The traveller registers required by law are maintained by the cooperatives engaged in accommodation operations and Sokotel Oy for their own hotels. You can find the contact information for the cooperatives and Sokotel Oy here (please contact the company operating the hotel): Contact information of S Group’s data controllers.
The processing of traveller data and the keeping of a traveller register are based on the Act on Accommodation and Food Service Activities. The register is used to process the data of travellers checked in to the hotel as required by law.
Grounds for the processing of personal data
The Act on Accommodation and Food Service Activities 308/2006.
The personal data processed
The following personal data is processed in the traveller register:1) the traveller’s full name and Finnish social security number or, in the absence thereof, date of birth and nationality; 2) the full names and Finnish social security numbers of the spouse and underage children accompanying the traveller or, in the absence thereof, their dates of birth; 3) the traveller’s address; 4) the country from which the traveller arrives in Finland; 5) the traveller’s travel document number when required by law; and 6) the date of arrival and departure of the traveller at the accommodation, if known. A group trip notification with the corresponding information is prepared for participants in a group trip.
Data source
The information collected is provided by the traveller by means of a traveller notification which the traveller or, in the case of a group trip, the group travel leader, fills in and confirms with their signature.The traveller data can be based on the information in the hotel reservation, which the guest completes with other information required for the traveller data file at check-in.
Recipients of personal data
Based on the information provided, the information in the customer register of the SOK Travel Industry and Hospitality Business can be checked and updated with the address, date of birth and accompanying persons information.In accordance with the Act on Accommodation and Food Service Activities, the accommodation operator must, notwithstanding the provisions on confidentiality, disclose traveller data concerning foreigners to the local district’s police department. The police also have the right to receive the data of other travellers if it is necessary for the performance of police duties. In cases separately specified by law, information is also provided to other authorities, such as the Border Guard, the Customs Service, the Rescue Authority, the Health Protection Authority or the Defence Forces.
Transfer of personal data to third countries or international organisations and data protection safeguards used
Personal data provided on a traveller notification will not be transferred outside the EU.
Period of storing personal data
The storage of traveller data takes place in accordance with the legislation in force at the time. Traveller notifications that form a traveller register are stored for one (1) year.
Rights of the data subject
The data subject has the right to verify the data concerning them by contacting the data controller.The information in the register is recorded by the traveller themselves and confirmed with their signature. The data subject’s right to demand rectification therefore only applies to the data transferred to the customer register.Traveller data is processed based on the law for as long as required by the Act on Accommodation and Food Service Activities. The data subject does not have the right to request their data to be erased for as long as the data is required to be retained by law.The data subject cannot object to the processing of their data for the purposes prescribed by law. If a traveller does not wish to provide the information required by law, this will prevent the stay at the hotel in question.Direct marketing is not carried out based on the data in the register.
General description of technical and organisational security measures
At S Group, we protect personal data with, among other things, anticipatory risk management and security planning, data communication protection means, the continuous maintenance of information systems and backups, and by using secure hardware facilities, access control and security systems. The granting and monitoring of user rights is a well-managed process. We regularly provide training for our personnel who participate in the processing of personal data. We select our subcontractors with care. We continuously update our internal practices and guidelines. Paper traveller notifications are stored in a locked space accessible only to a limited number of the unit’s staff.If, despite all of our safeguards, we detect a data security breach concerning personal data, we will immediately begin investigating the matter and strive to prevent any damage. We will inform the relevant authorities and data subjects of any data security breaches in accordance with legislative requirements.
