Privacy Statement for the S Group’s feedback register
1. Controller
SOK
CORPORATION
Postal address: P.O. Box 1, 00088 S GROUP, Finland
S Group’s co-op member service: +358 10 76 5858
Street address: Fleminginkatu 34, FI-00510 Helsinki, Finland
Business ID 0116323-1
2. Keeper of the register
Tea Valjakka
3. Name of register
S Group’s feedback register
4. Purpose of processing personal data
The information given by you on the feedback form will be stored in the S-Group's feedback register. The register will store the information you have given on the feedback form and this will be used solely for responding to the feedback, for producing services or for operational development. The information you provide on the feedback form will not be used for direct marketing. You may also give feedback on the form entirely anonymously.
5. Basis for processing personal data
The basis for processing personal data is consent.
6. Personal data processed
Only the information provided by you on the feedback form and any attachments to the feedback, will be stored in the feedback register. The feedback form includes for example the following fields: given name and family name, street address, postcode, post office, email address, phone number, membership number, the message submitted, and the requested form of contact. The information identifying a person will be deleted from the register as soon as they are no longer needed for the handling of the feedback.
7. Source of information
The person providing the feedback will also submit the personal data.
8. Receivers of the information
Data may be submitted to organisations within the S-Group to which the feedback is addressed, or that are subjects of the feedback. If your feedback concerns a partner of the S-Group, the information you provided on the feedback form may be submitted to that partner for the purpose of processing your feedback. Otherwise the information you provided on the feedback form will not be disclosed to any third parties.
Data may be submitted to authorities to the extent allowed and required by the valid legislation.
9. Transfer of personal data to third countries or international organisations and guarantees of protection used
Personal data in the feedback register can be transferred outside the EU or the EEA when it is necessary for the technical implementation of personal data processing. Such incidents only include processing customer feedback regarding Sokos Hotels in St Petersburg in those hotels. Our maintenance or technical support service partner is, with relevant agreements, committed to following EU model agreements.
10. Duration of storing personal data
The personal data is stored for one year, after which it is made anonymous.
11. The data subject’s rights
Everyone entered in the register has the right to receive information about what personal data is collected, to what purposes it is used, what is the legal basis for processing the data, and to which receivers data is disclosed.
You have the right to receive confirmation of whether your personal data is processed. If your personal data is processed you have the right to receive a copy of your personal data.
You have the right to require corrections to any inaccurate and incorrect information about you, and you have the right to have incomplete personal data completed.
You have the right to request that your personal data is removed without inappropriate delays. Removal required that one of the following conditions is met:
- The personal data is no longer needed for the purposes for which they were collected or for which they were otherwise processed
- You cancel the permission the processing has been based on, and there are no other legal grounds for processing
- The personal data has been processed in an unlawful way
- The personal data has to be removed to fulfil a statutory obligation in accordance with EU law or international legislation
If the processing of the personal data is based on the controller’s legitimate interest, you have the right to request that the data processing is limited, if one of the following conditions is met:
- You deny the accuracy of the personal data
- The personal data has been processed in an illegal way, and you object to removal of the personal data
- The controller does not need the personal data in question for the processing purposes, but you need them for making, presenting or defending a legal claim
You have the right to cancel the permission you have given for processing your personal data at any time, without it affecting the legality of the processing done based on your permission before this.
You have the right to receive the personal data about you that you have provided yourself in a structured, commonly used and machine-readable format, and the right to transfer the data to another controller.
If you wish to exercise your rights or to get more information about the processing of your personal data, please contact the controller mentioned in this statement in writing:
S-Asiakaspalvelu Oy
P.O. Box 78
00088 S GROUP, Finland
Indicate on the envelope: feedback/request for inspection, feedback/request for correction or feedback/request for removal
or
scanned to the following email address: tietosuoja.asiakkuus@sok.fi
In addition to name, other information identifying the feedback based of which the feedback given by the customer can be searched for should be provided with the request for inspection, correction or removal
You also have the right to file a complaint with the supervisory authority if you consider that the processing of the personal data does not follow the applicable data protection regulation
12. Key information for automated decision-making or profiling
No automated decision-making or profiling is associated with the personal data processing.
13. General description of technical and organisational safety measures
We will protect the personal data for the whole duration of their life cycle by using appropriate data protection and data security measures. S Group protects personal data, for example, by preventive risk management and safety planning, protection measures for data communication and by using secure equipment facilities, access control and security systems. Giving and controlling user rights is well managed. We regularly train our personnel participating in the processing of personal data and ensure that also the personnel of our partners understands the confidential nature of personal data and the importance of secure processing. We choose our subcontractors carefully. We continuously update our internal policies and instructions. If, in spite of all our safety measures, personal data ends up in the wrong hands, it is possible that the identity is stolen or that the personal data is misused in any other way. If we observe such an event, we will immediately start an investigation and will try to prevent any damage. We will inform the necessary authorities and the registered persons about the data breach in compliance with the requirements of the legislation. The file is stored in electronic format, and it is protected from unauthorised access using firewalls, passwords and other technical measures. Only designated persons bound by an obligation of secrecy are allowed access to the data contained in the file. No hard copy of the register file exists.