This is the register and data protection statement of Strömfors Bed & Bistro Oy according to the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared on 1st of January 2023.

  1. Registrar
    Strömfors Bed & Bistro Oy
    Ruukintie 10A, 07970 Ruotsinpyhtää
  2. Contact person in all matters concerning the register
    In matters related to the register and the use of the rights of the registered person, the contact person is:
    Katja Euro [email protected]
  3. Register name
    Strömfors Bed & Bistro Oy’s customer register
  4. Legal basis for processing personal data
    The processing of personal data in the customer register is based on the customer relationship of private customers and business customers with Strömfors Bed & Bistro, the consent given by the data subject, or the legitimate interest of the registrar. The registrar processes customer data based on an agreement between the registrar and the data subject. These criteria are used to process personal data that is taken from the customer when making a meeting, restaurant or room reservation, or for their invoicing. The collection of guest customer data is based on the Act on Accommodation and Catering Activities.
  5. Purpose of the register
    Customer relationship management
    Managing accommodation reservations
    Payment, payment control, and payment collection
    Customer service development
    Making table reservations related to dining and reserving meeting rooms
    Taking into account the wishes of loyal customers
    Marketing of services
  6. Data content of the register
    Customer information: name, contact information, and billing information
    Customer feedback information
    Reservation information about previously made reservations
    Information related to the customer’s wishes
    The customer’s consent to direct marketing carried out by e-mail, SMS, and other automatic systems
    Prohibition information on direct advertising, distance selling, and other direct marketing in accordance with legislation
  7. Regular sources of information
    The information stored in the register is obtained from messages sent by the customer using website contact forms, by e-mail, by phone, via social media services, contracts, customer meetings, and other situations where the customer discloses their information to the registrar.
  8. Regular transfers of data and transfer of data outside the EU or EEA
    Data is not transferred by the registrar outside the EU or EEA.
  9. Principles of the register protection
    Utmost care is taken by the registrar when processing the register, and the information processed with the help of information systems is properly protected. When registry data is stored on Internet servers, the physical and digital data security of their hardware is taken care of accordingly. The registrar ensures that stored data as well as server access rights and other data critical to the security of personal data are handled confidentially and only by those employees whose job entails it.
  10. The right of inspection and the right to demand correction of information
    Every person whose data is in the register has the right to check their information stored in the register and demand the correction of any incorrect information or the completion of incomplete information. If a person wants to check the information stored about him or demand correction, the request must be sent in writing to the registrar. If necessary, the registrar may ask the requester to prove their identity. The registrar responds to the requester within the time stipulated in the EU data protection regulation (generally, within a month).
  11. Other rights related to the processing of personal data
    A person whose data is in the register has the right to request the removal of personal data about them from the register (“right to be forgotten”). Those registered also have other rights according to the EU’s General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests must be sent in writing to the registrar. If necessary, the registrar may ask the requester to prove their identity. The registrar responds to the requester within the time stipulated in the EU data protection regulation (generally, within a month).