Privacy Policy

ALL SEASONS LAPLAND OY

All Seasons Lapland Oy is committed to protecting your privacy and ensuring that your personal data is handled in a safe, transparent, and legally compliant manner. This Privacy Policy explains how we collect, use, store, and share your personal data in accordance with the European Union General Data Protection Regulation (GDPR) and Finnish data protection legislation.

1. Data Controller

  • Company Name: All Seasons Lapland Oy

  • Finnish Business ID: 3611831-8

  • Address: Tokkatie 10, 99800 Ivalo, Finland

  • Email: info@allseasonslapland.fi

2. Legal Basis and Purpose of Processing Personal Data

We collect and process personal data only for specific, predefined purposes based on the following legal grounds:

  • Performance of a Contract: To manage, process, and confirm your travel bookings, safaris, and activities, and to deliver the agreed services.

  • Legal Obligation: To fulfill accounting, taxation, and statutory tourism reporting duties (e.g., border control notifications or passenger declarations).

  • Legitimate Interest: To maintain customer relations, handle customer service requests, improve our website and services, and prevent fraudulent activity.

  • Consent: For direct marketing purposes (such as newsletters), provided you have given your explicit consent.

3. Types of Personal Data We Collect

We only collect data that is strictly necessary for the purposes outlined above. This may include:

  • Basic Information: Full name, date of birth, gender, and nationality.

  • Contact Details: Email address, phone number, and physical billing/home address.

  • Booking & Payment Data: Travel dates, booked services, transaction details, and dietary preferences or allergies

  • Activity-Specific Information: Height, weight, or clothing/shoe size (for winter clothing and equipment allocation), and driving license details (for snowmobile drivers).

  • Official Documents: Passport or ID card details, if required by local authorities for border control or registration.

4. Retention Period of Personal Data

We store your personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by law:

  • Customer Account & Booking Data: Retained for the duration of our customer relationship and up to 3 years after your last trip for potential liability and contract claims.

  • Accounting Records: Retained for 6 years following the end of the financial year, in accordance with the Finnish Accounting Act.

  • Marketing Consent: Retained until you withdraw your consent or opt out of our marketing communications.

5. Data Disclosure and Transfer

We do not sell or rent your personal data to third parties. We only share your data with trusted partners involved in delivering your travel package, including:

  • Subcontractors & Service Partners: Local activity providers, hotels, and transport companies who require your details to fulfill your booking.

  • Payment Processors: Authorized third-party payment gateways to securely handle financial transactions.

  • Authorities: Police, border control, or tax officials if legally requested or required by Finnish law.

Data Transfers Outside the EU/EEA: Your personal data is stored on secure servers located within the EU/EEA. If any service provider transfers data outside the EU/EEA, we ensure that standard contractual clauses approved by the European Commission are used to safeguard your data.

6. Data Security

We implement strict technical, physical, and organizational security measures to protect your personal data from unauthorized access, loss, destruction, alteration, or disclosure. Access to your personal data is strictly limited to authorized employees and partners who need the information to perform their specific job duties.

7. Your Rights Under the GDPR

As a data subject, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you.

  • Right to Rectification: You can ask us to correct inaccurate or incomplete data.

  • Right to Erasure ("Right to be Forgotten"): You can request that we delete your personal data, provided it is no longer required for legal obligations or contract performance.

  • Right to Restrict or Object to Processing: You can object to data processing for direct marketing or request restrictions on how we use your data.

  • Right to Withdraw Consent: If processing is based on your consent, you can withdraw it at any time via the unsubscribe link in our emails or by contacting us directly.

To exercise any of your rights, please send a written request to our email address listed in Section 1.

8. Use of Cookies

Our website uses cookies to enhance your browsing experience, analyze site traffic, and optimize our marketing efforts. You can manage or disable your cookie preferences directly through your web browser settings at any time.

9. Right to Lodge a Complaint

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a formal complaint with the competent supervisory authority. In Finland, this is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto).