1. Register controller and contact information
SHIV Oy, Eskolantie 1, 00720 Helsinki
2. Contact person
SHIV Oy, Toni Susi, email@example.com
3. Name of the policy
Onniravintolat customer and marketing register
4. Purposes of handling personal information
Register controller SHIV Oy processes personal information according to the applicable data protection laws, including the EU’s General Data Protection Regulation (2016/679) and the Finnish Data Protection Act (1050/2018).
Purposes for handling personal information:
- maintaining customer relationships and carrying out customer services
- offering useful, targeted and personalised services to customers
- carrying out the rights and obligations of the customer and register controller
- processing the personal information of different stakeholder groups (suppliers, job applicants, partners)
- processing website user data to verify and develop website functionalities
- processing personal data connected to products and services of the register controller, such as developing, offering, operating and marketing products and services
Additionally, personal data saved in the register may be used in accordance with the data protection legislation for stakeholder communications of the register controller, such as sending newsletters, electronic notifications and electronic direct marketing.
5. Content of the register
The customer register may contain the following information about the customer:
person’s name, contact information (phone number, email address, address), year of birth, gender, customer number, online IP address, cookies from the site, location information, IDs / profiles on social media services, information about subscribed services and their changes, billing information, marketing messages and online content behavior, and information about the services ordered.
The information stored in the register is obtained from the customer e.g. Information provided by web forms, e-mail, telephone, social media services and / or other communications.
Our site uses a Facebook pixel, which basically means a snippet of code on a page that is used to remarket a website on Facebook. A pixel allows you to show your ads to the right people and create audiences for your advertising. The pixel does not identify visitors as individuals, but visitors remain anonymous to the web service provider. We also use pixels to measure the effectiveness of Facebook advertising. Read more about Facebook pixel.
6. Regular sources of information
The person in the register has either submitted his / her contact information on a form on one of SHIV Oy’s websites, purchased services through a business sale, filled in the form manually or otherwise expressed his consent to be added to the register and disclosed (see section 7). Contact and customer information can also be collected through various competitions and marketing campaigns.
A person can delete their information from the newsletter register at any time via the link in the newsletter or by sending an e-mail to firstname.lastname@example.org.
7. Regular disclosures
The information will not be disclosed to third parties otherwise when it is necessary for the success of communication and customer service, and even then taking into account the provisions of the Personal Data Act. Personal data collected by SHIV Oy may be disclosed to companies in the same group. SHIV Oy may use the personal data provided only for the purpose of serving customers or marketing, unless it is specifically prohibited by the customer. In addition, information can be collected on behalf of SHIV Oy and the information can be handed over to the marketing office. The marketing office may use the disclosed or self-collected information only in the communication between Itähelsingin Ravintolat Oy and companies in the same group.
8. Transfers out of the EU or EEA
Potential transfers of personal data out of the European Union or European Economic Area will always be executed following the applicable data protection regulations.
9. Storage period of personal data
The register controller will process and store personal data only as long as it is necessary for the pre-determined purpose of use. Unnecessary personal data that the register holder has no valid reason to store or process will be regularly deleted in accordance with the register controller’s data protection policy. Personal data becomes unnecessary, for example, when the customer, business, partner or contractual relationship to the register controller has ended, apart from where the law requires the continued storage of the personal data.
10. Registry security principles
Persons handling register data are subject to the obligation of confidentiality and are familiar with the use of the register.
Contact information is stored in the SHIV Oy CRM system.
SHIV Oy’s information network and the equipment on which the register is located are protected by a firewall and other necessary technical measures.
The controller shall inspect its personal data processing functions and the systems and equipment used in them at regular intervals and e.g. assess the risks involved in the processing of personal data, for example when introducing new technology.
11. Rights of the data subject
Data about the customer may be deleted at the Customer’s request or due to the termination of the customer relationship. When the processing of personal data is based on consent, the data subject has the right to withdraw his or her consent at any time. Requests for deletion of data and exercise of rights must be sent in writing to the registrar at email@example.com.
If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the timeframe set out in the EU Data Protection Regulation (generally within one month).
The customer has the right to prohibit the disclosure and processing of his data for direct advertising and other marketing. The data subject has the following rights, which apply on a case-by-case basis:
- Right of access to personal data
- Right to request rectification, erasure or restriction of processing
- Right to object
- Right to appeal to the supervisory authority
The data subject has the right to receive confirmation from the controller that personal data concerning him or her are or will not be processed. If personal data are processed, the person has the right to access the data
The data subject has the right to ask the data controller to correct incorrect data concerning him or her, as well as to delete any personal data concerning him or her or to request the restriction of processing on the grounds provided by law.
The data subject has the right to object to the processing of his or her personal data in connection with his or her particular situation, where the controller processes the personal data on the basis of a legitimate interest.
In Finland, the supervisory authority is the Office of the Data Protection Commissioner, whose contact information and instructions can be found at tietosuoja.fi.
Exercise of rights
You can use the registrant’s rights presented above by contacting the registrar by sending an e-mail to firstname.lastname@example.org. We aim to respond to you as soon as possible and, if necessary, provide further guidance or ask additional questions following your request.
Please note that before executing a request, we have the right and obligation to verify your identity, which requires us to be able to adequately identify you.
If your request is manifestly unfounded or unreasonable, we may either charge a reasonable fee based on administrative costs to comply with the request or refuse to take the requested action.
12. Additional information
If you have any questions regarding the processing of personal data by the controller, please contact us using the contact details provided at the beginning of this privacy statement. This privacy statement was last updated on 2/23/2021.