Inzwa Outdoor Activities and Nature Experience (later also referred as “we”, “us” or “our”) respects your privacy and looks after that your personal data stays private.

1. Principles for personal data protection

Under the General Data Protection Regulation (GDPR), residents of the EU may exercise certain rights regarding their personal data. All data related to an identified or identifiable person is personal data (e.g. address, phone number). According to data protection principles the personal data must be:

  • Processed lawfully, fairly and in a transparent manner in relation to the data subject processed confidentially and securely;

  • Collected and processed for a specific and lawful purpose;

  • Collected only to the amount necessary with regard to the purpose of the processing;

  • Updated when required ‒ inaccurate personal data must be erased or rectified without delay and;

  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

Consent

The processing of personal data is permitted when it is necessary for the legitimate interests pursued by the controller or a third party. Customer relationship between the client and the service provider is seen as such legitimate interest.  

According to principles, you can give your consent to processing personal data. Such consent must be a freely given, specific, informed and unambiguous indication of your agreement to the processing of personal data relating to you. Your explicit consent is needed for handling sensitive data, e.g. health information, we need in order to provide safe outdoor experience.

Your consent for using personal data that is self-given directly to us, is asked in the booking form. Your explicit consent for using personal health data is ensured by a separate form that is sent via email after we have received your booking form.

When you visit our website, you will give your consent for using data described in the following chapter by accepting cookies. When you use some of our social media channels you have given your consent already for that particular social media platform, e.g. Facebook, to collect certain data.

You also have the right to withdraw your consent at any time. If the question is about using personal data given when booking a service, you can withdraw you consent by emailing us (info@inzwa.com). You also have the right to control cookies and change the settings on your social media accounts. Please note that we are not the controller for data collected when you are using e.g. Facebook, but you need to turn for the social media company in question.

It is good to acknowledge that personal data can always be used when it is necessary in order to protect the vital interests of the data subject or of another natural person e.g. situations of life and death.

For more information about data protection and your rights can be found in Office of the Data Protection Ombudsman’s website.

2. What kind of data is collected and how is it stored?

Information collected from our customers

We obtain personal information from various sources; some of it is provided directly to us by you (e.g. through email or booking form), some is recorded automatically when you use our website or social media platforms, and some is received through third parties (like when you make payments to us using our payment processor Stripe).

Personal details are only collected when a booking is finalized, and this data is received directly from you as our customer. This information includes personal details such as name, address, email address, date of birth, next of kin, dietary preferences and physical and mental health information which are crucial for running outdoor activities safely.

We keep this data on a secure, password protected database which can only be accessed online and only by the owners of the business. Some of the information will also be stored in password protected email accounts. No personal data or information is kept in paper format or on external hard drives. 

If the booking is done in our online shop, some financial data e.g. payment card details, will be asked when the payment is being processed. This depends on the selected payment method. Our online shop payments are handled by an external payment processor Stripe.

We obtain limited information about your payment card from Stripe, such as the last four digits, the country of issuance and the expiration date. This data is stored in a secure, online dashboard which requires a double sign-in to enter. Only the owners of the business have the sign-in details and may access the information.

Stripe uses and processes customers full payment details. As a provider of payment services, Stripe is required to comply with many regulations including anti-terrorism and anti-money laundering laws. Some of these regulations and laws require Stripe to retain transaction records for a prescribed period of time. Read more about Stripe’s data retention process in their Privacy Policy.

Information collected from all website visitors

When you use our website, we collect information about your activity on and interaction with the site, such as your device and browser type, the web page you visited before coming to our sites, what pages on our sites you visit and for how long and identifiers associated with your devices. Some of this information is collected automatically using cookies and similar technologies.

If you want to participate in any of our online surveys or feedback forms, you may be asked to provide personal information. The nature of the information may vary depending on the type of survey that is being conducted, but it is likely to include contact information and demographic information. With your consent, we may use content from these online feedback forms and surveys in our marketing material.

Information received through social media

We are using analytics tools provided by social media platforms, mainly Facebook and Instagram. Through these tools we receive some personal data e.g. demographic information of our page and profile visitors. By participating in any of polls or discussions in our social media accounts, you may also give some personal data which is publicly available on your profile.

2. What is the collected information used for?

Providing services: Most of collected personal information is required for planning, conducting and administering our services.

Improving services: Information is also collected to make sure that our services are matching the customers’ needs. We wish to constantly develop our services which requires data.

Customer safety: Personal information of e.g. health and dietary requirements are collected for safety reasons. It is crucial to have sufficient information in order to manage risks and make sure that activities are not putting anyone in danger.

Communications: Collected information is used for managing customer relations.

Promotion and advertising:  We use personal information such as email addresses, phone numbers and social media pages for the purpose of promoting our services through newsletters, direct email marketing and social media marketing. 

4. How do we share your personal information?

We share personal information in the following ways:

Service providers: We may share your personal information with other service providers that perform services on our behalf. For example, we may use third parties to help us to provide a service we don’t provide ourselves e.g. kayaking or transport. We may also use third parties for sending marketing on our behalf. Information of your dietary requirements and health will be shared with other service providers only with your consent and if your or others safety requires it.

Process payments: We transmit your personal information via an encrypted connection to our payment processor Stripe.

Following the law: We disclose your personal information in response to lawful requests by public authorities, such as to meet security or law enforcement requirements.

Advertising: With your consent we may share personal information with third parties so they and we can provide you with tailored advertising and measure and monitor its effectiveness. Information of your health is always private and will not be shared for promotional purposes.

5. Retention of information

We are storing part of personal information; name, email address, and phone number, in an online database for 5 years since receiving information. Sensitive information, e.g. health information, is deleted after the service has been received.

6. Cookies

When you enter our website your consent for using cookies is asked, and you accept using cookies when clicking okay in the banner. You can control cookies on your browser settings.

Cookies are small pieces of data that websites store on a device. Cookies can improve visitors’ browsing experience because they help websites remember preferences and understand how people use different features.

Most of cookies that are used on our website are controlled by our website service provider Squarespace. Squarespace has published a thorough list of all used cookies. Hence, we are recommending you read About the cookies Squarespace uses.

We are also using Google Analytics. It uses a small piece of JavaScript tracking code to collect data about our visitors and their interactions on our website. If you wish to learn more about Google Analytics and the collected data, we recommend you read How does Google Analytics Work?

7. Contact us

Inzwa Outdoor Activities and Nature Experience
Munsmontie 286
65450 Sulva
Finland

+358 503093070
info@inzwa.com

If you would like to make a data subject access request, please contact us by sending an email to info@inzwa.com.