Privacy Notice – The Torby Hotel

Effective Date: 1 July 2024

We are committed to protecting the privacy of our customers at the hotel and visitors who use our website. This Privacy Notice informs you how Fiskars Corporation (“we” or “Fiskars”) process your personal data. For the purposes of this Privacy Notice, we are the controller.

We believe that you should know what personal data we collect, and how you can affect the collection and use of your personal data. In this Privacy Notice we explain the purposes of collecting and use of your personal data as well as how we have ensured that you have adequate control over your own personal data.

We recommend that you read this Privacy Notice carefully as it provides important information about the personal data that we collect. 

Should you have any questions, requests or concerns, you can at any time contact us at:

  1. What data do we collect?
  2. How do we use your personal data?
  3. For how long is your data stored?
  4. In what situations is your personal data disclosed to other parties or countries?
  5. On what lawful basis do we process your data?
  6. Do we process the personal data of children?
  7. How do we protect your data?
  8. What are your rights and options and how can you use them?
  9. Do we use cookies?
  10. Changes to this Privacy Notice

1. What data do we collect?

We may collect the following information:

  • Hotel room booking information (please note that you may have provided some of the following information to us via third party online booking service) and information provided at check-in and check-out: 
    • your full name, ID, contact details (email address, phone number, address), personal identification number / date of birth, nationality, country from which the hotel guests has traveled to Finland, passport/travel document number, arrival and departure date, reason for stay (leisure, work, meeting, other purpose), full name and personal identification number / date of birth of spouse and underaged children accompanying you, signature, other reservation related information (such as hotel room preferences), possible health related information (if you have provided information e.g., on allergies), any consents (e.g., marketing consent;
  • Meeting room booking information: name, contact details (email address and phone number), payment or invoicing details, time of booking, number of participants, information concerning any booking related services and any consents;
  • Customer communications and feedback (if you are in contact with us);
  • Your participation in and interaction related to our promotions and contests;
  • Any information provided by you to our personnel during your visit;
  • Payment/invoicing/gift card information. Please note that we do not directly collect payment information. All payment data is securely collected and processed by authorized third party payment service providers on our behalf;
  • Surveillance camera recordings captured by cameras placed within the hotel premises;
  • Information processed in connection with security services, such as handling request to open a door (if locked outside) or when managing disturbances or alerts at the hotel  

Information that may be collected when our websites or interactive products or services are used, such as:

  • Booking information (please see the previous section for further information)
  • Your browser, operating system, device model, IP-address, time of access and duration of access;
  • Websites through which our website was accessed, pages on our website browsed by you, all other actions with our website during your website visit (e.g. interactions, referral sites, key search words);
  • Cookies and other identification tags;
  • Marketing information: the benefits, campaigns and services directed or offered to the customer and your use of them; and
  • Other information collected based on your consent.

2. How do we use your personal data?

We may collect your personal data to offer you our services. We also want to give you a smooth guest experience and operate and maintain our website and services effectively. In detail, we may process your personal data for the following purposes:

I. Processing bookings & managing check-in and check-out

We will process your personal data when you book a hotel room via our website, third party online booking service or by contacting us. Your personal data is processed to manage and confirm your booking, to send you necessary communication related to your booking (such as booking confirmation) and possible special requests as well as to charge you for the booking (if applicable at booking phase). 

Your personal data is also processed during check-in and check-out to manage your booking and hotel room keys, to collect a passenger card and to charge you for the booking (if booking is paid at the hotel). 

When you book a meeting room, we process personal data to manage and invoice your booking. 

II. Customer Service 

Our Customer Service team may process your personal data if you contact them. Your calls to the Customer Service team may be recorded, in which case you will be informed of such recording beforehand. We may connect the personal data collected by the Customer Service team with other personal data, such as your booking history, which enables us to provide you with as efficient and personal service as possible.

Sometimes Customer Service may need to verify that you are really you – for that purpose, we may need to ask for your official identification. 

III. Direct marketing

We may also use direct marketing e.g. by email, SMS or showing you digital advertisements, if you have given your consent for us to do so or if we have other legal basis for doing so. In addition, we may process your personal data to optimize our website and provide service recommendations to better meet your preferences. We may also evaluate the effectiveness of our marketing messages (e.g., whether you have opened any emails we have sent you and clicked on any content within those emails). 

Your personal data may be processed for the purposes of informing you about our products and services, announcing any new products and services or benefits available to you, and concluding market surveys, provided that we have first obtained any necessary consent. Such marketing may be carried out as follows:

  • Direct marketing through mail or telephone;
  • Electronic marketing such as emails and other electronic messages, including text messages; and
  • Digital online marketing (e.g. displays, SoMe, search engine marketing) – this is why you may see advertisements for our services on other websites.

IV. Events, campaigns, contest and sweepstakes

We may arrange contests and sweepstakes. If you participate in contest or sweepstakes organized by us, the data you have provided will be processed for the purposes of organizing and administrating the contest or sweepstakes, as well as communicating with you if you are the winner. We may also use your data for organizing events and campaigns – to identify you, verify your participation and also afterwards, if it is necessary to contact you after the event or campaign.

V. Product and service development
Product and service development is essential to us and enables us to provide our customers with ever better, more innovative and user-friendly products and services. We may process your personal data to both improve our existing products and services, and to develop new ones. We may analyze, derive information or draw inferences of your information we collect and create profiles based on your data.

Unless separately otherwise stated, we may connect any feedback and communication received from you with your other information, including your responses to surveys or panels. The processing of personal data collected through such research, panels and surveys is governed by this Privacy Notice.

Such measures may include, for example:

  • Surveys/research conducted via our website: We may use questionnaire tools on our website from time to time to improve our customer experience.
  • Research/surveys sent via email or SMS: We may, from time to time, send you surveys via email or SMS concerning our services, always subject to compliance with this Privacy Notice and the requirements of applicable law.

We use aggregated and/or anonymized data for reporting purposes. Such data have been aggregated and/or anonymized and cannot be used to identify you. We use such data to analyze the realization of our commercial objectives, such as effectiveness of our campaigns.

VI. Safety and security 

There are surveillance cameras at the hotel premises to ensure safety of the hotel guests and employees, to protect the property and to prevent and investigate incidents and criminal cases. Surveillance camera video recordings include personal data.

Guards can also access hotel premises, if needed, to open a door for a hotel guest (if locked outside) or to handle disturbances at the hotel. 

VII. Complying with legal obligations

We also need to process personal to comply with our legal obligations, such as:

  • As an accommodation business operator, we are required to collect and store passenger cards of the passengers arriving at the hotel. We are also obligated to submit the passenger details of foreigners to the competent police department and, upon police’s request, also details of other passengers, if it is necessary for performing police’s official duties;
  • We must process and store data (which may include personal data) to comply with bookkeeping requirements.

VIII. Detection, investigation and prevention of unlawful activities

We may use your data for investigating suspected unlawful activities. We may also provide your information to law enforcement authorities based on their request or based on a legal basis defined in any applicable law, for prevention and investigation of fraud and other unlawful activities. We may disclose your personal data to any party in response to an order from a court of competent jurisdiction.

3. For how long is your personal data stored?

Passenger cards are stored for one year after signing. Passenger information included in the passenger register is stored for one year after collection.

Other customer information may be stored for as long as it is necessary for the purpose of collection plus the applicable period for limitation of legal claims, and any additional periods required or permitted under applicable law. We may retain your personal data for the duration of any period necessary to establish, exercise or defend any legal rights.

Video surveillance recordings are stored for 2-3 months. However, the recordings can be stored for longer if needed for investigation purposes or to establish, exercise or defend any legal rights.

We may also have specific data retention periods for campaigns or promotions. If we have, for example, communicated that your data will be stored only for the duration of the campaign and a 60-days defined period thereafter, we apply this specific retention period.

4. In what situations is your personal data disclosed to other parties or to other countries?

We do not disclose or transfer your data to third parties, except for processors, approved third parties and competent authorities. We do not sell, lease or rent your data. Your data are adequately protected if transferred internationally. 

We disclose your personal data to the parties indicated below and for the following reasons:

  • Affiliates, approved partners and processors
    We may disclose your personal data to Fiskars Group companies and authorized third party vendors and partners which process the data on our behalf or as our partners. Such disclosures may include payment services providers, online booking services, customer service teams, and companies that analyze and manage data for us, conduct credit checks, market research and marketing campaigns. These authorized third parties may use your data to perform contracted services and to employ reasonable and appropriate security measures to protect your data.
  • International transfers
    Our services may be provided using resources and servers located in various countries, partly outside of the EU/EEA. Therefore, your personal data may be transferred across international borders outside the country in which you use our services. If personal data is transferred outside the EU/EEA, we will ensure that transfer is based on one of the transfer principles and bases provided for in Chapter V, General Data Protection Regulation.
  • Disclosures and requests based on legislation and protection of our interests

As an accommodation business operator, we are obligated to submit the passenger details of foreigners to the competent police department and, upon police’s request, also details of other passengers, if it is necessary for performing police’s official duties.

We may provide personal data, such as video surveillance recordings, to competent authorities subject to applicable laws (e.g., for investigation purposes in criminal cases).

We may be required by the binding requirements of applicable law, or for the purposes of responding to legal proceedings or other lawful requests, to disclose your personal data to authorities or third parties. We may also disclose or otherwise process your personal data, in accordance with applicable law, to defend our legitimate interests (for example, in civil or criminal legal proceedings) and when combating fraud.

  • Mergers and acquisitions
    In the event of any sale, consolidation or reorganization of our businesses (for example mergers and acquisitions), we may disclose your personal data to prospective or actual purchasers or their advisers, with adequate protections, where appropriate.

5. On what lawful basis do we process your personal data?

We collect and process your personal data based on one or more of the following legal bases:

  1. we have obtained your consent (written, verbal or online) to the processing of your personal data – for example if you have provided us any health-related information (such as related to allergies) or you have given consent for receiving marketing messages. You have a right to withdraw your consent to the processing of your personal data, at any time, by contacting;
  2. the processing is necessary in connection with any contract between Fiskars and you – for example, if you have booked a hotel room or meeting room; 
  3. we have a legitimate interest – for example in carrying out the processing for the purpose of managing, operating or promoting our business or protection of people and property from crime; and that legitimate interest is not overridden by your interests, fundamental rights or freedoms; or
  4. we have a legal obligation to process your personal data – for example collection and storing of passenger cards.

6. Do we process the personal data of children?

We process data related to underaged children travelling with you. During check-in we collect the full name and personal identification number or date of birth of underaged children accompanying you. Image of underaged children may also be captured by the video surveillance cameras within the hotel premises.

7. How do we protect your personal data?

We have implemented a variety of appropriate technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access, and other unlawful or unauthorized forms of processing. The safeguards include, for example, firewall protection of our systems and storing physical documents in locked premises. Further, the databases and their backup copies can be accessed only by certain pre-designated persons; all persons processing personal data will need to have an individual accreditation; only specifically authorized personnel of ours or authorized third parties are entitled to access our premises or process data; and anyone who is granted access to your personal data is required to keep such data confidential. Different levels of access have been created based on the type of data a person needs to access or process according to his/her job description. 

8. What are your rights and options and how can you use them?

We hope to ensure that the personal data we process are accurate at all times and therefore we encourage you to update your information as necessary when any changes occur.

You may choose not to provide your personal data to us
Some features of our websites and other services may not be fully available to you if you choose not to give us your personal data (e.g., we may not process your bookings without the necessary details).

You may access your data
You may request access to, or copies of, your personal data. You may also have information regarding the nature, processing and disclosure of your data. You may contact to request a copy.

You may unsubscribe from direct marketing
We include an unsubscribe link in all electronic marketing messages we send to you. You may withdraw your consent to direct marketing at any time. If you do so, we will promptly update our databases, and will not send you further direct marketing, but we may continue to contact you to the extent necessary for the purposes of any products or services you have requested.

You may check and edit your personal data
You may contact to request correction, removal or completion of the information which is incorrect, unnecessary, lacking or outdated.

You may block and delete cookies
You have a right to choose which cookies you accept, and amend your choice afterwards. Please visit our Cookie Notice to read more. 

You may request the erasure or restriction of processing your data or object processing
Should you believe that your personal data is inaccurate, the processing of it is illegal, we are not processing your data in accordance with the processing purpose, or you want to object the processing, you may contact to request the erasure of or restrictions on the processing of your data. Please note that we will investigate your request reasonably promptly, before deciding what action to take.

You may withdraw your consent
You may at any time withdraw your consent to the processing of your personal data. If your consent is withdrawn, it does not prevent us from processing your personal data based on other lawful bases, such as for requirements set forth for us under applicable laws. The withdrawal of consent does not affect the lawfulness of any processing performed prior to the withdrawal.

You may have your data transferred to another provider
You may have the right to data portability, which means you may have your personal data transferred to another controller in a structured, commonly used and machine-readable format, to the extent applicable.

You may lodge a claim with the supervisory authority
Should you believe that our processing of your personal data infringes your legal rights, you may lodge a claim with your local supervisory authority. Please do see a list for supervisory authorities’ websites here.

Please note that upon exercising any of the rights listed above, you may be requested to provide additional information for identification purposes. Such additional information shall not be used for any other purposes.

9. Do we use cookies?

We use cookies on our website. You may block the cookies from your browser settings, but some functions of the websites may not work properly without the cookies. For further information, please see our Cookie Notice.

10. Changes to this Privacy Notice

We may update this Privacy Notice from time to time and communicate the changes on this site. When we post changes to this Privacy Notice we will modify the ”Effective Date” at the top of this Privacy Notice to indicate when such changes have come into effect.