top of page

Privacy statement

Privacy and Register Statement (GDPR)

This is the register and privacy statement of Hailuodon Elinkeinotoimijat ry in accordance with the EU General Data Protection Regulation (GDPR). Prepared on 23 March 2022. Last updated on 27 December 2023

1. Data Controller

Hailuodon Elinkeinotoimijat ry (Visit Hailuoto)
Luovontie 687
FI-90480 Hailuoto
Finland

📞 +358 41 313 7043
✉️ info@visithailuoto.fi

2. Contact Person Responsible for the Register

Data Protection Officer
Annukka Loukola
📞 +358 41 313 7043
✉️ info@visithailuoto.fi

3. Name of the Register

Customer and Marketing Register

4. Legal Basis and Purpose of Processing Personal Data

The legal basis for processing personal data under the EU General Data Protection Regulation is:

  • Consent of the data subject
    (e.g. consent given when subscribing to a newsletter by providing an email address, or when joining the association and submitting the required membership information)

  • Contract
    where the data subject is a party to an agreement with Visit Hailuoto, either as a member of the association or as a newsletter subscriber

  • Compliance with applicable data protection legislation
    Finnish Data Protection Act:
    https://www.finlex.fi/fi/laki/ajantasa/2018/20181050

  • Performance of a task carried out in the public interest, where applicable

When joining the association, the Data Protection Officer has the right to review the personal data required for membership, as listed on the membership application form. This data is not disclosed to third parties and is not used for marketing purposes.

The purpose of processing personal data is to:

  • communicate with customers and members

  • maintain customer and member relationships

  • conduct marketing communications

  • manage the membership register

Personal data is not used for automated decision-making or profiling.

5. Data Content of the Register

The register may contain the following information:

  • name of the individual

  • company name

  • business or organisation ID (Business ID)

  • contact details (phone number, email address, postal address)

  • website addresses

  • billing information

  • other information related to the customer relationship or services ordered

The newsletter register contains only the email address provided by the subscriber and is maintained until the subscription is cancelled.
Email addresses are not stored in a general register but are kept securely within the service. They are not disclosed to third parties or used by general marketing operators.

Personal data of members is stored for the duration of their membership.
Newsletter subscriber data is stored until the subscription is cancelled or the newsletter service is discontinued.

Newsletter email addresses are anonymised at the time of subscription and are not linked to other personal data.

IP addresses of website visitors and cookies necessary for the functioning of the service are processed based on legitimate interest, for example to ensure information security and to collect statistical data on website usage, insofar as such data is considered personal data.
Consent is requested separately for third-party cookies where required.

6. Regular Sources of Data

Personal data stored in the register is obtained from the data subject through:

  • website forms

  • email correspondence

  • contracts

  • customer meetings

  • other situations where the customer provides their information

Contact details of representatives of companies and organisations may also be collected from public sources such as websites, directory services or other companies. Such data is not automatically added to the register without consent.

7. Regular Disclosure of Data and Transfers Outside the EU or EEA

Personal data is not regularly disclosed to third parties.
Data may be published only to the extent agreed with the data subject.

Personal data is not transferred outside the EU or EEA by the data controller.

Data is stored in a register maintained by Wix.com, which is registered exclusively as the property of Visit Hailuoto (Hailuodon Elinkeinotoimijat ry). Wix does not have access to the contents of the register.

8. Principles of Register Protection

Due care is exercised in processing the register, and data processed using information systems is appropriately protected.
When register data is stored on internet servers, the physical and digital security of the hardware is ensured in accordance with best practices.

The data controller ensures that stored data, access rights to servers and other information critical to personal data security are handled confidentially and only by employees whose duties require such access.

9. Right of Access and Right to Rectification

Each person registered has the right to access their personal data stored in the register and to request correction of any inaccurate or incomplete information.

Requests must be submitted in writing to the data controller:

Hailuodon Elinkeinotoimijat ry
Luovontie 687
FI-90480 Hailuoto
Finland

The data controller may request proof of identity where necessary.
Requests will be answered within the time limits set by the GDPR (generally within one month).
The data controller is not responsible for logistical issues related to the delivery of written requests.

10. Other Rights Related to the Processing of Personal Data

Registered persons have the right to request deletion of their personal data from the register (“the right to be forgotten”).
They also have other rights under the GDPR, such as the right to restrict processing in certain situations.

Requests must be submitted in writing to the data controller.
The data controller may request proof of identity if necessary and will respond within the time limits set by the GDPR (generally within one month).

bottom of page