Privacy Policy

Privacy policy and data protection of Suomen Kotteria Oy and Savantum Oy

This privacy statement explains the reason for the processing, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you may exercise in relation to your data (the right to access, rectify, block etc.) We process personal data transparently and collect information only to the extent necessary for our lawful processing purposes.

Suomen Kotteria Oy and Savantum Oy are committed to safeguarding the personal data of their customers, employees, and stakeholders, as well as complying with national legislation on data protection and the EU General Data Protection Regulation (GDPR).

Register Name and Controller Details

Information about the register holders

The register holders are Suomen Kotteria Oy and Savantum Oy. The rights of the registered person and the processing of personal data are described in this privacy policy. The data protection statement is an extended register statement, which also informs registered users of their rights.

As a data subject, you may be our customer, potential customer, their contact person, potential employee, or other stakeholder with whom communication is important or necessary for us.

Suomen Kotteria Oy 0746615-3 and Savantum Oy 1668386-2 Villanella 5, 00890 Helsinki asiakaspalvelu@kottreia.com +358400868889

What Personal Data We Process

The data stored in the customer register include: name, position, company/organization, phone number, email address, address, personal identification number, business ID, website addresses, IP addresses of online connections, social media service accounts/profiles, information about ordered services and changes to them, billing information, and other information related to customer relationships and ordered services.

The data are stored in the Visma billing system and Sirvoy booking system until further notice and are deleted upon the customer’s request. Additionally, we regularly use the following service providers for data collection: Sirvoy, Google Inc., Constant Contact, Facebook, Linkedin, Booking.com, Airbnb, Tripadvisor, Nettimökki, Hotels.com.

We are not responsible for the information collected and stored by third-party operators, such as internet booking sites or travel agencies, related to accommodation bookings. We only respond to information provided to Suomen Kotteria Oy.

The personal data we process can mainly be divided into the following groups:

  • First and last name.
  • Contact information (phone number, address, and email address).
  • Information related to your position (your employer, profession, job title, qualifications, your position within your organization, and any representation rights you may have).
  • Personal identification number and date of birth.
  • Copy of passport, driver’s license, or identity card.
  • Customer satisfaction or marketing survey responses.
  • Credit and payment history information.
  • Technical details: Cookies, IP addresses, device information, visited pages on our website, and analytics based on them (technical information is not linked to your name or contact information).
  • Other information provided by you when submitting a contact request, such as information contained in a possible message.
  • Information about your work history and educational background (which you have provided to us either during the recruitment process or in connection with our procurement procedures when assessing the qualifications of our suppliers).

Purpose and Legal Basis of Personal Data Processing

We process your personal data only for purposes where the legality of processing is fulfilled. Personal data are used to maintain and manage customer relationships, send customer newsletters, conduct customer satisfaction surveys, carry out billing, and, if necessary, perform debt collection actions.

Suomen Kotteria Oy and Savantum Oy use personal data to:

  • Administer, provide, develop, and maintain Services.
  • Process reservations and orders related to Services.
  • Communicate with customers, e.g., via text messages, through other mobile applications, or by email.
  • Inform about reservation status or reservation-related information before the start of the accommodation period.
  • Identify defects, optimize technology, and facilitate contact in case of problems with booking or the provision of Services.
  • Analyze and improve the quality and experience of Services.
  • Personalize communication with customers regarding Services
  • To analyze the statistics and user behavior of our Services.
  • Improve customer benefits and service experience
  • According to the Act on Accommodation and Catering Services, passenger information and passenger registers can also be used for direct marketing purposes. The information is used to advertise services and products, directly or indirectly, including behavior-based marketing unless the customer has objected to this.
  • In addition, passenger information is processed to maintain public order and safety, prevent and investigate crimes, and to compile statistics.

The legal basis for processing personal data according to the EU GDPR

  • The person’s consent to the use of personal data when the person has ordered Suomen Kotteria Oy’s newsletter (ordered by phone or electronically from our website)
  • Lease agreement
  • Finnish law 28.4.2006/308 “Act on accommodation and catering operations” which obliges the storage of passenger data and enables customer service and the maintenance of customer relations.

The customer has the right at any time and free of charge to prohibit Suomen Kotteria from processing Personal Data for marketing purposes or to withdraw your consent. The information is not used for automated decision-making or profiling.

How do we collect personal data

Basically, we always collect personal data from the customer or other stakeholder directly. If you are the contact person needed to implement the contract, we can also receive the information from the community you represent.

  • in the customer service situation and in connection with the purchase transaction
  • upon the creation of a customer relationship
  • contracts
  • in connection with the marketing event
  • from messages sent by the customer himself via online forms
  • from the customer himself via the network for the subscription to the newsletter
  • from the customer himself via social media
  • from resellers such as Booking.com and AirBNB
  • passenger registration forms

In addition, we may also collect personal data from third parties, such as private and public registers, which include:

  • Suomen Asiakastieto Oy
  • Population register (Väestötietojärjestelmä)
  • Trade register (Kaupparekisteri)
  • Fonecta Oy

Passenger information is also collected from people staying in rental cabins (Act of Finland 28.4.2006/308 “Act on accommodation and catering operations”). The accommodation operator is responsible for collecting personal data from all the passengers. Passengers participating in a group trip can make a joint passenger declaration.

The following information must be collected from all the passengers (passenger information):

1) the passenger’s full name and Finnish personal identification number or, if this is not available, date of birth and citizenship
2) full names and Finnish personal identification numbers of the spouse and minor children accompanying the passenger or, if they are not available, dates of birth
3) passenger’s address
4) the country from which the passenger arrives in Finland
5) passenger’s travel document number
6) Arrival date and departure date at the passenger’s accommodation.

In addition, the passenger can indicate in the passenger notification whether the accommodation is for leisure, work, a meeting or another reason.

The passenger must confirm the passenger information in the passenger notification with his/her signature. However, the leader of the group trip can sign a joint passenger declaration on behalf of the passengers participating in the group trip.

According to the law, physical passenger cards are kept for one year, after which they are destroyed.

How long do we store personal data

We have defined retention periods for personal data. After the storage period ends, the data is deleted. The retention period is not always a predetermined fixed period, but the determined period is based on the validity of our processing purpose and its statutory legal basis (e.g. the duration of the marketing campaign or the validity of the contract) or the fulfillment of a statutory obligation.

We periodically check the validity of our processing purpose and its legal basis and delete personal data whose processing purpose or legal basis has ended.

To whom we disclose personal data – groups of recipients of personal data

As a general rule, information is not disclosed outside of Suomen Kotteria Oy for marketing purposes. Passenger data will be released upon request to the authorities prescribed by law.

We have ensured that the data protection regulation is taken into account in our contracts with service providers. We have ensured that all our service providers comply with data protection legislation. We regularly use the following service providers: Visma, Google Inc., Constant Contact, Facebook / WhatsApp, Twitter, Microsoft Corp/LinkedIn, Booking.com, AirBnB, Tripadvisor, Hotels.com

We can hand over the personal data collected to our selected partners who process personal data on our behalf (e.g. IT and cloud services, debt collection companies and senders of event invitations). With the contract and the instructions given to the processor, we ensure that the processor’s information security and data protection are at the level required by legislation. If necessary, we will ask for your consent to the transfer of personal data.

In addition, we may be obliged to hand over personal data about you to the authorities (e.g. customs, tax administration or police).

Transfer of personal data to third countries

Primarily, your personal data will not be transferred outside the EU or the European Economic Area. In some cases, we may hand over and transfer your personal data to our selected partners operating in third countries, who process personal data on our behalf. In these situations, we comply with the requirements set by the EU General Data Protection Regulation for the transfer of data to third countries:

  • The Commission has decided that the third country in question has organized an adequate level of data protection. No special permission is required for this transfer.
  • We otherwise ensure an adequate level of data protection by using, for example, model clauses prepared by the European Commission in connection with data transfer.
  • We draw up a personal data processing agreement for the transfer and give the processor the necessary instructions.

How do we protect the privacy of personal data?

Your privacy is paramount. Personal information is kept confidential. Given the nature of our business, we use appropriate technical and organizational means to protect data protection and prevent data breaches of personal data. We use information security software according to high standards and limit access to the processing of personal data in our organization and systems to only those persons whose work it is necessary to process your personal data.

Your rights

As a registered user, you have the following rights:

  • Right of inspection: You can check which of your personal data we process. After confirming your identity, we will provide you with the information you have processed and other information required by the EU General Data Protection Regulation, such as additional information about your rights.
  • Right to data correction: You can have your incorrect or incomplete data corrected. Please let us know if you find that your information is incomplete or incorrect, and we will correct it.
  • Deleting your personal data and the right to be “forgotten”. You can demand the deletion of your personal data, provided that no legal basis for processing is met and that the deletion of personal data is not restricted by, for example, a statutory obligation or the settlement of a pending dispute. It should be noted that the controller may have a statutory or other right not to delete the requested information. The registrar is obliged to keep the accounting material in accordance with the period defined in the Accounting Act (Chapter 2, Section 10). For this reason, accounting-related material cannot be deleted before the deadline expires.
  • Limiting the processing of your personal data: If there is any doubt about the legal basis of our processing or the correctness of your data, you can ask us to limit the processing of your personal data while the matter is being investigated.
  • Transfer of your personal data from one system to another: You can ask us to transfer your personal data to another data controller, if it is technically possible and safe.
  • Objecting to the processing of personal data on the basis of our legitimate interest: You can, for example, deny our direct marketing in the manner we have instructed in connection with it.
  • Complaint to the supervisory authority: You can file a complaint with the national data protection authority in all countries where we operate.

Requests regarding your right to delete or check your personal data are requested in writing, signed by post or email, after which we will contact you to implement the request. All requests based on your rights are requested to be addressed in accordance with the Contact section.

Cookies and cookie policy (EU)

This cookie policy was last updated on 10/03/2024 and applies to citizens of the European Economic Area and Swiss permanent residents.

Our website uses cookies. Cookies are text files that can be found on the device you use for browsing. Cookies are used to improve the user experience on our website and for marketing analytics. You can not accept the use of cookies or delete cookies, which may, however, limit the usability of our website.

A cookie is a small, simple file that is sent along with web pages and that your browser saves on the hard drive of your computer or other device. The information stored in it can be returned to our servers or the servers of relevant third parties during the next visit.

A web tracker (or pixel tag) is a small, invisible text or image on a website that is used to track website traffic. This is done by storing various information about you using web trackers. If you wish, you can change your cookie settings.

Types of cookies

1 Technical or functional cookies

Some cookies ensure that certain parts of the website work correctly and that user preferences remain known. By setting functional cookies, we make it easier to visit our website. This way, you don’t have to repeatedly enter the same information when visiting our website and, for example, the products stay in your shopping cart until you’ve paid. We may set these cookies without your consent.

2 Statistical cookies

We use statistical cookies to optimize our users’ website experience. With the help of these statistical cookies, we get information about the use of our website. We ask for your permission to place statistical cookies.

3 Advertising cookies

We use advertising cookies on this website, which allow us to obtain information about the results of the campaign. This is based on the profile we create based on your behavior at https://kotteria.com. With the help of these cookies, you as a website visitor link to a unique ID, but these cookies do not determine your behavior and interest in displaying unique ads.

4 Marketing/Tracking Cookies

Marketing/tracking cookies are cookies or any other form of local storage used to create user profiles to display advertising or track the user on this website or multiple websites for similar marketing purposes.

Since these cookies are marked as tracking cookies, we ask for your permission to place them.

5 Social media

We have included content from Facebook and WhatsApp on our website to promote (e.g. “like”, “pin”) or share (e.g. “tweet”) the website on social networks such as Facebook and WhatsApp. This content is embedded with code from Facebook and WhatsApp and sets cookies. This content may store and process certain information for personalized advertising.

Read the privacy statement of these social networks (which may change regularly) to read what they do with your (personal) data that they process with the help of these cookies. The information to be searched is anonymized as much as possible. Facebook and WhatsApp are located in the United States.

Set cookies and enabling/rejecting and deleting cookies

Google Analytics, Google Ads, Google Fonts, Google reCAPTCHA, Google Maps, YouTube, Facebook, WhatsApp

When you visit our website for the first time, you will see a pop-up window that gives you the option to choose whether you only accept the cookies that are necessary for the website to function, or whether you give your consent to the use of all cookies.

Changing the privacy statement

We will change this privacy statement if our basis for processing personal data or other circumstances valid at the time of drafting this privacy statement change. However, we will not change the processing purpose of your personal data without your consent, as this is the basis for the processing. We undertake to comply with the realization of your statutory rights that we have described, regardless of the change in the privacy statement.

Contacts

You can contact us by email: asiakaspalvelu@kottera.com or by phone +358400868889

You can also contact or file a complaint with the national data protection authority, which is the data protection authority in Finland (www.tietosuoja.fi), Integritetsskyddsmyndigheten (https://www.imy.se/) in Sweden, Datatilsynet in Norway (www.datatilsynet.no) and Andmekaitse Inspektsioon in Estonia. (https://www.aki.ee/et).