— Legal —

Privacy Policy

Last updated: January 2026

At Zymoraech ("we," "us," or "our"), your privacy is the cornerstone of the trust we share with every guest. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit zymoraech.cloud, make a reservation, subscribe to our communications, or interact with our concierge team. By using our website and services, you consent to the practices described below.

1. Information We Collect

We collect personal information that you voluntarily provide to us, as well as information automatically gathered through your use of our website. The categories of information we may collect include:

  • Identity Data: Full name, date of birth, nationality, and passport details (when required for hotel reservations).
  • Contact Data: Email address, telephone number, postal address, and emergency contact details.
  • Reservation Data: Hotel preferences, room type, arrival/departure dates, dietary requirements, accessibility needs, and special occasion notes.
  • Payment Data: Credit/debit card information, billing address, and transaction history (processed via PCI-DSS compliant gateways — we do not store full card numbers).
  • Technical Data: IP address, browser type, device identifiers, operating system, time-zone, and language settings.
  • Usage Data: Pages viewed, time spent, click patterns, referral sources, and interaction with our newsletters.
  • Marketing Preferences: Your consent settings for promotional emails, VIP invitations, and curated previews.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To process reservations, payments, and confirm bookings with our partner properties.
  • To deliver curated, personalized experiences tailored to your preferences.
  • To communicate exclusive offers, VIP events, rooftop tastings, and aurora retreats — only with your consent.
  • To respond to concierge inquiries, complaints, and service requests within 24 hours.
  • To improve our website, services, and guest journey through analytics and feedback.
  • To comply with legal, regulatory, and tax obligations under Finnish and EU law.
  • To detect, prevent, and address fraud, security incidents, or abuse of our services.

3. Legal Basis for Processing (GDPR)

As a Finnish company subject to the European General Data Protection Regulation (GDPR), we rely on the following legal bases when processing your personal data:

  • Contract: When processing is necessary to fulfill a reservation or service agreement.
  • Consent: For marketing communications, newsletter subscriptions, and non-essential cookies.
  • Legitimate Interests: For analytics, fraud prevention, and improving our services.
  • Legal Obligation: For tax records, hotel registration laws, and anti-money laundering compliance.

4. Cookies & Tracking Technologies

Our website uses cookies, pixels, and similar technologies for analytics, personalization, and functional purposes. You may manage or disable cookies through your browser preferences at any time. For full details, please see our Cookies Policy.

5. Data Sharing & Disclosure

We never sell your personal information. We share data only in limited circumstances:

  • Partner Properties: Hotels and venues required to deliver your reservation or experience.
  • Service Providers: Payment processors, IT vendors, analytics partners, and email platforms operating under strict data-processing agreements.
  • Legal Authorities: When required by law, court order, or to protect rights, property, or safety.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, with appropriate safeguards.

6. International Transfers

Your data is primarily stored within the European Economic Area (EEA). When data must be transferred outside the EEA, we ensure adequate safeguards through Standard Contractual Clauses (SCCs) or equivalent mechanisms approved by the European Commission.

7. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy, or as required by law. Reservation records are typically held for seven (7) years for tax and accounting purposes. Marketing preferences are retained until you withdraw consent.

8. Security Measures

We employ industry-standard encryption (TLS 1.3), access controls, secure data centers, and regular security audits to protect your information against unauthorized access, alteration, disclosure, or destruction. While no system is impenetrable, we continuously invest in safeguarding the privacy you entrust to us.

9. Your Rights

Under GDPR and applicable Finnish law, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete information.
  • Request erasure ("right to be forgotten") where applicable.
  • Restrict or object to certain processing activities.
  • Receive a portable copy of your data in a structured, machine-readable format.
  • Withdraw consent at any time without affecting prior lawful processing.
  • Lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi).

To exercise any of these rights, contact us at [email protected]. We will respond within thirty (30) days.

10. Children's Privacy

Our services are intended for guests aged 18 and older. We do not knowingly collect personal information from minors. If we become aware of such collection, we will delete the data promptly.

11. Changes to This Policy

We may revise this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. The "Last updated" date at the top of this page indicates the latest revision. Material changes will be communicated via email or prominent notice on our website.

12. Contact Us

For privacy-related inquiries, requests, or complaints, please contact our Data Protection Officer:

Email: [email protected]
Phone: +358 40 521 7384
Address: Zymoraech Hospitality, Eteläranta 12, 00130 Helsinki, Finland