Privacy Statement for GreenStar Hotels Ltd's customer, partner and marketing information.
GreenStar Hotels Oy Business ID: 2190146-5
2 CONTACTS ON REGISTERED CASES
GreenStar Hotels Oy
3 NAME OF THE REGISTER
GreenStar Hotels Ltd's customer register.
4 PURPOSE AND BASIS OF HANDLING OF PERSONAL DATA
Legal basis for processing personal data: is based on the legitimate interest of the controller. The purpose of the register is to maintain the personal data required for co-operation between GreenStar Hotels Ltd's customers and partners, ensure smooth customer service and provide benefits and services, enable marketing, business planning and development.
Personal data is collected and processed with the customer or partner for the following purposes:
- Implementation and validation of room purchases, program purchases or other service / purchases of goods to the customer
- to provide additional information related to purchases
- providing member benefits
- Implementation and validation of purchases made through e-commerce to the customer
- providing, delivering, billing and customer relationship management for a corporate customer
- analyzing and developing products, services and business as well as the necessary statistics
- feedback, deviation and satisfaction data collection
- advertising, marketing and direct marketing purposes. The registrar has the right to deny direct marketing to him
- information about minors: GreenStar Hotels may request in their order forms for full-time customers to enter the names or nicknames of minors. Data relating to these minors will not be used for any purpose other than the provision of a subscribed product or service.
5 DATA CONTENT OF THE REGISTER
The registry includes the following client / partner information, such as:
- Type of customer: Customer / Partner / Member
- Customer number
- Contact person (s)
- The role of contact persons (Corporate Customers)
- Billing information
- Subscribed and Delivered Services
- Information collected through our service provided by our co-operation partners
- Using cookies
6 DATA SOURCES OF THE REGISTER
The primary personal data source is the information provided by the customer or the partner himself or herself at the beginning or during the co-operation as well as feedback, deviation, satisfaction, and research on the information collected from the purpose. Personal information is also accumulated at customer service points. Personal information may accrue when purchasing additional services. Purchased marketing records.
7 DEDUCTION OF INFORMATION
Registered information may be disclosed within the Registry and its subsidiaries / sister companies and for the described purposes by our partners. Otherwise, the information will only be disclosed within the limits permitted and mandated by law. Data is not transmitted outside the EU or EEA.
8 PROTECTION AND STORAGE OF INFORMATION
The starting point for processing personal data is to respect the rights and freedoms of the data subject at all stages of the information processing and to ensure the legal basis for the processing of personal data. The controller collects and processes only the personal information that is necessary for the operation. Access to a digital material is limited to the personal username and password of the employee, practitioner or partner who is entitled to it. There are different levels of user privileges, and each user is given sufficient, but limited access to the task.
Customer / partner information is retained in the register for at least 1 year after termination of the customer relationship and fulfillment of all obligations unless otherwise agreed elsewhere or required by law. However, after the end of the customer relationship, data may be retained and processed if it is necessary for handling complaints. The retention period for the information contained in the customer register is also subject to the statutory retention periods, such as the accounting law. The information required by the Accounting Act is maintained for as long as the Accounting Act requires.
Corporate customer contact information is deleted in a similar way after the company's customer relationship is deemed to be terminated.
9 OTHER PERSONAL DATA PROCESSING REGISTERED RIGHTS
Personal data contained in the Customer Register will be processed on the basis of a legitimate interest of the controller (Data Protection Article 6 (1) (e)). In this case, the legitimate interest constitutes a relationship relationship. Personal data are also processed by the controller and the registered user 12 (Data Protection Regulation Article 6 (1) (b)). This treatment criterion is described in more detail in section 4 of the data protection report.
When information is processed under a legitimate interest and contract, a registered person has the following rights:
Registered right of access to information (inspection right)
The registrar has the right to check what information about him has been deposited in the register. The request for verification must be in writing and signed to the registry contact point mentioned in section 2 of this Privacy Statement. The registrar should be prepared to prove his identity in accordance with the instructions given by the Registrar.
The right of a registered person to request rectification, removal or restriction of information
A registrant may request rectification of his or her personal data, upon receipt of an error or in finding an error. If a registrant has the opportunity to rectify an error, he or she will be required to correct, delete or supplement any invalid, unnecessary or outdated information without delay. If the registered person is not able to correct the information himself, the request for repair will be made. Insofar as the data subject can not correct the data itself, the repair request must be made to the registry contact point mentioned in section 2 of the Privacy Statement. The registrar should be prepared to prove his identity in accordance with the instructions given by the Registrar. The registrar also has the right to require a controller to restrict the processing of his personal data, for example when a party is awaiting a response to a request for rectification or deletion of his or her data. GreenStar Hotels reserves the right to limit the number of free corrections and cancellations per year.
Registered right to transfer data from one system to another
Insofar as a data subject has self-supplied information in the customer register that is processed by the data subject's consent or mandate, the data subject has the right to obtain such information for himself as a rule in a form that is prone to use and the right to transfer this information to another registrar. Upon request for a transfer in writing, the data controller shall submit the information described in the right to review within a reasonable time, taking into account the extent of the information to be provided. The registrar should be prepared to prove his identity in accordance with the instructions given by the Registrar.
The data subject has the right to file a complaint with the competent supervisory authority if the Registry has failed to comply with applicable data protection regulations.
In all questions and requests relating to personal data, the data subject must contact the person responsible for the Register of the Registrar referred to in Section 2.
11. THIRD PARTY SITES AND SERVICES
This Privacy Statement is only applicable to sites maintained by GreenStar Hotels Ltd. We are not responsible for the privacy practices of other sites. The site may include links to third-party sites. We recommend that the user review the privacy statements of other sites they use.
12. CHANGES IN THE DATA SHEET
GreenStar Hotels may change this privacy statement. The amended Privacy Statement is available on the site so that users are always aware of how their personal data will be processed. Updated 23.5.2018.