1. Registrar
NLC Ferry Ab (”Wasaline”)
Business identity code: 2490732-8
Address: Skeppsredaregatan 6 65170 VASA
Phone: +358 (0)20 771 6810
E-mail: [email protected]
2. The contact person of the register
3. The name of the register
The customer- and marketing register of NLC Ferry Oy Ab.
The trust of our customers and partners is highly important to us, and thus we take responsibility for protecting your integrity when you transfer data to Wasaline or use our services. This privacy policy describes how we collect and use the information of our users, and how we protect the integrity of our users.
4. The use of personal data
We handle personal data for the following purposes:
- to conduct the transport service
- to fulfil the requirements set out by authorities regarding registration of passengers
- to develop our customer service and business
- to analyze and compile statistics
- to administer your access to your bookings
- to follow the website traffic
- for marketing purposes, including direct marketing
- to fulfil our contractual and legal obligations
- to fulfil safety requirements and other legal requirements
The primary ground for handling personal data is the customer- and contractual relationship, the consent of the registered or the legitimate interest of Wasaline.
5. The information content and groups of personal data of the register
The following information about the registered can be handled in the register:
- personal information such as name, gender, date of birth and nationality
- contact information (address, phone number and e-mail)
- travel- and booking information, such as booking number, departure time, booking occasion, travel type
- information about additional extras, such as cubicle and pre-ordered food
- information about vehicle, such as type, weight, length, registration number
- information on method of payment and billing information
- optional information on disabilities and possible request on assistance
- data which has been given when creating an account: password (encrypted), age, location, gender, subscription number and account ID
- information regarding payments, purchase history, contact requests, data which has been given in connection with competitions, lotteries, campaigns, questionnaires and surveys
- additional information which has been collected with the specific consent of the user
6. The regular information sources of the register
The data is normally collected from the registered e.g. when creating an account, booking a trip, ordering our newsletter, or when participating in competitions or campaigns and, with the consent of the registered, from other sources.
The data can also be updated by using other person registers such as the person registers of cooperation partners and from authorities and other enterprises to the extent allowed by applicable legislation.
7. Storage of personal data
Registrar stores personal data only so long as is necessary for achieving the purposes defined in this register description acknowledging the limitations set out in the applicable laws. Due to obligations in the applicable legislation, the data might have to be stored longer than the time period mentioned above.
Outdated and unnecessary information will be destroyed in an appropriate way. The data will be marked in the register in the same way as the registered has reported it and the data will be updated when the registered reports an update to Wasaline.
8. Transfer of personal data
Registrar can use subcontractors and service providers for technical maintenance of the services, for customer service, administration of booking information, surveys and customer messages. Your personal data can be transferred to the subcontractors and service providers of Wasaline insofar they participate in the enforcement of the purposes which are defined in this privacy policy.
Such third parties cannot use your data to any other purposes than the ones defined in this privacy policy and to the purposes which have been defined by Wasaline. Wasaline obliges third parties to keep your information confidential and to keep their data protection at a level high enough to protect your personal data.
Your personal data can be transferred in accordance with the demands set by a competent authority and in accordance with the conditions based on law, e.g. if it is necessary to detect, prevent or to flag frauds and other safety- or technical problems.
9. The rights of the registered
Right to control
The registered has the right to control the data which is being stored about the registered in the customer- and marketing register of Wasaline. The right of access can be denied on the grounds prescribed in the applicable legislation. As a starting point, the right of access is free of charge.
Right to oppose and limit
The registered has the right to oppose the handling of data that concerns the registered if the registered considers that Registrar has handled the data illegally or that Registrar does not have the right to handle data concerning the registered.
The right to oppose does not apply to the extent handling of the data is necessary for Registrar to fulfil its legal obligations or necessary on another legal ground.
Right to eliminate
The registered has the right to have wrongful data corrected or imperfect data complemented. The registered also has the right to demand data which concerns the registered to be deleted from the customer- and marketing register of Wasaline.
The right to eliminate does not apply to the extent handling and storing of the data is necessary for Wasaline to fulfil its legal obligations, e.g. regarding passenger safety, or necessary on another legal ground
Right to transfer
Insofar the registered self has delivered data to the customer- and marketing register of Wasaline and this data is handled on the basis of the consent of the registered or an assignment, the registered has the right to get this data in mainly electronic form and the right to transfer this data to another registrar
Prohibition against direct marketing
The registered has the right to prohibit that his or her data is used for direct marketing purposes.
Right of appeal
The registered has the right to appeal to the competent regulatory authority in case Wasaline has not complied with the applicable regulation of data protection.
Other rights
If data is handled on the basis of the consent of the registered, the registered has the right to cancel the consent by informing Wasaline about this in accordance with section 10 in this privacy policy.
10. Contact
The registered shall send a request regarding the registered’s rights to the e-mail address mentioned in section 2.
Wasaline may ask the registered to specify the request and to prove the registered’s identity before the enquiry is handled. Wasaline can refuse to fulfil the request on grounds specified in the applicable legislation.
Registrar will answer the request within one (1) month from the date when the request was made.
11. Automatic decision making and profiling
The data in the register is neither used for automatic decision making nor for profiling.
12. Principles for protecting the register
Protecting registered data is important for Wasaline. The data is stored in electronic systems, which are protected by firewalls, passwords and other technical solutions. Only the staff of Wasaline and other defined persons who need the data for the purposes of performing their assignments have access to the register. Everyone using the register is bound by confidentiality.
13. Changes in the privacy policy
Wasaline is constantly developing its business and therefore reserves the right to make changes to this privacy policy by informing about this on its website. Changes may also need to be made because of changes in the applicable legislation. Wasaline recommends the registered individuals to familiarize themselves with the privacy policy on a regular basis.
(The privacy policy is updated 2018)
Added 2019: We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device’s IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user.
Added 06/2021: Paytrail collects the IP address, payment method and time of payment when making a payment transaction. https://www.paytrail.com/tietosuojaseloste-paytrailin-maksupalvelu
