top of page

Privacy Notice

Nordic Holiday Services Ltd Oy
 

This Privacy Notice explains how Nordic Holiday Services Ltd Oy processes personal data in accordance with the EU General Data Protection Regulation (GDPR).

Published: 14.06.2018

Last updated: 16 March 2026

 

1. Data Controller

Nordic Holiday Services Ltd Oy
Saarenkyläntie 1 b
93800 Kuusamo, Finland

Contact for privacy matters:
Tanja Pohjola
Phone: +358 40 554 7361
Email: tanja@pohjolanpirtti.fi

 

2. Who This Notice Applies To

We process personal data relating to:

  • Customers

  • Potential customers

  • Employees

 

3. Why We Process Personal Data

We process personal data for the following purposes:

  • Managing customer relationships and bookings

  • Providing and delivering our services

  • Customer communication and customer service

  • Marketing communications (based on consent)

  • Administration of employment relationships

 

4. Legal Basis for Processing

Personal data is processed based on:

  • Performance of a contract (customer or employment relationship)

  • Consent given by the data subject

  • Legal obligations applicable to the company

 

5. Personal Data We Collect

Contact Information

  • Name (and company name for business customers)

  • Email address

  • Telephone number

  • Billing address (when applicable)
     

Customer and Booking Information

  • Purchased services and booking details

  • Billing information

  • Special dietary requirements where relevant

  • Date of birth when required to determine participant category (adult/child/infant)
     

Employee Information

  • Personal identity number

  • Bank account details

  • Tax information

  • Payroll information

  • Home address

 

6. Sources of Personal Data

We collect personal data:

  • Directly from customers during bookings or enquiries

  • Through online forms and reservation systems

  • Via social media communication

  • From employees during recruitment and employment

  • From publicly available sources regarding company representatives

 

7. Sharing of Personal Data

We do not disclose personal data for external marketing purposes.

Where services involve subcontractors, we share only necessary information required to deliver the service, such as:

  • Customer name

  • Number of participants

  • Special dietary requirements (if meals are included)

Customer contact details are not shared without a separate agreement.

 

8. Data Retention

Personal data is retained:

  • For the duration of the customer or employment relationship; and

  • As long as required by applicable legislation.

Accounting records are retained for 10 years in accordance with the Finnish Accounting Act.

Marketing recipients may unsubscribe at any time using the link included in marketing emails.

 

9. Data Processors

Personal data is processed by our authorized employees and trusted service providers, such as accounting and IT support partners. All processing is governed by contractual safeguards ensuring GDPR compliance.

 

10. International Data Transfers

Personal data is not transferred outside the European Union or the European Economic Area.

 

11. Your Rights

Under GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of data where legally possible

  • Restrict or object to processing

  • Withdraw consent at any time (where processing is based on consent)

  • Object to direct marketing

  • Lodge a complaint with the supervisory authority
     

Contact requests: tanja@pohjolanpirtti.fi

You may also contact the Finnish Data Protection Ombudsman:
https://www.tietosuoja.fi

 

12. Automated Decision-Making

We do not use personal data for automated decision-making or profiling.

bottom of page