Description of data file

Under Section 10 of the Personal Data Act (523/99)

Name of the register
lahtiregion.fi register

Compiling date of the description of data file
30 September 2013

Controller

Lahti Region Ltd
Business ID: 1074350-2
Askonkatu 9 F, 4th floor
Phone: +358 (0)207 281 750

Lahti Region Ltd maintains the register only for its own use.

Lahden seutu – Lahti Region Ltd obtained the Lahtitravel.fi register on 1 January 2013, due to the merger with Lahti Travel Ltd. The execution of the merger between Lahti Travel Ltd and Lahden Seutu – Lahti Region Ltd was registered on 30 September 2013.

1. Purpose of the processing of personal data

The personal data of the users (‘User’) of the website, maintained by the controller, is processed in order to properly carry out the following actions that are directed at the users: distribution of information, offering and delivering products and services, conducting studies, organising campaigns and competitions, and conducting advertising and marketing. More specifically, the personal data is used:

as the basis for establishing, realising and executing customer relations or other contractual relationships; identifying a person who is participating in a competition or other campaign in an appropriate manner; carrying out tasks that are required in connection with memberships, contractual relationships or similar connections, i.e. communicating, conducting analyses, compiling statistics, and maintenance and development work; direct advertising, distance selling, other direct marketing, opinion polls and market research in the manner and to the extent permitted by law, unless the ‘User’ has denied permission for such collecting and maintaining of his/her personal data; and for purposes to which the ‘User’ has given explicit consent.

2. Data content of the data file

The user-specific data contents of the register can vary, based on how the user uses the service. The following data is entered into the register as general data about the ‘Users’: name, title or profession, age, gender, native language, postal address, phone number, e-mail address, and a possible restriction set by the ‘User’ regarding the disclosure of data for direct marketing purposes.

In order to enable and secure those actions required for providing services that are subject to a fee, establishing customer relationships and entering into a contract, the following data about the ‘Users’ can be entered into the register, in addition to the general information: nationality, personal identity code or date of birth, customer and user ID or other similar information used for identification purposes, country and place of residence therein, country of tax residence, possible business ID; business name of the community the user represents and the community’s business ID, postal address, phone numbers, web address and the user’s position within the community; the employer’s business name, business ID, postal address, phone numbers and website; the starting date of the customer relationship or other contractual relationship, membership in a special customer programme or group, interests and other profiling information personally provided by the customer.

3. Regular sources of data

The data is gathered directly from the users when they register with the service and use it, and when they otherwise take part in a function on the website that requires them to provide data. Data can also be collected from customer feedback forms and accommodation notifications, as well as selectively from the Population Register and other general registers to the extent permitted by law.

4. Regular disclosures of data

Data can be disclosed to parties that belong to the same Group or economic combine as the controller, in the manner and to the extent permitted by law. Restricted personal data, specifically defined by law, can also be disclosed for the purposes of direct advertising, distance selling and other direct marketing, as well as to conduct opinion polls and marketing research in the manner and to the extent permitted by law, unless the user prohibits the disclosure of the data.

If the user does not want his/her data to be used, he/she must notify the controller of the lahtiregion register of this separately at info (at) lahtiregion.fi. The servers and other technical equipment used for processing the data may be owned and managed by an external service provider used by the controller, and the controller may obtain the services necessary for using them from an external service provider.

Transferring data outside the EU or EEA. The data can be transferred outside the European Union and the European Economic Area if this is necessary, in order to technically implement the service required by the User, or if otherwise necessary on the grounds of Paragraphs 2–5 of Section 23 of the Personal Data Act.

4.1 Collecting and using personal data

The register is used for the purposes of managing customer relationships, contacting customers and marketing, as well as Lahti Region Ltd’s own direct marketing, unless the customer has forbidden the use of his/her data for direct marketing. Lahti Region Ltd does not disclose any customer data to third parties. Lahti Region Ltd uses this and other data created during the customer relationship to plan and focus the products and services offered. The objective is to operate in a customer-oriented manner and to also take into consideration the customers’ various preferences with regard to the purchase channel.

4.2 Data content of the data file

The customer register comprises several separate registers that are assembled, based on the primary purpose of the register. The customer data contained in these registers form saved data sets about the customer in the following manner:

4.2.1 The contact information of a customer of the lahtiregion.fi webstore and any data required for placing and order

Personal data of webstore customers: The customer register saves the data provided on the registration form by the customer when he/she registers with the lahtiregion.fi service. The following data is required when registering: first name, last name, street address, postal code, town/city, e-mail address, user ID and password. Optional data includes other contact information and other data disclosed by the customer.
The following customer data are collected from orders placed at the webstore: Data required for processing and delivering orders placed at the webstore: contact information, phone number, e-mail address.
Data collected about the customer’s use of the website, such as contact information and the customer’s interests.

4.3. Accuracy and changes to the collected data

Lahti Region Ltd may, at its own initiative or at your request, supplement, correct or remove incomplete, inaccurate or outdated personal information obtained in conjunction with activity on this website.

5. Description of the principles for securing the register

The following principles are observed in keeping the register secure.

There are rules for using the register: the data in the register can only be accessed by individuals determined in advance, in conjunction with their work duties; the data is to be collected in electronic databases which contain servers that are secured with firewalls, passwords and other up-to-date technical means; the servers that contain the data are to be located in locked locations, equipped with adequate access control systems; and written agreements have been entered into with possible external service providers to ensure confidential treatment of the data; and the data is to be secured in a manner that fulfils the requirements determined earlier in this paragraph.

6. Right of access and right to prohibit Data protection authorities

For the information of users, users have the right under Section 26 of the Personal Data Act to check what data on him/her are entered in the register. Requests regarding implementing the right of access shall be presented to the controller in writing, delivered to the address stated later in this description of data file.

Again for the information of users, under Section 30 of the Personal Data Act, the user has the right to prohibit the controller from processing any personal data about the user for the purposes of direct advertising, distance selling, other direct marketing, market research, opinion polls, public registers and genealogical research.

Again for the information of users, data protection authorities provide advice concerning the processing and monitoring of personal data by data protection authorities, and monitor the processing of personal data, in accordance with the Personal Data Act. Data protection authorities also resolve some matters that concern the implementation of the right of access to personal data and the altering of data, specified more closely in the Personal Data Act. You can find more information about data protection authorities, for example, online at www.tietosuoja.fi

Person in charge of the register
Hanna Rättö
Tel. +358 (0)40 350 8938
hanna.ratto (at) lahtiregion.fi