Privacy Policy

At Mattila house, the careful and conscientious handling of your personal data is important. In the processing of personal data, I comply with the EU General Data Protection Regulation (GDPR) (2016/679), the Finnish Data Protection Act (1050/2018), and the Personal Data Act (523/1999).

Prepared on: April 1, 2026
Last updated: April 1, 2026

1. Data Controller

Yrityksen nimi: Mattilan Talo Ky
Business ID: 3598561-2
Address: Impiöntie 32A, 97765 Impiö
Email: info@mattilantalo.fi

2. Name of the register

Mattilan talo customer and reservation register

3. Purpose of personal data processing

Personal data is processed for the following purposes:

  • Receiving, processing, and managing accommodation reservations
  • Customer relationship management and customer service
  • Sending booking confirmations and instructions
  • Payment processing and invoicing
  • Service provision and development
  • Prevention of misuse and ensuring information security
  • Compliance with legal obligations (e.g. accounting)

4. Personal data collected

The register may contain the following data:

  • name
  • email address
  • phone number
  • address details
  • reservation-related details (dates, accommodation details)
  • payment details (excluding card details)
  • IP address and data related to the use of the website

5. Data retention period

Personal data is retained only for as long as necessary to fulfill the purposes of processing or to comply with legal obligations.
Accounting records are retained for the period required by law.

6. Regular sources of data

The data is primarily obtained from the customer themselves in connection with a reservation or other contact.

7. Disclosure and transfer of data

Personal data may be disclosed to the following parties for the provision of the service:

  • Easy Hotel (booking system)
  • Mollie (payment processing)
  • Woocommerce (e-commerce and payment management)

Personal data may also be transferred outside the EU/EEA by service providers in accordance with their data protection practices.

8. Data security

Personal data is processed confidentially and protected by appropriate technical and organizational measures.
Access to personal data is restricted to those individuals who have the right to process it based on their job duties.

9. Data subject rights

The data subject has the right to:

  • Access their personal data
  • Request rectification or erasure of their personal data
  • Restrict the processing of their personal data
  • Object to the processing of their personal data
  • Transmit their personal data from one system to another
  • Lodge a complaint with the supervisory authority (Data Protection Authority)

Requests must be submitted to the Data Controller by email.

10. Cookies

The website uses cookies to improve the user experience and for visitor tracking.
Users can manage cookies through their browser settings.

11. Changes to the Privacy Policy

We reserve the right to amend this Privacy Policy as necessary. 

Guest information

A record of processing activities concerning guest data in the customer/marketing register in accordance with Article 30 of the EU General Data Protection Regulation.

The privacy notice for the guest register is available on the company’s website and at the reception at the Data Controller’s address. 

Date: April 1, 2026 

Data Controller: Mattilan Talo Ky (Business ID 3598561-2)

Name of the register: Mattilan talo guest register 

Legal basis for the processing of guest data: The processing of guest data and the maintenance of the guest register are based on the Act on Accommodation and Catering Activities.

Act on Accommodation and Catering Activities 308/2006

(Full text of the Act: https://www.finlex.fi/fi/lainsaadanto/2006/308 )

6 § Guest registration and guest data

The provider of accommodation services is responsible for ensuring that a guest registration is completed for each guest (passenger card). Group travellers may be registered on a joint guest registration form. The registration must include the business name of the accommodation provider, the Business ID, and the address of the establishment. The guest registration form must include the following information (guest data):

1) the guest’s full name and Finnish personal identity code, or, if this is not available, date of birth and nationality;

2) the full names and Finnish personal identity codes of the guest’s accompanying spouse and minor children, or, if these are not available, their dates of birth;

3) the guest’s address;

4) the country from which the guest arrives in Finland (does not apply to guests whose place of residence is Finland);

5) the number of the guest’s travel document (does not apply to Nordic citizens or to guests whose place of residence is Finland); and

6) the guest’s date of arrival at and departure from the accommodation establishment, if known.

In addition, the guest may state on the guest registration form whether the stay is for leisure, work, a meeting, or another purpose.

The provisions set out in subsection 1, points 1 and 3, also apply to a group tour leader as referred to in section 1(2), point 10, who acts as a representative of the tour operator.

The guest must verify the guest data on the guest registration form with their signature. However, the group tour leader may sign the joint guest registration form referred to in subsection 1 on behalf of the group members. A person referred to in subsection 1, point 2, is not required to sign the guest registration form.

The accommodation provider or its staff must, in connection with the accommodation, verify the identity of the guest from a travel document or by other reliable means, or, if a joint guest registration form as referred to in subsection 1 has been completed for the group, only the identity of the group tour leader. The provisions of this subsection do not apply to guests whose place of residence is Finland, nor to persons referred to in subsection 1, point 2.

7 § Guest register

The accommodation provider may maintain a register, either by means of automated data processing or manually, of the guest data referred to in Section 6, subsections 1 and 2 (guest register). Guest data and the guest register are used for maintaining public order and safety, for the prevention and investigation of crime, and for the compilation of statistics.

The accommodation provider may use guest data and the guest register for customer service purposes and direct marketing. The data subject’s right to object to the processing of personal data is provided for in the General Data Protection Regulation. (14.12.2018/1126)

8 § Disclosure of guest data to the police, and the retention and disposal of guest registration forms and data

Notwithstanding confidentiality provisions, the accommodation provider must, without delay, submit the guest data concerning foreign nationals as referred to in Section 6 §, subsection 1, to the police department of the district in which the accommodation establishment of the provider is located. The guest data may also be submitted to the police department electronically.

The police also have the right to obtain from the accommodation provider guest data as referred to in Section 6 §, subsection 1, concerning guests other than those referred to in subsection 1, if such data is necessary for the performance of their official duties.

The accommodation provider must retain guest registration forms and guest data for one year from the date the form is signed, after which they must be destroyed. Guest data recorded in the guest register must be retained for one year from the date of entry, after which it must be destroyed. However, the provisions of the General Data Protection Regulation apply to the deletion of data used for customer service and direct marketing. (14.12.2018/1126)

9 § Disclosure of guest data to other authorities

Notwithstanding confidentiality provisions, the accommodation provider and the police are, upon request, obliged to provide the guest data referred to in Section 6 §, subsection 1, that are necessary for:

1) to the Border Guard for the purposes of border surveillance, the carrying out of border checks, and the performance of other duties assigned to the Border Guard by law;

2) to the Customs for the purposes of preventing, detecting and investigating customs offences, as well as for the carrying out of border checks;

3) to rescue authorities for the purposes of rescue operations;

4) to health protection authorities for the prevention of communicable diseases; (7.4.2017/198)

5) to the Defence Forces for the performance of personal protection duties. (7.4.2017/198)