Haikon Kartano2

Privacy Policy

We are committed to respect and protect your privacy. We use your personal information to provide the content and services you requested from us, to improve our services, to administer your account and reservations. Please read this Privacy Policy carefully to understand how and why we process your personal data.


Haikko aims to maintain high level of privacy policy on it’s website. Your personal data is primarily used to manage, provide, develop and maintain our services, to process your reservations, to optimise your service experience and to identify our communication with you.

Please read this Privacy Statement carefully to understand how and why we process your personal data. By providing us with your personal data, you accept the terms of their usage and give your consent to processing your personal data according to the terms of each service and to this statement. Whenever the applicable law requires more detailed consent we will request it.

You can unsubscribe from these communications at any time. The request must be made by e-mail or by writing and it has to be addressed to the contact person of this Privacy Policy.

In case you give us any other person’s personal data you are responsible for ensuring that Haikko has the right to process the personal data of the person in question according to the applicable data protection terms.

1. Controller

Vuoristo-yhtiöt Oy (Business ID Code: 2764547-4)
Hotel Haikko Manor (Hotelli Haikon Kartano)

Haikkoontie 114, 06400 Porvoo, Finland, Tel. +358 (0)19-576 01, myynti@haikko.fi

(Later in the text as “Haikko”)

2. Contact Person

Jaana Hujanen, Hotel Haikko Manor (Hotelli Haikon Kartano)

Haikkoontie 114, 06400 Porvoo, Finland, Tel. +358 (0)19 576 01, Email jaana.hujanen@haikko.fi

3. Processing of Personal Data

Haikko collects and processes your personal data only as permitted by law.  Collecting and processing may take place when you use our services, such as making a room or holiday reservation, booking Haikko’s meeting, restaurant, spa, wellbeing, banquet, hotel or gift voucher services on our website or webshop. We collect personal data in various ways, such as by providing booking, contact and registration forms, customer surveys, cookies or beacons, newsletters. For example various booking and registration information may be needed to provide accurate, up to date and high level services. Haikko may collect personal information from our own internal registers or from other external registers (for example Facebook or Google). We value your personal data being accurate and up to date, therefore we may receive your personal data from third, external sources like public registers.

Whenever required by law, we will collect your prior consent to more specific processing of your data.

4. Personal Information we collect

We collect only such personal information that is necessary for the purposes described in separate terms of each service, and as stated in this Statement. We may collect, for example, the following information: name, date of birth, gender, telephone number, e-mail address, address. We also collect purchase information, potentially IP address and information that facilitates the usage of services (such as log in data), default language, account history, information on your travel companion, guest preferences, payment information, purpose of your visit, employment information, food allergies and dietary requirements, reduced mobility etc. further information provided by you. Haikko may also collect information from other, third parties, to update for example address and personal data information.

5. Purpose of Processing Personal Data

Haikko collects personal data for storing and processing customer information, for providing services, information and marketing, internal reporting, for invoicing and accounting purposes and to administer our loyalty program.

The type of personal data and where it is collected depends on the services you use.

Haikko uses personal information collected about you for the following purposes:

  • to administrate, offer, develop and maintain Haikko’s services
  • to improve and analyse service expriences
  • to process your inquiries, bookings and reservations
  • to communicate with you by, for example, e-mail, sms or by other mobile applications or to inform you regarding your inquiry, booking status or service reservation prior to arrival, during your stay or after your departure
  • to enable the invoicing processes related to your reservation and usage of services
  • to personalise communication and marketing regarding services
  • to develop reporting and statistics procedures


6. Storing and Disclosing of Personal Data

Haikko stores and discloses personal data according to this Statement and according to applicable law. Haikko operates with service providers, regarding, for example, the data and information systems. This may require disclosing personal data with certain cooperation partners. The cooperation partners will process your personal data solely for Haikko according to the given instructions only after they signed data processing agreement according to applicable law.

Personal data collected by Haikko can be disclosed only by law enforcement request, in the case of a criminal investigation, or in case Haikko is otherwise obliged to transfer the information by law or under the authority’s decision.

Customer and marketing register data may also be retained outside the EU and the EEA. Some of the cloud services we use, such as our CRM system and marketing automation system, are located outside the EU. The customer and marketing registry we use is Hubspot on the U.S. Privacy Shield.

Data is regularly transferred outside the EU or the European Economic Area. When transferring data outside the EU and the EEA, we ensure an adequate level of protection of personal data and issues related to the confidentiality and processing of personal data as required by law. If the information is transferred outside the EU, we will ensure that the country is an adequately protected country within the meaning of the EU Commission, the transferee is Privacy Shield certified (US transferee), or the transfer is made using a standard contract clause published by the EU Commission. We ensure that any data transfer takes place on the basis of law and with adequate protection.

7. Protection and Erasure of Personal Data

Personal data storage technically protected. Physical access to data is denied by access control and other security procedures. Access to personal data requires adequate rights, and multistage authentication. Firewalls and other technical solutions are being used to protect against unauthorized access. Only Controller and authorized technical staff has access to personal data. Furthermore, only the authorized persons have the right to process and maintain the register. Authorized users are bound by confidentiality. The register contents are safely backed up and can be restored if necessary.

Haikko will erase personal data according to applicable law. For example, when there is no more need to retain personal information, it will be erased or destroyed so that it cannot be restored anymore.

8. Other Applications and Websites

Haikko’s services may include links to third parties’ services or applications/websites that are not maintained by Haikko. This Privacy Statement is applicable to Haikko’s services only. Haikko is not responsible for contents or personal data procedures of the linked contents/services.

9. Cookies on our Website

Haikko uses digital tools and cookies can occasionally be stored on your computer.

10. Reviewing, Rectifying and Erasing Personal Data

You may request to review, rectify, erase or receive a copy of your personal information stored in the register at any time. The request must be made by e-mail or by writing and it has to be addressed to the contact person of this Privacy Statement.

You have also the right to request us to cease using your personal information in our communication. Please do this by contacting us by e-mail or by writing and address it to the contact person of this Privacy Statement.