Privacy Policy

Secret Siida Oy – Privacy Policy
Prepared: 30.12.2025
Last updated: 03.01.2026

This privacy statement concerns Secret Siida Oy (hereinafter also "Secret Siida" or "we") and the secretsiida.fi website. It has been prepared in accordance with Sections 10 and 24 of the Personal Data Act (1050/2018) and meets GDPR (EU General Data Protection Regulation) requirements.

Controller

Controller: Secret Siida Oy
Business ID: 3550546-3
Address: Jaakonkatu 8 C 30, 96200 Rovaniemi
Email: info@secretsiida.fi
Phone: 040 726 6834

Data protection questions: Use the contact details above. Data breaches reported to Finnish Data Protection Ombudsman within 72 hours if applicable.

Contact: info@secretsiida.fi

Website user register, marketing register, customer register (Bókun bookings & Paytrail payments)

Purpose and Legal Basis of Processing Personal Data

Processing is based on EU GDPR Articles 6(1)(b) contract, 6(1)(a) consent, and 6(1)(f) legitimate interest.

We use the register to create/maintain customer relationships, process travel bookings, and payments. Submitting contact forms, Bókun bookings, or payments constitutes consent for described purposes.

Data provided via contact forms, Bókun, and payments:

Full name
Email address
Phone number
IP address (anonymized)
Browser/device info, visit times, pages viewed
Payment information (via Paytrail through Bókun)

Data Retention Period

Customer data stored until relationship ends (max 2 years post-service). Analytics data: 26 months (Google Analytics 4 limit). Marketing data deleted upon opt-out request.

Regular Sources of Information

Services used: Google Analytics 4, Google Tag Manager, Google Ads, Meta Pixel, Framer, Google Search Console, Cloudflare (CDN/security), Bókun (bookings), Paytrail (payments via Bókun).

Transfer of Data Outside the EU/EEA

International transfers with safeguards:

Google/Meta (USA): EU-US Data Privacy Framework. See policies
Cloudflare, Inc. (USA, EU-US DPF certified): CDN/security services. Processes IP addresses/metadata primarily within EU. Cloudflare GDPR | Privacy
Framer (site platform): DPA per Framer DPA
Bókun (Icecloud, Iceland/EU): Booking processing
Paytrail (Finland): Payment processing

All processors have Data Processing Agreements (DPA) per GDPR Art. 28—copies provided within 7 business days upon request to info@secretsiida.fi.

Protection of the Register

Encrypted storage, password protection, SSL/TLS encryption, role-based access controls, and third-party security (Cloudflare WAF).

Rights of the Data Subject (GDPR Chapter III)

Access your data
Rectification of inaccurate data
Erasure ("right to be forgotten")
Restriction of processing
Data portability
Object to processing (incl. marketing)
Withdraw consent anytime
Contact: info@secretsiida.fi. Response within 1 month.

Cookie Banner & Consent Management

Non-essential cookies (GA4, Meta Pixel, Google Ads) require explicit consent via cookie banner. Essential cookies (Cloudflare security, Framer) do not. Consent can be withdrawn anytime via banner or browser settings.

Cookies on the Secret Siida Website

Essential cookies (no consent needed):