This is the privacy policy of the Company in accordance with the EU General Data Protection Regulation (GDPR).

Jyväskylä, April 15, 2021

1. Controller

Time Hostel & Apartments Finland Oy (hereinafter referred to as Time Hostel)
Business ID: 1003701-8
c/o Family Saxberg Nisulankatu 56 40720 JYVÄSKYLÄ

Name of the register: Customer and stakeholder register of Time Hostel

2. General information

In order to serve You to the best of our ability, it is necessary for us to collect and process data pertaining to You. We do however value Your privacy and are thus committed to protecting it within our activities in a responsible and confidential manner. This privacy policy contains information regarding the personal data pertaining to You we collect, the principles we follow while processing said data, and your rights pertaining to and control over Your data. Time Hostel processes personal data pertaining to You in accordance with this privacy policy and the applicable legislation. We reserve the right to update this privacy policy as we develop our operation further or where legislation is amended requires us to do so. Thus, we hope that You review the contents of this privacy policy regularly. By using our services or websites or by contacting us, You accept that we process personal data pertaining to you in accordance with this privacy policy. If You do not accept these conditions, we may not be able to serve You.

3. Legal basis and purpose of the processing of personal data

The processing of personal data is based on Time Hostel’s legitimate interest, agreement, or another relevant connection. The intended use of the personal data is the management, maintenance, development, and analysis of, as well as the compilation of statistics on the relationship between Time Hostel and its customers and partners Furthermore, the data may also be used for marketing, customer segmentation, and profiling. The data may also be used for the planning and development of Time Hostel’s business activities and services. The data shall not be used for automated decision-making or profiling.

4. Sources of information and information content of the register

The information in the register is collected regularly from the customer at the time of conclusion of an agreement and during it. Information may also be collected from customers’ websites and brochures and on autonomous basis. In addition, information stored in the register is sourced from, among other things, messages sent via online forms (www), by email, by telephone, through social media services, from agreements, meetings with customers, and other situations where customer disclose their information. Personal data may also be collected and updated from the population register, credit information register, and other similar public and private registers. We also collect information pertaining to the visitors to our website to allow us to analyze and further develop our website and its operation and to target suitable and personalized marketing to the visitors.

We use our register to store the following pieces of information, for example:

Person’s name, company, organization or association, and their position therein
Contact information (such as telephone number, email address, and address)
Contact information of the company (including address and email address information)
However, we restrict the collection data by our Company to information that is essential and necessary. Any pieces of information that are no longer necessary or have otherwise expired will be deleted. Personal data is only processed by members of our Company’s staff as part of their duties. We do not store Your personal data or any other information for longer than is necessary for our activities or is required or stipulated by an agreement or law. The storage periods of personal data may vary depending on the intended use and the situation. In general, data is only stored for as long as the data is needed for the maintenance of a customer or contractual relationship.

5. Regular disclosure of data and transfers of data outside the EU or EEA

Information shall not be disclosed to third parties. Information may be made public insofar as has been agreed to in advance with a customer or contractual partner. In addition, we may occasionally disclose our information under Finnish law. In general, information is not disclosed to parties outside the EU, but information may be transferred outside of the EU or EEA as well by the controller where necessary. Should that happen, we will ensure that the processing, transfer, and storage of Your data is carried out in accordance with the criteria required by law at each time and utilizing sufficient protective mechanisms.

6. Data protection principles

Due care and diligence are exercised during the processing of the register and the data processed using information systems is appropriately protected. Access rights to the registers are only granted to such persons for whose job descriptions the use of said registers is an essential requirement. Each person with access to a register uses their personal user ID and password to access the systems that are used to administer the data. Stored information, access rights to the registers, and any other information considered critical for the security of personal data is treated confidentially.

7. Right of access and the right to rectification

Each person, company, or association whose information is stored in the register has the right to review the information pertaining to them stored in the register and to demand the rectification of any incorrect information or the completion of any incomplete information pertaining to them. If a person wishes to review the information pertaining to them stored in the register or to demand rectification to said information, the request to do so must be sent to the controller in writing by email. The controller may request the applicant to verify their identity with a recognized identity document. The controller shall respond to the request within the time specified by the EU General Data Protection Regulation (in general within one month of receiving the request).

8. Other rights related to the processing of personal data

The data subject has the right to demand the erasure of any personal data pertaining to them from the register (“the right to be forgotten”). Similarly, any person, company, or association included in the register shall have the other rights provided by the EU General Data Protection Regulation, such as the right to restrict the processing of personal data in certain cases.

9. Contact person for register-related matters

Margo Saxberg
margo (at)
+358 50 349 7070