Customer database description
Finnair Plc (hereinafter “Finnair”)
Corporate ID (“Y-tunnus”): 0108023-3
Address: Tietotie 9, 01053 FINNAIR
The Finnair Group is committed to protecting the privacy of the users of its services in accordance with the Personal Data Act (523/1999) and other applicable legislations.
The databases maintained internally by the Finnair Group include Finnair’s global email newsletter subscriber register, Finnair Plus customer database, Aurinkomatkat customer database and Finnair booking database. The personal data recorded in the data files can be processed in units and other Finnish companies belonging to the Finnair Group in accordance with the Personal Data Act.
We could not provide our services to customers without personal information and user data. The data is needed for processing reservations and providing related information to customers, and to implement functionalities and personal suggestions for digital services.
All customer database descriptions maintained by the Finnair Group cover the following topics
- What the purpose of the data file is and how customer data is used
- Data contained in the register, meaning what customer information is collected
- Regular data sources, meaning where the company receives the customer data
- Release of data
- Exercise of rights, meaning how customers can review the data collected of them
- Protection of the data file
- Contact details
FINNAIR PLC, GLOBAL EMAIL NEWSLETTER SUBSCRIBER REGISTER
PURPOSE OF THE REGISTER
The register is used for communicating about Finnair’s and its partners offers and product information. The communication is done in form of an email newsletter. Newsletter is sent out 1–3 times a month and it does not obligate the subscriber to any actions.
The registered information is used for creating subscriber profiles. Profiles assist Finnair in targeting the marketing messages. Finnair's email marketing messages/offers vary depending on the market area.
The data recorded in the data file is used for analysis and profiling – for example, to create customer profiles for use in marketing and to support service, product and concept development. Profiles may also be used to target marketing and content. This is achieved via a service on the Finnair website, which directs individualised advertising and marketing at members. Direct advertising and marketing involves member-specific variation in the advertising content on the Finnair website. Direction of individualised advertising at members is an integral part of the Finnair Plus program.
Finnair has the right to cancel a newsletter subscription by removing the subscriber's email address and the profile markings directed to it, provided that the email address is no longer valid, or the email box has not been opened for the past six (6) months. The subscriber has the option of renewing his or her Finnair newsletter subscription by registering him- or herself as a subscriber on the Finnair website.
DATA CONTAINED IN THE REGISTER
When subscribing to the Finnair newsletter, the subscriber's email address and first name will be recorded in the register. In addition, the country from which the subscriber wishes to receive offers, and the language of the newsletter, will also be registered.
Additional information that may be collected, such as last name, street address, postal code, town, country code, telephone number and birth date will be stored in the register for the duration of a possible online contest only, so that the winner may be drawn and notified.
In case the subscriber later chooses to provide supplemental information on him- or herself, the user-specific content in the register may vary according to the actions taken by the user.
Right of refusal
In case the contest participant chooses not to activate the newsletter subscription him- or herself, the information given shall be stored only temporarily.
The newsletter subscription may be cancelled at any point. Cancellation may be entered at www.finnair.com, or by registering the refusal via the link provided at the end of each newsletter.
REGULAR SOURCES OF INFORMATION
Information is collected from the subscriber only when he or she selects options or newsletters available via the service, or otherwise participates in an activity, which requires information, and which has been implemented via the newsletter.
RELEASE OF DATA
Information may be transferred to parties belonging to the same group of companies as the register owner, as permitted by law. Servers and other technical auxiliary devices used for data processing may be owned and controlled by the third party service provider providing services to the register owner. The register owner as well as its authorised contractors may acquire services needed for the use of such devices from an outside service provider.
Data may be transferred outside of the European Union and the European Economic Area, should that be necessary in order to technically implement the service requested by the user, or in cases where it is otherwise necessary based on § 23, Sections 2–5 of the Personal Data Act. Partners outside the EU are required to comply with the European Union’s data protection policies.
UTILISATION OF RIGHTS
The subscriber has the right to know what information about him or her has been recorded in the Finnair email newsletter subscriber register.
The data can be inspected once in a calendar year, with no charge. The request for data inspection must be submitted in writing to the company maintaining the register. The request must include the email address given by the subscriber at the time of registration. The person submitting the request must sign it by hand. Data to be transferred as a result of an inspection request shall be transmitted via email to the email address given in the request.
In case there is an error in the data concerning the subscriber, he or she has the right to have the error corrected. The request to correct the error should be submitted to the following address: Finnair SRD/92, 01053 Finnair, Finland.
PROTECTION OF THE DATA FILE
Manually processed data
Manually processed documents that contain personal data are properly destroyed after processing.
Data recorded through automatic data processing
In protecting the electronic register, the following principles are followed: (i) the use of the register is guided, (ii) the data contained in the register can be accessed only by persons designated to do so in advance, in connection with their work assignments, (iii) the data is collected in electronic databases protected by real-time technical methods, (iv) the servers are located in locked rooms accessible only to persons with permission to enter, and (v) a written agreement exists between Finnair and any outside service providers, where the confidentiality of data processing and protections fulfilling the criteria defined above in this item are a pre-condition.
REGISTER CONTACT INFORMATION