Privacy Policy

General

This privacy policy describes how [Your Company Name and Business ID] processes personal data; what personal data the company collects, for what purposes the data is used, to whom the data may be disclosed, and how the data subject may influence the processing.

The company protects the privacy of data subjects and complies with the EU General Data Protection Regulation (2016/679) (“GDPR”), other applicable data protection legislation, and good data processing practices in all processing of personal data.

“Personal data” means any information relating to a natural person (“data subject”) from which that person can be identified directly or indirectly, as defined in the GDPR.

Data Controller and Data Protection Officer

Data Controller:

[Your Company Name and Business ID]

Contact person of the data controller:

[Name, phone number, and email address]

Purposes of Processing Personal Data and Legal Basis for Processing

Personal data is processed for, among other things, the following purposes:

  • ordering / booking the company’s products and services
  • producing, maintaining, developing, and quality assuring services
  • ensuring the security of services and preventing and investigating misuse
  • fulfilling statutory obligations
  • business planning and product development
  • personalized customer service related to services, targeted customer communications, and monitoring the use of services
  • marketing and targeting marketing to customers and potential customers
  • risk management and prevention of misuse

Legal bases for processing personal data:

The primary legal basis for processing personal data of data subjects is the contractual relationship between the company and the data subject. Processing of personal data is also based on statutory obligations, such as accounting obligations, customer due diligence obligations, and statutory reporting obligations. Processing for customer relationship management and direct marketing is based on the company’s legitimate interest.

In addition, electronic direct marketing, subscription to the company’s newsletter, and the storage of personal data collected through the company’s website for direct marketing purposes are based on consent.

Categories of Personal Data Processed, Data Content, and Sources of Data

The company collects only such personal data from data subjects as is relevant and necessary for the purposes described in this privacy policy.

The following data is processed concerning data subjects:

Category of Personal DataExamples of Data Content
Contact detailsName of the data subject, address (where necessary), phone number, and email address
Customer relationship dataBilling and payment information (where necessary) and other data identifying the customer relationship
Customer transaction data, contract data, and product dataInformation on agreements between the company and the data subject, product and order information, customer feedback, and communications and complaints between the data subject and the company
Consents and prohibitions given by the data subjectInformation concerning the data subject’s consent to electronic direct marketing and consent to the processing of personal data, as well as withdrawals of such consents and prohibitions given by the data subject. Consent given by the data subject for marketing images
Behavioral data and technical identification dataMonitoring of the data subject’s online behavior and the company’s services by means of cookies or similar technical identifiers. Collected data may include, for example, the user’s IP address, pages visited, browser type, web address, session time, and session duration

More information on the use of cookies and other technical tracking methods can be found in the company’s cookie policy.

Personal data that must be provided in order to fulfill contractual and/or legal obligations between the company and the data subject and to provide the company’s services will be indicated to the data subject in each relevant context.

As a rule, personal data is collected from the data subjects themselves or from the company represented by the data subject, for example in connection with preparing an offer, concluding a customer agreement, during the customer relationship, in marketing, or through website forms. The data subject may also have provided data to the company, for example in connection with a competition or prize draw, when using the website, or by subscribing to an electronic newsletter.

The company uses external service providers in marketing who process the contact details of data subjects for marketing purposes. This data is not stored permanently in the company’s registers.

Personal data may also be collected from the organization on whose behalf the data subject acts. In addition, in situations permitted by law, data may also be collected and updated from registers maintained by third parties, such as the Population Register Centre, the Trade Register, and credit information registers maintained by credit information companies.

Retention of Personal Data

The company retains personal data for as long as necessary to fulfill the purposes defined in this privacy policy, unless legislation requires that personal data be retained for a longer period (for example, responsibilities and obligations related to special legislation, accounting obligations, or reporting obligations), or unless the company needs the data to establish, exercise, or defend a legal claim or to resolve a similar dispute.

The retention period and criteria for retention vary by category of personal data depending on the purpose for which the specific category of personal data is used.

Personal data is processed for the duration of the customer and contractual relationship and for the necessary period after the end of the customer and contractual relationship.

Data relating to potential customers is primarily retained for 24 months.

In the case of organizations, the retention of the data subject’s personal data is linked to how long the data subject acts as a representative of the organization in relation to the company. Personal data will be deleted within a reasonable period after that role ends.

When personal data is no longer needed as defined above, it will be deleted within a reasonable period, unless legislation binding on the company requires the data to be retained for a longer period.

Recipients of Personal Data

In accordance with this privacy policy, the company may outsource the processing of personal data to service providers or subcontractors. The company ensures through adequate contractual obligations that personal data is processed appropriately and lawfully.

The following parties participate in the processing of personal data:

List the parties (e.g. payment service providers or email list administrators)

Personal data is not disclosed for direct marketing purposes, opinion polls and market research, or other similar surveys.

In special cases, personal data may be disclosed to authorities in situations required or permitted by law.

In addition, in emergencies or other unexpected situations, the company may have to disclose the personal data of data subjects in order to protect human life and health and property. Furthermore, the company may have to disclose personal data of data subjects if the company is involved in litigation or other dispute resolution proceedings.

If the company is involved in a merger, business acquisition, or other corporate arrangement, it may have to disclose personal data of data subjects to third parties. The data protection of the data subject will also be safeguarded in such arrangements, and data subjects will be informed appropriately when necessary.

Disclosure of data to third parties is primarily carried out via electronic data transfer connections, but data may also be disclosed by other means, such as by telephone or post.

Transfer of Personal Data Outside the EU/EEA

Personal data is not transferred outside the European Union or the European Economic Area.

Principles of Personal Data Protection and Security of Processing

The company processes personal data in a manner intended to ensure appropriate security of personal data, including protection against unauthorized processing and accidental loss, destruction, or damage.

The company uses appropriate technical and organizational safeguards to ensure this, including the use of firewalls, encryption technologies, secure equipment facilities, appropriate access control and access management, as well as instructions and agreements for personnel and subcontractors involved in the processing of personal data.

Contracts and other documentary materials that must be retained in original form are kept in locked premises, access to which is restricted only to authorized parties.

All parties processing personal data are bound by confidentiality obligations regarding matters related to the processing of personal data of data subjects on the basis of the Employment Contracts Act and confidentiality clauses in agreements.

Rights of Data Subjects

Right of access and right to inspect data

The data subject has the right to obtain confirmation as to whether personal data concerning them is being processed.

The data subject has the right to inspect and view data concerning them and, upon request, the right to receive the data in writing or in electronic form.

Right to rectification and erasure

The data subject has the right to require the correction of incorrect or inaccurate data. In addition, the data subject has the right to request the deletion of their data.

The data controller will also, on its own initiative, delete, rectify, and supplement personal data that it discovers to be incorrect, unnecessary, incomplete, or outdated in relation to the purpose of processing.

Right to data portability, restriction of processing, and objection to processing

The data subject has the right to request that their data be transferred to another data controller.

In addition, subject to the conditions laid down by data protection legislation, the data subject has the right to request restriction of the processing of personal data.

The data subject has the right to object to the use of data for certain types of processing. The data subject has the right to prohibit the disclosure and processing of their data for direct marketing purposes.

Right to withdraw consent

If the processing of personal data is based on the user’s separately given consent, the data subject has the right to withdraw their consent to the processing of data concerning them. Withdrawal does not affect processing carried out before the withdrawal.

Exercising Rights

Requests concerning the rights of data subjects shall be made electronically and addressed to the data protection officer mentioned in this privacy policy appendix. Identity will be verified before data is disclosed. Requests for access will be responded to within a reasonable time and, where possible, no later than one month from the submission of the request and verification of identity.

If the data subject’s request cannot be complied with, the refusal will be communicated to the data subject in writing.

Right to Lodge a Complaint with a Supervisory Authority

The data subject has the right to lodge a complaint with a data protection authority if the data subject considers that their personal data has been processed in violation of applicable legislation.

Changes to the Privacy Policy

The company continuously develops its services and may therefore need to amend and update this privacy policy as necessary. Changes may also be based on changes in data protection legislation. We recommend reviewing the contents of the privacy policy regularly. Data subjects will be informed of material changes where necessary.

This privacy policy was published on [DATE].

Cookie Policy

General Information About Cookies

We use cookies on our website to improve the user experience of the site. Cookies are short text files stored by a web server on the user’s device. After being stored, the browser sends the information back to the server as part of a request. In this way, the website is able to recognize and track web browsers.

Cookies indicate how users use our website. We may use cookies to develop our services and website, analyze the use of the website, and target and optimize marketing. The website user may give consent to or deny the use of cookies through their web browser settings.

Types of Cookies

There are two main types of cookies: session cookies and persistent cookies:

  • Session cookies disappear from the computer as soon as the browser is closed.
  • Persistent cookies remain stored on the computer until they are deleted separately or their validity expires.

Cookies Used

The website uses cookies for the following purposes:

  • collecting information about users by means of Google Analytics tools
  • enabling content sharing via Facebook
  • showing recommendations to the user if they have visited the site previously
  • identifying the user when logging in; anonymous users do not receive this cookie
  • storing the selected language in a cookie

We also use the AdWords service to track purchasing decisions and for ad retargeting. These are third-party cookies with validity periods ranging from 90 days to two years.

Third-Party Cookies

Google Analytics

We use the Google Analytics system to analyze the use of the website. Google Analytics generates statistics and other information about website use by means of cookies stored on users’ computers. Information collected from the website is used to create reports on website usage. In brief, Google’s cookies perform the following tasks:

  • determining the tracked web domain
  • distinguishing individual users
  • remembering the number and timing of previous visits
  • remembering traffic source information
  • determining the beginning and end of a session
  • remembering the value of visitor-level custom variables

Google stores and uses this information for periods ranging from 30 minutes to two years, depending on the type of cookie.

Google’s privacy policy is available at:

http://www.google.com/privacypolicy.html

Allowing Cookies

Most web browsers allow cookies automatically.

By using the website and accepting this policy, you consent to the use of cookies in accordance with the cookie policy document.

Blocking Cookies

Instructions for blocking the use of cookies can be found on your browser’s help pages:

  • Chrome
  • Firefox
  • Internet Explorer
  • Safari

Blocking cookies may impair the usability of some websites.

A stay in the heart of the fell

Getting close to the slopes is easy — staying right on the slope is rare. Make the most of the location: watch the rhythm of the slopes from your own front-row seat, then join in exactly when it suits you. Enjoy your private calm, while keeping every possibility within reach.

Check the location

Where to find us

Tievankieppi 5, 99130 Kittilä, Suomi
Katso kartalla

Contact us

Tel. +358 44 249 3438
levi@holidayinlapland.fi

Check In / Out

Check-in time: 17.00
Check-out time: 11.00

© Levi West. 2026. All right reserved.

Verkkosivut toteutti: Kuksa Media

Privacy policy