Controller

Ravintola Kukko (B-93301588)
Referred to in this policy as the Company


Data Protection Officer and/or Contact Person
Antti Pekkarinen
kukko.events@gmail.com


Name of the Personal Data Register

Event Restaurant Kukko customer and marketing register

This Privacy Policy applies to our website, marketing, customer relationship management, and the processing of personal data related to the products and services we offer.


Collected Personal Data and Data Sources

We collect personal data necessary for managing customer relationships.

  • Identification and contact details: Customer’s and/or representative’s name and contact information.
  • Information related to products, services, orders and customer communication: Details of orders, delivery times, and information related to agreements, invoicing, customer communication and complaints.
  • Marketing (including direct marketing) and event-related data, as well as given consents and prohibitions: Contact details for marketing, and information collected in connection with events. Direct marketing consents and prohibitions.
  • Website and other digital service usage information: IP address, electronic communication identifiers, search and browsing data, browser and operating system details, and registration information.

We collect personal data from the data subject, as well as from publicly available official registers and other external sources such as the Trade Register or similar public business databases. We also collect information from contact forms and use it for the customer relationship purposes mentioned above.


Purpose and Legal Basis of Processing Personal Data

Personal data is processed within the limits permitted by applicable law for the following purposes:

  • Delivering products and services and entering into customer agreements (contract or preparation of contract)
  • Managing the customer relationship (legitimate interest)
  • Providing information and guidance about services (legitimate interest)
  • Testing digital services (legitimate interest)
  • Developing products and services (legitimate interest)
  • Collecting and analysing user statistics (consent, legitimate interest)
  • Improving the user experience of our website and other services (consent, legitimate interest)
  • Invoicing, credit decisions and debt collection (legitimate interest)
  • Marketing communications (legitimate interest)
  • Direct marketing, including electronic and telephone marketing, as well as planning and measuring marketing effectiveness and combining and updating personal data for direct marketing purposes (legitimate interest, consent)
  • Managing stakeholder relationships, subcontracting and cooperation with service providers (legitimate interest, contract or preparation of contract)
  • Internal reporting and other administrative procedures (legal obligation)
  • Warranty and defect liability matters, handling complaints and managing legal or official proceedings (legitimate interest)
  • Preventing and investigating abuses, and ensuring information security, personal safety and property protection (legitimate interest)
  • Fulfilling other legal obligations (e.g. accounting and tax-related actions) and reporting requirements

If the processing of personal data is based on the data subject’s consent, the consent may be withdrawn at any time by contacting the person mentioned above.

The processing of personal data may be necessary for the legitimate interests of the Company and the customer. The Company has a legitimate interest in processing personal data for marketing, service development and customer analyses, as well as service testing. Marketing purposes may also involve profiling. The data subject has the right to object to such processing. When processing is based on legitimate interest, we assess the benefits and any potential harm to the data subject and consider that the data subject’s rights and interests do not override our legitimate interest. More information on legitimate interest–based processing is available upon request.


Processors of Personal Data

Personal data can be accessed only by persons responsible for managing customer relationships and marketing.


Recipients of Personal Data

Various service providers and other third parties may be involved in the processing of personal data, such as providers of technical solutions or server space, or accounting and financial administration services. We ensure that all required data protection agreements are in place with such service providers.

Personal data may be disclosed to third parties when required by law or a competent authority, or for investigating abuses or ensuring security. Personal data may also be disclosed in connection with legal proceedings.

If the Company is involved in a merger, business acquisition, or other corporate transaction, personal data may be disclosed to the parties involved or to advisors assisting in the transaction.

More information on recipients of personal data is available upon request.


Transfers of Personal Data Outside the European Economic Area

Personal data is not transferred outside the EU or EEA unless required for technical implementation of a service. If such transfers are necessary, they are carried out in accordance with data protection legislation, ensuring adequate protection and necessary safeguards.

Further information about transfers and safeguards is available upon request.


Cookies

We use cookies and similar technologies on our website. A cookie is a small text file stored by the browser on the user’s device. Cookies contain an anonymous, unique identifier that allows us to recognise and count different browsers visiting our site. Cookies and similar technologies are used to analyse and improve our services and to target advertising. Users can manage their consent through the cookie tool on our website.


Protection of Personal Data

We protect personal data using appropriate technical and organisational measures. Data is collected in databases protected by firewalls, passwords, and other technical security measures. The databases and their backups are located in locked and guarded facilities, and access is granted only to specific authorised individuals.


Retention and Deletion of Personal Data

Personal data is retained as long as necessary for the purposes for which it was collected and processed, for the performance of a contract, or as required by law and regulations. After this, the data is securely destroyed.


Rights of the Data Subject

The data subject has the following rights:

  1. Right of access: The right to obtain confirmation about whether their personal data is processed, and to receive a copy of their data.
  2. Right to rectification: The right to have incomplete or inaccurate data corrected.
  3. Right to erasure: The right to request deletion of data when no lawful basis for processing exists.
  4. Right to restrict processing: The right to request restriction of processing if data accuracy or lawfulness requires it, or to limit processing to storage only.
  5. Right to object: The right to object to processing for direct marketing purposes or when based on legitimate interest.
  6. Right to data portability: The right to request transfer of data to another controller, when applicable.
  7. Right to withdraw consent: If processing is based on consent, the data subject may withdraw consent at any time, without affecting prior lawful processing.


Requests regarding these rights must be submitted in writing or via email to:

Restaurant Kukko
Data Access/Other Personal Data Request
Antti Pekkarinen
kukko.events@gmail.com

The requester’s identity may be verified before processing the request. The Company responds within one month unless there are grounds for extending the response time.

The data subject has the right to lodge a complaint with the competent supervisory authority if they believe their personal data has been processed in violation of data protection legislation.

Contact details for the Finnish supervisory authority can be found here.