Privacy policy

Privacy Notice: Pohjolan Matka Customer Register

Data Controller
Pohjolan Matka / Pohjolan Turistiauto Oy
Yrittäjäntie 8, 74130 Iisalmi
Tel. 0201 303 450
info@pohjolanmatka.fi

Person Responsible for Registering Matters
Chief Financial Officer Petter Mikkonen
Tel. 0201 303 350
petter.mikkonen@pohjolanmatka.fi

Name of the Register
Pohjolan Matka Customer Register

Purposes and Legal Grounds for Processing
Personal data is processed for the following purposes:

• Booking and provision of travel services (legal ground: contract)
• Customer communication and customer service (legal ground: contract and legitimate interest)
• Invoicing and accounting (legal ground: statutory obligation)
• Marketing and customer communication (legal ground: consent or legitimate interest)

Data Content of the Register
Collected data:

Private customers: name, address, phone number, email, gender, date of birth (if necessary), place of birth (if necessary), passport details (if necessary), insurance information (if necessary), information about ordered services.

Corporate customers: organization name, contact person details, business ID (Y-tunnus)

Recipients and Transfers of Data
Data may be disclosed to:

• Subsidiaries of Pohjolan Matka for marketing purposes
• Subcontractors and partners for the provision of travel services
• Authorities in statutory situations

Data may be transferred outside the EU/EEA to carry out travel services. Transfers are based on the EU’s standard contractual clauses or an adequacy decision.

Data Retention Periods
Personal data is stored for the duration of the customer relationship and up to 5 years thereafter, unless legislation requires longer retention (e.g., accounting law).

Rights of the Data Subject
The data subject has the right to:

• Access their personal data
• Request rectification or deletion of data
• Restrict or object to processing
• Transfer data from one system to another
• Withdraw consent (if processing is based on consent)
• Lodge a complaint with the Office of the Data Protection Ombudsman (www.tietosuoja.fi)

Requests should be sent via email to: petter.mikkonen@pohjolanmatka.fi

Data Security

• Electronic data: password‑protected and firewall‑secured system, limited access rights
• Manual materials: stored in locked premises
• Staff are bound by confidentiality obligations

Cookies and Tracking
The website uses cookies to improve the service and to target marketing. Users can manage cookies in their browser settings. More information about cookies and consent management is available on our website.

Last updated
04 September 2025

Privacy Notice: Pohjolan Matka Marketing Register

Data Controller
Pohjolan Matka / Pohjolan Turistiauto Oy
Yrittäjäntie 8, 74130 Iisalmi
Tel. 0201 303 450
info@pohjolanmatka.fi

Person Responsible for Register Matters
Chief Financial Officer Petter Mikkonen
Tel. 0201 303 350
petter.mikkonen@pohjolanmatka.fi

Name of the Register
Pohjolan Matka Marketing Register

Purposes and Legal Grounds for Processing
Personal data is processed for the following purposes:

• Marketing communication to potential customers (legal ground: consent)
• Marketing communication to existing customers (legal ground: legitimate interest)
• Feedback surveys and processing customer feedback (legal ground: legitimate interest)
• Marketing targeted to representatives of corporate customers (legal ground: legitimate interest, Information Society Code section 200)

Data Content of the Register

Private customers: name, address, phone number, email, information about requested and offered services

Corporate customers: organization name, contact person details

Sources of Data

• Information provided by the customer
• For corporate customers, also purchased registers, registers received from partners, and public sources

Recipients and Transfers of Data
Data may be disclosed to Pohjolan Matka subsidiaries for marketing purposes.
Data is not transferred outside the EU or EEA.

Data Retention Periods
Personal data is stored in the marketing register for up to five years from the last customer contact or until consent is withdrawn.

Rights of the Data Subject
The data subject has the right to:

• Access their personal data
• Request rectification or deletion of data
• Restrict or object to processing
• Withdraw consent at any time
• Lodge a complaint with the Data Protection Ombudsman: www.tietosuoja.fi

Requests should be sent via email to: petter.mikkonen@pohjolanmatka.fi

Data Security

• Electronic data: password‑protected and firewall‑secured system, limited access rights
• Manual materials: stored in locked premises
• Staff are bound by confidentiality obligations

Last updated
04 September 2025

Privacy Notice: Pohjolan Matka Whistleblower Channel

Data Controller
Pohjolan Matka / Pohjolan Turistiauto Oy
Yrittäjäntie 8, 74130 Iisalmi
Tel. 0201 303 450
info@pohjolanmatka.fi

Person Responsible for Register Matters
Chief Financial Officer Petter Mikkonen
Tel. 0201 303 350
petter.mikkonen@pohjolanmatka.fi

Purpose and Legal Basis of Processing
Through the Whistleblower channel, employees and also external stakeholders can anonymously report suspected misconduct. Personal data is processed in the investigation of the reported case and in assessing and implementing any resulting actions.

The data controller protects privacy and processes personal data collected via the Whistleblower channel in accordance with data protection legislation and good data protection practices.

Legal basis: Processing of the whistleblower’s personal data is based on the data subject’s consent (GDPR Article 6(1)(a), Article 9(2)(a)).

Sources of Data
Reports may be submitted by employees or external stakeholders. In addition, during the investigation, the data controller collects necessary information related to the report from the parties involved as well as persons and entities connected to the events.

Categories of Data Subjects and Data Collected

Whistleblower
As a rule, reports are submitted anonymously. The whistleblower may choose to include personal data in the report (such as name, location information, financial information, etc.). The report may contain images and other attachments. The information provided by the whistleblower may also include special categories of personal data (e.g., health data).

Subject of the Report
The report may contain information about the person concerned (name, location information, image, financial information, position, etc.). The data may also include special categories of personal data.

Handlers of the Report
The following personal data is collected about individuals who process or review reports:
Name, email address, phone number, log data, username

Access to Personal Data
Personal data is accessible only to persons appointed by the data controller who process the reports. Reports exist solely in electronic form.

The Whistleblower channel used by the data controller is maintained by PKY-LAATU Oy. The data controller has ensured through a contract that the service provider processes personal data received via the channel in compliance with data protection legislation.

Disclosure of Personal Data
Personal data may be disclosed to third parties, such as authorities or auditors, but only on a legal basis.

Transfer of Data Outside the EU or EEA
Data is not transferred outside the EU or EEA.

Retention Period of Data
Data collected in the register is retained only for as long and to the extent necessary in relation to the original or compatible purposes for which it was collected. The legal basis and necessity of processing are reviewed at least every five (5) years.

Rights of the Data Subject
The data subject has the right to obtain confirmation as to whether personal data concerning them is being processed and, if so, the right to receive a copy of the data.

The data subject has the right to require Pohjolan Turistiauto Oy to correct without undue delay any inaccurate or incorrect personal data concerning them, and the right to have incomplete data completed.

In addition, the data subject has the right to:

• Request that the data controller restrict the processing of data in situations referred to in GDPR Article 18
• Lodge a complaint with the Data Protection Ombudsman

Data disclosure always requires that the requester’s identity can be reliably verified.

Additional Information
If the data subject wishes to receive more information about the processing of their personal data, they may contact the representative mentioned in section 1.

Privacy policy

Subscribe to our newsletter and join our Insider Circle, which always gets the first news about our travel updates and other important news.

Our phone service is available

Good to know - Travel Info

DMC

Coach Services

Request a quote for charter services

Request a quote for group travel

Subscribe to newsletter

DMC sales and customer service	+358 201 303304
Charter sales	+358 20 1303530