1. Register con­troller and contact information

SHIV Oy, Eskolantie 1, 00720 Helsinki

2. Contact person

SHIV Oy, Toni Susi, toimisto@​onniravintolat.​fi

3. Name of the policy

Onnirav­in­tolat cus­tomer and mar­keting register

4. Pur­poses of handling per­sonal information

Register con­troller SHIV Oy pro­cesses per­sonal inform­ation according to the applicable data pro­tection laws, including the EU’s General Data Pro­tection Reg­u­lation (2016/679) and the Finnish Data Pro­tection Act (1050/2018).

Pur­poses for handling per­sonal information:

  • main­taining cus­tomer rela­tion­ships and car­rying out cus­tomer services
  • offering useful, tar­geted and per­son­alised ser­vices to customers
  • car­rying out the rights and oblig­a­tions of the cus­tomer and register controller
  • pro­cessing the per­sonal inform­ation of dif­ferent stake­holder groups (sup­pliers, job applicants, partners)
  • pro­cessing website user data to verify and develop website functionalities
  • pro­cessing per­sonal data con­nected to products and ser­vices of the register con­troller, such as devel­oping, offering, oper­ating and mar­keting products and services

Addi­tionally, per­sonal data saved in the register may be used in accordance with the data pro­tection legis­lation for stake­holder com­mu­nic­a­tions of the register con­troller, such as sending news­letters, elec­tronic noti­fic­a­tions and elec­tronic direct marketing. 

5. Content of the register

The cus­tomer register may contain the fol­lowing inform­ation about the customer:

per­son’s name, contact inform­ation (phone number, email address, address), year of birth, gender, cus­tomer number, online IP address, cookies from the site, loc­ation inform­ation, IDs / pro­files on social media ser­vices, inform­ation about sub­scribed ser­vices and their changes, billing inform­ation, mar­keting mes­sages and online content behavior, and inform­ation about the ser­vices ordered.

The inform­ation stored in the register is obtained from the cus­tomer e.g. Inform­ation provided by web forms, e-mail, tele­phone, social media ser­vices and / or other communications.

SHIV Oy and com­panies in the same group use cookies on their web­sites to improve the user exper­ience. Cookies are small text files that are sent to a user’s com­puter and stored there at the request of the browser. You can refuse cookies by adjusting your browser settings.

Our site uses a Facebook pixel, which basically means a snippet of code on a page that is used to remarket a website on Facebook. A pixel allows you to show your ads to the right people and create audi­ences for your advert­ising. The pixel does not identify vis­itors as indi­viduals, but vis­itors remain anonymous to the web service pro­vider. We also use pixels to measure the effect­iveness of Facebook advert­ising. Read more about Facebook pixel.

6. Regular sources of information

The person in the register has either sub­mitted his / her contact inform­ation on a form on one of SHIV Oy’s web­sites, pur­chased ser­vices through a business sale, filled in the form manually or oth­erwise expressed his consent to be added to the register and dis­closed (see section 7). Contact and cus­tomer inform­ation can also be col­lected through various com­pet­i­tions and mar­keting campaigns.

A person can delete their inform­ation from the news­letter register at any time via the link in the news­letter or by sending an e-mail to toimisto@​onniravintolat.​fi.

7. Regular disclosures

The inform­ation will not be dis­closed to third parties oth­erwise when it is necessary for the success of com­mu­nic­ation and cus­tomer service, and even then taking into account the pro­vi­sions of the Per­sonal Data Act. Per­sonal data col­lected by SHIV Oy may be dis­closed to com­panies in the same group. SHIV Oy may use the per­sonal data provided only for the purpose of serving cus­tomers or mar­keting, unless it is spe­cifically pro­hibited by the cus­tomer. In addition, inform­ation can be col­lected on behalf of SHIV Oy and the inform­ation can be handed over to the mar­keting office. The mar­keting office may use the dis­closed or self-col­lected inform­ation only in the com­mu­nic­ation between Itähelsingin Rav­in­tolat Oy and com­panies in the same group.

8. Transfers out of the EU or EEA

Potential transfers of per­sonal data out of the European Union or European Eco­nomic Area will always be executed fol­lowing the applicable data pro­tection regulations.

9. Storage period of per­sonal data

The register con­troller will process and store per­sonal data only as long as it is necessary for the pre-determined purpose of use. Unne­cessary per­sonal data that the register holder has no valid reason to store or process will be reg­u­larly deleted in accordance with the register con­trol­ler’s data pro­tection policy. Per­sonal data becomes unne­cessary, for example, when the cus­tomer, business, partner or con­tractual rela­tionship to the register con­troller has ended, apart from where the law requires the con­tinued storage of the per­sonal data.

10. Registry security principles

Persons handling register data are subject to the oblig­ation of con­fid­en­ti­ality and are familiar with the use of the register.

Contact inform­ation is stored in the SHIV Oy CRM system.

SHIV Oy’s inform­ation network and the equipment on which the register is located are pro­tected by a firewall and other necessary tech­nical measures.

The con­troller shall inspect its per­sonal data pro­cessing func­tions and the systems and equipment used in them at regular intervals and e.g. assess the risks involved in the pro­cessing of per­sonal data, for example when intro­ducing new technology.

11. Rights of the data subject

Data about the cus­tomer may be deleted at the Cus­tomer’s request or due to the ter­min­ation of the cus­tomer rela­tionship. When the pro­cessing of per­sonal data is based on consent, the data subject has the right to withdraw his or her consent at any time. Requests for deletion of data and exercise of rights must be sent in writing to the registrar at toimisto@​onniravintolat.​fi.

If necessary, the con­troller may ask the applicant to prove his or her identity. The con­troller will respond to the cus­tomer within the time­frame set out in the EU Data Pro­tection Reg­u­lation (gen­erally within one month).

The cus­tomer has the right to pro­hibit the dis­closure and pro­cessing of his data for direct advert­ising and other mar­keting. The data subject has the fol­lowing rights, which apply on a case-by-case basis:


  • Right of access to per­sonal data
  • Right to request rec­ti­fic­ation, erasure or restriction of processing
  • Right to object
  • Right to appeal to the super­visory authority


The data subject has the right to receive con­firm­ation from the con­troller that per­sonal data con­cerning him or her are or will not be pro­cessed. If per­sonal data are pro­cessed, the person has the right to access the data

The data subject has the right to ask the data con­troller to correct incorrect data con­cerning him or her, as well as to delete any per­sonal data con­cerning him or her or to request the restriction of pro­cessing on the grounds provided by law.

The data subject has the right to object to the pro­cessing of his or her per­sonal data in con­nection with his or her par­ticular situ­ation, where the con­troller pro­cesses the per­sonal data on the basis of a legit­imate interest.

In Finland, the super­visory authority is the Office of the Data Pro­tection Com­mis­sioner, whose contact inform­ation and instruc­tions can be found at tietosuoja​.fi.

Exercise of rights

You can use the regis­trant’s rights presented above by con­tacting the registrar by sending an e-mail to toimisto@​onniravintolat.​fi. We aim to respond to you as soon as pos­sible and, if necessary, provide further guidance or ask addi­tional ques­tions fol­lowing your request.

Please note that before executing a request, we have the right and oblig­ation to verify your identity, which requires us to be able to adequately identify you.

If your request is mani­festly unfounded or unreas­onable, we may either charge a reas­onable fee based on admin­is­trative costs to comply with the request or refuse to take the requested action.

12. Addi­tional information

If you have any ques­tions regarding the pro­cessing of per­sonal data by the con­troller, please contact us using the contact details provided at the beginning of this privacy statement. This privacy statement was last updated on 2/23/2021.