We process personal data in accordance with data protection regulations, other legislation and this Privacy Statement.

We think privacy is important

You provide us with information when you use our services or when you are in contact with us. We do not use information only to be able to offer services, but also to constantly develop our services and modify them to suit your needs.

We want to be transparent

We believe in clarity and transparency in collecting and using your personal data. In this Privacy Statement, we have collected information about how and when we use your personal data.

We take care of your data

When we talk about personal data, we mean any information that can be directly or indirectly linked to you.

We do our best to protect your privacy with good data management and careful processing of personal data.

Collection and processing of personal data

The personal data we collect from people using our Services ("Users") mainly consists of user data such as name, address, phone number, email address and other personal data provided to us by the User.

We may also collect technical information related to Users, examples of which include IP address, browser type and version, language selection, geographical location, operating system, tracking of clicks that occur when using websites (including date and time). This information cannot be combined with the User's personal information.

We use cookies to collect and process technical data related to Users. Cookies are small text files that the web browser saves on the User's computer. With the help of cookies, we can count how many people on average use our website and which pages they use. This helps us develop our website and serve our Users better. We also use cookies that make it easier to use our website, for example by remembering preferences such as language selection. Functional cookies enable our website to function and also convey information about whether the website is working as it should. We do not use cookies intended for advertising. Users can set their web browsers to block cookies or to notify when cookies are being used. This can usually be done by changing your web browser settings. Instructions for managing cookies can also be found on the internet. More information about cookies related to the use of websites can be found in our Cookie Statement.

We process personal data for the following purposes:

in order to conduct, maintain and develop our business,

in order to provide our services,

in order to be able to organize information and advertising campaigns related to our services (including by telephone, mail and e-mail), the purpose of which is to keep our Users informed about our services and offers that are likely to be of interest to them,

in order to be able to fulfill the contracts we have concluded with our customers,

in order to be able to provide customer service, e.g. when Users contact us regarding their reservations,

in order to manage our contracts, e.g. assigning invoices to the correct customers,

to improve our services and their use,

to carry out research and analysis related to our services,

to monitor the use of our services,

to comply with our legal obligations.

Personal data retention period

We do not store personal data longer than the law allows and than is necessary considering the purpose of the processing. The retention period depends on the type of personal data, the purpose of the processing and the applicable legislation and may therefore vary.

We keep the User's personal data in principle as long as the User uses our services or as long as we have another purpose for it, and after that as long as the law requires or allows or is necessary for internal reporting and accounting.

We delete personal data after the storage period mentioned above has expired or when the User asks us to delete personal data about him.

The right to inspect and correct personal data

Every User has the right to receive their personal data from us in a structured, commonly used and machine-readable format.

Every User can contact us to get confirmation about the possible processing of personal data about him. If we process the User's personal data, we will inform the User which personal data groups concerning him/her we process, what are the purposes of the processing, to which types of entities the personal data has been disclosed or will be disclosed, and what are the estimated retention periods of the personal data or the criteria for evaluating this.

Every User is entitled to have incorrect or incomplete personal data stored by us regarding him corrected or supplemented.

Using personal data in marketing

We do not use personal data in direct marketing unless the User has given permission. Users are entitled to prohibit us from using their personal data in direct marketing by contacting us or by using the cancellation option mentioned in connection with our direct marketing communications. However, such withdrawal of consent does not affect the legality of previously sent direct marketing.

The right to restrict processing. Every User has the right to demand that we limit the processing of the User's personal data in accordance with the applicable data protection legislation. The processing of personal data can be restricted, for example, for the duration of ensuring the correctness of the data in those situations when the User has indicated that the data is incorrect, or to prevent us from removing unnecessary data that the User nevertheless needs to submit legal claims, or when our processing is illegal.

Deleting personal data

Every User has the right to have the personal data we have processed about him deleted from our systems, if the personal data is no longer needed for the previously mentioned purposes, or if we have processed the personal data illegally.

Sharing of personal information

We share personal data within our organization only for the purposes mentioned in this Privacy Statement and to the extent required by it. Our staff is bound by a duty of confidentiality when they process personal data.

We do not hand over personal data to parties outside our organization, except in the situations listed below.

We hand over personal data only to those service providers who help us to fulfill the purposes previously defined in this Privacy Statement, for example by providing server space, or by conducting direct marketing on our behalf. Our agreements with these service providers require data protection and security commitments from them, which are as comprehensive as our own commitments described in this Privacy Statement.

We may disclose personal data to third parties if, in our opinion, their access and access to said personal data is necessary to (i) comply with applicable legislation or a court decision, (ii) to detect, prevent or otherwise deal with fraud or security or technical problems, and/or (iii) ) to legally protect our own, our Users' or general interests, property or safety. We will notify Users of such disclosures to the extent that is reasonable.

If we are involved in a business transaction, purchase or sale of assets, we may transfer personal data to a third party involved in that process. In this case, we ensure that the confidentiality of personal data is guaranteed.

We may disclose personal data to third parties for reasons other than those mentioned above, if we have obtained the User's express consent to the disclosure. The user has the right to withdraw such consent at any time.

We and our service providers have operations in many locations worldwide. Because of this, both we and our service provider may transfer personal data to countries outside the User's country of residence.

With our measures, we strive to ensure that Users' personal data is provided with an adequate level of protection in the countries where it is processed.

In cases where EU data protection legislation is applied to our data processing and Users' personal data is transferred from the European Economic Area (EEA) to a service provider for processing in any country outside the European Economic Area, the level of data protection provided by the European Commission has not been determined to be sufficient, we guarantee an adequate level of protection by using the European Commission's model contract clauses or other applicable data protection legislation according to the protection mechanism.

For more information on international transfers of personal data, please contact us.

If the User under any circumstances feels that we have processed personal data concerning him in violation of valid data protection legislation, he can file a complaint with the local authority supervising data protection matters.

This Privacy Statement is dated 20 September 2023. We may update this statement at any time if necessary to reflect changes in our data processing practices, data protection laws or otherwise. We strive to inform about significant changes to the data protection statement to the extent that is reasonable. The current version of the data protection statement is available on our website.

In situations where there are inconsistencies or translation differences between the Finnish and other language versions of this Privacy Policy, the Finnish version shall apply.

If the User has any questions or requests related to this Privacy Policy or our other privacy practices, you can contact us

By e-mail at: hanna(at)villastenberg.fi