This is Pyhä-Luosto Travel Ltd’s privacy policy document according to Personal Data Act (523) 10 & 24 §, and General Data Protection Regulation (GDPR). The document includes information about processing of the personal data and about the rights of the data subject (the person whose data is being processed).


23.8.2018 updated

1.6.2018 created

The name of the register – register

Data controller

Pyhä-Luosto Matkailu Oy (Pyhä-Luosto Travel Ltd)

Business id: 1062371-1

Laukotie 1, FI-99555 Luosto

+358 207 30 3020

Contact person 

Päivi Hannula

Pyhä-Luosto Matkailu Oy (Pyhä-Luosto Travel Ltd)

Laukotie 1, FI-99555 Luosto

+358 207 30 3020

The aim of processing personal data

The meaning of processing personal data is to properly implement to share information, deliver products, access to the internet services, surveys and campaigns as well as to do marketing and advertising properly at the all channels used for this purpose.

In other words the personal data is used for:

  • Start and maintain of the customer relationship.
  • Communication with the customer for example invoicing language, booking confirmation and discussion with the customer by phone or by e-mail.
  • Identify the customer who will take a part to the competition or the campaign.
  • Design and development the new services and products.
  • Target marketing operations.
  • The aim is to be customer-oriented service provider.

Legal basis for processing personal data

  • GDPR Article 6 (1), chapter b, c and f:
    • A contract where the data subject is a party.
    • Processing is necessary for compliance with a legal obligation to the data controller.
    • Processing is necessary for the legal rights of the data controller or third party.
  • Finnish law 2006/308 obligates the data controller to store passenger cards.

The data subject has the right at any time, free of charge, to prohibit the processing of personal data for marketing purposes or to withdraw the consent previously given.

The data content of the register
The data content of the register various, depending about what kind actions the data subject will do or what kind of products/services a customer will purchase. This chapter specifies the stored data from the perspective of the purchasing customer.

When make booking following data will be stored

  • Contact information
  • First name and family name
  • Address
  • Country
  • Language
  • Phone number
  • E-mail
  • Customer number
  • Online service
    • user ID
    • password

In addition, in some cases:

  • Name of the company
  • Company ID

Additionally some profiling data may be stored. Profiling data may be used on target marketing and improve customer service.

Profiling information
Private / company
Season: winter / spring / summer / autumn

Information filled into the passenger card

  • First name, family name, address and signature
  • Date of birth
  • Nationality
  • Passport number (except the Nordic citizens and persons who live in Finland)
  • Country of the entry to Finland
  • The name and the day of birth for child and others, who is accommodating in the same cabin
  • The day of arrival and departure
  • Accommodation (cabin / apartment) name

Regular sources of information

Information is collected from the data subject in the following situations: when register to the online shop, using the web site and when booking services/products from the front desk of Pyhä Luosto Travel Ltd, by e-mail or by phone. In addition to this information may be collected from the feedback form.

The information from visitors and from the visits in the web site and the online shop will be collected automatically. Such information is IP-address, device, internet browser, operating system, language, time (date + hours), pages displayed and information from clicks. The information is collected by analytics program. This information will be used to develop internet services and customer care.

The data transfers obligated by the law  

The personal data is disclosed with a legal obligation to the public authorities for them to do their official mission. The data in the register will not transfer to the outside of the EU or EEA.

Use of cookies

We do not currently use cookies on our website.

Social media

Our sites may contain links to social media or content served by social media providers. If you have an account in a social media provider, they may be able to identify you from this content or by visiting their site. Such content may also identify you even if you do not use social media. Please see social media provider’s terms of service or privacy policy to learn more about their practices.

The principles for protection of the data

The principles of protecting the data in the register are following:
The data is used only by the employees who need the data in their work assignments. The data is stored in the database. The database is protected by firewalls and passwords as well as other technical – and virtual systems. The servers are located in the high security server rooms.

The data controller is not responsible for information collected and stored by third parties, for example the travel agencies or internet booking-platforms, who offers Pyhä-Luosto Travel Ltd’s services/products to his own customers. The data controller is responsible only for the data delivered directly into the Pyhä-Luosto Travel Ltd.

Right to rectification and erasure the data and ’right to be forgotten’

The data subject has a right to review and amend incorrect data from/to the register. The data subject has also a right to erasure the data from the register as known as ‘right to be forgotten’. Exception is Pyhä-Luosto Travel Ltd’s legal obligations to store the data for example data concerning accounting Act (1997/1336) and passenger card forms (when customers check-in) by the law 2006/308. The request for any amendment should be made written.

Guidance, controlling and more information

The Office of the Data Protection Ombudsman (Tietosuojavaltuutettu) is the official authority in Finland in case of the data security. It provides guidance and advising as well as supervising and controlling in case of the data security. More about:

Updated 08/2018