Privacy Policy
At Restaurant Rioni, we are committed to protecting our customers' privacy. We process customer personal data to handle reservations and maintain contact with our clients. In this privacy statement, we explain in detail:
What kind of data do we process?
For what purposes do we use the data and what is the legal basis for processing?
How long do we retain the data?
What rights do you have?
Where is the data transferred to?
To whom is the data disclosed?
How is the data protected?
Can this privacy statement be modified?
Where can the data subject contact for further inquiries?
What kind of data do we process?
We typically collect the following data:
Name
Email address
Phone number
Reservations
Private events and their details
Feedback and inquiries
Direct marketing consents and objections
Possible allergies and any other requests to the restaurant
We obtain your information directly from you through a reservation or other communication.
For what purposes do we use the data and what is the legal basis for processing?
We process data for the following purposes:
Providing services: We cannot facilitate a reservation, bill our services, or contact you without processing personal data. In this case, the processing is based on the fulfillment of a contract. When collecting data, we will inform you which data is mandatory for contract fulfillment and which you may provide optionally.
Marketing: With your consent, we may process your data to send you direct marketing messages using electronic channels. Based on our legitimate interest, we may also use the data for phone or postal marketing or targeting marketing related to job duties.
Legal obligation: We may be required to retain some of your personal data to comply with accounting or other mandatory legislation. In this case, the processing is based on fulfilling a legal obligation.
We generally retain data for 12 months after your most recent reservation or visit. After this period, we will trim the data and continue processing it for marketing purposes until you opt-out of receiving marketing messages. If you opt out of marketing and there is no other basis for processing, we will retain the information regarding your opt-out and contact details to ensure compliance. We strive to keep the personal data we hold accurate and up to date by removing unnecessary data and updating outdated information. You can also influence the retention period of your data through the choices described below, such as requesting the deletion of your data. We comply with legal obligations regarding data retention.
What rights does the data subject have?
Below is a list of various ways you can influence the collection and processing of your data:
Access, correction, and deletion of data: You have the right to access the personal data we have stored about you. Upon your request, we will correct, complete, or delete personal data that is incorrect, incomplete, or outdated for the purposes of processing.
Data portability: If you wish, you can request the transfer of your personal data that we process automatically based on your consent or contract by contacting us.
Right to object to direct marketing and related profiling: You can opt out of the processing and transfer of your data for direct marketing purposes at any time by clicking the link at the end of the message or by contacting us directly.
Right to object and restrict processing: You can object to processing based on legitimate interest for reasons related to your personal situation. For example, in such a case, the processing will be restricted for the period it takes to assess the grounds for your objection. Processing can also be restricted when the data subject disputes the accuracy of the personal data, in which case processing is limited until we can verify the accuracy of the data.
Withdrawal of consent: You can withdraw your consent at any time by contacting our customer service or using other methods provided separately. You can withdraw consent for direct marketing by clicking the link at the end of the message or contacting us.
Right to lodge a complaint: You have the right to file a complaint with a supervisory authority if you believe that your data has been processed in violation of this privacy statement and the applicable laws.
Where is the data transferred?
We use subcontractors in data processing, ensuring through contractual arrangements that the data is processed in compliance with applicable laws. Some of our partners may be located outside the EU or EEA. If we transfer data outside the EU or EEA, we ensure an adequate level of protection for personal data, including by agreeing on matters related to confidentiality and processing of personal data as required by law.
Where is the data disclosed?
As a general rule, data is not disclosed to third parties, except to authorities and collection agencies.
Authorities: We may disclose your personal data to the competent authorities as required by applicable law.
Consent: We may disclose your data to third parties if you have given your consent.
Business transactions: If we sell, merge, or otherwise reorganize our business, your personal data may be disclosed to buyers and their advisors.
Direct marketing and opinion/market research: We may disclose your personal data for direct marketing or opinion/market research unless you have opted out.Debt collection and legal claims: We may disclose your personal data to third parties if necessary for the enforcement of a contract, debt collection, investigation of potential violations, or the creation, presentation, or defense of legal claims.
How is the data protected?
We use appropriate technical and organizational security measures to protect personal data against unauthorized processing. These measures include the use of firewalls and encryption technologies, appropriate access control, restricted access rights, guidance for staff involved in the processing of personal data, and careful selection of subcontractors.
Can changes be made to this privacy statement?
We continuously develop our services and may change this privacy statement. Changes may also be based on changes in legislation. We recommend reviewing the content of the privacy statement regularly.
This privacy statement was last updated on May 24, 2018, due to the EU data protection reform.
Where can you contact us?
Data Controller: Ravintola Rioni Oy
Business ID: 2854694-5
Address: Espoonlahdenkatu 8, 02320 Espoo
Contact person: Sini Salminen
Contact details: 050 513 1119