1. Controller of the register
In accordance with the applicable data protection law, the controller is the Paimio Sanatorium Foundation sr / Paimio Sanatorium Ltd. (hereinafter ‘Paimio Sanatorium, ‘we’, ‘us’ or ‘our’). Paimio Sanatorium is responsible for the processing of your personal data in accordance with this policy and applicable data protection laws.
Paimio Sanatorium Foundation sr / Paimio Sanatorium Ltd
Alvar Aallon tie 275
21540 Paimio, Finland
Business ID: 3175265-1 (Paimio Sanatorium Foundation sr), 3176608-4 (Paimio Sanatorium Ltd)
2. Contact person for the register
Paimio Sanatorium Foundation sr / Mirkku Kullberg, CEO
Paimio Sanatorium Ltd / Kari Halinen, CEO
Alvar Aallon tie 275
21540 Paimio, Finland
3. Name of the register
The Paimio Sanatorium customer register
4. The reason for collecting personal information
We process personal information in order to manage customer relationships, to handle orders/reservations, for invoicing purposes, as well as to improve the user experience on our website, enable analytics, and prevent violations. The information is also used for communications and events of the Paimio Sanatorium in case customer has given permission for that. You have the right to refuse
the processing of your information for direct marketing purposes.
5. The content of the register
The following information is collected within the register: the name of the customer or company/organization, the VAT number of the company, address details, telephone number, email address, permissions for marketing, payment and invoicing details, and other order and delivery related information. The personal identification number of the customer booking an accommodation in the Sanatorium is collected for credit agreement purposes only. When you sign up to our newsletter or complete our customer survey,
6. Regular information sources
The primary source of information is the user/customer, either via online reservations, email, or telephone. We aim to keep you informed about which information we need to collect for agreement purposes, and which is completely voluntary.
7. Release of data to third parties
Your information will only be used for customer relationship management. We may release certain necessary information to third parties, such as payment partners, credit organizations for payments in installments, delivery partners to guarantee deliveries, or analytics and statistics partners for analytics purposes. We may also share information with the authorities when
required to do so by law.
8. Data transfer outside the EU or EEC
Your information will not be transferred outside the EU or EEC.
9. Data storage
The Paimio Sanatorium stores your information until further notice for the duration of the customer relationship. You can request your information to be removed at any time. However, payment and billing information related to your completed orders/reservations is stored as required by the Accounting Act (1997/1336, chapter 2, § 10).
11. The principles and measures to protect the data register
We apply extreme care in handling our customer register and ensure all the information we process is appropriately protected. Customer information is collected in a protected electronic database, accessing which requires a username and password. Usernames and the different tiers of access rights can only be assigned and defined by the main user of the customer register.
The customer register is handled in utmost confidence. The information is only processed by personnel of the Paimio Sanatorium authorized to do so and bound by a non-disclosure agreement. Customer information is stored digitally, and any unnecessary printed documents are destroyed appropriately.
12. The right to review and request the correction of your information
You may request clarification of your personal data, containing all the personal information which you have provided to us.
To do this, please contact us via email. You may also request your personal information to be deleted or corrected, as well as refuse the processing of your information for marketing purposes. Any such requests should be addressed to the assigned contact person of the customer register. The right to request the deletion of personal information does not apply to information which we are required to store due to maintenance, juridical, accounting, or information security related reasons or obligations.
You can contact us via email at firstname.lastname@example.org