Travel Profile
To help your business trip planning run smoothly and successfully, we recommend you take a moment to create a travel profile that includes your details and travel preferences.
To help your business trip planning run smoothly and successfully, we recommend you take a moment to create a travel profile that includes your details and travel preferences.
TinkyBell clients and potential clients
TinkyBell staff
Our business activities involve providing travel agency services for business and organizational clients. Providing these services would not be possible without us collecting and handling personal data. Personal data includes any information that relates to an identified or identifiable living individual, such as names, email addresses, personal identity codes and photographs. We appreciate that people value their privacy, and we are committed to handling all personal data in accordance with this privacy policy and the law.
As a business travel agency, we often also act as a processor for our businesses and organizational clients, who are the controllers. For our role as a processor, the principles of processing personal data are described in our clients’ privacy policies or statements and in the agreements we have made with our clients. All processing of our clients’ personal data is always based on a service and data protection agreement between us and the client organization, and we only process the client’s personal data for and on behalf of the client for as long as we have a standing agreement.
The controller for the processing of personal data described in this privacy policy statement is TinkyBell (hereinafter referred to as “TinkyBell” or “we”):
TinkyBell Oy
Business ID: 2670838-1
Rantapolku 10
67700 Kokkola, Finland
www.tinkybell.fi
Email: heli@tinkybell.fi
Tel.: 358 45 899 3007
Person in charge of data protection: Heli Lindén
You can contact us using the above-mentioned contact details for any questions or requests related to data protection.
We collect, store and process personal data for predetermined purposes. We always ensure that we have a legal basis for storing and processing personal data. The legal basis for and main purposes of processing personal data include the following:
We may also use personal data in responding to feedback.
In this case, the legal basis for processing personal data is, above all, the performance of a contract, but also our legitimate interests and, in some cases, also the data subject’s express consent.
We may use third-party services in our marketing and communications.
In this case, the legal basis for processing personal data is, above all, our legitimate interests, and, in some cases, also the data subject’s express consent.
Any personal data that relates to staff members is collected and processed primarily for human resource purposes such as fulfilling employment contract obligations, paying salaries, handling taxation, satisfying other rights and obligations arising from the employment relationship, and meeting legal requirements related to the employment relationship.
In this case, the legal basis for processing personal data is the performance of a contract and compliance with a legal obligation, and sometimes also a staff member’s express consent.
We may also process personal data to comply with legal obligations (e.g. bookkeeping, employment contracts law and taxation), respond to or make legal claims, prevent and investigate fraud, or provide information required by a court of law or some other authority.
In this case, the legal basis for processing personal data is, above all, compliance with legal obligations, as well as our legitimate interests.
We mainly only collect and process personal data related to our clients and staff.
Clients
We typically collect and process the following personal data about our clients (in so far as it is necessary to manage the client relationship and organize travel):
We may process the above-mentioned information not only as a controller, but also as a processor. In the latter case, it is the client organization’s responsibility to ensure that they are allowed to disclose their staff’s personal data and that there is a legal basis for storing and processing the data.
Employees
We mainly collect and process the following data about our employees:
The main source of personal data is the data subject himself/herself or the data subject’s employer. We may also obtain data from public sources and registers.
Personal data are mainly processed by TinkyBell’s staff as part of their regular duties.
We may also outsource personal data processing to some extent, and many of the systems we use for storing and processing personal data are cloud services. Most of the stored and processed data are electronic. We use third-party service providers particularly for the following:
When using third-party service providers, we ensure that the confidentiality of personal data is maintained and that the data is processed legally and for our purposes only.
Otherwise, we may disclose data if required by law, a court of law or a competent authority, if we are responding to or making a legal claim or if we are in the process of investigating or preventing fraud. We may also disclose personal data with the data subject’s express consent. We may also disclose personal data if we become part of a company acquisition or some other corporate transaction.
In general, we do not disclose personal data outside the EU, but because data are primarily stored and processed electronically and especially in cloud services, some of our service providers may be located in non-EU countries. Such service providers include, for example, Dropbox (for storing and transferring data) and Zoho (for CRM). Data may also be transferred outside the EU if a client’s travel arrangements make this necessary. However, we will always ensure that any data transfer outside the EU will incorporate the necessary protections in accordance with the law. The primary options are (1) data transfer to an EU Commission approved country with an adequate level of data protection, (2) data transfer to an EU–U.S. Privacy Shield certified company (transferee in the United States) or (3) use of standard contractual clauses for data transfers between EU and non-EU countries.
We never store personal data for longer than is necessary for the purpose of processing it or for longer than is required by law or under our agreement. The storage period for personal data may vary depending on the purpose of use, the legal basis for processing, and the situation. We can also remove personal data if data subjects withdraw their consent or ask for their data to be removed (as long as we have no legal basis for processing the data), if the contractual relationship ends, or if the data are outdated or inaccurate. The storage periods may also be guided by the law (e.g. accounting, taxation and employment contracts law) and possible time limits related to legal claims (e.g. statute of limitations). We aim to update and remove any unnecessary, inaccurate or outdated data.
We mainly store personal data electronically, and the data are protected in accordance with the general standards in the field. We only use reputable and secure service providers for storing and processing data. We treat all personal data as confidential and do not disclose them generally or sell or lease them for marketing purposes.
In a client relationship, providing and agreeing to the processing of personal data is, to some extent, obligatory for the performance of the contract, so we can ensure that the persons making agreements on behalf of our business clients are authorized to do so, that we fulfill our contractual obligations and that our rights are respected. We are unlikely to be able to provide the services requested from us if we are not allowed to process your personal data. As regards our employees, we also need to process personal data to comply with employment contracts and legal requirements.
Withdrawing consent
If the legal basis for processing your personal data is your express consent, you can withdraw your consent at any given time by notifying us using the contact details provided under “Controller”.
Right of access
You have the right to know whether we process your personal data and to know what personal data on you we process. You also have the right to obtain more information about the purposes of the processing.
Right to rectification
You have the right to ask us to rectify any incorrect, outdated or otherwise incomplete personal data.
Right to object to direct marketing
Even if we do not require your express consent for direct marketing, you have the right to object to the processing for direct marketing purposes by notifying us using the contact information provided above.
The right to object to processing
If we are processing your personal data based on public interest or our legitimate interests, you have the right to object to the processing of your personal data if the processing has no notable reason that would override your rights or if the processing is not necessary to handle a legal claim. Please note that if you object to the processing of your personal data, we will probably no longer be able to provide services to you.
The right to restrict processing
Under certain circumstances, you have the right to require us to restrict the processing of your personal data.
The right to data portability
If we have processed your personal data with your express consent or for the performance of a contract, you have the right to receive the personal data you have electronically provided to us in a commonly used format so that you can transmit those data to another controller.
You can exercise the above-mentioned rights by contacting us using the contact information provided above. Please note that we must take reasonable measures to verify your identity. If you think that we have processed your personal data unlawfully, you can also lodge a complaint with a competent supervisory authority (in Finland: the Data Protection Ombudsman).
We may update our privacy policy to reflect changes in our operations or principles of processing personal data. Updates may also be relevant if the applicable legislation is amended. The changes will take effect as soon as we have published the updated privacy policy statement. For this reason, please read this privacy policy regularly.
We will get back to you as soon as possible.
Please reload the page and try again.