Data Protection Notice
Register’s name, Controller and contact person in register-related matters
Rovaniemi Running Tours Oy:n asiakasrekisteri
Rovaniemi Running Tours Oy, company reg. No 2866759-5
Ossi Peltoniemi, firstname.lastname@example.org, +358 45 2011 127
Why do we collect personal data?
We provide travel and wellness services for individuals and companies and we need personal data to produce these services. We use the data retained in our Customer Register to administrate bookings, to produce services and to manage customer relations. We also use the data to improve our services. If you would decide not to give us your personal data, we might be unable to provide the service you required.
How do we collect personal data and how do we process it?
All the personal data in our Customer Register is collected from clients theirselves as they book services online or other ways. As Controller, we guarantee that personal data is being processed in accordance with this Data Protection Notice and applicable law. The legal basis for processing personal data is an agreement between us and the client. Regarding data concerning health, the legal basis for processing is the data subject’s explicit consent. We ask consent from data subjects as we collect any data concerning health.
The data in our Customer Register is retained in SSL-protocol protected web-service. Only our employees have access to the Customer Register by username and password. The employees are bound by professional secrecy. The printed forms we collect in our running school are only available for our employees.
We retain the data in our Customer Register only as long as it is necessary for the purposes outlined above. We will delete identity related data, such as name, in a secure way when we have fulfilled the service as agreed and received payment from the client. The printed forms collected in our running school will be handed back to the clients themselves or disposed when the running school has ended. Payment data is retained according to applicable accounting law. The data we retain for longer period to help us improve our services, will be made anonymous.
We won’t transfer any data from our Customer Register to third parties without the data subject’s explicit consent or unless the transfer is required by applicable law. Principally we won’t process personal data outside the EU/EEA. If we would exceptionally come into processing personal data outside the EU/EEA, we will process the data in accordance with this Data Protection Notice and the applicable law.
What personal data do we collect?
We collect only personal data which is necessary for the purposes outlined above. The personal data in our Customer Register is divided into four categories. As basic data, we collect name, phone number, e-mail address and age. As booking data, we collect information of bookings and payments as well as correspondence and contacts related to them. As prerequisite data, we collect information about clients’ previous exercises. As data concerning health, we collect information about clients’ heart rate areas and about illnesses or other health-related factors that may have an influence to the service.
According to the General Data Protection Regulation you have the right to access to your personal data which is retained in our Customer Register, request for rectification, erasure or restriction of processing and to object to processing. You also have right to data portability. You may send your request concerning your rights email@example.com or contact us by phone
+358 45 2011 127.
If you believe that we haven’t processed your personal data in accordance with applicable law, you have the right to lodge a complaint with the supervisory authority responsible for data protection.
We restrain the right to make adjustments to this Data Protection Notice. The adjustments will be announced by releasing updated Data Protection Notice in our website.