Last update 25th May 2018
According to the General Data Protection Regulation, the personal data controller of a register is obligated to inform the register’s data subjects in a clear manner. This statement fulfils this informing obligation.
1. Personal data and controller
Name of the register:Controller:
User Register of Beyond Arctic Ltd. Registration is based on sales and service contract between Beyond Arctic and the customer using our services.
Beyond Arctic Ltd (“Beyond Arctic”)
Business ID: 2763270-2
Address: Valtakatu 21, 96200 Rovaniemi
Phone: +358 50 323 1090
E-mail: firstname.lastname@example.orgContact Person:
+358 50 323 1090
2. Personal data we collect
The customer register contains the following information:
Contact & customer information
When you browse our websites, we might collect:
- Phone number
- Country of origin
- Any other information customer provides
- Information of products/ services bought
When you buy our services from our webpage, we might collect:
- Information about your browsing behaviour on our website.
- Information about the way you access our digital services, including operating system, IP address, online identifiers and browser details.
When you contact us by email, phone, message, social media or contact form, we might collect:
- Your personal details, including your name, address, country of origin, email address, phone number.
- Relevant medical data and any special, dietary or disability requests.
- Any other information customer provides
- Your email address and name related to it
- Conversations between Beyond Arctic and the customer
- Your personal details, including your name, address, country of origin, email address, phone number you have provided us.
- Relevant medical data and any special, dietary or disability requests you have provided us.
- Any other information you provide us.
3. Legal basis and purpose of processing personal data
Processing of personal data is based on contract and customer relationship between a Customer and Beyond Arctic. Beyond Arctic collects data to organize and deliver services and products for customers. Data is mostly used to identify customer who has made a booking for our services. Without this data, Beyond Arctic is incapable of delivering a service for customer.
Data can be also used to analyse the market, customers and services for developing and improving the quality of the services. It can be used to send invoices and to manage customer relationship and communication. Some data is also used in direct marketing, advertising and to target our marketing for customers. Customer has right to forbit the use of data in marketing purposes.Data we collect is gathered from following sources:
- sent by email
- talked on phone or sent by message or WhatsApp
- making a booking through our webpage
- making a booking through any third-party services
- sending a message through the contact form in our webpage
- any data collected through marketing services we use
- using social media platforms (Facebook, Twitter, Instagram, Google+)
- meeting the customer directly
- any other forms customer provides us information
4. Transfer of personal data outside of EU/EEA
Beyond Arctic may use subcontractors outside EU when collecting data and providing services. Personal data may be transferred outside EU only if it’s necessary for organizing and delivering services for customers. This may concern the servers we use to store our user register. If any data is transferred outside EU, our subcontractors must be approved to follow general data protection regulation of EU. We will safeguard the sufficient level of personal data protection by e.g. agreeing on matters related to the confidentiality and processing of personal data in compliance with legislation. Personal data of customers is never transferred to third parties for any sales- or marketing purposes.
5. Regular disclosure of data
We have made sure that all our service providers are complying with data protection legislation. For more information about our service providers, please contact us.
Personal data can be transferred to officials according to current legislation and law.
6. Data Security and retention
Beyond Arctic has carried out the technical and organizational measures for securing personal data from unauthorized access or any unlawful use and processing. All the customer data is stored digitally to servers which are secured with appropriate data security methods. If any data is manually printed we have taken care of appropriate storage of the data and take care of demolishing it appropriately.
User data is accessible only by employees of Beyond Arctic who has justifiable reason to access and process the information. The register can be only accessed with user rights and password. All the employees of Beyond Arctic are required professional confidentiality when processing any data related to the company. We may also outsource the processing of personal data partly to a third party, in which case we will guarantee with contractual arrangements that personal data is processed in compliance with valid data protection legislation and otherwise appropriately.
Beyond Arctic will retain personal data for as long as necessary to organize and provide services and products for customers. Personal data may be retained for Beyond Arctic marketing purposes for as long as seen necessary to maintain relationship with the customer.
7. User rights
- Customer has right to receive him/her personal data from our user register and request to change or complete wrong or insufficient information.
- Customer has the right to access the data of him/her and upon request, obtain a copy of the data.
- Customer has right to request deletion of his/her personal data from our register. We will handle the request for deletion and proceed to either delete the data or state a justified reason for not being able to delete the data.
- Customer has right to complain to the Data Protection Supervisor if the data subject feels that we are violating the effective data protection regulation when processing personal data.
- Customer has the right to forbid the use of personal data for direct marketing.
Any requests related to rights mentioned above must be made in written form straight to Beyond Arctic. Beyond Arctic will answer to requests on appropriate time defined in general data protection regulation of EU.
Customer is responsible to inform Beyond Arctic for possible changes in personal data. If changes are not informed, Beyond Arctic can’t be held responsible for any delays, changes of schedule or any other service related issues caused by wrong customer details.
9. Your acceptance of these terms