Privacy policy

halo igloos

Last updated: August 4, 2025

data controller

Santas Sky Oy
3540900-9
Sodankyläntie 2415, Rovaniemi
Email: sales@haloigloos.com
Phone: +358 44 748 1112

What Personal Data We Collect

We may collect the following types of personal data:
- Name and contact details (email, phone number, address)
- Booking and payment details
- Special requests and preferences (e.g., dietary or accessibility needs)
- Travel details (e.g., arrival time, flight number)
- Marketing permissions and communication preferences
- Feedback and reviews
- Technical data such as IP address, browser type, and cookie data when using our website

How We Collect Your Data

Personal data is collected directly from you when you:
- Make a reservation (via website, phone, email, or booking platforms)
- Contact us or request information
- Subscribe to newsletters or marketing communications
- Visit our website (cookies and analytics)
- Participate in surveys, contests, or promotional campaigns
- Use our Wi-Fi, services, or activities during your stay

Purpose and Legal Basis of Processing

Fulfilling legal obligations 
In some cases, we must process and retain certain data to comply with laws (e.g., accounting, local authority requirements, or tourism statistics).

Website analytics and improvement 
We use cookies and analytics tools to understand how visitors use our site and improve its functionality. This processing is based on our legitimate interest.

Marketing and newsletters 
With your consent, we may send you promotional emails or offers. You can withdraw your consent at any time.

Providing personalized customer service 
We may use your preferences or prior feedback to enhance your experience. This is based on our legitimate interest in improving our services.

Communicating before, during, and after your stay 
We may contact you regarding your booking, travel arrangements, or feedback. This is based on our legitimate interest and contractual obligations.

Managing bookings and reservations 
We process your data to confirm and manage your accommodation and related services. This is necessary for the performance of a contract.

We process personal data only when there is a lawful reason to do so under the EU General Data Protection Regulation (GDPR). The most common purposes and their legal bases include:

We retain your personal data only for as long as necessary for the purposes described in this policy and as required by law. After this, the data will be securely deleted or anonymized.

Cookies and Website Analytics

Our website uses cookies to enhance user experience and gather statistics. You can manage cookie preferences via your browser settings or through our cookie banner when visiting the site.

Your Rights

You have the following rights under the GDPR:
- Right to access your personal data
- Right to rectification of inaccurate or incomplete data
- Right to erasure (“right to be forgotten”)
- Right to restrict or object to processing
- Right to data portability
- Right to withdraw consent at any time
- Right to lodge a complaint with the Data Protection Ombudsman in Finland (www.tietosuoja.fi)

To exercise these rights, please contact us at sales@haloigloos.com.

Data Security

We take appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, loss, or destruction.

Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.

Camera Surveillance

For the safety and security of our guests, staff, and property, camera surveillance (CCTV) is in use in selected public areas of the resort, such as entrances, reception, parking areas, and shared outdoor spaces.

Surveillance recordings are processed:
- To prevent and investigate security incidents
- To ensure the safety of guests and staff
- To protect property and deter crime

The recordings are only accessed by authorized personnel and may be disclosed to authorities if required by law. CCTV footage is stored securely and retained for a limited period, typically up to 30 days, unless longer retention is necessary due to a specific incident under investigation.