PERSONAL AND DATA PROTECTION REGISTER

Airavia Ltd’s register and data protection statement in accordance with the Personal Data Act (Sections 10 and 24) and the EU’s General Data Protection Regulation (GDPR). Prepared in 2018, latest change 05/26/2021.

Controller: Airavia Ltd, business ID: FI0410298-
Postal address: Kiteentie 16, 04410 Järvenpää, Finland – phone: +358 40 501 9116
Contact information of the person responsible for data protection and registry matters: minna.kopra (at) airavia.fi

Registry name
Airavia Ltd Customer, marketing and communication register

Purpose of personal data processing
The accommodation operator can use automatic data processing or manually keep a register of the passenger data referred to in subsections 1 and 2 of Section 6 of the Accommodation and Catering Act (passenger register). Passenger information and the passenger register are used e.g. to maintain public order and security and to prepare statistics. The accommodation operator can use passenger data and the passenger register for customer service, direct marketing and online service. The data protection regulation provides for the data subject’s right to object to the processing of personal data. (14.12.2018/1126)

We process only information necessary for the purposes of use in the customer personal registers.

Sources of personal data
Your personal information in the customer personal register is mainly provided by you, e.g. when making an accommodation reservation. Personal data is collected directly from several sources, such as a passenger card, an electronic form, by the accommodation reservation service provider Booking.com, by phone, social media or other meetings. The marketing and communication register also collects information from external services or applications, such as BB Pajula’s homepage and Google Analytics.

Personal data to be processed
As a general rule, the controller collects such personal data as is necessary in the separate conditions of each service, such as first and last name, date of birth, telephone number, address, email address, citizenship, reservation information, personal information of fellow travelers and, secondarily, payment method information, invoicing information, as well as possible payment delay information.

For business customers, the controller handles e.g. the following information, such as the contact person’s name, address, e-mail, telephone number, information on the prohibition of direct advertising, distance selling and other direct marketing provided by the company’s contact person in accordance with the legislation, possible customer feedback and complaint information.

Transfer of personal data
We do not disclose the register’s data to other parties in accordance with the rules, with the exception of the disclosure of data to the authorities within the limits allowed and required by the current legislation, for example when responding to requests for information from the authorities and for the purposes defined in this statement in our electronic services. We use the MailChimp email service as a partner in email marketing. MailChimp is a US company, in which case personal data is transferred outside the European Union. Users’ first name, last name and email address are transferred to MailChimp. However, personal data is protected as required by the Personal Data Act and MailChimp belongs to the list of companies certified by the Privacy Shield between the USA and the EU.

Retention period of personal data or criteria for determining the retention period
We comply with laws and regulations, such as the Passenger Act and the Accounting Act.

Personal data is stored only as long and to the extent that it is necessary and the controller uses it in activities related to the stated processing purposes. Materials containing personal data are stored for five years in locked rooms, to which only designated and authorized persons have access due to their duties.

Rights of the registrant
Pursuant to the Data Protection Regulation, the data subject has the following rights

• the right to access personal data
• right to rectification of data and restriction of processing
• the right to delete data
• right to object (direct marketing communications)
• the right to receive information about a security breach of personal data

If a person wants to use his/her rights or get more information about the processing of his/her personal data, he/she can contact the person responsible for registry matters mentioned in this statement. Requests must be sent in writing to the controller by e-mail. The registrar may, if necessary, require the applicant to prove their identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within one month).

The registered person has the right to file a complaint with the supervisory authority if they consider that the processing of personal data concerning their violates applicable data protection regulations.

WE UPDATE THE REGISTER WHEN LAWS AND REGULATIONS CHANGE.

COOKIE PRACTICES

Our website uses cookies. With the help of cookies, we collect information about the site’s visitor statistics and analyze the information. The goal is to develop the quality and content of the site in a user-oriented manner.

Visitor data is anonymized and we do not send it to third parties. The visitor has the right to refuse the use of cookies if they wish, but the site’s performance may decrease in some respects. You can find more information about blocking cookies in the browser-specific instructions.

On our site, we use analytics software provided by a third party, Google Analytics, which sets a tracking cookie on the user’s computer. If the visitor does not want the collection of tracking data, the visitor can block the function by installing the blocking plug-in required in the browser.

A cookie is a small text file that the web browser saves on the user’s device. Cookies are used to store the user’s information when they move from one page of the online service to another. Cookies do not damage users’ devices or files, and they do not impair the performance of users’ devices.

Cookies collect the following information:

• the user’s IP address
• the time used on the website
• pages browsed on the website
• browser type
• from which web address the user came to the website
• from which server the user came to the website
• from which domain the user came to the website
• from which device the user has accessed the website

The purpose of cookies is to enable the functionality of our services, analyze the use of the site and optimize the user experience, product development and reporting, and target advertising. With the help of cookies, the use of our services is easier for the user and the presented advertising is more appropriate and tailored according to the user’s likely interests. The information collected from the site is used to form target groups, expand existing target audiences and send personalized information and advertising messages.