Information security and register description

This is the information security and register description of Rosala & Bengtskär Booking Office’s customer registry. We may make changes to our privacy policy and recommend that the registrants read the information security and register description regularly.

1. Registry holder (controller)

Rosala Viking Centre Ltd / Rosala & Bengtskär Booking Office
Reimarsvägen 5
25950 Rosala
+358 40 218 2960 
Business ID 2167549-6

2. Contact person

Pipsa Toukola
Rosala Viking Centre Ltd / Rosala & Bengtskär Booking Office
Reimarsvägen 5
25950 Rosala
+358 40 218 2960 
Business ID 2167549-6

3. Registry name

Customer registry of Rosala & Bengtskär Booking Office

4. Purpose for processing of personal data

The legal basis for the processing of personal data under the EU General Data Protection Regulation (Regulation (EU) 2016/679) is an agreement that arises when a customer orders product and/or service from Rosala & Bengtskär Booking Office or inquires and/or orders products and/or services from its online store.

The purpose of the registry is to enable the commerce taking place in the online store, by email, phone, or otherwise, such as conveying order information, billing information, payment confirmation or processing information between the merchant and the customer. Additionally, the register is being upheld to enable contacts that are required for providing customer service, for maintaining customer relations, and to enable marketing communications if the customer has given her/his marketing consent.

The collected data is not used for automated decision making. The data may be used for customer profiling.

5. Information content of the registry

  • First and last name
  • Street address
  • ZIP code and city
  • Country
  • Phone number
  • E-mail address
  • Social security number (invoice or credit trade)
  • Source page of the purchase

From businesses also:

  • Company name
  • Business ID
  • E-invoice address and operator service ID
  • Reference, mark

Additionally, customer is given the choice to concede additional information.

The data will be stored for as long as the customer and the registry holder have a mutual, valid agreement. The data may be stored longer whereas necessary in accordance with the law in such areas as accounting, retailing and consumer trade responsibilities.

6. Regular sources of information

Information is collected online with Johku system’s online forms, by e-mail, or other communication channel (such as messaging apps), by telephone, letter or in person. Customers fill in / give their details in person when using Johku webshop or making a purchase by other means.

7. Transferring and handing over personal information

Information can be disclosed from the registry or from registry holder’s possession to the extent required by law. Data may be technically processed outside the EU or the EEA.

8. Data protection policy

The data will be handled with meticulousness and will be protected accordingly. The data will be held on web servers, which are maintained and protected accordingly. The register holder ensures, that all personal data and access rights will be handled confidentially and only by legitimate staff members.

Electronically stored data

The register is located on the Johku server and the data manager is Actual Commerce Oy. The full register can only be accessed by the register holder and the technical staff at Actual Commerce Oy. Read more about the Johku data protection policies:

Manual data

If content is printed out from the registry saved in the server, the data will be held in secured premises and only the register holder holds accessing rights.

9. Right to access and rectification

Every person in the registry has the right to review their own personal data and to correct and complete any inaccurate or incomplete information. The Johku service used by Rosala & Bengtskär Booking Office has automated these rights as follows:

Johku communicates to the user with the My Johku (Oma Johku) service about the processing of her/his personal data in connection with the merchant's confirmation messages. The messages contain a link to the My Johku service.

In My Johku, the user can check their own personal data and make corrections if necessary. The service also has functionality that allows the user to download data in a structured format to transfer data from one system to another. The My Johku service can be accessed at any time at

Oma Johku also offers the possibility to terminate the Oma Johku agreement and delete data from Oma Johku. If the user terminates the use of Oma Johku and terminates his contract with Johku, all automatic functionalities related to the management of his own data will cease. After the termination of the agreement, the user must manage his own data (review, rectification, right to erasure, restriction, objection, right to data portability) in writing directly with the registry holder. If necessary, the registry holder may ask the applicant to prove her/his identity. The registry holder will respond to the written request within the time limit set by the EU Data Protection Regulation (generally within one month).

Use of the Oma Johku service is free of charge.

10. Other rights related to the processing of personal data

A person in the registry has the right to request the removal of her/his personal data from the registry ("the right to be forgotten"). A person in the registry also has other rights determined in the EU's general data protection regulation, such as restricting the processing of personal data in certain situations.

It is good to note, that the information stored in the Rosala & Bengtskär Booking Office customer registry is created whenever a customer purchases and/or reserves products and/or services, and the registry holder is also bound by the Finnish accounting and tax legislation to store and conserve the data.

Requests must be sent in writing to the registry holder. If necessary, the registry holder may ask the applicant to prove her/his identity. The registry holder will respond to the customer within the timeframe set out in the EU Data Protection Regulation (generally within one month).


This site uses cookies. Cookies are small files that the browser saves in the user’s device. This site uses session cookies, which are only stored temporarily during the time you visit the site, and persistent cookies, which stores a file on your hard disk. Cookies are used for providing a better online experience on this site. If you are a registered user, cookies are also used to manage the login process and to provide access to content that is reserved for registered users only. Cookies can be used to monitor the content that individual users are interested in and use the data to deliver a more user-friendly experience. Most Internet browsers will automatically accept cookies. You can manage and disable cookies on your web browser’s settings. Please, be aware that restricting cookies may impact the functionality of the site.

Advertising-cookies can be used to help optimize marketing content for the user. Some third-party suppliers, such as Google, may also use cookies and other tracers (an image file the size of one pixel) to enhance the user’s advertising experience.

The data collected via cookies and such are anonymous, and no actions on the web can be traced to one single person.

Updated 10.12.2020