Privacy Policy
Your Privacy Matters to Us
At WinningNightsResort, we are committed to protecting your personal information and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you visit our website, make reservations, or use our services in Finland. We adhere to the General Data Protection Regulation (GDPR) and Finnish data protection laws to ensure your information is handled with the utmost care and security.
1. Information We Collect
We collect various types of information to provide and improve our services. This includes personal identification information such as your name, email address, phone number, postal address, and date of birth. We also collect payment information including credit card details, billing address, and transaction history when you make reservations or purchases.
Technical information is automatically collected when you visit our website, including IP address, browser type, operating system, referring pages, and device information. We also use cookies and similar technologies to enhance your experience, analyze usage patterns, and provide personalized content.
Additionally, we may collect information about your preferences, interests, and activities at our resort, including dining choices, entertainment attendance, and spa services usage. This helps us tailor our offerings to better suit your needs.
2. How We Use Your Information
Your information is used to process reservations, manage bookings, and provide the services you request. We use your contact details to send confirmations, updates, and important information about your stay. Payment information is processed securely to facilitate transactions and prevent fraud.
We analyze usage data to improve our website functionality, enhance user experience, and develop new services. Your preferences help us personalize communications and recommendations. We may use your information for marketing purposes, such as sending promotional offers, newsletters, and special packages, subject to your consent where required by law.
We also use your information to comply with legal obligations, enforce our terms and conditions, protect against fraud or misuse, and ensure the safety and security of our guests and property.
3. Information Sharing and Disclosure
We do not sell, rent, or trade your personal information with third parties for their marketing purposes without your explicit consent. We may share your information with trusted service providers who assist us in operating our business, such as payment processors, booking systems, email service providers, and technical support services. These providers are contractually obligated to protect your information and use it only for specified purposes.
We may disclose information when required by law, court order, or to comply with legal proceedings. We also share information to protect our rights, property, or safety, or that of our guests, employees, or the public. This includes cooperating with law enforcement agencies and regulatory authorities.
In the event of a business transfer, merger, or acquisition, your information may be transferred to the new owner. We will notify you of any such changes and provide you with options regarding your data.
4. Data Security Measures
We implement industry-standard security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. These include encryption of sensitive data in transit and at rest, secure servers, firewalls, access controls, and regular security assessments.
Our payment processing systems comply with PCI-DSS standards to ensure secure financial transactions. We restrict access to personal information to authorized personnel who require it for their job functions. All employees undergo privacy training and are bound by confidentiality agreements.
Despite our best efforts, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. You acknowledge that you provide information at your own risk.
5. Your GDPR Rights
Under the GDPR and Finnish data protection laws, you have several rights regarding your personal information. You have the right to access your data and request a copy of the information we hold about you. You can request correction of inaccurate or incomplete data.
You have the right to request deletion of your personal information, subject to certain legal obligations. You can object to processing of your data or request restriction of processing in specific circumstances. You also have the right to data portability, allowing you to receive your data in a structured format and transfer it to another service provider.
If we process your data based on consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before your consent is withdrawn. You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman if you believe your rights have been violated.
To exercise these rights, please contact us using the information provided in the Contact section below. We will respond to your request within 30 days, subject to legal requirements and complexities.
6. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect information about your browsing behavior and preferences. Cookies are small text files stored on your device that help us recognize you and remember your preferences. We use essential cookies required for website functionality, performance cookies that help us improve our services, and marketing cookies for personalized advertising.
You can control cookies through your browser settings. However, please note that disabling cookies may affect website functionality and your user experience. We also use web beacons, pixels, and similar technologies to track email opens and website engagement.
Third-party services on our website, such as analytics tools and social media plugins, may also use cookies. We do not have control over these third-party cookies and recommend reviewing their privacy policies for more information.
7. Data Retention
We retain your personal information only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary based on the type of data and applicable laws.
Financial records are retained for seven years to comply with tax and accounting regulations. Booking information is kept for the duration of your stay and a reasonable period thereafter for customer service purposes. Marketing communications are retained until you unsubscribe or withdraw consent.
8. International Data Transfers
Your information is primarily stored and processed within the European Union. In cases where data is transferred to countries outside the EU/EEA, we ensure adequate protection through appropriate safeguards, including standard contractual clauses approved by the European Commission, binding corporate rules, or other legally recognized mechanisms.
9. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have inadvertently collected information from a minor, we will take immediate steps to delete it. Parents and guardians should supervise minors' internet usage.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will notify you of significant changes by posting a prominent notice on our website and, where required, sending you an email notification. Your continued use of our services after changes indicates acceptance of the updated policy.
Contact Our Privacy Team
For any questions, concerns, or requests regarding your privacy and personal data, please contact our Data Protection Officer.
📧 privacy@winningnightsresort.com
Contact Form