SC Hotels Operations Oy (Business ID 3291502-9)
Kauppakatu 18C 35
The Hotel Maria
Customer and Marketing Register
Processing of personal data is based on legitimate interest, the relationship between consumer and business customers at The Hotel Maria, operated by SC Hotel Operations Oy. Personal data is collected for a certain, explicit and legal purpose to fill the contractual obligations of the customer relationship. Data collected from the customers
Customer data in the customer and marketing register is used in the following purposes:
A passenger notification is required upon arrival. The processing of the information required by the notification is based on a legal obligation of the controller.
The controller is committed to handling your personal information confidentially and with proper care. The processed data is appropriately protected with information systems. Necessary customer data can be transferred inside The Hotel Maria for account management purposes or if data transfer is needed for legitimate interest. Necessary
customer data can be disclosed to authorities for legal purposes. The controller may also, in individual cases, disclose a customer’s personal data to an appointed party, if the subject asks the controller to do so, or if, based on legislation, a legally valid authority requires the controller to disclose an explicit piece of information from the database operated by the controller.
The data in the customer and marketing register will only be processed by persons whose tasks essentially include processing such data. Logging in the register requires individual usernames and passwords. The collected data is also processed by The Hotel Maria’s subcontractors and service providers, whose right to process customer data is limited to the production of agreed services.
Marketing and targeted advertising:
Marketing is based on the controller’s legitimate interest (in e.g. B2B functions) or on consent by the customer (e.g.consumer customer newsletters). The Hotel Maria performs targeted marketing based on earlier purchasing behavior or information saved in your customer data. This way, the customers can be offered services that are of interest to them. Profiling is based on the customer’s consent. The customer has the right to prohibit direct marketing by removing themselves from the newsletter subscriber list or by sending a removal request to .
Data transfer to locations outside of the EU
In our service production we use service providers that are mainly located in the European economic region. Some of the service providers store information outside of the European economic region. Our service providers are committed to ensuring a sufficient level of data security in all processing of personal data.
The subject has the right to check what data regarding them has been saved in the register. They also have the right to access this data, once they have made a sufficiently precise and identified request for inspection. The controller may ask the subject to adequately specify what data or processing actions the request is about. The request for inspection must be addressed signed and in literal form to the contact information provided by the controller and have a copy of photo proof of identity attached.
The controller is obliged to correct false information in the personal data register as pointed by the subject. The controller is also obliged through their own action to check that the data in the register is appropriate and up to date. The data subject may also request that the controller remove any data about them from the register. See exceptions
under Removal and retention period of data.
The subject has the right to require a limitation to the use of their personal data and the right to oppose the use of the data in e.g. direct marketing. The subject also has the right to receive any data about themselves that they have given the controller in a structured, commonly used and machine-readable form, and the right to transfer said data to another controller. The subject also has the right to oppose automatic decision-making and profiling. The subject has the right to file a complaint to the competent supervisory authority, if the subject sees that the controller has not obeyed appropriate data security regulations in their actions.
The controller will remove customer data from the register once there is no more a commercial reason to process it, or if the subject themselves, based on legislation, demands that the controller remove any data about them. Personal data will not, however, be removed if