Privacy Policy

PRIVACY POLICY (Updated 27.11.2024)

• Elämys Travel Design Oy (Menestys Business Travel, Menestys Events)
• Elämys Hub Oy (Elämys Sport, Elämysmatkat)

• Managing customer relationships within Elämys Group.
• Marketing and offering services to customers.
• Business planning and development.

• Performance of a contract, e.g., for providing services.
• Legitimate interest, e.g., marketing to existing customers.
• Consent, e.g., sending newsletters and marketing messages.

• Personal information: First and last name, date of birth, gender, language.
• Contact details: Address, phone number, email.
• Customer-related information: Start date of customer relationship, order details, newsletter subscription.
• Marketing data: Marketing permissions and restrictions.
• Online service data: Saved shopping cart details, order history.
• Customer-provided preferences: Interests such as travel themes, destinations, activities, or preferred travel times.

• Customers themselves via phone, email, online services, or customer events.
• Update services such as the Population Information System.

• Elämys Group partners (e.g., accommodation, transportation, and event service providers), but only to the extent necessary for service fulfillment.
• Personal data will not be transferred outside the EU or EEA without appropriate safeguards, such as standard contractual clauses approved by the EU Commission.

• Customer relationship data: Stored for the duration of the customer relationship and for a reasonable period thereafter.
• Marketing data: Retained until the customer withdraws consent.
• Interest data: Retained according to customer consent.
• Billing and contractual data: Retained for at least six years in accordance with accounting regulations.

• Right to access: Data subjects may request access to their personal data. The data controller will provide a copy in compliance with GDPR.
• Right to rectification: Data subjects can request the correction or updating of inaccurate information.
• Right to be forgotten: Data subjects may request the deletion of their data. However, this right does not apply when legal obligations (e.g., under the Package Travel Act or accounting laws) require data retention. In such cases, data is deleted once the retention period expires.
• Right to restrict processing: Data subjects can request restrictions on processing, for instance, if data is incorrect or if the legality of processing is disputed.
• Right to object: Data subjects may object to the processing of their data, particularly in relation to direct marketing. They can remove themselves from the marketing register via an unsubscribe link in newsletters or by contacting the data controller.
• Right to data portability: This right generally does not apply to travel services, as personal data is not processed in a way that meets the criteria of GDPR Article 20.
• Right to lodge a complaint: If a data subject believes their personal data has been processed unlawfully, they may file a complaint with the Data Protection Ombudsman.