This is the register and data protection statement in accordance with the VALO Hotel & Work Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Updated on 1st of September 2022:
1. Holder of the register
VALO Operator Oy, Y-tunnus 2929600-1 (Jäljempänä ”VALO”)
2. Name of the register
VALO customer register
3. Purpose of the processing of personal data
EU:n yleisen tietosuoja-asetuksen mukaiset oikeusperusteet henkilötietojen käsittelylle ovat:
The information in the register is regularly collected from the customer himself / herself in connection with the information received in connection with and during the conclusion of the contract and stored by the VALO App. Information can also be collected from customer websites and brochures. In addition, the information stored in the register is obtained e.g. Messages sent via web forms, e-mail, telephone, via social media services, contracts, customer meetings and other situations in which the customer discloses their information. In addition, personal data may be collected and updated from the population register, credit register and other similar public and private registers. We also collect visitor data from our website so that we can analyze and improve our site even better and target relevant marketing to our visitors.
The company limits the collection and processing of information to what is necessary. Unnecessary and outdated information will be deleted. Personal data is processed by our company’s personnel in the performance of their duties. We will not retain your personal information for longer than is necessary for its purpose or as required by contract or law. However, the retention periods for personal information may vary depending on the purpose and situation. In principle, the data is kept for as long as the data is needed to maintain the relationship.
5. Regular transfers of data and transfers of data outside the EU or the EEA
The information is not regularly disclosed to other parties. The information may be published to the extent agreed with the customer. In addition, the information may be disclosed occasionally in accordance with Finnish law. In principle, the data will not be transferred outside the EU, but if necessary, the data may also be transferred outside the EU or the EEA by the controller. Should this occur, we will ensure that the processing, transfer and storage of your data is carried out on the basis of the law and with adequate safeguards.
6. Registry security principles
The register shall be handled with due care and the data processed by the information systems shall be adequately protected. Access to the registers is restricted to persons whose job description includes access to the register. Each authorized person has their own username and password for the service. The data stored, the access rights to the registers and other information critical to the security of personal data will be treated confidentially.
7. Right of inspection and right to request correction of information
Every person in the register has the right to check the information stored in the register and to request a correction for any incorrect information or the completion of incomplete information. If a person wishes to check or request the rectification of data stored about him or her, a written request must be sent to the data controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the time limit set by the EU Data Protection Regulation (generally within one month).
8. Other rights related to the processing of personal data
A person in the register has the right to request the removal of his or her personal data from the register (“the right to be forgotten”). Subjects also have other rights under the EU’s general data protection regulation, such as restrictions on the processing of personal data in certain situations. Written requests must be sent to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the time limit set by the EU Data Protection Regulation (generally within one month).
9. Contact persons responsible for the register
+358 44 2437778