Privacy policy and security

Privacy policy and security

Health safety

We want to take good care of our customers’ health. Our cleaning is enhanced and we disinfect surfaces often. Our premises have hand sanitizers for our customers to use. With safe detergent choices, we also take responsibility for nature.

Public safety

Fire and carbon monoxide detectors, general safety instructions and a first aid kit can be found in the accommodation area and cabins.


This is the register and data protection statement in accordance with Venejoen Mylly’s Personal Data Act (Sections 10 and 24) and the EU’s General Data Protection Regulation (GDPR). Prepared on June 1, 2022.

Venejoen Mylly/ Venejoen Piilo, Romppalantie 2, 81160 Romppala. Email:

The contact person responsible for the register
Terhi Holopainen, +358 413181845

Registry name
Venejoen Mylly oy’s customer and marketing register

Purpose of personal data processing
The controller processes customers’ personal data for the following purposes:

customer relationship management and development
taking care of reservations
payment, payment control and collection
marketing of the controller’s goods and services
business development of the registrar and related customer service development
monitoring, analyzing customer interest information and choices and wishes related to accommodation and program services/activities and related customer service development
taking into account the wishes of loyal customers and developing customer service and targeting offers
registration of the benefits of cooperative companies belonging to the loyalty program
The information is not used for automated decision-making or profiling.

Data content of the register
The groups of persons whose data can be processed are the contact persons of the controller’s partners, stakeholders and client companies, ex officio partners and/or potential customers, and persons who have been in contact with the controller.

The register may contain, among other things, the following personal and organizational information about the registered:

customer information: name, date of birth, customer number, contact information (e.g. telephone and mobile phone number and email address and other electronic address information) for contact, rank or profession, language code, gender, nationality, number of adults and children staying with the customer, and billing contact information.
customer feedback data: customer satisfaction data, comments on the services of the data controller and other data obtained with the customer’s consent
reservation information
the location and address information of the organization’s offices
organization ID number and turnover
profiling and grouping information (e.g. company industry and mailing groups)
website addresses
essential information related to managing the customer relationship
information related to the sale of marketing services
other additional information provided by the customer themself

Regular sources of information
The register’s data sources include e.g. Accommodation reservation and invoicing systems, messages collected using website forms, e-mail, telephone, social media services, contracts, customer meetings and other situations in which the customer discloses their information.

Transfers of personal data and transfer of data outside the EU or EEA
Personal data is treated as confidential. However, Venejoen Mylly oy can disclose information as permitted by legislation, for example in cases where it is considered that the third party has special information or an advantage to offer the company/organization.

The controller can hand over customers’ personal data to third parties if required by Finnish authorities.

Data can be transferred outside the EU or the European Economic Area with the data subject’s consent.

Principles of registry protection
Care is taken when processing the register and the information processed with the help of information systems is properly protected. When registry data is stored on Internet servers, the physical and digital data security of their hardware is taken care of accordingly. The registrar ensures that stored data as well as server access rights and other data critical to the security of personal data are handled confidentially and only by those employees whose job description it is.

The data network of the registrar and the equipment on which the register is located are protected by a firewall and other technical measures. The disposal of materials containing personal data is done securely.

The right of inspection and the right to demand correction of information
Every person in the register has the right to check their information stored in the register and demand the correction of any incorrect information or the completion of incomplete information. If a person wants to check the information stored about him or to request a correction, the request should be sent in a personally signed letter to the address Venejoen Mylly, Romppalantie 2, 81160 Kontiolahti. If necessary, the registrar can ask the requester to prove his identity.

The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within a month).

Other rights related to the processing of personal data
The registered person also has the right to prohibit the data controller from processing information about him/her for the purposes mentioned in this registration statement, unless otherwise agreed between the data controller and the data subject. Requests for correction of information regarding marketing prohibitions (calling, printed direct marketing, text message and e-mail) should be sent in a personally signed letter to the address Venejoen Mylly, Romppalantie 2, 81160 Kontiolahti.