Privacy Policy

Last updated: 02.09.2025

1. Who we are

This website is operated by Mainostoimisto Loud Oy, Business ID 2820137-3, based in Vantaa, Finland (“Nordkeys”).

  • Platform/Host: Nordkeys provides the booking technology and hosting for this site.

  • Merchant of Record: The property owner/manager you book with is the seller of the accommodation and is the primary controller of your booking data. Their details are shown in your Booking Confirmation.

  • Payments: Payments are processed through the Merchant’s own Stripe account. Stripe acts as an independent controller for payment data.

If you have questions about how your personal data is handled, you can contact either:

  • The Merchant (for booking and stay details).

  • Nordkeys at info@nordkeys.com (for technical/website issues).

2. What data we collect

We may collect the following categories of personal data:

  • Identity and contact: name, email, phone number, address, ID/age (if required).

  • Booking details: stay dates, property/unit, guest numbers, preferences, additional services.

  • Payment details: tokenized card information and transactions (processed securely by Stripe).

  • Communications: messages with the Merchant or Nordkeys, support requests, feedback.

  • Technical information: IP address, device/browser type, logs, and cookies/consent preferences.

3. Why we use your data (legal bases)

We process your data for the following purposes:

  • To perform your booking contract (Art. 6(1)(b) GDPR): managing reservations, payments, confirmations, and stay records.

  • To comply with legal obligations (Art. 6(1)(c) GDPR): accounting, tax, guest registration laws.

  • For legitimate interests (Art. 6(1)(f) GDPR): fraud prevention, security, analytics, service improvements.

  • With your consent (Art. 6(1)(a) GDPR): non-essential cookies, newsletters, and promotional emails (if applicable). You may withdraw consent at any time.

4. How we share your data

We may share your data with:

  • Stripe (payment processing).

  • IT and hosting providers (Nordkeys, email/SMS services, anti-fraud tools).

  • The property Merchant and service partners (e.g., cleaning, check-in support).

  • Authorities where required by law.

We do not sell your data to third parties.

5. International transfers

If data is transferred outside the EEA/UK/Switzerland, appropriate safeguards are applied, such as EU Standard Contractual Clauses (SCCs).

6. Data retention

  • Marketing consents: until you withdraw consent.

  • Cookies: according to the Cookie Policy.

7. Your rights

You have the following GDPR rights:

  • Access to your data.

  • Rectification of inaccurate data.

  • Erasure (“right to be forgotten”).

  • Restriction of processing.

  • Data portability.

  • Objection to processing based on legitimate interests.

  • Withdrawal of consent (where processing is based on consent).

To exercise your rights, contact the Merchant (for booking data) or Nordkeys at info@nordkeys.com (for platform/technical data).

If unresolved, you can complain to the Office of the Data Protection Ombudsman (Tietosuojavaltuutettu, Finland) or your local supervisory authority.

8. Security

We apply appropriate technical and organizational measures to protect your personal data, including encryption, secure hosting, access controls, and monitoring.

9. Children

This service is not directed to individuals under 18. Bookings must be made by adults permitted to contract in their jurisdiction.

10. Changes

We may update this Privacy Policy to reflect changes in our practices or legal requirements. The latest version will always be posted on this page with a new “Last updated” date.