Privacy Policy

This is Astras Oy's privacy policy pursuant to Finland’s Personal Data Act 523/1999 (Sections 10 and 24) and the EU’s General Data Protection Regulation (GDPR). Prepared on 9 August 2024. Last revised in August 2024.

Data Controller

Astras Oy, Business ID 3143771-5
Osmundsbölevägen, Karis, Nyland 10300, FI

Person responsible for the register

Sari Saarinen
sari@saarinentours.com

Name of the register 

Astras Oy collect only the necessary consumer details to provide the services. All on-line reservation and payment actions for products visible on our website are carried out through third-party interface. The terms of the third-party service can be seen here: https://bokun.io/terms/. The company maintains the following registers:

• the membership register
• the register of the members of the board and the shareholders

Legal grounds and purpose of data processing

The legal grounds for data processing pursuant to the General Data Protection Regulation is:

• consent given by the data subject (documented with a membership agreement)
• performance of duties (members of the board)
• the data controller’s legitimate interest (membership)

The purpose of data processing is communications with the members and members of the board and shareholders. The data is not used for automated decision-making or profiling. 

Content of the register

The data stored in the register includes:

• name, job title, company/organisation, contact information (telephone and email)
• IP address, information on the services ordered and changes to them, and invoicing information

Sources of information for the register

Information stored in the register is collected from the customer by messages submitted via online forms, email and phone, from contracts, at customer meetings and in other situations in which the customer provides information.

Disclosure of information and transfer of information outside the EU or the EEA

As a rule, this information is not disclosed to external parties. Information may be disclosed to the extent that is agreed on with the customer.

With regard to the members of the board, information is disclosed to the trade register.

Principles of data protection

Care is taken in the handling of the register and the data processed with information systems is appropriately protected. If the data is stored on internet servers, their physical and digital security is ensured appropriately. The data controller is responsible for ensuring that the data, access rights to the servers and other information that is central to data security are processed confidentially and solely by those employees who need the data for the performance of their duties.

Right to inspect the data and to request it to be corrected

Data subjects have the right to inspect the data pertaining to them that is stored in the register and to request that any incorrect data be rectified or missing data be completed. Requests to inspect or correct data must be submitted in writing to the data controller. The data controller may request data subjects submitting such a request to prove their identity. The data controller responds to the data subject within the time limit specified in the General Data Protection Regulation (primarily within a month).

Other rights related to data processing

Data subjects have the right to request the deletion of the data pertaining to them (‘the right to be forgotten’). In addition, data subjects have all the rights pursuant to the EU’s General Data Protection Regulation, such as the right to restrict the processing of their data in certain circumstances. Such requests must be submitted in writing to the data controller. The data controller may request data subjects submitting such a request to prove their identity. The data controller responds to the data subject within the time limit specified in the General Data Protection Regulation (primarily within a month).

Cookies and links

The website collects data on users through cookies. Get to know our cookie policy below.

The website includes links to other sites and services. We are not responsible for the privacy policies or content of these third-party sites.

Site Cookies

This website uses cookies. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

Questions about terms?

Send as an email or give us a call and we'll gladly clarify everything.