Kalajoen Hiekkasärkät Oy

General

We are committed to protecting the privacy of our customers and personnel. However, our operations require some collection and processing of personal data. Personal data may include, but is not limited to, a person’s name, email address, personal identity code and photograph. Kalajoen Hiekkasärkät Oy processes personal data related to its customers and personnel in accordance with this privacy policy and applicable legislation, so we ask you to read through this privacy policy carefully. We may also update this privacy policy as our business develops or legislation changes, so we ask that you re-read this privacy policy from time to time.

Data controller

The data controller in relation to the processing of personal data described in this privacy policy is Kalajoen

Hiekkasärkät Oy (hereinafter also ‘Kalajoen Hiekkasärkät’ or ‘we’):

Kalajoen Hiekkasärkät Oy

Business ID: 0365397-1

Jukupolku 3

85100 Kalajoki

Email: tuula.peltomaa@hiekkasarkat.fi

Data protection matters regarding the customer register and personnel matters are handled by Tuula Peltomaa.

 

Register name

Kalajoen Hiekkasärkät Oy’s customer and personnel registers

For what purpose does Kalajoen Hiekkasärkät collect personal data and on what grounds is the data processed?

We collect, store and process personal data for predefined purposes. We will also ensure that we always have at least one legal basis for the processing. The main purposes and grounds for the processing of personal data are the following:

The provision of our services, billing and collection and the processing of accidents

We collect and process personal data in order to provide our services and invoice for them (e.g. spa services, development services and business premises’ rental services).

Some of our services, such as swimming schools and development services workshops, also require advance registration. If accidents occur on our premises, we may also process data related to them.

For these, the legal grounds for the processing of personal data are, in particular, the performance and preparation of the contract, our legitimate interests, and the fulfilment of legal obligations, and in some respects also consent.

Marketing and communications

We may also carry out direct marketing and other customer communications, so contact information may also be processed for marketing and communications purposes. For this, the legal basis for the processing of personal data is our legitimate interest. We will ensure that the processing based on our legitimate interest is proportionate to the customer’s interests and meets the customer’s reasonable expectations. However, in the case of direct electronic marketing to potential consumers, such as email marketing, the basis for the processing is the person’s consent. In any case, a person has the right to prohibit direct marketing at any time, even if it is not based on consent.

Fulfilment of legal obligations

We may also process personal data to fulfil our legal obligations (such as accounting, taxation, Employment Contracts Act, Limited Liability Companies Act) or to prepare or respond to legal claims.

 

Human resources

Personal data related to our personnel is collected and processed mainly for the purposes of human resource management, such as the fulfilment of employment contract obligations, the payment of wages, other rights and obligations related to the employment relationship and the fulfilment of statutory obligations related to employment relationships. For this, the legal basis for the processing of personal data is the fulfilment of the contract and the fulfilment of the legal obligations related to the employment relationship. Based on consent, we also receive and process personal data related to job seekers obtained from sources other than the job seekers themselves.

 

What personal data does Kalajoen Hiekkasärkät collect and from what sources?

In practice, we only collect and process personal data related to our customers and the users of our services, as well as personal data related to our personnel. We also control a statutory shareholder list, so we also process the personal data of our shareholders. The personal data is obtained almost exclusively from the persons themselves.

 

We typically process the following personal data related to our customers and the users of our services:

Contact information collected in the pool area and its use:

  • the names of those who have registered for swimming school and the contact information of their parents in case of changes and possible accidents.
  • implementation of swimming campaigns: name and telephone number (optional) for a draw.
  • accident situations: in the event of an accident, we record the person’s information. We need this information if the situation requires follow-up actions (insurance matters, etc.)

Sales Ledger:

  • sales invoicing: basic customer information, such as name, personal identity code, contact information
  • the spa’s swimming check lists in paper form and names of users
  • exercise vouchers (billable), user name, the vouchers are scanned as an invoice attachment
  • exercise vouchers (paper), user name, the vouchers (e.g. Smartum) are sent by post
  • any personal data collected in connection with sales and marketing activities (such as name, telephone number, email address / address) and marketing consent/prohibition
  • personal data collected in connection with office hotel services, such as name, telephone number, email address and address.
  • Participation in development services workshops, training courses and events

We mainly receive personal data regarding our personnel from the persons themselves. We may also process data regarding our personnel that is otherwise generated during the employment relationship. We obtain personal data related to job seekers from the person themselves or, with their consent, from others, such as referees or aptitude testers. We mainly collect and process the following data related to our personnel:

  • Employee name, personal identity code and contact details
  • Salary breakdowns

The following data regarding personnel may be disclosed to third parties:

  • Notifications to the tax authority for withholding tax
  • Statutory insurance; accident, unemployment and group life insurance; employer’s pension insurance; employee’s name; personal identity code
  • Statistics Finland: employment data, employee’s name, personal identity code, occupation

With regard to our shareholders, we maintain a list of shareholders in accordance with the Limited Liability Companies Act, which may also contain personal data.

Who processes the personal data and is it disclosed to third parties?

As a rule, personal data is processed by the personnel of our company in the performance of their duties. We may also outsource some elements of the processing of personal data, such as the information systems used to store and process personal data (cloud storage services), or use subcontractors for financial management, acquisition of new customers and partners, as well as development services, for example. When using such subcontractors, we draw up agreements to ensure that the confidentiality of personal data is maintained and the data is otherwise processed according to law and only for our benefit.

Otherwise, we may also disclose data when required by law, a court of law or a competent authority (e.g. the tax authority). We may also disclose your data if we are involved in an acquisition or asset deal.

 

Is the data transferred outside the EU?

As a rule, personal data is not be transferred outside the EU. In some cases, we may also transfer personal data to organisations operating outside the EU or the EEA in so-called third countries. In this case, we will ensure that the data transfer takes place with sufficient safeguard measures in accordance with applicable data protection legislation. The primary options are transfer to a country approved by the European Commission as a country of adequate level of data protection or the use of the EU’s standard contractual clauses.

 

How long is personal data stored?

We will not retain personal data for longer than is required by its purpose, an agreement or law. For example, accounting, consumer, labour and insurance legislation imposes obligations on the longer-term retention of personal data. However, the retention periods of personal data may vary depending on the purpose of its use and the situation. Personal data may also be deleted if the person withdraws their consent or requests the deletion of their data (and we have no other legal basis for processing the data), the contractual relationship ends or the data is out of date or incorrect. We may also update the information as needed.

How is the data stored and protected?

Personal data is stored and protected in accordance with general industry standards. With regard to data stored in electronic format, access to the personal data is restricted by access rights. We generally treat the data as confidential and do not disclose it publicly and do not sell or rent the information for marketing purposes. We only collect as much personal data as we need for our purposes. Our premises are also well protected and locked.

 

Is the disclosure of personal data mandatory and what are the consequences of non-disclosure?

In most cases, the disclosure of personal data is voluntary. Sometimes disclosure is mandatory to the extent required to conclude a customer or employment contract, fulfil the obligations associated with it and monitor the realisation of our own rights under the contract. In an employment relationship, we also need personal data to the extent required to fulfil our obligations related to the fulfilment of the employment contract and the law.

Does the website use cookies and what are they?

We use cookies on our website to provide the best possible user experience for visitors to the site. Cookies are short text files that the web server stores on the user’s device. Cookies give us information about how our website is used. We may use cookies to develop our services and website, analyse the use of the website and target and optimise marketing. The storage of cookies or other information describing the use of the service on the user’s device and the use of this information is permitted for the service provider if the user has given their consent and the service provider provides the user with comprehensible and comprehensive information about the purpose of their storage or use. As a user of our website, you can accept or deny the use of cookies in your web browser settings. Please note that blocking cookies may limit the functionality of our website.

What rights and influence do you have over your personal data?

Withdrawal of consent

If we process your data based on your consent, you may withdraw your consent at any time by notifying us using the contact information given above.

 

Access to the data

You have the right to receive confirmation from us about whether we are processing your personal data and to know what personal data concerning you we are processing. In addition to this, you have the right to receive additional information about the grounds for the processing of your personal data.

 

Right to rectification

You have the right to request that we correct any inaccurate or outdated or otherwise incomplete personal data concerning you.

 

Right to erasure

You have the right to request the erasure of personal data concerning you, for example, when you withdraw your consent to the processing of data, object to the processing of data, object to the processing of data for direct marketing purposes or the processing of your data is illegal. We shall delete the personal data concerning you unless there is another valid reason for the processing.

 

Right to prohibit direct marketing

You may prohibit the processing of your personal data for direct marketing purposes by contacting us using the contact information given above by sending us an email, for example.

 

Right to object to processing

If we process your personal data on the grounds of public interest or our legitimate interest, you have the right to object to the processing of your personal data if there is no compelling reason to override your rights or the processing is not necessary to handle a legal claim. Please note that this means that we will probably no longer be able to serve you.

 

Right to restrict processing

In certain situations, you have the right to request that we restrict the processing of your personal data.

 

Right to data portability

If we have processed your personal data automatically and based on your consent or the fulfilment of an agreement, you have the right to receive the information you have provided to us electronically in a commonly used format so that the information can be transferred to another service provider.

 

How can you exercise your rights?

You may exercise your rights described above by contacting us using the contact information given above or by visiting us in person. Please note that we must adequately verify your identity upon your request (e.g. a handwritten signature or presentation of ID). Please also note that we may refuse to comply with your request on the basis of applicable legislation. If you believe that the processing of your personal data is not lawful, you may also lodge a complaint with the competent supervisory authority (Data Protection Ombudsman).

 

Can this privacy policy be updated?

We may make updates to this privacy policy if our operations or data protection principles change. Updates may also become relevant if there are changes to applicable legislation. The changes will take effect when we publish the updated privacy policy. Therefore, we ask you to regularly review the contents of this privacy policy.

 

This privacy policy was last updated on 30 October 2020.

Who can I contact on data protection matters?

Kalajoen Hiekkasärkät Oy

Business ID: 0365397-1

Jukupolku 3

85100 Kalajoki

Email: tuula.peltomaa@hiekkasarkat.fi

Data protection matters regarding the customer register and personnel matters are handled by Tuula Peltomaa.