Privacy Policy

Privacy policy and Data Protection Statement

Privacy settings

This is the GDPR-compliant privacy policy and data protection statement of Hideaways Services (3365150-4) and Lapland Hideaways (3267399-8). Prepared on 2.3.2025. Last updated on February 2.3.2025. Under the EU General Data Protection Regulation (GDPR), organizations must provide a written description of their data processing activities. This description is called a record of processing activities. The record of processing activities is an internal document of the organization. It serves as a tool for understanding data processing and aims to demonstrate that personal data is processed in accordance with data protection legislation. This obligation largely corresponds to the requirement under the Personal Data Act to prepare a data protection statement. Unlike the Personal Data Act, the GDPR does not require the preparation of a register or data protection statement. However, data subjects must be informed about the processing of their personal data.

Data Controller

Hideaways Services (3365150-4)

PL 7, 96101 Rovaniemi

sales@laplandhideaways.com

+358447606662

Hideaways Services and Lapland Hideaways act as a joint controllers of personal data.

 

Collected Customer Data

Name

Home address

Email

Phone number

Nationality

Date of birth

Credit or debit card information

Special dietary requirements

Passport number

 

Description of Data Subject Groups and Personal Data Groups

Personal and customer data are mainly obtained as booking information through reservation systems. Information is supplemented as the booking progresses and when the customer registers for the purchased service. Some information is also collected via e-mail.

Groups of Recipients to Whom Personal Data Has Been or Will Be Disclosed

Customer data is confidential. Personal data is disclosed only based on a specific data request to authorized authorities under data protection legislation. Individuals who process data are bound by confidentiality, which continues after the customer relationship ends.

Information on Data Transfers Outside the EU

Customer data is not transferred outside the EEA.

Measures for Different Data Groups and Data Subject Rights

We retain personal data only as long as required by law or as long as necessary. Data subjects have the right to:

Access their personal data. Customers can contact us to find out what personal data we process and for what purpose.

Request correction of data.

Request deletion of data.

Request the transfer of data from one system to another.

Receive their personal data from us in a structured, commonly used format and independently transfer the data to a third party.

If a data subject wishes to exercise any of the above rights, please send the following information to Hideaways Services by mail or email. In order to verify identity, we may request additional information.