This privacy policy is in accordance with the Personal Data Act (523/1999) 10§ and EU’s General Data Protection Regulation.
Date issued: 23.05.2018

1. Register Holder
Sappeen Matkailukeskus / Sappee Resort
Sappeenvuorentie 200
36450 Salmentaka
Tel. +358 20 755 9970

2. Person in Charge of Register
Jouko Poukkanen
Sappeenvuorentie 200
36450 Salmentaka
E-mail: sappee@sappee.fi

3. Name of Register
The customer information register of the Sappee Resort. Information is registered based on a sales or service relationship with Sappee Resort, or signing up to use the services of Sappee Resort, or employment at Sappee Resort.

4. Use of Register
Sappee Resort is committed to protecting the privacy of the users of its services in accordance with the Personal Data Act (523/1999) and other applicable legislation.
The personal data collected and processed is the contact and customer data of those natural persons who have signed up to receive the Sappee Resort newsletter, made a reservation or enrolled in an event, or used some other service of the resort or worked at Sappee Resort.
The contact information and customer registers maintained by Sappee Resort are the register of e-mail newsletter subscribers and the reservation information database of the resort.  The personal information found in the registers can be used within the processes of Sappee Resort in accordance with the Personal Data Act.
Sappee Resort needs this information in order to process and confirm reservations. The data is also needed for the customer to receive information from the resort regarding their reservations.
By using our services, the user accepts this privacy policy. If the user does not accept these terms, the user does not have the right to use our services.
The data is used to produce, realize and develop services and products to customers. It is also used for the purposes of billing, customer relations and development, and anonymously for statistical purposes.
With the customer’s consent, data may also be used for advertising, marketing, direct marketing and target marketing. The customer has the right to deny any direct marketing aimed at them.

5. Content of Register
Customer information gathered by Sappee Resort:
– First and last name
– Address details
– Mobile phone number
– Landline number
– E-mail address
– Date of birth
– Business ID number
– Sex
– other country of residence
– Possible newsletter history
– Event participation
– Direct marketing bans and permissions
– Customer ID number
– Information concerning the reservation such as specific accommodation location, date of departure, date of reservation, possible flight and hotel information, price of the booking, discounts and grounds for discounts, sales channel and possible assistant, reservation party, additional services, customer loyalty numbers.
– Ski days usage information
The above-mentioned data is saved if it is connected to the customership.
Rental services require additional information stated in the terms of delivery, such as:
–    national identification number
–    weight
–    height
–    skill level

6. Sources of Information
–    Information given by the user
–    Information connected to the processing, sending and returning of orders and bookings
–    Maker of reservation, companion or part of group
–    information given by the customer in customer service situations
–    e-mail marketing control system
–    cookies and other techniques
–    phone calls between Sappee and the customer may be recorded

7. Data Transfer Outside of the EU or the European Economic Area
Data may be transferred outside of the EU and the European Economic Area if the technical realization of the service requested by the customer so requires, or for some other reason if necessary by Parts 2 to 5 of Section 23 of the Personal Data Act. Non-EU partners are required to adhere to the EU data protection regulations.
In order to produce services, the necessary information is forwarded to the service provider, e.g. the co-marketing companies of Sappee Resort. Customer data is not given to any third party actors for sales or marketing purposes without the customer’s specific consent. Personal information may be given to third parties such as the police and other authorities in case of a criminal investigation or other obligations to give up certain information in accordance with and within the boudaries of the current legislation.

8. Data Protection Principles
Manual Data:
– manually processed files containing information about registered customers are stored in a secure facility with no unauthorized access. Personal information given for rental purposes is destroyed after the rental time.
Computer Data:
– located in an internet-based service secured by the SSL protocol
– only used by authorized personnel who each have their own personal user name and password. Users are obligated to confidentiality.
Users are authorized and overseen by the person in charge of the register.

9. Checking Your Data
As outlined in the Personal Data Act, a registered customer has the right to check their information in the customer register. This request must be sent in writing via post or e-mail to the person in charge of the register, specified in section 2.
10. Customer’s Right to Deny Data Processing and Correct False Information

The customer of Sappee Resort has the right to correct any false information found in their personal data.

The correction request must be made in writing via post or e-mail to the person in charge or the register, specified in section 2.

A registered customer has the right to deny the using and processing of their information for the purposes of sales, direct marketing, and marketing and opinion surveys, by contacting the customer services at Sappee Resort.

The description of the privacy policy can be changed by publishing new terms on the Sappee Resort web site at www.sappee.fi. We recommend that you check these terms regularly. When adding other people’s personal information, you are responsible for making sure that Sappee Resort has the right to process this information in accordance with the applicable sections of the privacy policy.