KÖP BILJETTER
Other Regions

SUPERPARK OY PRIVACY POLICY

This privacy policy is in accordance with personal data legislation and GDPR. By using SuperPark Oy’s services, you accept the terms of this privacy policy. If you do not accept this privacy policy, you are not entitled to use SuperPark Oy’s services.

1. Registry holder

SuperPark Oy (hereinafter “SuperPark” or “we”)
Business ID: 2481737-3
Lastaajantie 3
88610 VUOKATTI
Phone: +358 44 488 6211

2. How can I contact you?

Email: tietosuoja-at-superpark.fi

By mail:
SuperPark Oy
Linturinteenkatu 1
88610 Vuokatti

3. What does this Privacy Policy cover?

This privacy policy describes the practices followed by SuperPark regarding:

  • consumer and corporate customer relationships (SuperPark Oy’s personal data file based on customer relationships and other legitimate purposes)
  • use of online services and park services
  • marketing and customer communication
  • processing reports submitted via the whistleblowing channel

Personal data related to the whistleblowing channel is processed separately from other customer and marketing data and is done confidentially.

4. What are the legal grounds for processing personal data?

Personal data is processed based on:

  • Legal obligations (whistleblower protection legislation)
  • Legitimate interest (preventing and investigating misconduct)
  • Contract performance (customer relationships)
  • Consent (e.g., marketing, when needed)

5. For what purpose is my personal data being processed?

Your personal data is processed for:

  • managing and analyzing customer relationships and other relevant business relationships
  • providing and personalizing services
  • business development and planning
  • marketing, distance selling, opinion and market research, and customer communications, which may also be conducted electronically and in a targeted manner
  • processing reports from the whistleblowing channel

Your personal data may be processed, in accordance with applicable law, for the marketing purposes of our carefully selected partners, including direct marketing, distance selling, and opinion and market surveys. The disclosure of data to partners may, in principle, only occur for purposes that support the purpose of the register and where the intended use of the data is not incompatible with SuperPark’s intended uses.

Personal data received through this reporting channel will be processed solely for the following purposes:

  • receiving reports of suspected misconduct, violations, or unlawful conduct
  • investigating reports and taking necessary action
  • complying with legal obligations (the EU Whistleblower Protection Directive and national legislation)

6. Categories of personal data collected

Personal data is processed for the following categories:

  • Customers and users of online services
  • Reporters (whistleblowing channel)
  • Persons subject to the report (whistleblowing channel)
  • Witnesses and other persons involved in the matter (whistleblowing channel)

7. What personal information is collected about me?

The following information regarding all data subjects may be processed in the registry:

  • First and last name
  • Contact details (address, phone number)
  • Business customer’s contact person’s workplace contact information (mailing address, phone and fax numbers, email address)
  • Business customer’s contact person’s occupation, title, or other information regarding the data subject’s duties and position in the business sector or in a public role
  • The start and end dates and manner of the customer relationship and/or business relationship
  • Direct marketing consents and opt-outs
  • Information regarding the use of services and content (e.g., use of the online service, visits to SuperPark parks, user account, newsletter subscriptions)
  • Technical data sent by the data subject’s browser to the controller’s server (e.g., IP address, browser, browser version, the page from which the data subject navigated to our site) as well as cookies sent to the data subject’s browser and related information, if personal data is associated with the cookies
  • Information related to managing customer relationships and other business contacts, as well as communication (e.g., purchase and cancellation information for products and services, delivery information, feedback, complaints, and records of customer service interactions, such as phone calls, emails, chat messages, and text messages)
  • Interests provided by the data subject
  • Gender
  • Date of birth
  • Language
  • Location data of the data subject, if the data subject has given consent to the processing of location data

In addition to the information listed above, the registry may process the following information regarding customers who have purchased a product and/or service:

  • Customer number
  • Personal identification number
  • Billing and collection information

In addition to the information listed above regarding customer accounts, the registry may process the following data:

  • Username
  • Password
  • Nickname
  • Information related to the identified user’s use of the service, such as usage data regarding the service’s features and interactions with the online service and SuperPark facilities
  • First and last name and contact information (mailing address, phone number, email address) of the guardian of a minor data subject

The registry may process only the following information from reports submitted through the reporting channel:

  • A description and the content of the report
  • Personal data voluntarily provided by the reporter (e.g., name, contact information)
  • Information concerning the individuals subject to the report, to the extent necessary for processing the matter
  • Further investigative information related to the processing of the report
  • Identification details of the report processors (usernames and access rights)

Providing personal information in the whistleblowing channel is not mandatory; reports can be submitted anonymously. The reporting channel does not collect IP addresses, browser information, or other technical metadata about the reporter, unless such information is included in the documents attached by the reporter (e.g., document metadata)

Changes to all of the information specified above.

8. From which sources is my personal data collected?

Personal data concerning the data subject is collected from the data subject themselves, from various services used by the data subject (e.g., SuperPark’s online services, including the web/mobile app and online store, as well as SuperPark parks and the activities offered there) and in connection with various marketing activities, such as marketing sweepstakes, contests, and events.

Personal data may also be collected and updated from the databases of SuperPark’s partners, as well as from government agencies and companies that provide personal data services; for corporate customers, data may also be obtained from the Trade Register and from companies’ online services and applications.

Personal data related to the reporting channel is collected from the reporter at the time of the report, as well as from the investigation and action records generated during the processing of the report.

9. Data Recipients

Recipients may include:

  • Authorized SuperPark personnel
  • Technical service providers
  • Authorities (when required)
  • External experts (e.g., legal advisors, when required)

With regard to the reporting channel, the technical service provider (Keskuskauppakamari / the Central Chamber of Commerce) does not have access to the personal data collected.

10. Is my personal data shared with third parties, or is it transferred outside the EU/EEA?

At the discretion of the data controller, personal data may be disclosed, within the limits permitted and required by applicable law, to SuperPark’s partners, for example, unless you have objected to such disclosure. In principle, data may only be disclosed for purposes that support the purpose of SuperPark’s customer register and where the intended use of the data is not incompatible with SuperPark’s intended uses.

Information may also be disclosed in accordance with requests made by competent authorities or other entities, based on applicable law, as well as for historical or scientific research purposes, provided that the information has been anonymized.

Data may be disclosed to buyers in connection with corporate transactions if SuperPark sells or otherwise reorganizes its business.

Data may be transferred to the data controller’s selected partners who process data on behalf of the data controller, based on a cooperation agreement between the parties. In such cases, the data processor does not have the right to process the transferred data on its own behalf in its own personal data files.

As a general rule, data is not transferred outside the territory of the Member States of the European Union or the European Economic Area, unless it is necessary for the purposes of processing personal data or for the technical implementation of data processing, in which case the transfer of data complies with the requirements of personal data legislation.

SuperPark may transfer the data contained in the registry to its own direct marketing registries after the customer relationship or relevant connection has ended.

Personal data in the reporting channel:

  • will not be disclosed to third parties unless necessary to fulfill a legal obligation (e.g., to authorities)
  • will be processed only by individuals who have been specifically designated as data processor

The Central Chamber of Commerce, acting as the technical service provider for the reporting channel, processes data solely on behalf of the data controller and does not have access to the encrypted content of reports. Data is not transferred outside the EU or the EEA.

11. How is my personal information protected?

The data contained in the register, which is processed electronically, is protected by firewalls, passwords, and other technical measures generally accepted in the information security industry. Manually maintained materials are located in premises to which unauthorized access is restricted.

Only designated employees of the data controller and of companies acting on its behalf and in its name have access to the data contained in the register, subject to access rights granted by the data controller.

Personal data related to the reporting channel is protected in the following ways:

  • Reports are stored with strong encryption
  • Access to the data is restricted to designated processors using personal user IDs
  • Technical support staff do not have access to the content of reports
  • The service undergoes regular security testing

12. How long will my data be stored?

By default, order information is retained for 10 years from the date the order is processed, or for a longer period with the customer’s consent.

If a customer account is not accessed for 6 years, the account will be closed and all associated data, including order history, will be deleted or anonymized.

Deleted addresses that have not been used in orders are removed from the system within 30 days. Other deleted addresses are removed when the associated orders are deleted or 7 years after the address was deleted, whichever occurs first.

Notifications are retained in the notification channel for 5 years. After this, the data:

  • Is deleted from the system or
  • Is transferred to systems managed by SuperPark Oy for further processing or statutory archiving

13. The Data Subject’s Right to Access, Object, and Rectification

Under the Personal Data Act, you have the right to inspect the information about you that has been stored in the registry. A request for inspection must be sent to the person responsible for registry matters and must be in writing and signed. You may also submit a request for access in person at the data controller’s office by verifying your identity.

You have the right to object to the processing and disclosure of your personal data for the purposes of direct advertising, distance selling, and other direct marketing, as well as market and opinion surveys, by contacting the data controller.

You have the right to request the correction of inaccurate information by contacting the data controller.

You have the right to lodge a complaint regarding the processing of personal data or data protection violations with the supervisory authorities or SuperPark Oy’s Data Protection Officer (tietosuoja-at-superpark.fi)

With regard to personal data related to the reporting channel, the data subject’s rights may be restricted within the limits permitted by law if it is necessary to:

  • protect the identity of the reporter
  • ensure the proper handling of the report
  • investigate possible misconduct

The data subject may exercise their rights by contacting the data controller. All requests will be evaluated on a case-by-case basis.

14. Automated Decision-Making

The personal data collected will not be used for automated decision-making or profiling

15. Whistleblower Protection

The identity of the person submitting a report through the reporting channel is kept confidential and will not be disclosed without a legal basis.

16. Impact Assessment

A Data Protection Impact Assessment (DPIA) has been conducted regarding the whistleblowing channel.

17. Changes to This Policy

SuperPark is constantly developing its business and therefore reserves the right to amend this Privacy Policy by providing notice on its services. Changes may also be based on changes in legislation. We recommend that you review the Privacy Policy regularly.

Your cart

Total
Euro
Shipping and discount codes are added at checkout.

Hyödynnä edut ja kuule uutiset ensimmäisten joukossa!