Privacy policy

1. Data Collector

GreenStar Hotels Oy
Business ID: 2190146-5
Torikatu 16, 80100 Joensuu, Finland

2. Contact Information for Register Matters

GreenStar Hotels Oy
Email: joensuu@greenstar.fi

3. Name of Register

GreenStar Hotels Oy’s customer and marketing register.

4. Purpose and Legal Basis for Processing Personal Data

The legal basis for data registration is the business relationship confirmed by an agreement between the customer or partner and GreenStar Hotels Oy, or separate consent for processing customer information. The purpose of the register is to maintain the personal data required for cooperation between GreenStar Hotels Oy’s customers and partners, to ensure smooth customer service, and to enable the production and provision of benefits and services, marketing, as well as business planning and development.

Personal data is collected and processed for the following purposes:
• Execution and confirmation of gift card, ticket, or product purchases, or other service/product orders
• Transmission of additional information related to purchases
• Execution and confirmation of purchases made via the online store
• Analysis and development of products, services, and business operations, as well as necessary statistics
• Collection of feedback, deviation reports, and satisfaction data
• Advertising, marketing, and direct marketing purposes
The data subject has the right to prohibit direct marketing aimed at them.

Cookies are used to speed up website functionality and to better tailor the site’s content to the user. All information collected by cookies can be used to target the services offered by GreenStar Hotels Oy to the user. GreenStar Hotels Oy uses cookies only to track information installed on the user’s device by the website’s cookies.
Most browsers have a function that explains how to disable cookies, how to receive notifications of incoming cookies, and how to block cookies. If cookies are disabled, the website cannot be used.

5. Register Data Content

The register contains the following customer/partner data, including:
• Contact person(s)
• Address
• Billing and/or delivery information
• Ordered and delivered services
• Information collected through services provided by our partners
• Cookie usage
• Payment is processed through an external payment service provider, whose privacy policy can be reviewed in the respective service
• Information about your computer and browser, including IP address, software and hardware data, and the page you requested

6. Sources of Data

The primary source of personal data is the information provided by the customer or partner at the start of the cooperation or during it, as well as data collected in relation to feedback, deviations, satisfaction, and research purposes. Personal data is also collected from customer service contact points and acquired marketing registers.

7. Disclosure of Data

Data concerning the data subject may be disclosed within the Controller’s parent, subsidiary, or sister companies, as well as to our partners to fulfill the described purpose. Otherwise, data is disclosed only within the limits permitted or required by law.
Data is not transferred outside the EU or EEA unless required for the provision of the service. In such cases, the Controller ensures that the necessary data protection level is maintained in accordance with the applicable legislation.

8. Data Protection and Storage

The starting point for personal data processing is the respect for the rights and freedoms of the data subject at all stages of processing, and ensuring the legal basis for data processing. The Controller collects and processes only the personal data that is necessary for operations.
Access to digital material is granted only to authorized employees, professionals, or partners using a personal username and password. There are various levels of access rights, and each user is given access only to the data necessary for their task.

Customer/partner data will be stored in the register for a maximum of five (5) years after the end of the customer relationship and fulfillment of all statutory obligations, unless otherwise agreed or required by law.

The Controller ensures that valid agreements are in place with Suppliers and Data Processors, and that the Processors’ data protection practices are appropriate. Together with Data Processors, the Controller works to prevent and detect unauthorized access to personal data and data loss.
In safeguarding data, we consider the risks related to personal data processing for privacy and business, available technical solutions, and various threats in accordance with applicable legislation, regulations, and contractual obligations.

9. Other Rights Related to the Data Subject

Right of Access (Inspection Right)

The data subject has the right to inspect what information concerning them has been stored in the register. Inspection requests must be submitted in writing and signed to the register contact point mentioned in section 2. The data subject must be prepared to prove their identity according to the Controller’s instructions.

Right to Rectification, Erasure, or Restriction of Processing
The data subject may request the correction of their data if a mistake has been identified. If the data subject can correct the error themselves, they must do so without delay to update, delete, or complete incorrect, unnecessary, or outdated information. If self-correction is not possible, a correction request must be submitted.

As long as the data subject cannot correct the data themselves, the request must be submitted to the contact point listed in section 2. Proof of identity is required.

The data subject also has the right to request restriction of personal data processing, for example, while awaiting the reply to a rectification or deletion request.
GreenStar Hotels Oy reserves the right to limit free correction or deletion requests to one time per year.

Right to Data Portability
To the extent that the data subject has provided information to the customer register, which is processed based on consent or assignment, the data subject has the right to receive such data generally in machine-readable form and transfer it to another Controller.
Upon written request, the Controller will provide the data within a reasonable time, taking into account the extent of the information provided. Proof of identity is required.

Other Rights
The data subject has the right to lodge a complaint with the competent supervisory authority if the Controller has not complied with applicable data protection regulations.

10. Contact

In all matters related to personal data, the data subject should contact the party responsible for the personal data register mentioned in section 2.

11. Third-Party Websites and Services

This privacy policy applies only to websites maintained by GreenStar Hotels Oy, and we are not responsible for the privacy practices of other websites. The website may contain links to third-party websites. We recommend that users review the privacy policies of these websites.

12. Changes to the Privacy Policy

GreenStar Hotels Oy may update this privacy policy. The updated policy will be available on the website so that users are always aware of how their personal data is being processed.
Last updated: 21 November 2025.