Registry and Privacy Statement

This is the privacy and data protection policy of Anttooran Lomakylä Oy, in accordance with the Personal Data Act (sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Created on December 27, 2019. Last amendment on July 18, 2025.

1. Data Controller

Anttooran Lomakylä Oy
2091745-7
Finnintie 33, 28900 Pori, Finland

2. Contact Person for Register Matters

Hardy Dieter
+358 40 555 2553
info@anttoora.com

3. Name of the Register

Customer and Surveillance Camera Register of Anttooran Lomakylä

4. Legal Basis and Purpose for Processing Personal Data

The purpose of processing personal data in the customer register is to maintain contact with customers and manage customer relationships.

No automated decision-making or profiling is carried out.

The purpose of camera surveillance is to:

  • protect the property of the holiday village
  • prevent and investigate crimes and vandalism
  • ensure the safety of customers and staff

The processing is based on the legitimate interest referred to in Article 6(1)(f) of the GDPR.

5. Contents of the Register

The customer register may contain the following information:

  • contact information obtained from contact forms
    • person’s name
    • phone number
    • email address
    • address
  • network connection IP address
  • analysis and profile information (Google Analytics)
  • information on ordered services and their changes
  • billing information
  • other information related to the customer relationship and ordered services

Camera surveillance register may include:

  • Video recordings of individuals and vehicles in surveillance areas
  • Time and location of the recordings
  • No facial recognition or other automated profiling is used

6. Regular Sources of Information

The information stored in the customer register is obtained from the customer, for example, from messages sent via web forms, email, telephone, social media services, contracts, customer meetings, and other situations in which the customer discloses their information.

Camera surveillance data is collected from the surveillance system installed in the outdoor areas of the holiday village.

7. Cookies Used by Our Website

We use cookies on the anttoora.com site to maintain the user session. A cookie is a small text file sent to the client’s browser, usually containing an anonymous identification number. The pages can also be used without cookies, but some features may not function.

By using the site, you consent to the use of the aforementioned cookies. If you no longer wish to accept the use of cookies, you can disable cookies by changing your browser settings.

Our site uses Google Analytics to gather statistical analytics on website visits.

Google Analytics (Visitor statistics tracking)

8. Regular Disclosures of Information and Transfer of Data Outside of the EU or EEA

Customer register data is not regularly disclosed to third parties. Data (e.g., photos taken by customers) may be published if agreed upon with the customer.

Customer data may be transferred outside the EU or EEA by the data controller.

Anttooran Lomakylä does not regularly disclose customer data to third parties or transfer it outside the EU or EEA.

Camera surveillance recordings may be disclosed to authorities (e.g., police) when required by law. Data is not disclosed for commercial purposes. Camera surveillance data is not transferred outside the EU or EEA by Anttooran Lomakylä.

9. Principles of Register Protection

Care is taken in the processing of the register, and data processed via information systems is appropriately protected. When register data is stored on internet servers, the physical and digital security of the hardware is ensured. The data controller ensures that stored data, server access rights, and other critical personal data are handled confidentially and only by employees whose job description includes such tasks.

Camera surveillance recordings are retained for a maximum of 30 days unless needed for investigating a crime or for another legal purpose.

10. Right of Inspection and the Right to Demand Correction of Information

Every individual in the register has the right to check their stored information and demand the correction of any incorrect information or the completion of incomplete information. If an individual wishes to check the information stored about them or demand a correction, the request must be sent in writing to the data controller. The data controller may ask the requester to prove their identity if necessary. The data controller responds to the customer within the timeframe stipulated by the EU data protection regulation (generally within one month).

11. Other Rights Related to the Processing of Personal Data

An individual in the register has the right to request the deletion of their personal data from the register (“the right to be forgotten”). Similarly, registrants have other rights according to the EU General Data Protection Regulation, such as the right to restrict the processing of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may ask the requester to prove their identity if necessary. The data controller responds to the customer within the timeframe stipulated by the EU data protection regulation (generally within one month).