Privacy statement
Based on the Personal Data Act (523/1999), descriptions shall be drawn up of data files.
Customer data file
1. Controller
Centro-Hotel Oy, Yliopistonkatu 12a, 20100 Turku
2. File manager
Ilkka Koivurinta, Managing Director
3. Name of file
Customer data file of Hotel Centro
4. Purpose of handling personal data
The controller handles the personal data of customers for the following purposes:
– Processing a traveller notification is based on the controller’s legal obligation.
– The processed data: the customer’s name, personal identity code or birthdate, nationality, the names of the spouse and underage children accompanying the traveler, Finnish personal identity codes (or, if they are not available, birthdates), address, country of entry to Finland, number of travel document and arrival and departure dates. Moreover, the purpose of traveling can be documented (such as leisure, work or other reason).
– maintaining and developing customer relationships
– managing bookings
– making, controlling and collecting payments
– marketing the goods and services of the controller
– development of the controller’s business and the customer service related thereto
– taking the wishes of loyal customers into account, developing customer service and targeting the services
Personal data are handled in accordance with section 8(1), paragraphs 1, 2, 5 and 6 of the Personal Data Act.
5 Data file contents
The following data on the customers are collected and stored:
– customer information: name, date of birth, customer number, contact information (e.g. telephone and mobile number, e-mail address and other electronic address) for contacting purposes, title or profession, language code, sex, nationality, the number of adults and children staying with the customer, and invoicing address
– booking information (e.g. previous bookings and future bookings)
– information related to the use of the services: e.g. service use, purchase and cancellation data.
– information on the customer’s wishes and selections: e.g. room class and information on the services requested
– the customer’s method of payment and payment history data along with invoicing information
– the customer’s consent to direct marketing via e-mail, SMS or other automatic means
– the statutory prohibitions on direct advertising, distance selling and other direct marketing
– other information collected with the customer’s consent (e.g. reduced mobility, disabilities and illnesses reported by the customer which affect the service the customer has requested)
– an indication of membership in loyalty programmes or other equivalent programmes of the controller or the controller’s partners, and the information necessary for obtaining the benefits of the programme
– loyalty card data (e.g. card number and validity period)
– use of the controller’s services, itemised by card (e.g. nights and purchases)
– the points earned within the loyalty programme and the benefits rewarded based on them
6. Regular sources of data
The regular sources of data are:
– the traveller notification
– the booking and invoicing systems of the hotel
– e-mail and telephone conversations with the customer.
– information the customer has entered in the online services of Centro Hotel and its partners.
– Centro Hotel collects IP address and cookie data on its customers when they visit the online service. These data are used for targeted marketing and for the provision of services.
Collection of data Personal data are collected when the customer makes room or meeting service reservations by telephone, fax, e-mail or on the website, in compliance with the Personal Data Act. Besides making a reservation, customers requiring accommodation must fill out a traveller notification on which the customer submits certain information.
Information on customers are collected from the customers who have consented to the collection (section 8(1)(1) of the Personal Data Act), and from reservation transactions relating to services requested by the customer, or from purchase transactions (section 8(1), paragraphs 2 and 5 of the Personal Data Act). Personal data may be collected from, stored in and updated from registers controlled by the Population Register Centre or by another provider of address, updating or other such services.
Centro Hotel stores the customer data through the validity of the customer relationship between Centro Hotel and the customer. The validity of the relationship is considered to end when the time between the most recent purchase of an accommodation, meeting or restaurant service is three years. After this time the customer data will be deleted from Centro Hotel’s data archive.
7. Regular disclosure of data
INFORMING THE CUSTOMER IN ACCORDANCE WITH SECTION 24 OF THE PERSONAL DATA ACT
The description of the file is available on the Centro Hotel website and at the hotel reception at Yliopistonkatu 12a, Turku.
The customer has the right to inspect the information recorded in the data file that concerns them. Whenever a customer wishes to use their right of inspection, they shall send an inspection request, signed, to Centro Hotel, at the address specified above. The customer may also visit the hotel and present a document that proves their identity. The customer shall give their name, address and telephone number in the inspection request. Centro Hotel submits its reply to the customer in writing within 30 days from the customer’s personal visit to the hotel or the arrival of the customer’s written inspection request at the hotel.
In the case of errors in the customer’s information, the customer may request rectification of the error.
Right to prohibit: The customer has the right to prohibit the controller from processing their data for direct advertising, distance selling or other direct marketing purposes. The customer also has a right to cancel their consent on the processing of their data in the extent that is being processed on their consent.
The customer has the right to request a transfer of their processed data to another system.
8. Transfer of data outside the EU or EEA
Data are not transferred from the data file or handled outside the EU or EEA.
9. Protection principles of the file
A MANUAL MATERIAL
Manual material is stored until the information has been entered into the relevant systems. Manual material is destroyed when it is no longer needed. The company stores traveller notifications for one year from the accommodation period, and they are stored in a locked storage. Accounts and debt collection data and other data possibly classified as accounting material, which may contain customer information, are stored for the prescribed time required by the Accounting Act. For instance, invoice vouchers are stored for six years from the end of the accounting period involved. Accounting material is stored in a locked storage.
B AUTOMATICALLY PROCESSED DATA
Only those Centro Hotel employees who need the data in their work may access the data file. They access the file with usernames and passwords. The data are stored in a closed network of Centro Hotel, and the network is technically protected with a firewall.
Data collected by means of cookies are stored for no longer than six month, depending on the type of the cookie.
Surveillance camera file
1. Controller
Centro-Hotel Oy, Yliopistonkatu 12a, 20100 Turku
2. File manager
Ilkka Koivurinta, Managing Director
3. Name of file
Surveillance camera file of Centro Hotel
4. Purpose of handling personal data
The camera surveillance of the public premises of the hotel constitutes a personal data file within the meaning of the Personal Data Act (523/99). Camera surveillance also complies with the Act on the Protection of Privacy in Working Life (759/2004).
Centro Hotel uses the file (the recorded images) to guarantee personal safety and the safety of business on the premises, to prevent crimes against personnel and property, to find the responsible parties in the case of eventual damages, and to keep the property in good condition and order.
Section 16 of the Act on the Protection of Privacy in Working Life (759/2004)
The employer has the right to use the data recorded in the file in the cases specified in section 17(2), paragraphs 1–3 of the Act on the Protection of Privacy in Working Life (759/2004): to substantiate the grounds for termination of an employment relationship; to investigate and substantiate harassment or molestation as referred to in the Act on Equality Between Women and Men (609/1986) or harassment and inappropriate behaviour as referred to in the Occupational Safety and Health Act (738/2002); and to investigate an occupational accident or some other situation causing a danger or threat referred to in the Occupational Safety and Health Act.
Camera imagery of areas that need surveillance for the purpose of security or access control can be monitored real-time.
5. Data file contents
The data content of the file comprises imagery from the surveillance cameras, complemented with the necessary technical data, including the location of cameras and the date and time of filming.
6. Regular sources of data
The data stored in the file originate from the camera surveillance system installed at Centro Hotel. The file is not connected to other data sources.
7. Regular disclosure of data
Camera imagery of areas that need surveillance for the purpose of security or access control can be monitored real-time at the reception. There are no other regular uses or disclosures of the data.
The handling or disclosure of data only takes place in the cases referred to in section 4 that specifies the purpose of use of the file.
In accordance with the Personal Data Act, every data subject is entitled to inspect the recordings, images and sound that concern them. The request concerning the inspection right may be made by sending a letter that contains the personal signature of the data subject, or made by visiting the controller personally. The requesting party shall indicate the place and time of recording, as accurately as possible, in order to find the right data. The requesting party is advised to attach their photograph to the inspection right request. The right to inspect is realised within two weeks from making the request.
Recordings that concern the period subject to the inspection request are stored for an extended period, until the need for the material ceases to exist.
INFORMING THE CUSTOMER IN ACCORDANCE WITH SECTION 24 OF THE PERSONAL DATA ACT
There is a sign indicating the presence of recording camera surveillance in the entrance.
The description of the file is available on the Centro Hotel´s website and at the hotel reception at Yliopistonkatu 12a, Turku.
8. Transfer of data outside the EU or EEA
Data are not transferred from the data file or handled outside the EU or EEA.
9. Protection principles of the file
A MANUAL MATERIAL
No material is entered manually into the data file.
B AUTOMATICALLY PROCESSED DATA
The recording devices and material related to the data file are stored in a locked room.
Only those Centro Hotel employees who need the data in their work may access the data file. They access the file with usernames and passwords.
The data are stored in a closed network of Centro Hotel, and the network is technically protected with a firewall.
The handling or disclosure of data only takes place in the cases referred to in section 4 that specifies the purpose of use of the file.
The data (recordings) are stored in the file for a maximum period of 14 days. If a damage or another crime is reported during the retention period, the relevant record is stored for the period needed for investigating the crime.