as marketing lotteries and contests and events.

Personal data can also be collected and updated from the registers of partners and from authorities and companies providing services regarding personal data.

7. Regular transfers of information
Information can be disclosed in a manner required by the requirements of the competent authorities or other parties, based on valid legislation.

Information can be handed over to buyers in connection with business arrangements, if Sipesa Oy sells or otherwise organizes its business.

Data can be transferred to partners selected by the data controller, who process data on behalf of the data controller, based on the cooperation agreement between the parties. In this case, the data processor does not have the right to process the transferred data on his own behalf, in his own personal registers.

8. Data transfer outside the EU or EEA
Data will not be transferred outside the territory of the member states of the European Union or the European Economic Area, unless it is necessary for the above purposes of processing personal data or for the technical implementation of data processing, in which case the data transfer complies with the requirements of the Data Protection Regulation.

9. Use of cookies
On our website, we use the so-called cookie function, i.e. cookies. A cookie is a small text file that can be sent to the user’s computer and stored there, which enables the website administrator to identify visitors who visit the website frequently, to facilitate the login of visitors to the website, and to enable the compilation of composite information about the visitors. With the help of this feedback, we are able to constantly improve the content of our pages. Cookies do not damage users’ computers or files. We use them in such a way that we can offer our customers information and services according to the individual needs of each.

If the user visiting our pages does not want us to receive the aforementioned information with the help of cookies, most browser programs enable the cookie function to be turned off. This is usually done through the browser settings. However, it is good to take into account that cookies may be necessary for the proper functioning of some of the pages we maintain and the services we offer.

10. Registry protection

A Manual material
Personal data is protected from unauthorized access and illegal processing (e.g. destruction, alteration or transfer). Each processor can process only the personal data he needs for his work.
The documents are stored in a locked space, protected from outsiders. Documents are printed only when necessary, and paper printouts are destroyed after use.

B Data processed automatically
The information contained in the register processed electronically is protected by firewalls, passwords and other generally accepted technical means in the field of information security.
Only identified employees of the registrar and companies acting on behalf of the registrar have access to the information contained in the register with the right of use granted by the registrar.

11. Exercising the rights of the registered person
According to the Personal Data Act, the registered person has the right to check what information about him has been stored in the register.

At the request of the registered person, the necessary corrections and additions are made to the personal data, or incorrect, unnecessary, incomplete or outdated data in terms of the purpose of the processing are deleted. Information can be checked and updated by contacting the person handling Sipesa Oy’s registry affairs.

12. Changing the privacy notice
Sipesa Oy reserves the right to change this privacy statement by announcing it on its website.

Changes can also be based on changes in legislation.

We encourage you to read the announcement regularly.

This Privacy Statement was last updated on November 18, 2024.