Legal

Privacy Policy

Last updated: January 2026

At Goodvibeplayquill, your privacy is fundamental to the trust we share with every guest. This Privacy Policy explains in detail how we collect, use, store, protect, and disclose personal information when you visit goodvibeplayquill.com, make a reservation inquiry, subscribe to our newsletter, or otherwise interact with our luxury hospitality services. We operate in full compliance with the EU General Data Protection Regulation (GDPR), the Finnish Data Protection Act (Tietosuojalaki 1050/2018), and applicable international privacy frameworks.

1. Data Controller

The data controller responsible for the processing of your personal information is Goodvibeplayquill Oy, registered in Finland. For all privacy-related matters, you may contact our designated Data Protection Officer at [email protected]. We are committed to responding to all inquiries within 30 days, in accordance with statutory requirements.

2. Information We Collect

We collect personal information through several channels, always with transparency and a lawful basis:

  • Information you provide directly: full name, email address, telephone number, postal address, preferred hotel, travel dates, dietary requirements, accessibility needs, and any details shared in your inquiry message.
  • Reservation & guest preferences: suite preferences, spa selections, dining requests, special occasions, and loyalty membership details.
  • Technical data: IP address, browser type and version, device identifiers, operating system, referring URLs, language preferences, and timestamps of visits.
  • Behavioral data: pages viewed, time spent on the site, scroll depth, click patterns, and aggregated analytics gathered through cookies and similar technologies.
  • Communication records: emails, contact form submissions, newsletter interactions, and concierge correspondence.

3. Legal Basis for Processing

We process your personal data only when one or more of the following lawful grounds under GDPR Article 6 applies:

  • Consent: when you opt in to newsletters, marketing communications, or non-essential cookies.
  • Performance of a contract: when processing reservation inquiries, confirming bookings, or fulfilling concierge requests.
  • Legitimate interest: for site security, fraud prevention, service improvement, and analytics — always balanced against your fundamental rights.
  • Legal obligation: for tax records, accounting, anti-money-laundering checks, and regulatory compliance under Finnish law.

4. How We Use Your Information

Your information enables us to deliver the refined Nordic hospitality experience our guests expect. Specifically, we use personal data to:

  • Respond promptly to reservation inquiries and concierge requests.
  • Coordinate stays across our partner hotels in Savonlinna, Mariehamn, and Rovaniemi.
  • Personalize your experience — from sauna preferences to dining selections.
  • Send transactional confirmations, pre-arrival information, and post-stay communications.
  • Distribute our editorial newsletter, exclusive offers, and seasonal Nordic stories (only with your consent).
  • Improve website performance, accessibility, and security through aggregated analytics.
  • Comply with applicable legal, tax, and regulatory obligations.

5. Data Sharing & Third Parties

We do not sell, rent, or trade personal information. We share data only with carefully selected partners, under strict confidentiality agreements, including:

  • Partner hotels & resorts within our curated collection, solely to fulfill your reservation.
  • Trusted technology providers for hosting, email delivery, analytics, and customer relationship management.
  • Payment processors who handle transactions under PCI-DSS-compliant infrastructure.
  • Legal & regulatory authorities when required by Finnish or EU law.

Where data is transferred outside the European Economic Area, we ensure protection through Standard Contractual Clauses approved by the European Commission or equivalent safeguards.

6. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to enhance functionality, analyze performance, and personalize content. We classify cookies into four categories:

  • Strictly necessary cookies: essential for navigation, security, and core site features. These cannot be disabled.
  • Performance cookies: help us understand visitor behavior through anonymized analytics (e.g., Google Analytics).
  • Functional cookies: remember preferences such as language and currency for a smoother experience.
  • Marketing cookies: used only with your consent, to deliver tailored content and measure campaign effectiveness.

You may manage your cookie preferences at any time through your browser settings or our cookie consent banner. Disabling certain cookies may affect site functionality. For full details, please review our Cookie Policy.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce agreements. Typical retention periods include:

  • Inquiry data: up to 24 months from last contact.
  • Reservation records: up to 7 years for accounting and tax compliance under Finnish law.
  • Newsletter subscriptions: until you withdraw consent or unsubscribe.
  • Analytics data: aggregated and anonymized after 26 months.

8. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, alteration, or disclosure. These include TLS encryption for data in transit, encrypted storage at rest, role-based access controls, regular security audits, and ongoing staff training in data protection. While no system can guarantee absolute security, we continually review and refine our safeguards in line with industry best practices.

9. Your Rights Under GDPR

As a data subject, you are entitled to the following rights, exercisable free of charge:

  • Right of access: obtain confirmation of whether we process your data, and a copy of that data.
  • Right to rectification: correct inaccurate or incomplete information.
  • Right to erasure (right to be forgotten): request deletion when data is no longer necessary.
  • Right to restriction: limit processing under specific circumstances.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: oppose processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: at any time, without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: with the Finnish Data Protection Ombudsman (tietosuoja.fi) or your local supervisory authority.

10. Children's Privacy

Our services are intended for adults aged 18 and over. We do not knowingly collect personal information from children. If you believe a child has provided data to us, please contact [email protected] so we may promptly delete it.

11. International Visitors

Although we are based in Finland, our website is accessible globally. By using our services from outside the EEA, you acknowledge that your information may be transferred to and processed in Finland under the safeguards described in Section 5.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in law, technology, or our practices. The "Last updated" date at the top will indicate the most recent revision. Material changes will be communicated through our website or via email where appropriate. We encourage you to review this policy regularly.

13. Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact our Data Protection Officer:

Email: [email protected]
Phone: +358 (0) 200 555 010
Postal: Goodvibeplayquill Oy, Data Protection Office, Finland