Information about the handling of personal data within Lapland Resorts AB, in accordance with the General Data Protection Regulation (GDPR)
On the 25th of May, 2018, the EU General Data Protection Regulation (GDPR) took effect. The GDPR regulates how organisations may handle personal data and it aims at reinforcing the integrity of individuals. The regulation requires organisations to implement appropriate technical and organisational measures to meet the regulation’s requirements and thus protect the individual. It is also intended to establish one single set of rules across all of the EU.
The personal data that Lapland Resorts AB (LRAB) collect may, depending on the context, include;
- personal code number
- phone number
When you as a customer book a stay or activity within the resorts of LRAB, the legal basis for collecting personal data is that you have entered into a contract with LRAB. The personal data is needed to fulfill this contract.
Consent is the legal basis for direct marketing, and being a customer at LRAB you can always choose to deregister from our newsletters, thus revoking the consent.
As a customer you have the right to know what personal data LRAB have registered about you, how that information is being used and also to have your personal data deleted from our registers. Do not hesitate to contact us if you have any questions about how LRAB handles you personal data