Privacy Policy | Arcandia ENG

Registry and Privacy Statement

This is the registry and privacy statement of Arctic Thrill Oy in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared on October 1, 2020.

Registry Controller

Arctic Thrill Oy 3091879-5

Responsible Contact Person
Viivi Autio, viivi@arcandia.fi

Name of the Registry

Customer registry of the company.

Legal Basis and Purpose of Personal Data Processing

The legal basis for processing personal data under the EU General Data Protection Regulation is:
- Personal consent (voluntary)
- Legitimate interest of the controller (employment relationship).
The purpose of processing personal data is to communicate with customers and maintain customer relationships.
Data is not used for automated decision-making or profiling.

Content of the Registry

The data stored in the registry consists of information personally provided by the individual, such as: name, age, contact information (phone number, email address, address, city).

The company also uses Google Analytics, which measures and collects information about general website traffic and user behavior. More information: www.google.com/policies/privacy/partners/

Regular Sources of Information

The information stored in the registry is obtained from customers via email, through forms sent via the website, and from the Bókun reservation system and Google Analytics.

Regular Disclosures of Data and Transfer of Data Outside the EU or EEA

Data is not regularly disclosed to third parties. Information may be published to the extent agreed with the customer.

Principles of Registry Protection

Care is taken in processing the registry, and the data handled through information systems is protected adequately. When registry data is stored on internet servers, physical and digital security of the hardware is properly managed. The controller ensures that stored data, access rights to servers, and other information critical to the security of personal data are handled confidentially and only by those employees whose duties include this.

Right of Access and Right to Request Data Correction

Every individual in the registry has the right to check their stored information and request correction of any incorrect information or completion of any incomplete information. If a person wishes to check the information stored about them or request a correction, the request must be submitted in writing to the data controller. The data controller may request the requester to prove their identity, if necessary. The data controller will respond to the client within the time specified in the EU General Data Protection Regulation (generally within one month).

Other Rights Related to the Processing of Personal Data

A person registered has the right to request the deletion of their personal data from the register ("right to be forgotten"). Likewise, registered individuals have other rights under the EU General Data Protection Regulation, such as the restriction of processing personal data in certain situations. Requests must be submitted in writing to the data controller. The data controller may request the requester to prove their identity, if necessary. The data controller will respond to the client within the time specified in the EU General Data Protection Regulation (generally within one month).