Skip to main content

Privacy Policy – Ruka Safaris / Ruka Experiences Oy

Data Controller: Ruka Experiences Oy

Responsible Contact Person: Hanna Tauriainen, hanna.tauriainen@rukasafaris.fi

The primary purpose of this register is the management, maintenance, and development of customer relationships. Personal data stored in the register is used for providing and delivering services to customers, communication with customers, invoicing and collection of payments, and for targeted advertising and/or direct marketing.

The basis for maintaining the register and processing personal data is the fulfillment of rights and obligations between the customer and the data controller.

The register may include, for example, the following information: full name, email address, travel and/or other phone numbers, personal identity number, purchase history, payment card details, contracts, invoices, delivery records, and communication logs. For non-private customers, the register may also include the organization’s name, contact person’s name and position, business ID or equivalent, and the organization’s address details.

Data is collected at the time of establishing the customer relationship, directly from the individual concerned (e.g., contact forms on our website, online purchases, bookings made via phone or email), and for organizational data, possibly from the Finnish Patent and Registration Office’s Business Information System (YTJ).

All data is stored and processed according to the classification “confidential,” except for payment card details and personal identity numbers, which are handled under the classification “highly confidential.”

Separate consent from the data subject is not required for processing personal data, as the legal basis for the register is the performance of the rights and obligations between the customer and the data controller.

The data subject has the right to view and inspect the data concerning them, and corrections can be made as necessary. The data subject also has the right to restrict the use of their data for marketing communications.

Personal data may be shared within the data controller’s organization and with its subsidiaries or sister companies, as well as with our partners, for the purposes described above. Otherwise, data will only be disclosed to the extent permitted or required by law.

Data is not transferred outside the EU or EEA unless required for service delivery. Even in such cases, the data controller ensures that an adequate level of data protection is maintained in accordance with applicable legislation.

The data will be deleted, and the data subject may request the deletion of their information after the end of the customer relationship and once all rights and obligations between the customer and the data controller have been fulfilled. Data may be marked as archived/inactive even before this. Longer-term archiving requires anonymization or pseudonymization of the data. The register is reviewed regularly to identify and remove outdated data.

Unauthorized access to data, devices, and materials containing personal information is prevented through technical and administrative measures.