Created by: 4.3.2025
Company: Nordic Hospitality x Experience Oy
Business ID: 3500357-8
Email: katri.johansson@nheagency.com
Company: Nordic Hospitality x Experience Oy
Name: Katri Johansson
Email: katri.johansson@nheagency.com
Register of Partners and Stakeholders
The processing of personal data is based on a contractual relationship, another legitimate basis, or the explicit consent of the data subject.
Personal data may be processed to fulfill contractual or statutory obligations, to maintain communication with the data subject and other necessary parties, to send newsletters, provide information, market products and services, conduct market analysis, and develop operations.
The register may store the name and necessary contact details of the data subject, such as address, phone number, and email address, business ID, position within the organization, messages, comments, and materials exchanged between the data controller and the data subject or other relevant parties, consents, prohibitions, and customer feedback.
Technical data may be collected on the use of online services, such as IP address, country or city location, used online services, device and operating system details, browser type, and external websites from which the user arrived or to which they navigate from the data controller’s online service.
Cookies may be used to collect data on service usage.
Data stored in the register is obtained from the data subject themselves, from the technical usage of web and electronic services, from third-party analytics services such as Google Analytics, from public sources, or from providers of public contact information.
Personal data is not regularly disclosed to external parties. However, disclosure is possible for justified purposes.
Personal data is not regularly transferred outside the EU or EEA. If such a transfer occurs, the data controller ensures an adequate level of data protection, for example, by agreeing on the confidentiality and processing of personal data as required by law.
MANUAL MATERIAL
Manual materials are stored in a locked space and disposed of once they have been digitized.
ELECTRONIC MATERIAL
Electronic data is stored securely on the data controller’s premises on computers or storage devices, or securely on an external server or service.
Only authorized personnel within the data controller’s organization who require the data for their work tasks have access to personal data.
Register data is protected from external access through technical solutions and applications.
Register data is regularly backed up, and the ability to restore backed-up data is tested.
The data controller reports any data security breaches directly to authorities or users in accordance with applicable legislation.
Each individual has the right to access their personal data stored in the register.
Requests for inspection must be submitted in writing with the data subject’s signature to the contact person of the data controller at the above contact details.
Each individual has the right to request the correction or deletion of incorrect data in the personal register.
Requests must be submitted in writing with the data subject’s signature to the contact person of the data controller at the above contact details.
The data subject has the right to request the transfer of their data in electronic format to another service provider.
The data subject has the right to withdraw their consent for data processing.
The data subject has the right to prohibit the use of their data for remote sales, direct marketing, market research, and opinion polls.
Requests, consent withdrawals, and prohibitions must be submitted in writing with the data subject’s signature to the contact person of the data controller at the above contact details.
Register data is retained indefinitely.
The data controller retains other registered personal data in accordance with applicable legislation and only as long as necessary for the purposes described in this privacy policy.
Data may be retained in accordance with accounting or other mandatory legislation even after the end of the customer relationship or other basis for data processing.
A visitor to the data controller’s website can clear or block cookies through their browser or device settings. However, this may reduce user experience or cause malfunctions.
The data subject has the right to object to the processing of their personal data, request restrictions on its processing, and file a complaint with the data protection supervisory authority at www.tietosuoja.fi.