Privacy

Effective as of: 1 July 2026​

Brand: Aava Glass Igloos​

Controller: Kemin Tulli Oy​

Business ID: 3241178-7​

Registered address: Nelostie 3079 B, 95350 Peura, Finland​

Property address: Olleronrinne, 96800 Rovaniemi, Finland​

Website: www.aavaglassigloos.com

This Privacy Policy explains how Kemin Tulli Oy, operating under the brand Aava Glass Igloos, collects and processes personal data in connection with our website, booking services, accommodation services, guest communications, marketing and related customer service.

We process personal data in accordance with the EU General Data Protection Regulation (EU) 2016/679, Finnish data protection legislation and other applicable laws.

1. Controller and contact details

The controller of personal data is:

Kemin Tulli Oy​

Business ID: 3241178-7​

Nelostie 3079 B​

95350 Peura​

Finland

Brand / accommodation service: Aava Glass Igloos​

Property address: Olleronrinne, 96800 Rovaniemi, Finland

For privacy-related matters, please contact:

Data protection contact: Olli-Pekka Mäkipeura​

Email: sales@aavaglassigloos.com​

Phone: +358 40 578 0271

We have not appointed a separate Data Protection Officer. Privacy matters are handled through the contact details above.

2. What personal data we collect

We may process the following categories of personal data:

  • name and contact details, such as email address, telephone number, postal address and country of residence;
  • booking and stay information, such as arrival and departure dates, room type, number of guests, additional services, preferences and booking history;
  • payment and invoicing information, such as payment status, transaction references and invoice details;
  • communication data, such as messages, inquiries, requests, feedback and complaint correspondence;
  • guest service information, such as arrival details, transfer requests, special requests and service preferences;
  • marketing information, such as newsletter subscription, marketing consent, consent history and marketing preferences;
  • technical and online data, such as IP address, device information, browser type, cookie identifiers, website usage data, pages visited and referral source;
  • survey and feedback data, when you choose to answer guest satisfaction surveys or other service quality questions;
  • information relating to dietary, accessibility or health-related needs, only if you voluntarily provide such information and only to the extent necessary to respond to your request or provide the requested service.

We do not intentionally collect special categories of personal data unless you voluntarily provide such information, for example in connection with accessibility, dietary or other special guest requests. Such data is processed only when necessary and with appropriate care.

3. Purposes and legal bases of processing

We process personal data for the following purposes:

Reservations and accommodation services: We process personal data to handle bookings, provide accommodation, manage check-in and check-out, communicate with guests, arrange requested services and fulfil the accommodation contract. Legal basis: performance of a contract or steps taken before entering into a contract, Article 6(1)(b) GDPR.

Payments, invoicing and accounting: We process payment, invoicing and transaction-related data to manage payments, issue invoices, handle accounting and meet tax and bookkeeping obligations. Legal basis: performance of a contract, Article 6(1)(b) GDPR, and compliance with legal obligations, Article 6(1)(c) GDPR.

Customer service and inquiries: We process personal data to answer questions, respond to contact form submissions, handle email and telephone inquiries and provide customer service. Legal basis: legitimate interest, Article 6(1)(f) GDPR. Our legitimate interest is to respond to inquiries and provide customer service.

Guest requests and special arrangements: We process information related to guest preferences, arrival arrangements, transfers, dietary needs, accessibility requests and other special requests when needed to provide the requested service. Legal basis: performance of a contract, Article 6(1)(b) GDPR. Where special category data is involved, such as health-related accessibility information, the processing is based on your explicit consent, Article 9(2)(a) GDPR, or on the necessity to provide the service requested by you.

Complaints, claims and dispute handling: We process personal data to handle complaints, investigate service issues, manage refunds and establish, exercise or defend legal claims. Legal basis: performance of a contract, Article 6(1)(b) GDPR, and legitimate interest, Article 6(1)(f) GDPR. Our legitimate interest is to protect our legal rights and resolve customer matters.

Legal obligations and official requests: We process personal data when required by law, including accounting, taxation, consumer protection and requests from competent authorities. Legal basis: compliance with legal obligations, Article 6(1)(c) GDPR.

Service quality and customer feedback We may process guest contact details and feedback to request reviews, conduct customer satisfaction surveys and improve our services. Legal basis: legitimate interest, Article 6(1)(f) GDPR. Our legitimate interest is to maintain and improve the quality of our accommodation and guest services.

Newsletter and direct marketing: We process your email address and marketing preferences to send newsletters, offers and other marketing communications if you have subscribed or otherwise given consent. Legal basis: consent, Article 6(1)(a) GDPR. You can withdraw your consent at any time by using the unsubscribe link in the newsletter or by contacting us at sales@aavaglassigloos.com.

Online advertising and social media marketing: With your consent, we may process data for online advertising purposes, including displaying personalised commercial information and measuring advertising performance on platforms such as Google or Meta services. Legal basis: consent, Article 6(1)(a) GDPR.

Website analytics and cookies: We use cookies and similar technologies to operate the website, remember user choices, analyse website traffic, improve the website and, with consent, support marketing and personalised advertising. Legal basis: •strictly necessary cookies: our legitimate interest in operating a secure and functional website, Article 6(1)(f) GDPR; •analytics, marketing and non-essential cookies: consent, Article 6(1)(a) GDPR.

4. Providing personal data

Providing personal data is voluntary. However, some information is necessary in order to make a reservation, provide accommodation, respond to inquiries, process payments or comply with legal obligations.

If you do not provide the necessary information, we may not be able to provide the requested service, complete your booking or respond to your inquiry.

When processing is based on consent, providing data is always voluntary and you may withdraw your consent at any time.

5. Retention periods

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law.

The main retention periods are:

  • Booking and accommodation data: retained for the duration of the customer relationship and normally up to 3 years after the stay or last customer contact, unless longer retention is required for legal, accounting or claims-related reasons.
  • Payment, invoice and accounting data: retained in accordance with Finnish accounting and tax obligations. Accounting vouchers and transaction-related correspondence are retained for at least 6 years from the end of the year in which the financial period ended. Financial statements, ledgers and related accounting records are retained for at least 10 years from the end of the financial year.
  • Customer service inquiries: normally retained for up to 2 years after the inquiry has been resolved, unless longer retention is necessary for claims or legal obligations.
  • Complaints and claims: retained for as long as necessary to handle the matter and to establish, exercise or defend legal claims.
  • Newsletter and marketing consents: retained until you withdraw your consent or unsubscribe. We may retain limited information about the consent, such as when and how it was given or withdrawn, in order to demonstrate compliance.
  • Survey and feedback data: normally retained for up to 2 years, unless the feedback relates to a complaint or claim.
  • Technical logs and security data: normally retained for up to 12 months, unless a longer period is necessary for security investigation or legal reasons.
  • Cookie data: retained according to the cookie type and settings shown in the cookie consent tool on the Website.

After the applicable retention period, personal data is deleted, anonymised or securely archived where required by law.

6. Data recipients and processors

We may disclose or make personal data available to trusted service providers and partners where necessary for the purposes described in this Privacy Policy.

These may include:

  • website, booking engine and channel management providers, including Profitroom;
  • property management system providers, including Mews;
  • payment service providers and banks; •email, customer communication and newsletter service providers;
  • IT, hosting, system maintenance and security service providers;
  • analytics and advertising service providers, such as Google and Meta, where applicable and subject to consent where required;
  • accounting, audit, legal and tax advisors;
  • travel agencies, booking platforms and distribution partners when a reservation is made through them or requires their involvement;
  • transport, activity or experience providers when you book or request services involving third parties;
  • competent public authorities where required by law.

We enter into appropriate agreements with service providers that process personal data on our behalf. These agreements require the service providers to process personal data only according to our instructions and to protect the data appropriately.

We do not sell personal data.

7. International data transfers

As a rule, personal data is processed within the European Union or the European Economic Area.

Some of our service providers, such as analytics, advertising, cloud or communication service providers, may process personal data outside the EU or EEA. If personal data is transferred outside the EU or EEA, we ensure that appropriate safeguards are in place, such as an adequacy decision by the European Commission, EU Standard Contractual Clauses or other legally recognised transfer mechanisms.

8. Cookies and similar technologies

Cookies are small text files stored on your device when you visit a website. Cookies and similar technologies help the Website function properly, improve user experience, analyse website traffic and support marketing.

Cookies do not allow us to access your private device or read information stored on your device other than the information contained in the cookie itself.

We use the following categories of cookies:

  • Strictly necessary cookies These cookies are required for the Website to function properly. They may be used, for example, to enable page navigation, booking functions, security features, consent management and session management. These cookies cannot usually be disabled through the Website without affecting the functioning of the service.
  • Preference cookies These cookies remember choices you have made, such as language selection or other website settings.
  • Analytics cookies These cookies help us understand how visitors use the Website, which pages are visited and how the Website performs. This information helps us improve the Website and our services. Analytics cookies are used only with your consent where required by law.
  • Marketing cookies Marketing cookies and similar technologies may be used to show relevant advertising, measure advertising performance and create advertising audiences on platforms such as Google or Meta services. Marketing cookies are used only with your consent.
  • Booking and service cookies Our booking engine and related service providers may use cookies to enable online reservations, remember booking details, display availability and secure the booking process.

9. Cookie consent and settings

When you visit the Website, you can accept, refuse or manage non-essential cookies through the cookie banner or cookie settings tool.

You can change or withdraw your cookie consent at any time through the cookie settings link available on the Website.

You can also control cookies through your browser settings. Please note that blocking strictly necessary cookies may affect the functionality of the Website and booking services.

10. Direct marketing and social media advertising

If you subscribe to our newsletter or otherwise give marketing consent, we may send you information about Aava Glass Igloos, offers, services, experiences and news.

You may unsubscribe from marketing emails at any time by using the unsubscribe link in the email or by contacting us at sales@aavaglassigloos.com.

With your consent, we may use your email address or other online identifiers to create advertising audiences or display personalised advertisements on social media and advertising platforms. You may withdraw this consent at any time.

11. Automated decision-making and profiling

We do not use personal data for automated decision-making that produces legal effects or similarly significant effects concerning you.

We may use automated tools to display accommodation availability, prices, booking options, website content and advertising. Marketing-related profiling is carried out only where permitted by law and, where required, based on your consent.

12. Data security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

These measures may include access controls, user authentication, secure system environments, encryption where appropriate, staff confidentiality obligations and contractual data protection requirements for service providers.

Access to personal data is limited to persons and service providers who need the data for the purposes described in this Privacy Policy.

13. Your rights

You have the following rights under applicable data protection law:

  • the right to access your personal data;
  • the right to request correction of inaccurate or incomplete data;
  • the right to request deletion of your personal data;
  • the right to request restriction of processing;
  • the right to object to processing based on legitimate interest;
  • the right to data portability, where applicable;
  • the right to withdraw consent at any time, where processing is based on consent;
  • the right to lodge a complaint with a supervisory authority.

To exercise your rights, please contact us at sales@aavaglassigloos.com.

We may need to verify your identity before fulfilling your request.

14. Right to lodge a complaint

If you believe that the processing of your personal data infringes data protection law, you have the right to lodge a complaint with the competent supervisory authority.

In Finland, the supervisory authority is:

Office of the Data Protection Ombudsman​

Finland​

Website: www.tietosuoja.fi

We kindly ask that you contact us first so that we can try to resolve the matter directly.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example when our services, systems, legal obligations or data processing practices change.

The latest version of the Privacy Policy is available on our Website. The effective date at the beginning of this document shows when the Privacy Policy was last updated.