top of page

PRIVACY POLICY

A LEGAL DISCLAIMER

The information provided on this page is intended to give visitors and customers a general overview of how Lappi Creative collects, uses and protects personal data. It is not legal advice and should no be interpreted as a legally blinding document or a comprehensive guideline on data protection.

As a business operating in Finland, we follow the applicable laws and regulations, including the EU General Data Protection Regulation (RDPR) abd the Finnish data protection Act. our privacy practives may be updated if our services change or if legislation is amended.

If you need detailed legal advice or have specific questions about your rights or obligations under data protection law, we recommend consulting a qualifed legal professional. 

PRIVACY POLICY - THE BASICS 

A Privacy Policy explains how a business collects, uses, stores, and protects the personal data of its customers and website visitors. As a Finnish company, Lappi Creative complies with the EU General Data Protection Regulation (GDPR) and the Finnish Data Protection Act. This means that we process personal data lawfully, transparently, and only for specific purposes.

When you interact with our website, book a service, or contact us, we may collect personal information such as your name, email address, phone number, and booking details. This information is used only to provide our services, communicate with you about your reservation, and ensure a smooth customer experience.

We do not sell or share your personal information with third parties unless required by law or necessary to deliver our services (for example, secure payment processing). We store personal data only for as long as needed for the purposes for which it was collected.

This Privacy Policy also explains your rights under GDPR, including the right to access your data, correct it, request deletion, restrict processing, or object to certain uses of your data. You may exercise these rights at any time by contacting us at lappicreative@gmail.com.

Your privacy and data security are important to us, and we take appropriate technical and organizational measures to protect your information.

WHAT TO INCLUDE IN THE PRIVACY POLICY

A complete Privacy Policy should clearly explain what personal data is collected, how it is used, why it is processed, and how it is protected. As an EU-based business, Lappi Creative follows the General Data Protection Regulation (GDPR) and the Finnish Data Protection Act. To meet legal requirements and provide transparency, this Privacy Policy includes the following information:

1. Types of Personal Data Collected

We describe what information we collect, such as:

  • Name

  • Email address

  • Phone number

  • Booking details

  • Payment information (processed securely by third-party providers)

  • Website usage data (cookies, analytics)

2. How and Why We Collect Personal Data

We explain how personal data is obtained and for what purposes, such as:

  • Booking and managing tours

  • Communicating with customers

  • Providing customer service

  • Processing payments

  • Improving the website and services

  • Fulfilling legal obligations (e.g., accounting requirements)

3. Legal Basis for Processing (GDPR)

We outline the lawful bases we rely on, including:

  • Contract performance (processing your booking)

  • Legal obligations (accounting, tax laws)

  • Legitimate interests (service improvement, security)

  • Consent (newsletter subscriptions, marketing cookies)

4. Data Storage and Retention

We state how long personal data is kept:

  • Only for as long as necessary to provide our services

  • As required by Finnish bookkeeping laws (usually 6 years)

  • As needed for operational or legal purposes

5. Sharing and Disclosure of Data

We explain if and when data is shared:

  • With secure third-party service providers (e.g., payment processors, booking systems)

  • Only when required by law

  • Never sold to third parties

6. Cookies and Website Analytics

We describe:

  • What cookies are used

  • Why cookies are placed (performance, functionality, analytics)

  • How visitors can control cookies

7. Your Rights Under GDPR

We list customer rights, including:

  • Right to access your data

  • Right to correct inaccurate data

  • Right to delete your data

  • Right to restrict or object to processing

  • Right to data portability

  • Right to withdraw consent at any time

  • Right to lodge a complaint with a data protection authority

8. How We Protect Personal Data

We explain security measures such as:

  • Encrypted payment processing

  • Secure servers

  • Restricted access

  • Regular system checks

.

bottom of page