Privacy policy

Registry and Privacy Statement

This is the registry and data protection statement of Rustravel Oy Ltd in accordance with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).
By using our website, you agree to the processing of your information in accordance with this data protection statement.
We update the data protection statement as needed, and a new version will be published on our website. Continuous use of our website after an update will be considered as acceptance of the modified terms.

Created on March 23, 2017.
Latest update on April 5, 2023.

1. Register Holder

Rustravel Oy Ltd
Business ID: 1743918-3
Tehtaankatu 12, 00140 Helsinki
Phone number: +358403507428

2. Contact Person for the Registry

Oxana Gergalo
Phone number: +358403507428

3. Name of the registry

Rustravel Oy Ltd's Customer and Marketing Registry

4. Legal Basis and Purpose of Processing Personal Data

The legal basis for processing personal data in accordance with the EU's General Data Protection Regulation is a customer relationship or, in some cases, the individual's consent.

The purposes of processing personal data are:
• processing and delivering customer orders or providing services to the customers
• development of operations and services
• customer relationship communication and maintenance
• fulfilling legal obligations (e.g., accounting legislation)
• marketing (only with the customer's separate consent)

The data is not used for automated decision-making or profiling.

5. Contents of the registry

The registry contains the following information: person's name, company or organization, contact information (phone number, email address, address), internet connection IP address, details of ordered products and services and their changes, billing information, and other customer relationship and ordered product and service-related information such as customer feedback and reviews. Additionally, information required by authorities in the destination countries of customers' trips, such as gender, date of birth, passport number, photograph, private and family life information, educational background, work history, travel history, and financial situation information, may be requested. Upon request from authorities, information concerning ethnic origin, race, religion, trade union membership, health, biometric data, and criminal records may also be requested.

6. Regular Data Sources

The data recorded in the registry is obtained from the customer, for example, when registering as a website user and when using the website, from messages sent via online forms, by email, by phone, from contracts, customer meetings, and other situations in which the customer provides their information.

7. Data Storage

Personal data is stored only for as long as necessary, in accordance with applicable legislation.

8. Regular disclosures of data and transfers of data outside the EU or EEA

Data is not disclosed to other parties for marketing purposes.

If product delivery, service provision, or law requires, we will disclose necessary information to, for example, the following third parties:
• payment service providers
• travel service partners (e.g., accommodation providers, airline and transportation companies)
• financial management partners
• delivery partners
• electronic service providers
• authorities (e.g., destination country authorities for customers applying for visas)

Some information, such as reviews and customer feedback, may be published as agreed with the customer.

Data is not transferred outside the EU by the controller.

9. Principles of registry protection

The registry is handled with care, and data processed through information systems are protected appropriately. When registry data is stored on internet servers, both physical and digital security of the hardware is maintained properly. The controller ensures that stored data, server access rights, and other critical information related to personal data security are handled confidentially and only by employees and subcontractors whose job description includes it.

10. Inspection right and the right to demand correction of information

Every person in the registry has the right to check their stored data and demand correction of any incorrect information or supplementation of incomplete information. If someone wants to check their stored data or request a correction, they must send a written request (e.g., via email) to the controller's contact person mentioned earlier. The controller may ask the requester to prove their identity if needed. The controller will respond to requests within the timeframe specified by the EU's General Data Protection Regulation (GDPR), which is usually within a month.

11. Other rights related to personal data processing

People in the registry have the right to request the deletion of their personal data ("the right to be forgotten") and have other rights according to the GDPR, such as restricting the processing of personal data in specific situations. Requests should be sent in writing (e.g., via email) to the controller's contact person mentioned earlier. The controller may ask the requester to prove their identity if needed. The controller will respond to requests within the timeframe specified by the GDPR, which is usually within a month.

12. Cookies

A cookie is a small text file sent to and stored on a user's device by a website. Cookies do not harm users' devices or files. More information about cookies can be found on the Finnish Communications Regulatory Authority's website.

The site uses cookies for the technical implementation and development of services and functions.
Google Analytics is used to gather information about the site's usage patterns. More information about Google Analytics' privacy policies can be found at:

Users can allow or block the use of cookies on their computer by changing their browser settings. However, many functions and services require the website to save users' preferences. If cookies are blocked, not all site functions and services may be usable.