The company Go to Lapland AB with the Website Golapland.se organization number 559234-7503 processes personal data provided by the customer to fulfill and also confirm the conditions for processing electronic orders and deliveries and for the necessary communication during a statutory period.
1.Personal data controller, in accordance with GDPR Go to Lapland AB, organization number 559234-75-03 based in Kiruna municipality Norrbotten County Övre Soppero box 69 98014
2. The contact information for the Personal Data Officer is: e-mail: firstname.lastname@example.org tel: +46768466440
3. Personal data is any information relating to an identified or identifiable natural person.
The source of personal data
1. The personal data controller processes personal data obtained with the consent of the customer and collects through the contract to purchase and fulfill the electronic order created in the website booking page rezdy.
2. The person responsible for personal data only processes identification and contact information for the Customer that is necessary for the contract to be fulfilled.
3. The data controller processes personal data for booking and for necessary communication between the contracting parties for the period required by law. Personal data will not be published and will not be transferred to other countries.
The purpose of data processing
The person responsible for personal data processes personal data at the customer for the following purposes:
1. Registration on the rezdy booking page in accordance with Chapter 4, Section 2 of the GDPR.
2. To fulfill the electronic order created by the customer (name, address, e-mail, telephone number)
3. To comply with laws and regulations arising from the contractual relationship between Customer and Personal Data Controller.
4. Personal data is necessary for contracts to be procured. Contracts cannot be entered into without personal data.
Duration of storage of personal data
1. The Data Controller stores personal data for the period necessary to fulfill the rights and obligations arising from the contractual relationship between the Data Controller and the Customer and for 3 years after the conclusion of the agreement;
2. The data controller must delete all personal data after the end of the period required for the storage of personal data.
Recipient and personal data controller of personal data
A third party that processes personal data at the Customer is the subcontractor of the Personal Data Officer. The services of these subcontractors are indispensable for the contract to be carried out, for purchasing and processing the electronic order between the Personal Data Controller and the Customer.
The subcontractors of the Personal Data Controller are:
In accordance with the regulation, the customer has the following rights:
1. the right of access to personal data;
2. the right to the correction of personal data;
3. the right to delete personal data;
4. the right to object to the processing of personal data;
5. the right to data transfer;
6. the right to revoke consent to the processing of personal data in writing by e-mail sent to: email@example.com
7. the right to lodge a complaint with the supervisory authority in the event of a suspected breach of the Regulation.
Security of personal data
1. The data controller shall ensure that all technical and organizational security measures are taken to protect personal data;
The data controller has taken technical security measures to secure data storage spaces, in particular secure access to the computer with a password, use antivirus software and perform regular computer maintenance.
2. Does the customer accept these rules by ticking the check box in the order purchase form.
3. The data controller may update these rules at any time. New, updated version must be published on its website.
The rules come into force on October 17, 2020