Facebook Pixel

Privacy Policy

This is the register and data protection statement of Gustavelund Oy's customer register in accordance with the Personal Data Act and the EU General Data Protection Regulation (GDPR). Prepared on 24.04.2018. Last modified on 13.11.2024.

1. The controller

Gustavelund Oy, Kirkkotie 36, 04310 Tuusula, tel. 09 273 751

2. Contact person responsible for the register

Antti Ropponen, antti.ropponen@gustavelund.fi, tel. 09 273 7777

3. Name of the register

Gustavelund Oy customer register

4. Legal basis for processing personal data

The legal basis for the processing of personal data under the EU General Data Protection Regulation is legitimate interest of the controller. The processing of personal data in the customer register is based on the customer relationship of consumer and business customers with Gustavelund Oy.

5. Purpose of processing personal data

The purposes for which the customer data in the customer register are used are:

  • customer relationship management and development
  • Customer relationship communication
  • processing of customer reservations
  • sales and implementation of services
  • processing of personal data relating to payment, invoicing, monitoring and collection of payments
  • marketing of the controller's services
  • developing the controller's business and customer service

Any special dietary information of the customer will only be used for the purpose of preparing and serving the food

The data will not be used for automated decision-making or profiling.

6. Personal data processed

The controller processes the following personal data of customers

  • customer's first and last name, date of birth, telephone number, address, e-mail address
  • nationality
  • information concerning reservations
  • customer's payment method details, billing details, any payment reference details
  • information if the customer has opted out of the use of the data for direct marketing purposes
  • whether the customer has given consent to direct marketing by electronic means (marketing by SMS or e-mail)
  • information on the use and purchase of services
  • information on customer choices and preferences (e.g. specific room preferences, accessibility issues)
  • any customer feedback and complaints data
  • any special dietary requirements of the customer, such as gluten-free, lactose-free, nut-free

For its business customers, the controller processes the following personal data

  • name, address, e-mail, telephone number of the contact person of the business customer
  • the legal prohibitions on direct marketing, distance selling and other direct marketing as indicated by the contact person of the company
  • any customer feedback and complaints data

7. Sources of personal data

The information stored in the register is obtained from the customer through, for example, messages sent via electronic forms, e-mail, telephone, social media services, contracts, customer meetings and other situations where the customer provides his/her information.

8. Recipients of personal data

The information contained in the customer register will not be disclosed to third parties.

Data may be disclosed to public authorities on the basis of their requests for information under the law.

Gustavelund Oy uses the Emailer email service for direct marketing and communication. Users' first name, surname, email address and company and any interests are transferred to Emailer. Emaileri is a Finnish company and the processing of personal data takes place on Emaileri's servers located in the Nordic countries. No personal data is transferred outside the European Union and the personal data is protected as required by the Personal Data Act.

9. Transfer of data outside the EU

Data is not regularly transferred to other parties. Data may be published to the extent agreed with the customer.

10. Retention period of personal data

The personal data of the customer contained in the customer register will be processed for the duration of the customer relationship. The data will be deleted at the end of the customer relationship, unless there is no other reason to keep the data.

However, after the end of the customer relationship, the data may be stored and processed if necessary for the purpose of handling complaints. The retention period of the data in the customer register will also be in accordance with the retention periods required by law, such as the Accounting Act.

Contact details of business customers will be deleted in a similar way after the business relationship is deemed to have ended. However, the data may be retained thereafter if there is another justification.

During the customer relationship, only data that are necessary for the purposes specified will be processed. The controller will carry out periodic checks to delete unnecessary data.

11. About the rights of the data subject

The data subject has the following rights under the GDPR

  • the right to see what information about him or her has been recorded
  • the right to rectification
  • the right to erasure of data where there is no legal ground for keeping them
  • the right to restriction of processing
  • right to object
  • the right to data portability

12. Right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with the competent supervisory authority if the data subject considers that the controller has not complied with the applicable data protection regulation. 

13. Requests relating to the exercise of the rights of the data subject

For questions relating to the processing of personal data and situations in which the data subject wishes to exercise his or her rights, he or she may contact the contact person of the controller mentioned in point 2.