Privacy Statement

Based on the Personal Data Act (523/1999), descriptions shall be drawn up of data files.

Customer data file

1. Controller

Centro-Hotel Oy, Yliopistonkatu 12a, 20100 Turku

2. File manager

Ilkka Koivurinta, Managing Director

3. Name of file

Customer data file of Hotel Centro

4. Purpose of handling personal data

The controller handles the personal data of customers for the following purposes:
  • - Processing a traveller notification is based on the controller?s legal obligation.
  • - The processed data: the customer?s name, personal identity code or birthdate, nationality, the names of the spouse and underage children accompanying the traveler, Finnish personal identity codes (or, if they are not available, birthdates), address, country of entry to Finland, number of travel document and arrival and departure dates. Moreover, the purpose of traveling can be documented (such as leisure, work or other reason).
  • - maintaining and developing customer relationships
  • - managing bookings
  • - making, controlling and collecting payments
  • - marketing the goods and services of the controller
  • - development of the controller?s business and the customer service related thereto
  • - taking the wishes of loyal customers into account, developing customer service and targeting the services
  • Personal data are handled in accordance with section 8(1), paragraphs 1, 2, 5 and 6 of the Personal Data Act.

    5 Data file contents

    The following data on the customers are collected and stored:
    • - customer information: name, date of birth, customer number, contact information (e.g. telephone and mobile number, e-mail address and other electronic address) for contacting purposes, title or profession, language code, sex, nationality, the number of adults and children staying with the customer, and invoicing address
    • - booking information (e.g. previous bookings and future bookings)
    • - information related to the use of the services: e.g. service use, purchase and cancellation data.
    • - information on the customer?s wishes and selections: e.g. room class and information on the services requested
    • - the customer?s method of payment and payment history data along with invoicing information
    • - the customer?s consent to direct marketing via e-mail, SMS or other automatic means
    • - the statutory prohibitions on direct advertising, distance selling and other direct marketing
    • - other information collected with the customer?s consent (e.g. reduced mobility, disabilities and illnesses reported by the customer which affect the service the customer has requested)
    • - an indication of membership in loyalty programmes or other equivalent programmes of the controller or the controller?s partners, and the information necessary for obtaining the benefits of the programme
    • - loyalty card data (e.g. card number and validity period)
    • - use of the controller?s services, itemised by card (e.g. nights and purchases)
    • - the points earned within the loyalty programme and the benefits rewarded based on them

    6. Regular sources of data

    The regular sources of data are:
    • - the traveller notification
    • - the booking and invoicing systems of the hotel
    • - e-mail and telephone conversations with the customer.
    • - information the customer has entered in the online services of Centro Hotel and its partners.
    • - Centro Hotel collects IP address and cookie data on its customers when they visit the online service. These data are used for targeted marketing and for the provision of services.

    Collection of data Personal data are collected when the customer makes room or meeting service reservations by telephone, fax, e-mail or on the website, in compliance with the Personal Data Act. Besides making a reservation, customers requiring accommodation must fill out a traveller notification on which the customer submits certain information.

    Information on customers are collected from the customers who have consented to the collection (section 8(1)(1) of the Personal Data Act), and from reservation transactions relating to services requested by the customer, or from purchase transactions (section 8(1), paragraphs 2 and 5 of the Personal Data Act). Personal data may be collected from, stored in and updated from registers controlled by the Population Register Centre or by another provider of address, updating or other such services.

    Centro Hotel stores the customer data through the validity of the customer relationship between Centro Hotel and the customer. The validity of the relationship is considered to end when the time between the most recent purchase of an accommodation, meeting or restaurant service is three years. After this time the customer data will be deleted from Centro Hotel?s data archive.

    7. Regular disclosure of data


    The description of the file is available on the Centro Hotel website and at the hotel reception at Yliopistonkatu 12a, Turku.

    The customer has the right to inspect the information recorded in the data file that concerns them. Whenever a customer wishes to use their right of inspection, they shall send an inspection request, signed, to Centro Hotel, at the address specified above. The customer may also visit the hotel and present a document that proves their identity. The customer shall give their name, address and telephone number in the inspection request. Centro Hotel submits its reply to the customer in writing within 30 days from the customer?s personal visit to the hotel or the arrival of the customer?s written inspection request at the hotel.

    In the case of errors in the customer's information, the customer may request rectification of the error.

    Right to prohibit: The customer has the right to prohibit the controller from processing their data for direct advertising, distance selling or other direct marketing purposes. The customer also has a right to cancel their consent on the processing of their data in the extent that is being processed on their consent.

    The customer has the right to request a transfer of their processed data to another system.

    8. Transfer of data outside the EU or EEA

    Data are not transferred from the data file or handled outside the EU or EEA.

    9. Protection principles of the file


    Manual material is stored until the information has been entered into the relevant systems. Manual material is destroyed when it is no longer needed. The company stores traveller notifications for one year from the accommodation period, and they are stored in a locked storage. Accounts and debt collection data and other data possibly classified as accounting material, which may contain customer information, are stored for the prescribed time required by the Accounting Act. For instance, invoice vouchers are stored for six years from the end of the accounting period involved. Accounting material is stored in a locked storage.


    Only those Centro Hotel employees who need the data in their work may access the data file. They access the file with usernames and passwords. The data are stored in a closed network of Centro Hotel, and the network is technically protected with a firewall.

    Data collected by means of cookies are stored for no longer than six month, depending on the type of the cookie.