privacy, kept
as simple as we can.

The retreat is operated by Sixty Eight North, a small family business registered in Finland (Y-tunnus 3276634-2). We are the data controller for anything you send us through this website, by email, or by letter.

Reach us at [email protected].

Only what a real conversation about a stay needs.

• From the enquiry form — your name, an email address, an optional phone number, the month you’re thinking of, the number of guests, and the short note you write.
• From email and letters — whatever you choose to share while we plan a stay: travel dates, dietary notes, names of guests joining you, accessibility needs.
• From the website — standard server logs (IP address, browser, page viewed, timestamp) kept by our host for security and uptime.
• From live chat — only if you start a conversation through the chat bubble. We see what you write, the email address or name you choose to share, and basic device and page information collected by our chat provider.

We do not collect payment card numbers, passport scans, health data, or anything gathered across other websites. Optional analytics and chat collection are described separately under cookies, analytics & chat.

Three reasons, all ordinary.

• To write back, and to plan and run a confirmed stay — names, arrival times, dietary notes, the things any host needs.
• To meet Finnish tax and accounting law — invoices and booking records have to be kept for the period the law requires.
• To send the occasional seasonal letter — only if you’ve asked for one, and you can stop them from any letter, at any time.

Under the GDPR, these correspond to Articles 6(1)(b), 6(1)(c), and 6(1)(f) respectively.

• Enquiries that don’t become a stay — twelve months, then quietly deleted.
• Records tied to a confirmed stay — for as long as Finnish accounting law requires, typically six years from the end of the relevant financial year.
• Mailing-list consent — until you withdraw it.

As few people as possible. Never a third party for their own ends.

• Us, at the lodge — the few people who read the inbox and prepare your stay.
• Our email provider — a hosted EU service, acting as a data processor under contract.
• Our website host — Vercel Inc., serving the site as a static build. Server logs only; no database of guest details.
• Google Analytics — only if you accept from the banner. Receives traffic measurement data described under cookies, analytics & chat; never your enquiry text or contact details.
• Tidio — only if you accept from the banner, and only if you open the chat bubble. Hosts the live-chat widget and stores transcripts on their servers in Poland. Tidio is the data processor for the chat conversation; we remain the data controller. Details under cookies, analytics & chat.
• Our accountant — a Finnish bookkeeper bound by professional confidentiality.
• Third parties — only where the law requires it (a tax authority, for example), or where you’ve asked us to share something on your behalf.

Some of these services may process data outside the EU under standard contractual clauses, with the safeguards required by Articles 44–49 of the GDPR.

Stays are reserved at booking.sixtyeightnorth.com, a separate site we operate as the same legal entity. To hold a stay, the booking form asks for the basics — your name, an email address, and an optional phone number. Anything else (dietary notes, dates, party details, payment) is arranged by email after we’ve confirmed availability.

The booking site sets only the strictly functional cookies it needs to keep your booking session running. No analytics, no advertising, no cross-site tracking. The same data controller and the same retention rules described above apply to anything you submit there.

We use Google Analytics 4 to understand which pages are read and how guests find us. It is the only analytics we run, and it loads only if you accept it.

When you accept, Google receives the pages you view, your country (derived from your IP, which is then anonymised — the full address is not stored), the device you’re using, and how you arrived (a search term, a referring site, a direct visit). It also writes a randomly-generated visitor ID to a first-party cookie (_ga) on this domain, used to distinguish a returning visit from a new one. The cookie lasts up to two years.

We’ve turned off Google’s advertising features and Google Signals on this property, set the shortest available data retention window (14 months), and we receive only aggregate, non-identifying reports through the Analytics interface.

We also use Tidio for the live-chat bubble in the corner of the site. Tidio is operated by Tidio LLC; the chat service is hosted on their infrastructure in Poland. Like Analytics, the script is not loaded until you accept from the banner.

Once loaded, Tidio writes a small number of first-party cookies (prefixed _tidio) to keep your conversation tied to you across pages and visits, and receives the page you’re on, basic device information, and your IP address. If you start a conversation, Tidio also stores the transcript and any name or email address you choose to share, so we can read and reply from our inbox. Tidio acts as our data processor under contract; we remain the data controller for the conversation itself.

Beyond Analytics and Tidio the site sets no other tracking cookies, runs no advertising or social pixels, and embeds no third-party widgets that would track you on our behalf. A small set of strictly functional cookies may be used by our host (Vercel) for load balancing and security. They expire when your session ends and carry no personal content.

Withdrawing consent clears the _ga and _tidio cookies from your browser and stops both Analytics and the chat widget from loading on subsequent visits. The chat bubble will hide on the current page; reload to fully unload the script.

Under the GDPR you can ask us, at any time, to:

• show you a copy of what we hold about you;
• correct anything that’s wrong;
• delete it, except where law requires us to keep it;
• restrict or object to how we use it, including our seasonal letters;
• receive it in a machine-readable form to take elsewhere (portability).

Write to [email protected] with the subject line “privacy” and we will reply within a working week. If you’d rather speak to a regulator, the Finnish Office of the Data Protection Ombudsman is at tietosuoja.fi.

We review this page at least once a year, and whenever something material changes in the way the retreat operates. The current version is dated at the top.

Write to [email protected] or send a letter to the address below. We answer every privacy question ourselves, from the lodge.

For booking terms, cancellations, and our enquiry-led model, see booking terms.