Who we are

Our company is Aurora Holidays, located at Nuorgamintie 815, 99980 Utsjoki, Finland, registered tour operator number 56/19/Mj.

Our website address is: https://auroraholidays.net

This is the EU GDPR privacy policy of Aurora Holidays. Written on 13.5.2021. Last updated on 17.3.2022

Registrar

Name: Aurora Holidays
Business ID: 2794026-2
Address: Nuorgamintie 815
Post code: 99980
Town: Utsjoki
Phone: +358 40 762 5005
E-mail: contact@auroraholidays.net

Contact person

Name: Tiina Salonen
Address: Mäkeläntie 2
Post code: 99980
Town: Utsjoki
Phone: +358 40 762 5005
E-mail: contact@auroraholidays.net

Reason for the register and legal bases for processing personal information

Customer register

We collect and handle personal information essential to our services, so that we can serve our customers safely and proficiently. We use the information in the register mainly for the maintenance and execution of customer relations, such as providing travel and meal services and organizing guided outdoor tours. In some cases, the information in the register is also used for providing information, invoicing and giving credit. As the register contains only information about our customers, the basis for handling data is a legal obligation of the registrar.  

For outdoor tours that are physically demanding and in the wilderness, we ask our customers to inform us of physical limitations and illnesses. We use the information to make a risk assessment to determine if it is safe to take part and if special accommodations are required. The basis for handling this health-related personal information is to protect vital interests.

Marketing register

We also process personal information to develop and market our services. Data collected in our marketing register is always collected and processed with consent from the data subject as outlined by the Personal Data Act.

Personal data to be registered

We collect the following information from our booking system:

Information of the booker: First and last name, address, town/city, state, nationality, e-mail, phone number, date of birth and permission to publish photographs. 

Information of other travelers: First and last name, e-mail, nationality, phone number, year of birth and permission to publish photos.

We collect the following information from bookings made by phone or e-mail:

Information of the booker: First and last name, e-mail, phone number, nationality, age group (adult) and permission to publish photos. 

Information of other travelers: First and last name, e-mail, nationality, age group (adult/child) and permission to publish photos.

We collect the following information from participants of outdoor tours:

We collect relevant health information from participants of tours that are physically demanding or in the wilderness. Such relevant information is information about health risks that can threaten health and life during a tour or hike.

We collect the following information from our marketing register:

First and last name, e-mail, address, phone number and nationality.

Sources of information

The information contained in the register is obtained directly from the customers. The customer may also submit the information of their travel companions. 

Duration of data processing

Customer information will be processed for five years after the customership has expired. Health information of customers taking part in tours and hikes are deleted immediately after the tour or hike. Information in the marketing register is processed for seven years from the date of agreement, or from the last date the customer has been in contact with the company.

After this, the information will be deleted in a secure way.

Dissemination of data

We do not regularly pass information to parties outside the company. We may pass on information to authorities as required by the law. We do not sell or otherwise pass on information to third parties.

Other personal data processors

The accounting company Kasvun Kaverit Ltd does all accounting for Aurora Holidays and they receive only the personal information required for invoicing (name of the payer, e-mail, and address).

Transferring data outside the EU

No personal information is transferred, passed, or processed outside of EU or EEA countries.

Principles of register protection

All information is transferred using an SSL protected connection. The information is protected by a firewall and usernames and passwords.

Our booking calendar is a traditional paper calendar. Only the first and last name of the customer is marked in it. The calendar is only used by the Aurora Holidays entrepreneur Tiina Salonen, and it is not left where others have access to it.

The Aurora Holidays entrepreneur Tiina Salonen has the names and phone numbers of the customers saved in her phone as needed, and the phone is protected by a PIN code.

Employees of Aurora Holidays only process personal information as it pertains to their work tasks and duties. Access to systems is determined by their work tasks.

Automated decision making

Automated individual decisions (EUT data protection act article 22) are not made.

The rights of the data subject

The data subject has the right to inspect the information saved of them in our customer register. A signed inspection request should be sent to the contact person.

The data subject has the right to require the correction or deletion of incorrect or outdated information. They also have the right to limit and object the processing of their information as outlined in the EU data protection act articles 18 and 21.

The data subject has the right to cancel a previously given consent to process personal information or make a formal complaint to the supervising authorities on matters pertaining to processing their personal data.

The data subject has the right to forbid the use of their personal information for marketing purposes.