Description of data file
Kokkola Tourism Ltd
Market Square 5, 67100 Kokkola
+358 40 8065 075
Business ID: 0700078-3
Person responsible for registry matters
Jari Kola, firstname.lastname@example.org
Purpose of processing of personal data
Our business is based on legitimate business, so we follow the GDPR guidelines for storing personal information:
- The information we store about a person is lawful, reasonable, and transparent with respect to processing.
- The information has a purpose-related nature – for example, the information we collect about individuals is only for a specific purpose. We will not disclose your information to third parties unless there is good reason to do so. We only store the necessary information. We strive to keep our information accurate.
- We restrict data retention – data has a defined lifetime, after which it is automatically or routinely deleted unless there is a legal reason for retention for longer.
- We collect and store information about potential new customers based on customer relationships or business activities. The main uses of the information are: marketing planning and targeting, marketing reporting and analysis, and customer communication. Visit Kokkola uses personal information for direct marketing purposes as permitted by the Personal Data Act. Business intelligence is used to collect new potential customer information.
Information content of the register
We record a minimum amount of customer relationship information, which typically includes the individual name of the person and / or company and contact information such as email and phone number.
The information collected is:
- First and last name
- Contact information (such as company name, contact information, etc.)
- Other textual information related to the customer relationship
- Marketing Authorization or Prohibition
- Billing information
- Information collected through cookies
- Information collected from social media channels
- Web site address
Regular sources of information
Information sources include:
- Web forms on the site
- Personal data is collected from the data subject himself or herself in connection with customer operations, including by telephone, online and at customer events.
- In addition, for business purposes, such as acquiring new customers, we may use, for example, names picked from the media that we may contact in the business sense.
Regular disclosure of information
We use third party services to process and store information that may contain personal information. However, third parties are purely processors of personal data who have the right to process such data only to the extent required by the agreed services, and Visit Kokkola will remain the data controller.
For marketing purposes, we use the services of an external service provider with a separate agreement. We use the MailChimp newsletter tool for email marketing where we record the person’s name and email address. We also use our website to manage customer relationships, where we record the following: person’s name, contact information, and customer relationship-related features, such as requests for quotes from the site.a.
Transfer of data outside the EU or the EEA
Data is not routinely transferred outside the EU and the European Economic Area.
The following principles are observed in keeping the register secure
Visit Kokkola has appropriate technical and organizational security practices and processes in place to protect personal information from loss, misuse or similar unauthorized access.
The personal data contained in the register shall be kept confidential. Access to the register is subject to instructions within the controller organization and access to the personal register is restricted to those employees who are authorized to do so and who need information in the course of their duties to access and access the information contained in the register. Personnel processing personal data shall be bound by the obligation of professional secrecy.
Systems are protected by security software. Access to the system requires each user of the registry to enter a user name and password. The server environment is protected by passwords and an appropriate firewall. The communication between the server and the user’s machine is encrypted. In addition, the data network of the controller and the hardware on which the registry is located are protected by a firewall and other technical measures. Personal data will be destroyed in a secure manner.
You have the right to have access to your personal information and to correct incorrect information about you. You have the right to request the deletion of your personal information at any time, unless it is in our legitimate interest or the law to prevent the removal of some of your personal information. The information shall be provided in writing to the customer in an intelligible form.
The request for verification shall be made in writing..
Right to claim rectification
The controller shall, on its own initiative or at the request of the data subject, correct, delete or complete personal data contained in the register which are inaccurate, unnecessary, incomplete or outdated for the purpose of processing. In addition, personal information may be removed in the event of a customer misusing the service or engaging in criminal or other prohibited activities through the service. The data subject should contact the controller to correct the information by email.
Other rights related to the processing of personal data
Unless otherwise agreed between the controller and the data subject, the data subject also has the right to prohibit the data controller from processing the data concerning him / her for the purposes mentioned in this data sheet. Requests for corrections to marketing bans (call, print direct marketing, SMS and email) will be sent via email.