Privacy Policy

1. Data Controller

Company name: Rapsakat Ravintolat Oy
Business ID: 3387768-5
Address: Kauppakatu 22, 70100 Kuopio, Finland

2. Person Responsible for Register Matters / Data Protection Officer

Company: Rapsakat Ravintolat Oy
Address: Kauppakatu 22
Postal code: 70100
City: Kuopio
Email:

3. Name of the Register

Website User and Marketing Register

4. Legal Basis and Purpose of Processing Personal Data

The legal basis for processing personal data under the EU General Data Protection Regulation (GDPR) is the individual’s consent (documented, voluntary, specific, informed, and unambiguous).

Personal data is processed for the purposes of maintaining customer relationships, marketing, and developing services.

The data is not used for automated decision-making or profiling.

5. Data Content of the Register

The register may contain the following information:

  • website addresses
  • IP addresses of network connections
  • identifiers/profiles in social media services
  • organization and contact details
  • information about ordered services and changes related to them
  • other information related to customer relationships and ordered services

We store personal data only for as long as necessary to fulfill the purposes defined above and in accordance with applicable legislation.

Website visitors’ IP addresses and cookies necessary for the functionality of the service are processed on the basis of legitimate interest, for example to ensure information security and to collect statistical data about website visitors in cases where they may be considered personal data. Consent is requested separately where required for third-party cookies.

6. Regular Sources of Information

Information stored in the register is obtained from customers through:

  • messages sent via website forms
  • email
  • telephone
  • social media services
  • agreements
  • customer meetings
  • other situations where customers provide their information

Contact information of representatives of companies and other organizations may also be collected from public sources such as websites, directory services, and other companies.

The website uses Google Analytics and other analytics tools to generate reports on website usage in order to improve our website and services.

More information about Google Analytics can be found at:
Google Analytics

You can opt out of Google Analytics tracking by installing the browser add-on available at:
Google Analytics Opt-out Add-on

7. Regular Disclosures of Data and Transfers Outside the EU or EEA

Personal data is not regularly disclosed to third parties. Information may be published to the extent agreed upon with the customer.

As a rule, we do not transfer personal data outside the EU or EEA. Data is not transferred to the United States without the explicit consent of the data subjects.

8. Principles of Register Protection

Care is taken in processing the register, and information processed through information systems is appropriately protected.

When register data is stored on internet servers, the physical and digital security of the hardware is handled appropriately.

The data controller ensures that stored data, server access rights, and other information critical to the security of personal data are handled confidentially and only by employees whose job responsibilities require it.

9. Right of Access and Right to Request Correction of Data

Every person in the register has the right to check the data stored about them and to request correction of incorrect data or completion of incomplete data.

Requests regarding access or correction must be submitted in writing to the data controller. The data controller may request proof of identity if necessary.

The data controller will respond within the time period specified by the EU General Data Protection Regulation (generally within one month).

10. Other Rights Related to the Processing of Personal Data

A person registered in the register has the right to request the deletion of personal data concerning them from the register (“right to be forgotten”).

Data subjects also have other rights under the EU General Data Protection Regulation, such as the right to restrict processing in certain situations.

Requests must be submitted in writing to the data controller. The data controller may request proof of identity if necessary.

The data controller will respond within the time period specified by the GDPR (generally within one month).

The supervisory authority is the Office of the Data Protection Ombudsman:

Visiting address: Ratapihantie 9, 6th floor, 00520 Helsinki, Finland
Postal address: P.O. Box 800, 00520 Helsinki, Finland
Telephone: +358 29 56 66735
Email: tietosuoja@om.fi

Created: 21 May 2026 Last updated: 21 May 2026