Privacy Policy

1. Data Controller

Name: Eetu Rahkola
Company: Uumen Oy
Business ID: 3455504-7
Address: Finlaysoninkatu 5 33210 Tampere
E-mail: info@uumenhotels.fi

2. Purpose of Data Processing

The collected personal data is used for maintaining and developing customer relationships. Uumen Oy may also send marketing messages to individuals in the registry.

3. Basis for Data Collection and Processing

Customer data is collected and processed with the customer’s consent.

4. Content of the Register

Person’s name, email address, and phone number.

5. Data Retention Period

Personal data is retained as long as necessary to fulfill the contract with the customer or to develop customer service.

6. Regular Sources of Data

Data is collected from the individual themselves. Information is also collected using the Google Analytics analytics tool.

7. Data Disclosures and Transfer of Data Outside the EU or European Economic Area

Data is not regularly disclosed outside the company. Some of the external service or software providers used by the company may store data outside the EU or the European Economic Area.

8. Use of Cookies

We use a cookie function on our website, which means cookies are small text files sent to and stored on the user’s computer. This allows the website administrator to recognize frequently visiting users and to compile aggregate data about visitors.

If a user visiting our site does not want us to receive the aforementioned information through cookies, most browser programs allow the cookie function to be disabled. This is typically done through the browser settings.

However, it’s important to note that cookies may be necessary for the proper functioning of some of the pages we manage and the services we offer.

9. Data Protection of the Register

Data is transmitted over an SSL-secured connection.

Electronic data is protected by a firewall, user IDs, and passwords.

Access to the data is limited to those individuals employed by the data controller who need the information for their duties.

10. Automated Decision-Making

No automated individual decisions (Article 22 of the EU General Data Protection Regulation) are made.

11. Rights of the Data Subject

The data subject has the right to access what personal data about them is stored in the register. A written request for access must be sent, signed, to the person responsible for data matters.

The right to access is free of charge, provided it is exercised no more than once a year.

The data subject has the right to request the correction or deletion of inaccurate or outdated data, or to request the transfer of data from one system to another. They also have the right to restrict or object to the processing of their data in accordance with Articles 18 and 21 of the EU General Data Protection Regulation.

The data subject has the right to withdraw their previously given consent for data processing or to file a complaint with a supervisory authority regarding the processing of their personal data.

The data subject also has the right to prohibit the use of their data for direct marketing purposes.