Privacy statement

This is a Register statement and information document about the processing of personal data in Metsä Heidi Oy's customer register in accordance with the EU General Data Protection Regulation.
1. The keeper of the register
Metsä Heidi Oy
Business ID number 3405609-6
Pyhätunturi
2. Contact person
Heidi Karnaattu
heidi@metsaheidi.fi
3. Register name
Customer and marketing register
4. Basis and purpose of personal data processing
The processing of personal data is based on the customer relationship of consumer customers and business customers, a contractual relationship, the express consent of the data subject or another legitimate basis. On this basis, personal data that is taken from the data subject when booking the program service or for invoicing them is processed. There is no need to request separate consent from the data subject for data processing if the processing is based on a legitimate interest or a contract.
Personal data can be processed to fulfill contractual obligations and other communications with the data subject, in marketing communications, business planning and product development, improving customer service and website user experiences, processing related to payment and invoicing, customer relationship communications and marketing of the data controller's services.
Any health information provided by the customer is only used for preparing food, serving it, planning trips and taking it into account in other operations. 
5. Data content of the register
From the registration, the name, date of birth and necessary contact information (phone number, address, e-mail address, company ID), nationality, all information regarding reservations including payment method and invoicing information and possible payment delay information can be saved. Information about the use of services and purchases can also be stored from the registration, including information about the customer's special wishes and possible customer feedback and complaint information, as well as information about if the customer has prohibited direct marketing by e-mail. Comments in online services can also be saved from the registration, as well as profiling and interest information provided by the user for the development of marketing and customer communication for the registered user.
6. Sources of information
The customer's information is obtained directly from the customer when he registers for the programs either by phone, on site or by email. Information can also be obtained through a third party (tour operators, employers, associations, etc. who make the reservation on behalf of the customer) and through various reservation service providers electronically. The information can also be obtained from other public information sources and from the contact information service provider. 
7. Disclosures of information
Customer register information is not disclosed to third parties. The exception is if the customer wants to book third-party services, for example program services or transport.
If the data subject leaves a contact request via the website metsaheidi.fi, the name and email address will be forwarded via the website administrator.
Information may be disclosed to the authorities based on these requests based on the law.
8. Transfer of information outside the EU or EEA
Information is not transferred outside the EU or the European Economic Area.
9. Registry protections
Manual material is stored in a protected/locked state and disposed of when it is no longer needed (e.g. when converted to electronic format).
The electronic material is properly protected at the data controller's premises and on a properly protected server and service. Personal data is processed by persons belonging to the staff of the registrar who need the information to perform their duties. The customer and marketing register will be kept for the time being.
The controller stores other registered personal data in accordance with the legislation in force at any given time and only as long as their storage is necessary to fulfill the purposes described in this data protection statement. However, data can be kept for accounting purposes - or due to other legislation - even after the end of the customer relationship or other basis for processing personal data.
10. Right to inspect information
The customer has the right and, if necessary, to correct his data stored in the personal register. Inspection and rectification requests are submitted to the contact person of the data controller in writing or electronically with the signature of the data subject.
We reserve the right to change the registration statement as legislation and the development of our services change.
The data protection statement has been updated on 30.10.2024

Back to Top