WE AT AURINKOMATKAT WANT TO MAKE SURE YOU ARE ONBOARD WITH US WHEN IT COMES TO THE USE OF YOUR DATA.
Your privacy is our priority.
The responsible tour operator for Finnair Holidays and Now/here trips is Oy Aurinkomatkat – Suntours Ltd Ab (later Aurinkomatkat). Aurinkomatkat is a part of the Finnair Group and Finnair Holidays and Now/here are auxiliary firm-names of Aurinkomatkat
CONTACT DETAILS OF AURINKOMATKAT
Oy Aurinkomatkat – Suntours Ltd Ab
Business ID 0200991-4
Address PL 200 01531 VANTAA, FINLAND
Now/here Customer Service
Phone: +358 9 818 0080 (local network charge / mobile call charge)
DATA PROTECTION OFFICER
Finnair Group Data Protection Officer contact details: firstname.lastname@example.org
Your data, your rights
HOW TO USE YOUR RIGHTS
You can use your rights as a data subject by contacting us by sending Data request form to us by email or by mail.
We will provide you a confirmation of the action we have taken in response to your request (for example, confirmation of deletion). We will also let you know if we cannot fulfil a certain request, as well as the reasons behind such a decision.
Making a personal data request is free of charge once every six (6) months. For additional requests during this time frame we may charge a reasonable fee to cover the administrative costs involved.
We reserve the right to reject requests that are unreasonably repetitive, excessive or clearly unfounded.
RIGHT TO ACCESS
You have the right to access and be informed about your personal data processed by us. We give you the possibility to view certain data in our digital channels and you may request a copy of your personal data. We will provide you with it unless we have lawful reasons not to share this data with you.
RIGHT TO CORRECTION
You have the right to have inaccurate or incomplete personal data about you rectified or updated. You may update some of your personal data through our digital channels and you have the right to request correction of your contact details or other personal data by contacting our customer service.
RIGHT TO ERASURE
You may ask us to delete your personal data, for example if your personal data is no longer needed for the purposes for which they were collected; you withdraw your consent where our data processing is based only on your consent; or if you object to processing and there are no overriding legitimate grounds for the processing.
We will erase such personal data without undue delay unless we have a legal basis to continue processing such data, for example if there is an overriding legitimate interest of our company, if the data is necessary for the performance of a contract, or if the data is necessary for establishing, exercising or defending legal claims or complying with a legal obligation which we are subject to.
RIGHT TO RESTRICT
You may also request us to restrict processing of your personal data for example when a request concerning rectification or removal of your data is pending; when our company no longer needs the said personal data for its processing purposes but you need the data for the establishment, exercise or defence of a legal claim; or you have objected to the processing of the personal data based on the legitimate interests of our company and the verification whether the legitimate interests of our company override your rights is pending.
When processing is restricted for any of these reasons, such personal data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.
RIGHT TO OBJECT
You have the right, at any time, to prohibit us from using your personal data for direct marketing purposes, which includes profiling related to such direct marketing. You can unsubscribe from marketing communication via the “unsubscribe” link or by other means included in each marketing message.
RIGHT TO WITHDRAW YOUR CONSENT
You have the right to change your mind and withdraw any consent you previously provided to us.
RIGHT TO DATA PORTABILITY
You have the right to receive the personal data you have given us in a structured and commonly used electronic format and to independently transmit that data to a third party.
LODGING A COMPLAINT
If you feel we have not handled your personal data correctly, you can contact the data protection supervisory authority and lodge a formal complaint.
Safeguarding your data
HOW WE PROTECT YOUR DATA
At Aurinkomatkat we take data protection and compliance with the applicable data protection laws very seriously.
Finnair takes appropriate technical and organisational measures to ensure the security of your personal data and protect it against loss or unlawful use. Access to your personal data is restricted on a need-to-know basis and by access controls, and the processing of personal data is logged. Our information technology environment is appropriately protected and monitored, with regular updates, testing and assessment to ensure ongoing security. Our personnel are trained to comply with applicable data protection legislation as well as the applicable policies and instructions.
INTERNATIONAL DATA TRANSFERS
Your personal data may be transferred and processed outside of your home country and outside of the European Economic Area. We transfer your data responsibly. We take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which it is processed. We provide adequate protection for the transfers of personal data to countries outside of the European Economic Area based on the European Union Commission Standard Contractual Clauses or through other appropriate safeguards, such as the Privacy Shield Framework .
IF SOMETHING SHOULD GO WRONG
We do our best to keep your data secure. If, however, a data breach occurred that should endanger your privacy, we will inform you in accordance with the data protection legislation.
YOUR ACTIONS MATTER AS WELL
To protect your own privacy, please avoid sharing your personal data, for example login information or travel documents, with others or on social media. Please avoid sending copies of your identification documents or sensitive personal data to us by unsecured e-mails and instead use web forms or other secure transfer methods provided by Aurinkomatkat.
What personal data we process?
BASIC IDENTIFICATION AND CONTACT DATA
We collect and process your basic personal information, such as your name, date of birth, gender, traveller type (adult, child, infant) and title (Mr, Mrs, Ms). We also process your contact information, such as address, telephone number, email address and, in certain cases, we may also collect and use company details, billing addresses and ground transportation addresses for baggage. This may include personal information provided for the person travelling, the person making the booking, legal guardians and dependents.
YOUR RESERVATION AND TRAVEL ASSOCIATED DATA
In order to make your journey possible, we process booking and ticket information. This may include flight details (departure date, flight number), booking reference, ticket numbers, pricing information, booking date, travel type (one-way or return) and flight itinerary (possible stopovers). We may also process information regarding the sales channel, journey origin and destination. This also covers information on ancillary services, such as selected seats, pre-ordered meals, travel class upgrades and other purchases such as hotels and car rentals.
We process data about your travel arrangements, such as group information, check-in methods, travelling companions in case of joint check-in, seat type and number and baggage tag numbers.
Based on your request, we may process special service request information. These types of requests can include, for example, diet information, transporting pets in the cabin or the cargo hold, or special assistance required.
We also process your travel document information for passengers travelling to or from outside the Schengen area, such as passport number, passport validity period, issuing country for passport and nationality. Visa information and destination addresses are also collected when required by the destination authorities.
We may also process payment information, such as payment method and credit card information.
We process information regarding your hotel or other form of accommodation. This includes information such as hotel name and location, travel dates, room type, board type (with breakfast for example), special meals or needs concerning the hotel in order to provide the services requested.
INFORMATION REGARDING DESTINATION SERVICES
We offer several activities to our customer during the holiday and for that reason we may process service-related information of the customer. This may include information such as the excursion and activities participants, excursion dates, room number, phone number and pickup information in order to provide transfer to the excursion.
For the excursions and activities, we may, in some special cases, need information such as age, body dimensions (weight and height), dietary, medical and passport information. For airport transfers Aurinkomatkat processes information about your flights or schedules. Entrance tickets may require processing your name if tickets have been bought from Aurinkomatkat.
TRAVEL INSURANCE, CAR RENTAL, GIFT VOUCHERS
Your name, birth date and e-mail and travel details such as travel dates and destination may be required to provide travel insurance. Car rental-related information is required in case you have booked a car via Aurinkomatkat. Gift vouchers may require company details or name and contact details.
DATA OF LOYALTY MEMBERS
We may process loyalty program information, such as name, contact, preference, membership number, point balances, point accruals and redemption, tier level, transactions, awards and benefits.
YOUR COMMUNICATION WITH US
We process data about your communication with us, for example customer service phone call recordings, chat history, customer feedback forms and other messages.
DATA FOR SPECIFIC SERVICES
We process information for providing specific services that the customer wants to participate in, such as special events, customer satisfaction surveys and other similar happenings, and for this we may process information such as name and contact details.
In case you choose to share additional information, such as for claims, for instance through our customer services channels, this data will be processed by Aurinkomatkat. In case of emergency or other situations where a destination guide helps the customer, data describing this event may be processed.
DIRECT MARKETING-RELATED DATA
We may collect and use the customer’s name, address, phone number, email address, birth date, direct marketing opt-ins and opt-outs and profiling prohibitions for marketing purposes.
SENSITIVE PERSONAL DATA
We limit the collection of sensitive personal data, such as information regarding your health, to a minimum. However, in certain cases we may need to process this type of information, for example due to a special medical assistance request or when other health related-activity is required.
How we use your data
Based on our contract with you
Providing our services
We process your data to provide you with service along the entire customer journey. To create a booking, we need your contact information and other details. This applies to individual bookings, but also to group bookings. In case of disruptions or irregularities we need to modify the bookings and reach out to our customers by using the provided contact details.
We assist you in queries and changes related to your booking with us – such as transportation, accommodation, excursions and other destination services.
Communication and engagement
In order to help you with any questions, collect your feedback, handle your complaints, claims and refunds we use your contact details provided to us.
We may also use your personal, contact and reservation data to provide you better customer service in disruption situations. We may also send you pre-departure communication or disruption messages, to inform you about your travel.
Based on our legal obligations
Cooperating with authorities
We may need, in some circumstances, to process your information in order to fulfil our legal obligations, such as sharing your information with authorities such as foreign authorities or the Finnish tax authority.
In case of emergencies or disruptions such as earthquakes or other natural catastrophes, robbery or accidents, we may process data related to the event to fulfil our legal responsibilities as a service provider.
Keeping required records
Based on accounting legislation, we are required to store our transactions and other accounting material for the period defined by law.
Based on our legitimate interests
We may invite and engage customers to participate in the customer community. We may contact customers to collect feedback or for surveys. Customer survey results are used for analytics and can also be combined with other data in our database, such as reservation data, for customer experience improvement purposes. Customers may be contacted after the survey for additional information.
We may also contact a select or limited group of customers to participate in testing our new products and services.
When processing personal data of our partners, we rely on our legitimate interest in maintaining business relationships and communicating with you about our operations and our events.
As part of running the business we may process personal data when carrying out certain background processes. For all your bookings and purchases, we need to make sure they are paid for (accounting processes), no fraudulent activities are taking place, such as credit card theft (revenue protection processes) and no false bookings are created.
To analyse business performance, we need to analyse our traffic flows, commercial and operational performance and the related customer behaviours. To improve our processes and improve the customer experience, transactional or behavioural data may be analysed.
Personalisation of services
Aiming to continuously improve the customer experience and to make our offering more relevant to the customer, we may offer personalised content based on an individual transaction, for example, offering services related to your destination. We may also perform customer segmentation, for instance for providing relevant ancillary services and travel products to the customer through our digital touchpoints. We may also derive other secondary metrics based on the individual transactions, such as the travel purpose.
By identifying you and your travel history we can identify previous communications, past irregularities or services and bookings. Accordingly, we can recognize your specific needs and pay special attention to certain elements of the customer journey, experience and interactions.
Based on your consent
If you have given us your consent, we will send you direct marketing messages. For instance, if you have subscribed to our newsletter or other direct marketing material, your contact details will be processed to send you the requested messages. Details of these communications will be processed, and customers have the right to unsubscribe from receiving marketing messages at any point.
Digital touchpoints and cookies
Processes including sensitive personal data
When processing customer medical or health-related data or other special categories of data, consent will always be asked from the customer before this data is processed. Customers may be asked to provide additional information such as a doctor’s certificate to ensure the customer can travel according to the evaluation of a medical professional and to ensure that we have the required information to take care of the customer’s safety.
We keep your personal data only for as long as necessary for us to fulfil the purpose for which it was collected, or in so far as data storage is necessary for compliance with legal obligations and for solving potential claims or disputes.
How we collect and share your data
SOURCES OF DATA
We get your data directly from you when you purchase our products or services in one of our channels, for example when making a booking on our websites or you enrol in one of our services, for example when registering for our customer community.
We may also get some information from authorities or from partners or other third parties such as authorities.
SHARING YOUR DATA
We may share your personal data with Finnair group companies and other third parties for the following purposes:
We need to share your contact information with hotels in order to provide the accommodation you have booked from us. If you have bought some other services, for example excursions, we need to share information with the excursion service provider.
In order to provide you with a smooth flight journey, Aurinkomatkat also shares your information with airlines that are related to the journey. We send your contact details and other hotel specific preferences to the accommodation service providers that are related to the travel product you have purchased. Additionally, in claim cases we may also share customer data with the hotel. We may share your information with sales representatives in Aurinkomatkat destinations.
We may also send contact details and booking-related information to sales representatives that, on behalf of Aurinkomatkat, provide you for example with excursions, activities, accommodations and transfers. In order to provide excursion and other destination services (for example, car rental service, airport transfer, and other services), we need to provide your contact information or other service specific information to the service provider providing the service.
Sometimes a destination guide may support customers in finding their lost baggage, and this may require data such as customer´s baggage, flight, and contact information to be processed. In order to provide a service, we may need to need to share your data with third parties such as insurance providers or different informational technology system providers, travel agencies or different ancillary service providers. In some cases of reclamations or claims we may need to share data with our partners.
For legal obligations, security and fraud prevention
We may share your data such as passport and visa information for formalities as required by your destination country. We share your personal data with local authorities upon entering the territory of your destination country or for other similar mandatory obligations. We may also share your personal data with relevant third parties if it is necessary to detect and prevent crime, fraudulent activities or security issues, or for other legal reasons.