Last updated: May 23 2018<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
Your privacy is important to us. This Privacy Policy explains what personal data we collect from you and how we use it. Personal data is any information that can be used to identify a person (called \u201cthe User\u201d).<\/p>\n<\/div>\n
DATA CONTROLLER<\/h3>\n
The data controller in accordance with applicable data protection laws is XC Chamonix (Menalab Oy \/ hereinafter together \u201cXC Chamonix\u201d, \u201cwe\u201d, \u201cus\u201d or \u201cour\u201d). XC Chamonix is responsible for ensuring that processing of personal data complies with this Privacy Policy and applicable data protection legislation. The solutions XC Tenerife provides (including the invoicing solution) will be referred to as the \u201cService\u201d.<\/p>\n
Contact details of the controller:<\/p>\n
Menalab Oy<\/p>\n
00510 HELSINKI FINLAND
\nTel. +358 (0) 45 11 04 121<\/p>\n
Contact person in matters regarding this Privacy Policy is Sari Kupari, (Tel. +358 (0) 45 11 04 121, email\u00a0info@xctenerife.com<\/a>).<\/p>\n<\/div>\n We collect and process personal data of the User through different means which are explained below.<\/p>\n Most of the personal data we process is collected directly from the User. We may also collect personal data in the process of providing the Service. We also use publicly available sources to verify the accuracy of the personal data we collect, such as the address service provided by the Finnish Post and the Population Register Centre.<\/p>\n Data the User provides as part of the contacting, enquiery, booking or invoicing<\/b> The User also has the possibility of providing us with other personal data to interact with the Service, such as:<\/p>\n Providing this personal data is optional and is not needed to proceed with a booking or byuing a service \u2013 however, such personal data may be needed to get full advantage of the features of the Service.<\/p>\n<\/div>\n We may also collect data automatically when the User uses our Service.<\/p>\n Payments of the User\u2019s within our service are made via external payment providers: Woocommerce, Stripe and Osuuspankki. We use secure and transparent payment methods with these providers and we do not store any card details in our system. Payment providers only provide us with tokens, and we process payments via tokens. Validity of these is checked when payment is processed<\/p>\n <\/p>\n<\/div>\n We process personal data for three main purposes.<\/p>\n Service provision\u00a0<\/b> Service development and research<\/b> Marketing and communications<\/b> We may disclose personal data to third parties:<\/p>\n XC Tenerife does not sell personal data of Users to third parties.<\/p>\n<\/div>\n In general, we do not transfer personal data of Users outside the EU\/EEA. However, some of XC Tenerife’s trusted service providers operate in the United States. When these service providers provide services to us, we may need to transfer some personal data of the Users to the United States. In these cases, our service providers have committed themselves to safeguards that are required by European data protection laws to provide adequate level of data protection, such as the Privacy Shield.<\/p>\n<\/div>\n The User\u2019s personal data will be retained only for as long as necessary to fulfil the purposes defined in this Policy. When the User\u2019s personal data is no longer required by law or rights or obligations by us or the User, we will delete the personal data. For example, when the User has not used our services for the time that is not relevant anymore for future services or invoicing, the data is deleted without delay from the Service. In this case, due to technical reasons, the personal data will be retained in our backups up to one year before it is deleted.<\/p>\n<\/div>\n The User has a right to access personal data we hold about the User. The User may access, correct, update, change or remove personal data at any time. However, certain information is strictly necessary in order to fulfil the purposes defined in this Policy and may also be required by law. Thus, the User may not remove such personal data.<\/p>\n The User has a right to object for certain processing, such as profiling for marketing purposes. To the extent required by applicable data protection law, the User also has a right to restrict data processing.<\/p>\n The User has a right to data portability, i.e. right to receive personal data in a structured, commonly used machine-readable format and transmit the personal data to another data controller, to the extent required by applicable law.<\/p>\n The User can correct, delete and otherwise handle personal data within the Service, or contact XC Tenerife\u2019s customer service team.<\/p>\n If the User finds that there is a problem with the way we are handling personal data, the User has a right to file in a complaint to the User\u2019s national data protection authority in the EU\/EEA. In Finland that is the Data Protection Ombudsman. Contact details of the Finnish Data Protection Ombudsman can be found through this\u00a0link<\/a>.<\/p>\n<\/div>\n Our Service is not directed to children under 16. If you become aware that a child under 16 has provided us with personal information, please contact us, simply send us an email at\u00a0info@xctenerife.com<\/a>.<\/p>\n<\/div>\n We use cookies and other similar techniques to provide the Service. Cookies are small text files placed on the User\u2019s device to collect standard internet log information. Certain functionalities of the Service require use of cookies. We use cookies to increase functionality of Service and to make it easier to use.<\/p>\n The User can set the User\u2019s browser not to accept cookies. The User can also limit the use of cookies or remove cookies from the browser. However, as cookies are part of how our Service works, limiting the use of cookies may affect the functionality of the Service.<\/p>\n<\/div>\n XC Tenerife takes security seriously. We take various steps to protect personal data from loss, misuse, and unauthorised access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.<\/p>\n To learn more about current practices and policies regarding security and confidentiality of personal data and other information, please see our also our partners policies;\u00a0Procountor<\/a>,\u00a0Google Business<\/a>,\u00a0Stripe<\/a>,\u00a0Woocommerce and WordPress<\/a>.<\/p>\n<\/div>\n We may change this policy from time to time. If we do, we will post a notification in the Service.<\/p>\n<\/div>\n<\/h3>\n
PERSONAL DATA WE COLLECT<\/h3>\n
\nWhen the User uses our Services, as contacts us or send an enquiry or books any of our services, we collect information that is needed for proceeding with the booking and\/or for invoicing. For these processes, we collect some basic personal data, such as:<\/p>\n\n
\n
DATA REGARDING THE USE OF THE SERVICE<\/h3>\n
HOW WE USE PERSONAL DATA<\/h3>\n
\nSome areas of our Service require the processing of personal data in order to provide services to the User. In this case, the processing may concern e.g. data that is necessary for us to deliver the Service to the User, to provide customer service or to invoice the User. The processing in this case is based on the contract between the User (or the corporate customer) and XC Tenerife.<\/p>\n
\nWe may use personal data to improve the quality of the Service, to solve problems detected within the Service and to develop better features to the Users. We base this processing on our legitimate interest to improve our Service and its features and content. We may also generate anonymous, aggregate statistical information for research purposes, including Business Intelligence.<\/p>\n
\nWe may use personal data to send the User relevant information about the Service. Personal data may also be used for the purposes of communications only. We do not do direct advertising, marketing and personalised marketing to Users. We may create general profiles of the Users to provide more relevant content. We base this processing on our legitimate interests to keep the Users up-to-date about the service or product they boght from us. Service and to market relevant new products and services to our Users. The User has the right to prohibit any communication at any time.<\/p>\n<\/div>\nSHARING OF PERSONAL DATA<\/h3>\n
\n
TRANSFER OF PERSONAL DATA OUTSIDE THE EU\/EEA<\/h3>\n
RETENTION OF PERSONAL DATA<\/h3>\n
THE USER\u2019S PRIVACY RIGHTS<\/h3>\n
CHILDREN\u2019S INFORMATION<\/h3>\n
COOKIES AND OTHER SIMILAR TECHNIQUES<\/h3>\n
SECURITY<\/h3>\n
CHANGES TO THIS PRIVACY POLICY<\/h3>\n