General Data Protection Regulation

General Data Protection Regulation

Best Western Hotel Apollon customer register

Under the Data Protection Regulation, the data controller has a duty to clearly inform data subjects. This leaflet fulfills the information obligation. By using our website or mobile application, providing personal information to Service Restaurants Oy or otherwise expressing your consent to the receipt of marketing or other information from us, you agree to all uses of your personal information mentioned in this privacy statement.

If you do not accept the terms of the privacy policy, do not use the website or provide any personal information to GF Finance Oy through the website or in any other way.

1. The controller GF Finance Oy (0108432-2) Asemakatu 31-33, 90100 OULU Contact information for the register Pia Arolaakso This email address is being protected from spambots. You need JavaScript enabled to view it.
2. Registered
3. Grounds for and purpose of keeping the register
Grounds for keeping the register:
GF Finance Oy acts as a registrar with regard to the processing of personal data, for example in connection with hotel reservations, and the collection and processing of personal data in the customer register is based on the customer relationship of consumer customers and business customers with Service Restaurants Oy. Customer data is processed on the basis of consent when registering on its website ( In this context, personal data means any information that can be linked, directly or indirectly, to a natural person.
Personal information is used: 1. customer relationship management and administration such as handling customer bookings and orders. 2. Communicate via SMS, mobile apps, email or newsletter app. 3. processing of bookings made by the customer. 4. maintenance and development of services. 5. sales and implementation of services. 6. the processing of personal data in connection with payment, invoicing and the control and recovery of payments 7. analysis and profiling of customer or other registered behavior electronic direct marketing, marketing, targeting of advertising in our company's own and on behalf of our company online services operating on the basis of a contract. 8. we process personal information collected by Best Western International, Inc. in the BEST WESTERN REWARDS® (“BWR®”) program that uses our services. Processing of business contact information The controller shall process the following personal data in respect of its business customers: Name, address, e-mail address, telephone number of the contact person of the business customer Prohibited information on direct advertising, distance selling and other direct marketing provided by the company's contact person, as well as any customer feedback and complaint information We will protect your privacy and comply with applicable law to protect you as an individual. Changes to this privacy statement can be made by publishing the new terms and conditions on the Best Western Hotel Apollo website We recommend that you use our website regularly and take note of any changes to this leaflet.


4. Information to be stored in the register

The registrar collects and processes the following personal and other information about its customers:
Booking system:
Customer's first and last name, date of birth, address, telephone number, email address, citizenship, Default language, booking information, customer payment information, billing information, possible late payment information, membership information (BWR), travel information, employment, emergency contact information and other information affecting your stay with us (such as room special requests, allergies, accessibility issues), any special diet information *. Information on consent to electronic direct marketing.

* We only use special diet information for the preparation and serving of food and the information will not be kept in our register for longer than necessary.
IP address at the time of signing up and subscribing to the newsletter, user ID, e-mail address and information on consent to electronic direct marketing. Service Restaurants Oy uses cookies in its digital services, which are communicated in connection with the use of the service.
Site functionality and security
IP address for real-time activity and security monitoring
GF Finance Oy uses cookies in its digital services, which are communicated in connection with the use of the service. See Section 12. Cookies.
5. Rights of the data subject
Right of inspection
The data subject can check the personal data we have stored.
Right to rectification
The data subject may request the correction of incorrect or incomplete information concerning him.
Right to object
The data subject may object to the processing of personal data if he or she feels that the personal data has been processed unlawfully.
Prohibition of direct marketing
The data subject has the right to prohibit the use of the data for direct marketing. The registrant also has the option to change or prohibit direct marketing through the website.
Right to delete data
The data subject has the right to request the deletion of data if it is not necessary to process the data. We will process the deletion request, after which we will either delete the data or state a valid reason why the data cannot be deleted. You can delete a website newsletter via the link included in the newsletter.
It should be noted that the controller may have a statutory or other right not to delete the requested information. The registrar has e.g. the obligation to keep the accounting material in accordance with the period (10 years) specified in the Accounting Act (Chapter 2, Section 10). Therefore, accounting material cannot be deleted before the deadline.
Withdrawal of consent
If the processing of personal data concerning the data subject is based only on consent and not, for example, on the basis of customer relationship or membership, the data subject may withdraw the consent.
The data subject may appeal against the decision to the Data Protection Officer
The data subject has the right to demand that we therefore limit the processing of the disputed data until the matter can be resolved.
Right of appeal
The data subject shall have the right to lodge a complaint with the competent supervisory authority if the data subject considers that the controller has not complied with the applicable data protection rules.
In matters relating to the processing of personal data and in situations involving the exercise of his or her rights, the data subject may contact the controller's contact person referred to in paragraph 1. A request for the right of inspection or any other request for the exercise of the data subject's rights to the controller must be made in writing, either by e-mail or post. The request may also be made in person at the controller's office. The controller may ask the data subject to specify in a sufficient manner which data or processing operations are the subject of the data subject's request.
In order to ensure that personal data are not disclosed to a non-data subject in connection with the exercise of the data subject's rights, the controller may, if necessary, request the data subject to submit a signed request for verification. The controller may also ask the applicant to prove his or her identity by means of an official identity card or other reliable means.
6. Regular sources of information
Customer information is obtained regularly:
Register information is collected in the event of a booking by telephone, e-mail or via Internet sites and booking agents. The registry information is updated with the customer's own notification. In addition, the information is updated from the registers of Formia Future Oy and its subsidiaries (Sarmasol Oy and Apollo Henkilöstövuokraus Oy).
7. Regular disclosures
We provide information for the use of Formia Future Oy and its subsidiaries (Sarmasol Oy and Apollo Henkilöstövuokraus Oy) for customer service. Formia Future Oy and its subsidiaries (Sarmasol Oy and Apollo Henkilöstövuokraus Oy) are committed to complying with the requirements of the Data Protection Regulation.
Information may be disclosed to public authorities on the basis of their legal requests for information.
8. Duration of processing
The customer's personal data in the customer register is processed during the customer relationship. The registrar considers the customer relationship to have ended if the customer has not used the services of the company that is the registrar for 3 years. The time is calculated from the end of the calendar year in which the customer last used the company's services.
However, after the termination of the customer relationship, the data may be stored and processed if it is necessary for the handling of complaints. The retention period of information in the customer register also complies with the retention periods required by law, such as the Accounting Act. The retention period of accounting material is provided for in the Accounting Act 2:10 and the information required by the Accounting Act is retained for as long as required by the Accounting Act.
The contact information of corporate customers is deleted in a similar way after the company's customer relationship is considered terminated. However, the data may then be retained if there is another reason to do so.
During the customer relationship, only information that is necessary for the defined uses is processed. The controller shall carry out regular periodic inspections to remove unnecessary information.
9. Processors of personal data
The controller and his staff process personal data. We may also partially outsource the processing of personal data to a third party, in which case we guarantee through contractual arrangements that the personal data will be processed in accordance with applicable data protection legislation and otherwise in an appropriate manner.
10. Data transfer outside the EU
Personal data will not be transferred outside the EU or the European Economic Area unless the customer joins the Best Western Rewards Loyalty Program (BWR). The Loyal Customer System is operated by Best Western International (BWI), which respects the Privacy Shield between the United States and the European Union and the Privacy Shield between the United States and Switzerland, as required by the US Department of Commerce for the collection and use of personal information in the European Union and Switzerland. .

BWI has sent its own Declaration of Conformity that it complies with the Privacy Shield -
the principles of privacy statement, selection, transmission, data security, data integrity, availability and enforcement. For more information about the Privacy Shield program, visit

http://www.privacyshield.govand also view the BWI Declaration of Conformity as soon as it is approved by the U.S. Department of Commerce. Please note that if BWI violates the Privacy Shield, the U.S. Federal Competition Commission and / or the U.S. Department of Commerce may initiate an investigation into the violation.

11. Automatic decision making and profiling
We do not use the information for automatic decision making, but we do use profiling to identify registrants ’personal profiles, online behavior, age, consumption habits. We can use this information to target marketing and develop services.
12. Cookies
We use cookies:
- improving the user experience of the website,
- remembering your personal settings,
- providing relevant content and information (eg targeted advertising),
to ensure the security of websites, and
- to collect statistics on the use of our websites and to measure the effectiveness of advertising.

What cookies do we use?
We use the following cookies on our website:
Functional cookies
Functional cookies are necessary to use the website and its features. For example, cookies are used to remember login information and language settings. Functional cookies can also be used to personalize websites.

Behavioral cookies
These cookies collect anonymous statistics about how people use the website. For example, they can help us understand how users use our website and what the most popular parts of our website are.

Targeted advertising cookies
These cookies collect information about your browsing activities. They are used to make advertising more interesting and better suited to your needs. We may also use these cookies to limit the number of ads that appear to you and to evaluate the effectiveness of advertising on the Website. Cookies are usually managed by a third-party ad network set so that you can provide your online activity on the basis of content of interest.

Other third-party cookies
We may also use social media cookies on our website. These cookies collect information about what you have done on social media websites such as Facebook, Twitter and LinkedIn. We are not responsible for such cookies. Carefully read the privacy policies of those third parties.

This site uses cookies to enhance the user experience and collect visitor statistics. When you use this website, you accept our use of cookies.