Privacy Policy

This is the registry and privacy policy of Kolmen Koukun Oy required by the General Data Protection Regulation of European Union.
Last changed: November 22, 2019.

Data Controller
Kolmen Koukun Oy
Company Registration Number FI2790342-9
c/o Tuija Brilli tmi
PL 1021, 04431 Järvenpää, Finland

Contact Person
Tuija Brilli
Tel. +358 44 522 5002

Registry Name
Kolmen Koukun Oy majoittujat

Legal Basis and Purpose for Personal Data Processing
The legitimate interests pursued by the Data Controller are the legal basis in accordance with the General Data Protection Regulation of European Union for this registry. Kolmen Koukun Oy collects the personal data of people taking lodgings at Raitopolku 4, Saariselkä. This data is used to manage the accommodations business, such as sending preliminary information, invoicing, notifying the customers about any items forgotten at the cabin. The data will be stored for at most three years.

The data can be used to promote the cabin to lodgers who have given a specific permission for data usage. We will only provide the data to authorities in the extent required by legislation.

Data Content of the Registry
Name, address, social security number, phone number, e-mail address and purpose of the trip (business/pleasure/other).

Regular Data Sources
Data entered by the lodgers themselves.

Providing data and transferring the data outside of EU or EEA
Registry data will not be provided to third parties; authorities will be provided by request. The Register and Data Controller’s systems are located in EU, but the Data Controller has, for the purpose of implementing the service, the right to transfer personal data outside of European Union or European Economic Area in accordance with the Data Protection Regulation.

Registry Protection Policy
A Manual materials
Storage in a locked room.

B Data processed by computer
Forms are stored in accordance with the contract in servers of Finnish Net Solutions Oy.

Right to access and other rights of the registered
A registered person has the right, among other things:
• To ask the Data Controller for access to their personal data, and the right to request rectification, deletion or restricting processing of their personal data. Any requests should be sent in writing to the Data Controller. The Data Controller may ask the requester to prove their identity. The Data Controller will respond to the customer within the time defined in the GDPR (principally, within a month).
• To complain to a supervisory authority; contact information of the Data Protection Ombudsman can be found at