Yksityisyydensuoja ja evästeet

Tämä on ISIC Finlandin verkkosivu. Keräämme verkkosivustomme kautta tietoa kävijöistä ja asiakkaista vain sisäisiin tarkoituksiin tai tuotteiden tai palveluiden toimittamiseen liittyen. Alta voit lukea lisää verkkosivuillamme käyttämistä evästeistä ja miten käsittelemme verkkosivujen vierailijoiden henkilökohtaisia tietoja.

First and foremost, we want you to know that your privacy concerns us, and we take the responsibility you directly or indirectly have entrusted us, seriously.

This policy explains how the KILROY Group collects customer data, use the data and in which situations and to whom the data is disclosed.

ISIC is part of a European group of companies that operates within travel, educational counselling and student benefits as subsidiaries of KILROY International A/S.

Collection and processing of personal data is an unavoidable and necessary part of conducting this kind of business and to fulfill the purposes described in this privacy policy.

ISIC is data-responsible for the processing of personal data for these purposes.


If you have any questions regarding this privacy policy or to our handling of your personal data, our address is:

ISIC Finland

c/o Oy KILROY Finland AB
Y-tunnus 0115306-8
Kaivokatu 10 A
00100 Helsinki

The head office address of the KILROY Group is: KILROY International A/S Nytorv 5, DK-1450 København K, Denmark.

More information about the processing of customer data at ISIC can also be obtained by writing to [email protected].

Yksityisyydensuoja

1. Protection and safety is important to us

Responsible handling of personal data collected as part of the operation of our business, is crucial to our business objectives and reputation. In this privacy policy we will account for how your personal data is collected and used when you are a customer, supplier or business partner and how you can gain access to you own personal data.


2. What is personal data?

Personal data is any kind of data about an identified or identifiable living individual. An identifiable individual is understood as a person, who directly or indirectly can be identified, among other things, by an identification number or one or more elements, that are particular to a given person’s identity.


3. What type of personal data are we processing and why?

Your personal data will be used for different purposes in relation to your position as customer and the operation of ISIC. The data collected may vary, depending on whether you are a customer, supplier or business partner, but in general it will be data regarding customer administration, supplier administration, direct marketing and data regarding ISIC’s rights and obligations.

Failure to provide personal data on your part, may mean that ISIC is unable to fulfill its obligations towards you as customer or supplier.

As a rule, ISIC only collects and processes regular personal data. In specific cases of booking a trip, it can be necessary for us to a limited extent, to process sensitive personal data (e.g. information regarding special meals or special needs assistance during your trip), as well as information regarding social security numbers (e.g. in connection with collecting passport copy for visa applications), but only when it is necessary for booking the trip and assistance you require.

ISIC will typically gather the following information:

3.1 Information concerning our customers

The information provided to us when booking a trip or creating a customer profile with us, e.g. online via the webpage or by contacting our customer service including contact details (first name, middle name(s), surname, address, telephone number, email address, title and job position), social security number (for visa applications etc.), passport number, bank details, debit- and credit card details, information you provide regarding special preferences during your trip (e.g. information on dietary restrictions, special needs assistance due to disability or illness, etc.), health information (when booking trips for health- or medical treatments, sports trips, etc.), information regarding your height, weight, clothing and shoe size (for booking equipment on ski trips, sports trips, etc.), purpose of travel, information regarding which languages you speak, citizenship, contact information of your next of kin, requisition (in the case of business- or health trips), information regarding your marketing and communication preferences, along with information you have given us if you contact us with questions, to report a problem or when you contact us with reference to your customer relationship, information regarding student, teacher, youth card issuance photo, place of study (applies only for ISIC), place of work (applies only for ITIC), promotional code, card validity, date of issue, card number, information regarding fees payment (price, type of payment, date, payment confirmation).

3.2 Information concerning our suppliers and business partners

Information you provide when entering a contract or agreement with us, including contact information (job, job title, first name, middle name(s), surnames, addresses, telephone number, email address), information regarding your marketing and communication preferences, as well as information you have given us if you contact us with questions, to report a problem or when you contact us with reference to your customer relationship.

3.3 Information concerning collection of applications for universities and organizations

When you decide to apply for an internship, studies or academic courses via ISIC we act on behalf of the institution providing an internship, studies or academic courses. Thus, ISIC processes the personal data for the purposes stated by the institution – collection of applications. Thus, an institution (university, organization, other institution) processes data as a controller and ISIC processes personal data as a processor on behalf of the institution. For detailed information about your data processing, please read the data privacy policy of the institution you apply to.


4. What do we use your personal data for?

ISIC processes your personal data to fulfill the purposes stated below. Notice, that not all purposes, categories of information, recipients of information and types of procedures are applicable to you in all cases.

ISIC exclusively processes your personal data to the extent necessary for you as customer, supplier or business partner (as specific interests in each case, are taken into account) or in accordance with existing law.

4.1 Customer administration

ISIC processes your personal data when establishing and administering your customer relationship with ISIC, as a part of the operation of our company, including booking trips and delivery of our different products (e.g. visa applications, travel insurance, transfer service, student, teacher, youth card issuance, etc.), maintenance of our customer registers, billing, marketing, statistics, etc. All statistics and analysis are compiled in anonymized form and therefore do not contain information, that can lead directly back to you as a person.

4.2 Administration of supplier and business partner relationships

ISIC processes your information when co-administrating supplier and business partner relations, where you are the supplier or business partner, or contact person with a supplier or business partner, ISIC is working with as a part of the operation of our company, including maintenance of our CRM-registry with information about our contact with each supplier and business partner.

4.3 Compliance with current laws and regulations

ISIC processes your personal data in compliance with the laws and regulations that ISIC is subject to with respect to the operation of the business or for filing different liability and disclosure requirements in accordance with applicable laws and regulations.

ISIC does not use your personal data to make decisions, that are solely based on automatic processing, except for profiling.
Profiling is a form of automated processing of your personal data. We use profiling and data modelling e.g. to be able to offer you specific services and products that meet your preferences for marketing purposes.

ISIC strives to guarantee that all personal data we process is correct and up to date. We therefore always ask you to inform us regarding possible changes in your personal details (e.g. change of address, name, phone number or payment) so that we can guarantee that your personal data is always correct and up to date. You should update your personal data immediately in case of changes.


5. Legal base for processing your personal data

ISIC essentially processes your information on the following grounds: (1) Your consent (2) Entering into and fulfilling contractual agreements with ISIC, (3) Consideration for the legitimate interests of ISIC, as described above, (4) Fulfilment of legal duties that ISIC is required to meet, (5) Protection of your or another physical individual’s vital interests, (6) the processing is necessary, in order for a legal claim to be established, enforced or defended, and (7) The processing is necessary to comply with ISIC’s or your employment, health and social rights, that arise from national law or EU law. In addition, there may be situations where we treat your personal data for the sake of third parties' legitimate interests with regard to the purposes described above, unless consideration for your interests is deemed more important.


6. Sharing of Personal Data

ISIC only discloses data to the extent necessary for the operation of our business, including to provide your trip and the other products you have purchased with us in connection therewith.

ISIC will typically pass personal data to the following recipients when booking a trip and related products:

6.1 Global Distribution System (GDS)

A GDS is an IT network system owned or operated by a company that allows transactions between the travel industry's service providers, mainly airlines, hotels, car rental companies and travel agents. A GDS connects services, prices and booking by consolidating products across the three travel sectors, i.e. flight reservations, hotel reservations and car rental.

6.2 Airlines

ISIC discloses personal data to airlines when booking your trips. For the purpose of booking your flight, we will typically provide details of first name, middle name(s), surname, departure airport, destination, departure and return dates, bonus card number, special requests regarding your trip, including booking special meals during flights and necessary special needs assistance on the plane or at the airport for the chosen airline.

With respect to trips to special destinations, we can also provide information about your passport number to the airline.

6.3 Hotels

ISIC passes personal data to the hotels that you intend to use during your trip. For the purpose of booking your hotel accommodation, we will typically provide information about first name, middle name(s), surname, destination, date of arrival and departure, room category, bonus card number, special requests for your trip, including dietary restrictions or special needs assistance due to disability or illness, during your stay at the given hotel.

6.4 Car rental services

ISIC discloses personal data to car rental companies if you require a vehicle during your trip. For the purpose of booking your rental car, we will typically provide information about your first name, middle name(s), surname, pickup location, rental period, vehicle category, bonus card number, special needs in connection with rental of the vehicle, including special requirements relating to disability or illness, child seats etc.

6.5 Bus operators

ISIC discloses personal data to bus companies if a bus trip is part of your trip (e.g. for day trips to tourist attractions, etc.). For the purpose of booking your bus trip, we will typically provide information about first name, middle name(s), surname, pickup location, date and time of bus, destination and special requests during the bus trip, including booking special meals and necessary special requirements or assistance relating to disability or illness.

6.6 Shipping companies

ISIC discloses personal data to shipping companies if you are going on a ship trip as part of your trip (e.g. for day trips to tourist attractions, cruises, etc.). For the purpose of booking your ship trip, we will typically provide information about first name, middle name(s), surname, destination, itinerary, date and time of departure and return as well as special requests during sailing, including booking special meals and necessary special requirements or assistance relating to disability or illness and information about travel documents.

6.7 Bedbanks

A bedbank is an IT network system owned or operated by a company that allows transactions between travel industry service providers, mainly hotels and travel agencies or end customers. ISIC discloses personal data to bedbanks to book the hotels that you will use on your trip. For the purpose of booking your hotel accommodation through a bedbank, we will typically provide information about first name, middle name(s), surname, destination, date of arrival and departure, room category, bonus card number, as well as special requests, including booking special meals during the hotel stay and necessary special requirements or assistance relating to disability or illness.

6.8 Travel Agents

If you, as a part of your trip, participate in excursions or need transfer, ISIC may pass personal data to travel agents. The travel agent’s responsibility is to organize the excursion or transfer, when booking a given service from a local supplier at the destination. For booking your excursions, transfers, etc. we typically provide information about first name, middle name(s), surname, date and time of arrival and departure, type of vehicle, destination, as well as special requests, including booking special meals during the hotel stay and necessary special requirements or assistance relating to disability or illness.

6.9 Insurance companies

As part of the booking of your trip with us, you can purchase a travel and/or cancellation insurance. If you wish to purchase this insurance, we will disclose personal data to the insurance company for the purpose of taking out the insurance with them. For the purpose of taking out a travel and/or cancellation insurance, we typically provide information to the insurance company about first name, middle name(s), surname, e-mail address, destination, departure and return date, and travel type.

6.10 Equipment Rental Companies

As part of the booking of your trip with us, you can rent any equipment that you may need on your trip, e.g. ski equipment, diving equipment, etc. If you wish to rent such equipment, we will disclose the information to the company at your destination from which you will be renting the equipment. For equipment rental we typically provide information to the rental company about first name, middle name(s), surname, type of equipment, pick-up location, rental period and information about height, weight, clothes and shoe size.

6.11 Tour operators

ISIC discloses personal data to tour companies if you are going on a tour as part of your trip (e.g. for a day tour to tourist attractions, scuba-diving, etc.). For the purpose of booking your tour, we will typically provide information about your first name, middle name(s), surname, tour, itinerary, date and time of tour as well as special requests during the tour, including booking special meals and necessary special requirements or assistance relating to disability or illness, information about travel document (only if needed).

6.12 ISIC

When ordering a student, teacher or youth card ISIC passes personal data to ISIC Global Office BV, Keizersgracht 174, Amsterdam, 1016 DW The Netherlands. This is where ISIC Global Office BV stores cardholder data for all active student, teacher or youth cards globally. The purpose of the data provision is to prove student, teacher or youth card validity globally. The following data is provided: first name, surname, birth date, place of study, photo, place of work (applies only for ITIC), email address, address, C/O-address, card number.

6.13 Specially regarding qualified offers

When you choose ISIC, you have the opportunity to get a qualified offer on a trip. A qualified offer is a type of offer, in which a preliminary reservation of the desired trip is made for you when preparing the offer. This allows you to reserve space on the desired departures for up to three days before deciding whether a ticket should be issued for the preliminary reservation or it should be annulled.

In order to create a qualified offer, we provide information about you and the requested reservation to a GDS (as mentioned above), which makes the preliminary reservation at the airline, the hotel, etc. As a part of obtaining a qualified offer, personal data is passed on to several new independent data controllers (GDS, airlines, hotels, etc.), your information may be retained by these recipients after the expiry of the offer - also in case the offer is annulled.

Furthermore, ISIC may disclose your personal data to other suppliers and service providers as a part of normal operation of the company, e.g. in connection with external administration of our IT systems, analysis reports, marketing, debt collection, credit rating, audit, legal assistance, etc.

For further information regarding our suppliers’ and partners' processing and protection of your personal data, please refer to their privacy policies and terms of use.

ISCI strives to limit the disclosure of personal data in personally identifiable format to the maximum extent possible, thereby limiting the cases where information can lead back to you personally.

ISIC does not disclose your personal data unless it is necessary to perform our business or meet your needs.


7. International transfers of your personal data

Due to the nature of ISIC business, your personal data may be transferred to countries outside the EU / EEA when booking a trip with us. In order to be able to deliver our services to you, we have to use partners and suppliers outside the EU/EEA in certain cases.

Without the possibility of transferring your information to recipients outside the EU / EEA, ISIC will be unable to deliver certain travel arrangements. This applies if booking your trip requires that information is sent to recipients outside the EU/EEA, for example, to book flights, hotels, etc. at your travel destination.

Data protection legislation in these countries may be more lenient than it is in Denmark and in the rest of the EU/EEA, as in most cases there will be countries where the EU Commission has assessed that the data protection level is not at par with the data protection level within the EU/EEA.

In the event that it is practically possible for us, the transfer of your personal data will be based on the standard transfer contracts developed by the European Commission, which are specially prepared for this purpose. As far as transfers to the United States are concerned, they will as far as possible be done on the basis of Privacy Shield. Privacy Shield is an agreement between the EU and the United States, which establishes a strong set of data protection rules and security measures that US companies, who have joined the agreement, are obliged to comply with when processing personal data.

However, in certain cases it may not be practical for ISIC to enter into a standard transfer contract or use Privacy Shield as a legal transfer basis. In such cases, the transfer of the information will be carried out pursuant to Article 49.1(b) of the Data Protection Regulation, as the transfer of your personal data to a certain country is necessary for the purpose of fulfilling the contract between you and ISIC (the booking of your trip) or for the purpose of executing measures at your request prior to entering such a contract (e.g. in the case of a qualified offer as mentioned in section 6.13).

It is therefore important that you are aware that transferring your personal data to countries outside the EU/EEA when booking a trip with ISIC means that your personal data will not enjoy the same protection as when subject to Danish or EU laws and regulations.

When transferring data there is a potential risk that there are no clear, precise and accessible laws and regulations in the country in question regarding access to personal data by the authorities of the country; that there are no laws and regulations that the access of a country's authorities to your information, must be necessary and proportionate; that the country does not have an independent and effective supervisory authority and that the country has no available and effective legal remedies for the registered.

If you do not wish that ISIC sends your personal data to recipients outside of the EU/EEA, please advise us at the latest when booking your trip.

ISIC does not, in any case, pass your personal data to recipients outside of the EU/EEA, unless this is necessary to carry out our business and meet your needs e.g. by delivering the requested trip.


8. Data integrity and security

Personal data will be stored no longer than necessary in order to fulfill the purpose for which they have been collected, unless the storage is required to comply with national legal requirements, including statutory storage periods in connection with bookkeeping, etc.

It is ISIC’s policy to protect personal data by taking adequate technical and organizational security measures. When your personal data is no longer needed, we will ensure that they are deleted in a safe manner.


9. Your rights

You are entitled to access to any personal data we have registered and use, information on where it comes from and what we use it for. You can obtain information about how long we store your data, who receives data about you and to what extent we disclose data in Denmark and abroad. Your right of access may, however, be restricted by legislation, protection of other persons’ privacy and consideration for our business and practices. Our know-how, business secrets as well as internal assessments and material may also be exempt from the right of access.

In certain circumstances, you have the right to object to our processing your personal data. This is the case for example when the processing is based on our legitimate interests.

Objection to direct marketing. You have the right to object to our use of your personal data for direct marketing purposes, including profiling that is related to this purpose.

If the data is incorrect, incomplete or irrelevant, you are entitled to have the data corrected or erased with the restrictions that follow from existing legislation and rights to process data. These rights are known as the “right to rectification”, “right to erasure” or “right to be forgotten”.

If you believe that the data we have registered about you is incorrect, or if you have objected to the use of the data, you may demand that we restrict the use of these data to storage. Use will be restricted to storage only until the correctness of the data can be established, or it can be checked whether our legitimate interests outweigh your interests.

If you are entitled to have the data we have registered about you erased, you may instead request us to restrict the use of these data to storage. If we need to use the data we have registered about you solely to assert a legal claim, you may also demand that other use of these data be restricted to storage. We may, however, be entitled to other use to assert a legal claim or if you have granted your consent to this.


You can withdraw your consent at any given time. Please note that if you withdraw your consent, we may not be able to offer you specific services or products. Note also that we will continue to use your personal data, for example, to fulfil an agreement we have made with you or if we are required to do so by law.

If we use data based on your consent or as a result of an agreement, and the data processing is automated, you have a right to receive a copy of the data you have provided in an electronic machine-readable format.

If you wish to claim one or more of your rights, please contact us at [email protected] Your request will be processed in accordance with the data protection legislation currently in force.

Complaint about the processing of your personal data by ISIC can be made to:

Office of the Data Protection Ombudsman PO Box 315, 00181 Helsinki. Tel. 010 36 66700, fax 010 36 66735 www.tietosuoja.fi


10. Updates

ISIC regularly evaluates and updates this privacy policy. Therefore, please regularly check this privacy policy for any changes that may affect our processing of your personal data.

 

Evästeet

Evästeitä käytetään suurimmassa osassa verkkosivuja. Evästeet toimivat takaamalla tietyn palvelun verkkosivuilla vierailijoille.

Evästeet käytetään myös verkkosivujen toimivuuden parantamiseksi, keräämällä tietoa sivujen toimivuudesta ja siitä, miten sivuja on käytetty.

Eväste on pieni tekstitiedosto, joka tallentuu laitteelle (tietokone, älypuhelin, tabletti tms.), jolla käyttäjä vierailee verkkosivuilla.

Isic.fi-verkkosivuilla käytetyt evästeet eivät ole haitallisia eivätkä jaa viruksia tai haittaohjelmia.

Isic.fi-verkkosivuilla käytetään istuntokohtaisia ja pysyviä evästeitä. Istuntokohtaiset evästeet vanhentuvat, kun käyttäjä sulkee selaimen. Pysyvät evästeet tallentuvat pidemmäksi ajaksi. Voit katsoa selaimesi asetuksista mitä evästeitä laitteellesi on tallennettu ja milloin ne vanhenevat.


Isic.fi-sivuilla käytetyt evästeet

__utma, __utmb, __utmc, __utmz, __utmli

Tehtävä: Operaatio ja optimointi

Sivu: Google Analytics

Nämä evästeet keräävät tietoja verkkosivujen liikenteestä. Tietoja käytetään sivujen toiminnan parantamiseen.

 

myFavoriteTours

Tehtävä: Preference cookies

Sivu: isic.fi

Tämä eväste säilyttää tietoa tallennetuista suosikeista tulevia sivuvierailuja varten. 

 

JSESSIONID, NRAGENT

Tehtävä: Operaatio ja optimointi

Sivu: beacon-5.newrelic.com

Nämä evästeet keräävät tietoja verkkosivujen liikenteestä. Tietoja käytetään sivujen toiminnan parantamiseen.

 

UID, UIDR

Tehtävä: Operaatio ja optimointi

Sivu: .scorecardresearch.com

ShareThis käyttää näitä evästeitä yleisön laajuuden analysointiin.

 

VISITOR_INFO1_LIVE, PREF, YSC

Tehtävä: Operaatio ja optimointi

Sivu: YouTube

YouTube käyttää näitä evästeitä tallentamaan käyttäjän suosimia videoasetuksia.

 

datr, reg_fb_gate, locale,   reg_fb_ref, wd, act, _e_0QhS_0, _e_0QhS_1, c_user, csm, fr, lu, s, xs

Tehtävä: Markkinointi – anonyymiä seurantaa verkkosivuilla

Sivu: Facebook

Facebook käyttää evästeitä henkilökohtaisemman palvelun takaamiseksi sekä suojatakseen sinua, ja Facebookia, haittaohjelmilta.


mobile
Tehtävä: Suositukset
Sivu: isic.fi
Tämä eväste selvittää, käyttääkö sivujen vierailija mobiililaitetta.

ASP.NET_SessionId
Tehtävä: Vaaditut evästeet
Sivu: isic.fi
Tallentaa istuntopohjaista tietoa verkkosivuilta. Tämä eväste on Microsoft ASP NET -sovellus, jota käytetään verkkosivujen rakennuksen apuna.

NID, testcookie, khcookie,   PREF
Tehtävä: Suositukset
Sivu: google.com
Tallentaa käyttäjän suositusasetukset ja tiedot tämän vieraillessa sivuilla, joille on upotettu Google Maps -linkki.

__cfduid
Tehtävä: Operaatio ja optimointi
Sivu: Cloudflare
Parantaa verkkosivujen toimintaa tasapainottamalla Cloudfaren servereiden käyttöä.

_visual_swf_referer,   ad_session_id, session_referer
Tehtävä: Operaatio ja optimointi
Sivu: 23Video
23video kerää statistiikkaa katsotuista videoista näiden evästeiden avulla.

GPS
Tehtävä: Suositukset
Sivu: YouTube
Uniikki tunnistusnumero, joka annetaan jokaiselle mobiililaitteelle. Mahdollistaa GPS-pohjaisen
sijaintiseurannan.

YSC
Tehtävä: Operaatio ja optimointi
Sivu: YouTube
Uniikki tunnistusnumero, joka annetaan videon katsojalle.

_EkSession
Tehtävä: Operaatio ja optimointi
Sivu: eKit
Nämä evästeet keräävät tietoja verkkosivujen liikenteestä. Tietoja käytetään sivujen toiminnan parantamiseen.

_hjUserId, _hjClosedSurveyInvites, _hjDonePolls, _hjMinimizedPolls, _hjDoneTestersWidgets, _hjMinimizedTestersWidgets

Tehtävä: Operaatio ja optimointi

Sivu: Hotjar.com

Nämä evästeet keräävät tietoa verkkosivuston liikenteestä ja sisältää yksilöllisen tunnisteen (Universally unique identiefier, UUID), jonka avulla Hotjar tunnistaa yksitäisen käyttäjän eri sivuilta ja eri istuntojen aikana. Tietoja käytetään sivuston toiminnan ja käytettävyyden parantamiseen.


aka_debug, __utma, __utmb, __utmz, player

Tehtävä: Upotamme videoita Vimeoon. Näitä evästeitä saatetaan tallentaa koneellesi, kun avaat Vimeo-soittimen. Evästeet tallentavat käyttäjän suosimat videoasetukset.

Sivu: Vimeo

Nämä evästeet keräävät tietoja verkkosivujen liikenteestä. Tietoja käytetään sivujen toiminnan parantamiseen.

Suostumus evästeiden käyttöön

ISIC Finland käyttää evästeitä isic.fi-verkkosivuilla yllä mainituin tavoin. Jatkaessasi sivujen käyttöä, annat luvan tallentaa evästeitä laitteillesi vieraillessasi isic.fi-verkkosivuilla.

Mikäli et halua antaa suostumusta evästeiden käyttöön, voit poistaa tallennetut evästeet selaimesi asetuksista. Evästeiden poistosta lisätietoja alla.

Evästeiden poistaminen

Voit poistaa evästeet selaimesi asetuksista. Alla linkkejä evästeiden poistoon eri selaimista.

Internet Explorer
http://windows.microsoft.com/fi-fi/internet-explorer/delete-manage-cookiesie=ie-11

Firefox
http://support.mozilla.org/fi/kb/poista-evasteet-poistaaksesi-verkkosivujen-tietoja?redirectlocale=en-US&redirectslug=Deleting+cookies

Google Chrome
https://support.google.com/chrome/answer/95647?hl=fi

Safari
http://support.apple.com/kb/PH11920

Opera
http://help.opera.com/Windows/12.10/en/cookies.html
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

Verkkosivujen julkinen yksityisyydensuoja

Kaikkien eurooppalaisten verkkosivujen täytyy tiedottaa kuluttajia sivuillaan käyttämistä evästeistä.

 

Sivu päivitetty 4.5.2018