The Data Protection Principles of Arctic Circle Snowmobile Park

General information

The purpose of this document, together with the description of the data file, is to give an up-to-date overall picture of the personal data processing conducted by Arctic Circle Snowmobile Park. In the processing of personal data, Arctic Circle Snowmobile Park complies with the EU’s General Data Protection Regulation (EU 679/2016) and the supplementary national Data Protection Act. Arctic Circle Snowmobile Park will provide descriptions of all data files containing personal data for which it is the controller. When processing personal data from another controller’s data file (an outsourced service), Arctic Circle Snowmobile Park will comply with the personal data processing instructions provided by the controller.

The rights of data subjects

It is the responsibility of the controller to look after the rights of the data subjects. The data subjects’ rights are listed in the description of the data file.

Any requests pertaining to the processing of personal data are to be submitted in written form to Arctic Circle Snowmobile Park’s e-mail address. Responses related to personal data processing will be delivered in a format that is concise and easy to understand, and uses clear language. The information is generally delivered in written form without undue delay and, in any case, within one month of the request’s receiving date.

Outsourcing data processing

Arctic Circle Snowmobile Park may use outsourced services, in which case personal data will be disclosed to the service provider. The service provider becomes a personal data processor, processing the personal data according to the instructions provided by the data file’s controller. An agreement about data processing may be attached to the service agreement. If any personal data is disclosed to service providers, it will be visible in the description of the data file.

Data protection breaches

A data protection breach is an event that results in the accidental or illegal destruction, loss or change of personal data that has been transferred, saved or otherwise processed. Unauthorised disclosure of data or access to data is also considered a data protection breach.

Arctic Circle Snowmobile Park will notify the relevant authority of a personal data breach without undue delay and, whenever possible, within 72 hours of its discovery. This is not necessary if the personal data breach is not likely to be a risk to the data subjects’ rights and freedoms.

When the personal data processor discovers a personal data breach, they must notify the controller of the data file without undue delay.

Arctic Circle Snowmobile Park documents all personal data breaches, their effects and corrective actions. With this documentation, the supervisory authority must be able to assess compliance with Article 33 of the Data Protection Regulation.

If the personal data breach is likely to pose great risk to the data subjects, they must be notified of the data protection breach without undue delay.

DESCRIPTION OF DATA FILE, CUSTOMER DATA FILE

Controller of the data file
Arctic Circle Snowmobile Park
Joulumaantie 5
96930 Rovaniemi

Contact person for the data file
Tiina Aokou
Joulumaantie 5
96930 Rovaniemi
+358 40 5168465
info@snowmobilepark.com

The name of the data file
Customer data file
The purpose of processing personal data
The data file is used to maintain customer relations.

Contents of the data file
The data file contains personal data of customers
– name
– address
– credit card number
– telephone number
– e-mail address

Sources of data
The data saved in the data file is obtained during the creation and maintenance of the customer relationship based on information provided by the customer and from several providers offering accommodation booking services.

Recipients of data
The recipients of the personal data will be the company’s personnel who need the customers’ contact information to carry out their work tasks. Personal data is generally not disclosed to third parties.

Transfer of data outside the EU or the EEA
Data is not transferred outside the EU or the EEA.

The storing period of personal data.
Personal data on the contact persons of the customer will be stored for the duration of the customer relationship.

Rights of data subjects

  • right to access personal data (Article 15)
  • right to data rectification (Article 16)
  • right to data erasure (Article 17)
  • right to restrict processing (Article 18)
  • right to objection (Article 21)
  • right to transfer data from one system to another (Article 20)
  • right to withdraw consent, if the right to process data is based on consent (Article 7)
  • right to lodge a complaint with a supervisory authority (Article 77)

The principles of the data file’s protection

Any manual data from the data file is kept in the reception area in a surveilled storage space. The manual data is destroyed each calendar year after a year-long storing period..

The electronic data is stored in folders and applications with limited access on a server in the company’s premises. Only those employees who are entitled to process customer information due to their position have the right to access the folders and applications containing customer information. Each user has their own username and password.

The data is stored on a server that is strongly secured with firewalls, passwords and other technical means. The server and its backup copies are stored under a lock and the data can only be accessed by people who have been named in advance. Some of the applications are run from servers that are controlled by service providers (Travius), in which case the data is stored on the service providers’ servers.

DESCRIPTION OF DATA FILE, VIDEO SURVEILLANCE DATA FILE

Controller of the data file
Arctic Circle Snowmobile Park
Joulumaantie 5
96930 Rovaniemi

Contact person for the data file
Tiina Aokou
Joulumaantie 5
96930 Rovaniemi
+358 (0)40 516 8465
info@snowmobilepark.com

The name of the data file
Video surveillance data file

The purpose of processing personal data
Video surveillance is used

  • to ensure the personal safety of employees and/or other people on the premises of the employer
  • to protect property
  • to prevent or investigate any situations that pose a threat to people or property

In case of a disruption, data from the data file will be disclosed to authorities for investigative purposes.

Contents of the data file
The data file contains recorded video material from which individuals can be identified

Sources of data
Data in the data file is obtained from the recorded video material from the surveillance cameras that are installed in the company’s public areas and yard

Recipients of data
The recipients of the personal data will be the company’s personnel who need the video surveillance material to carry out their work tasks. Personal data is generally not disclosed to third parties.

Transfer of data outside the EU or the EEA
Personal data is not transferred outside the EU or the EEA

The storing period of personal data.
The personal data from the video surveillance is stored for a period of maximum 12 months from the moment it is recorded.

  • Rights of data subjects
  • right to access personal data (Article 15)
  • right to data rectification (Article 16)
  • right to data erasure (Article 17)
  • right to restrict processing (Article 18)
  • right to objection (Article 21)
  • right to transfer data from one system to another (Article 20)
  • right to withdraw consent, if the right to process data is based on consent (Article 7)
  • right to lodge a complaint with a supervisory authority (Article 77)
  • The principles of the data file’s protection
  • There is no manual data in the data file.

The electronic data is stored on a company server that is kept in the company’s premises. Access to video surveillance is restricted to named people. Only those employees who are entitled to process video surveillance data due to their position are entitled to use the server containing data from the data file. Each user has their own username and password.

The data is stored on a server that is strongly secured with firewalls, passwords and other technical means. The server and its backup copies are stored under a lock and the data can only be accessed by people who have been named in advance.

DATA PROTECTION