Privacy policy of S-Card

Privacy policy of S-Card


Customer register of the S-Card customer loyalty programme



Section 10 of the Finnish Personal Data Act (523/1999)

Updated on 1 March 2013


1. Controller


SOK Tourism Business Chain Management


Contact information

SOK Tourism Business Chain Management

PO Box 1

FI-00088 S-Group, Finland

Tel. +358 (0)10 76 82777


2. Contact person

Sirpa Ojala


Contact information

SOK Tourism Business Chain Management

PO Box 1

FI-00088 S-Group, Finland

Tel. +358 (0)10 76 82777


3. Register's name

Customer register of the S-Card customer loyalty programme.


4. Intended use of personal data

(Intended use of the register)

The controller will process the personal data of the customers for the following purposes:

- Managing and developing customer relations

- Processing reservations

- Payments, monitoring of payments and debt collection

- Marketing the controller's goods and services

- Developing the controller's business and related development of customer service functions

- Making table and meeting room reservations for the customers' bookings

- Monitoring the customers' current interests, accommodation/dining choices and wishes, analysing them and developing related customer service functions

- Registering features and benefits in compliance with the customer loyalty programme

- Taking into account the wishes of loyal customers, developing customer service and targeting special offers

- Registering special benefits provided by partner companies of the customer loyalty programme


5. Contents of the register

The following data about the customers will be collected and saved:


- Customer data: name, date of birth, card number, contact information (including, for instance, phone and mobile phone number, e-mail address and other electronic address data) to enable them to be contacted, language code, gender, citizenship and invoicing data

- Reservation data (such as information about previous and future reservations)

- Data pertaining to the use of services: which services the customers have used, paid and cancelled, and from which hotel or restaurant they purchased the services

- Data pertaining to wishes and selections made by the customers: whether they want a table in a smoking or non-smoking area, which type of room they prefer, which services they want, etc.

- Customer's payment method and payment behaviour data (including delayed payments) and invoicing data

- Customer's consent to direct marketing performed by utilising automatically sent e-mails, text messages or other similar automatic systems

- Statutory information on any prohibition of direct marketing, distance sales and other direct marketing

- Information about whether the customer is included in any customer loyalty programmes or similar systems of the controller or companies which have a cooperation agreement with the controller, and the information needed to obtain the related benefits

- Information about the customer's loyal customer card (such as the number and validity period of the card)

- Information about which of the controller's services the customer has used with each card (such as overnight stays and purchases)

- Loyalty points awarded to the customer and points paid

- Any other information which the customer allows the controller to use (such as information about physical impairments, disabilities or illnesses reported by the customer that is necessary when offering the requested service)


6. Regular sources of data

Information about the customers will be obtained from the customers with their consent (first point of section 8, subsection 1 of the Personal Data Act) and from service reservations and purchases the customers make (points 2 and 5 of section 8, subsection 1 of the Personal Data Act).

Personal data can also be collected, saved and updated from the register of the Population Register Centre or another controller offering an address service, updating service or a similar service.


7. Regular disclosing of data and transferring data to countries outside the European Union or the European Economic Area

The customers' personal data will be regularly disclosed to corporations with which the controller has signed a cooperation agreement for provision of the services included in the S-Card customer loyalty programme. The data will not be disclosed for marketing purposes.


The personal data of a customer can also be transferred to a country outside the EEA in cases where provision of an accommodation service or any other type of service requested by the customer requires the data to be transferred. The transfer of data is based on a consent and assignment of the customer (points 1 and 2 of section 23 of the Personal Data Act).


The personal data of customers will be regularly disclosed to the marketing register of SOK and the S-Card services once the connection between the controller and the Customer has been cut off.


8. Data protection principles of the register


A. Hard copies

Hard copies will be stored in an office of SOK or a specific hotel of the Sokos Hotels or Radisson Blu Hotels chain in a locked and monitored area.

B. Electronic files

Only employees of the S-Group hotel chains and S-Card services who need the data when performing their work will be allowed to use the register. They will be given user IDs and passwords.

The data will be placed in a closed LAN of the S-Group that is protected with a firewall.




Description of file

The description of file regarding the S-Card customer loyalty programme is available on the website of the S-Card customer loyalty programme at


Right of access and right to rectify incorrect data

The customers have a right to inspect the data pertaining to them in the customer register. If a customer wants to exercise this right of access, they must submit a signed inspection request to the above-mentioned address of the S-Card Customer Service. The customer must include their name, address and telephone number in the inspection request. The S-Card Customer Service will send a written reply to the customer within 30 days of the customer's written inspection request having arrived at the S-Card Customer Service.


The customers have the right to request S-Card Customer Service to rectify any errors in their data.


Right to prohibit processing

The customers have the right to prohibit the controller from processing their personal data for purposes of direct advertising, distance selling and other direct marketing purposes. The customers can issue this prohibition by sending a written notice to S-Card Customer Service at S-Card Customer Service, PO Box 67, FI-00088 S-Group, Finland, or by calling +358 (0)10 768 2777.