2. Registered Customers
3. Grounds for and purpose of keeping the register Grounds for keeping the register:
GF Finance Oy acts as a registrar with regard to the processing of personal data, for example in connection with hotel reservations, and the collection and processing of personal data in the customer register is based on the customer relationship of consumer customers and business customers with Service Restaurants Oy. Customer data is processed on the basis of consent when registering on its website (www.hotelapollo.fi). In this context, personal data means any information that can be linked, directly or indirectly, to a natural person.
Personal information is used: 1. customer relationship management and administration such as handling customer bookings and orders. 2. Communicate via SMS, mobile apps, email or newsletter app. 3. processing of bookings made by the customer. 4. maintenance and development of services. 5. sales and implementation of services. 6. the processing of personal data in connection with payment, invoicing and the control and recovery of payments 7. analysis and profiling of customer or other registered behavior electronic direct marketing, marketing, targeting of advertising in our company's own and on behalf of our company online services operating on the basis of a contract. 8. we process personal information collected by Best Western International, Inc. in the BEST WESTERN REWARDS® (“BWR®”) program that uses our services. Processing of business contact information The controller shall process the following personal data in respect of its business customers: Name, address, e-mail address, telephone number of the contact person of the business customer Prohibited information on direct advertising, distance selling and other direct marketing provided by the company's contact person, as well as any customer feedback and complaint information We will protect your privacy and comply with applicable law to protect you as an individual. Changes to this privacy statement can be made by publishing the new terms and conditions on the Best Western Hotel Apollo website www.hotelapollo.fi. We recommend that you use our website regularly and take note of any changes to this leaflet.
5. Rights of the data subject Right of inspection The data subject can check the personal data we have stored. Right to rectification The data subject may request the correction of incorrect or incomplete information concerning him. Right to object The data subject may object to the processing of personal data if he or she feels that the personal data has been processed unlawfully. Prohibition of direct marketing The data subject has the right to prohibit the use of the data for direct marketing. The registrant also has the option to change or prohibit direct marketing through the website. Right to delete data The data subject has the right to request the deletion of data if it is not necessary to process the data. We will process the deletion request, after which we will either delete the data or state a valid reason why the data cannot be deleted. You can delete a website newsletter via the link included in the newsletter. It should be noted that the controller may have a statutory or other right not to delete the requested information. The registrar has e.g. the obligation to keep the accounting material in accordance with the period (10 years) specified in the Accounting Act (Chapter 2, Section 10). Therefore, accounting material cannot be deleted before the deadline.
Withdrawal of consent If the processing of personal data concerning the data subject is based only on consent and not, for example, on the basis of customer relationship or membership, the data subject may withdraw the consent. The data subject may appeal against the decision to the Data Protection Officer The data subject has the right to demand that we therefore limit the processing of the disputed data until the matter can be resolved. Right of appeal The data subject shall have the right to lodge a complaint with the competent supervisory authority if the data subject considers that the controller has not complied with the applicable data protection rules. In matters relating to the processing of personal data and in situations involving the exercise of his or her rights, the data subject may contact the controller's contact person referred to in paragraph 1. A request for the right of inspection or any other request for the exercise of the data subject's rights to the controller must be made in writing, either by e-mail or post. The request may also be made in person at the controller's office. The controller may ask the data subject to specify in a sufficient manner which data or processing operations are the subject of the data subject's request. In order to ensure that personal data are not disclosed to a non-data subject in connection with the exercise of the data subject's rights, the controller may, if necessary, request the data subject to submit a signed request for verification. The controller may also ask the applicant to prove his or her identity by means of an official identity card or other reliable means.
6. Regular sources of information Customer information is obtained regularly: Register information is collected in the event of a booking by telephone, e-mail or via Internet sites and booking agents. The registry information is updated with the customer's own notification. In addition, the information is updated from the registers of Formia Future Oy and its subsidiaries (Sarmasol Oy and Apollo Henkilöstövuokraus Oy).
7. Regular disclosures We provide information for the use of Formia Future Oy and its subsidiaries (Sarmasol Oy and Apollo Henkilöstövuokraus Oy) for customer service. Formia Future Oy and its subsidiaries (Sarmasol Oy and Apollo Henkilöstövuokraus Oy) are committed to complying with the requirements of the Data Protection Regulation. Information may be disclosed to public authorities on the basis of their legal requests for information.
8. Duration of processing The customer's personal data in the customer register is processed during the customer relationship. The registrar considers the customer relationship to have ended if the customer has not used the services of the company that is the registrar for 3 years. The time is calculated from the end of the calendar year in which the customer last used the company's services. However, after the termination of the customer relationship, the data may be stored and processed if it is necessary for the handling of complaints. The retention period of information in the customer register also complies with the retention periods required by law, such as the Accounting Act. The retention period of accounting material is provided for in the Accounting Act 2:10 and the information required by the Accounting Act is retained for as long as required by the Accounting Act. The contact information of corporate customers is deleted in a similar way after the company's customer relationship is considered terminated. However, the data may then be retained if there is another reason to do so. During the customer relationship, only information that is necessary for the defined uses is processed. The controller shall carry out regular periodic inspections to remove unnecessary information.
9. Processors of personal data The controller and his staff process personal data. We may also partially outsource the processing of personal data to a third party, in which case we guarantee through contractual arrangements that the personal data will be processed in accordance with applicable data protection legislation and otherwise in an appropriate manner.
10. Data transfer outside the EU Personal data will not be transferred outside the EU or the European Economic Area unless the customer joins the Best Western Rewards Loyalty Program (BWR). The Loyal Customer System is operated by Best Western International (BWI), which respects the Privacy Shield between the United States and the European Union and the Privacy Shield between the United States and Switzerland, as required by the US Department of Commerce for the collection and use of personal information in the European Union and Switzerland. . BWI has sent its own Declaration of Conformity that it complies with the Privacy Shield - the principles of privacy statement, selection, transmission, data security, data integrity, availability and enforcement. For more information about the Privacy Shield program, visit
http://www.privacyshield.govand also view the BWI Declaration of Conformity as soon as it is approved by the U.S. Department of Commerce. Please note that if BWI violates the Privacy Shield, the U.S. Federal Competition Commission and / or the U.S. Department of Commerce may initiate an investigation into the violation.
11. Automatic decision making and profiling We do not use the information for automatic decision making, but we do use profiling to identify registrants ’personal profiles, online behavior, age, consumption habits. We can use this information to target marketing and develop services.
Functional cookies Functional cookies are necessary to use the website and its features. For example, cookies are used to remember login information and language settings. Functional cookies can also be used to personalize websites. Behavioral cookies These cookies collect anonymous statistics about how people use the website. For example, they can help us understand how users use our website and what the most popular parts of our website are. Targeted advertising cookies These cookies collect information about your browsing activities. They are used to make advertising more interesting and better suited to your needs. We may also use these cookies to limit the number of ads that appear to you and to evaluate the effectiveness of advertising on the Website. Cookies are usually managed by a third-party ad network set so that you can provide your online activity on the basis of content of interest. Other third-party cookies We may also use social media cookies on our website. These cookies collect information about what you have done on social media websites such as Facebook, Twitter and LinkedIn. We are not responsible for such cookies. Carefully read the privacy policies of those third parties.