Privacy policy

Ravintorengas Ltd

1. General

This privacy policy explains how Ravintorengas Oy (”Ravintorengas” or ”data controller”) handles personal data. This privacy policy is all about the websites, marketing, customer stuff, products, and services from Arctic Pine Bark (arcticpinebark.com), Karin Havupuu-uutejuoma (karinhavu.fi), Pinena (pinena.fi and pinena.com), and Ravintorengas (ravintorengas.fi).

We stick to all the data protection laws when we're handling your personal data. ”Data protection laws” means the current rules, like the European Union's General Data Protection Regulation (2016/679) and the Finnish Data Protection Act (5.12.2018/1050). Any data protection terms not covered here will be understood based on those data protection laws.

Our services and websites may have links to external sites and services run by other organizations. Just so you know, this privacy policy doesn't cover their use, so we recommend checking out their privacy policies separately.
"Personal data" means any info about real people ("data subjects") that could directly or indirectly identify them, as more specifically defined in data protection regulations.

2. Data controller and data protection officer

Data Controller: Ravintorengas Oy
Business ID: 0222773-5
Address: Kuusistontie 3, 29810 Siikainen
Email Address: herttua(@)ravintorengas.fi

3. Why and how we use your personal data

Here’s why we process your personal data (and the legal reasons for doing so):

  • To provide products and services, set up customer agreements, and manage orders (because of our contract or getting ready for one, and our legitimate interest)
    • Special categories of personal data (with your consent)

  • For customer service, chatting with you, and doing customer satisfaction surveys (our legitimate interest, your consent, and our contract)

  • For invoicing and collecting debts (our legitimate interest)

  • For marketing, like market research, promotions, analysis, stats, and seeing how well our marketing works (our legitimate interest)

  • For direct marketing, including sending emails and calling you, planning ads and marketing, and checking how well they do, including combining and updating your info for direct marketing (our legitimate interest, your consent)

  • To manage relationships with stakeholders and work with subcontractors and service providers (our legitimate interest, our contract or getting ready for one)

  • To make our website and services better and keep an eye on user traffic (your consent)

  • For internal reports and other admin stuff (to comply with the law)

  • To handle complaints and manage legal and official stuff (to comply with the law)

  • To prevent and investigate misconduct, and to keep info secure and people and property safe (to comply with the law)

  • To meet other legal requirements (like accounting and tax stuff) and reporting requirements

When we use your personal data because it’s in our legitimate interest, we weigh the pros and cons for you and make sure your rights and interests don't outweigh our legitimate interest. If you want, we can give you more details about how we use your personal data based on legitimate interest.

4. How we process personal data and where it comes from

Data Category

Examples of Data Content

Identification and Contact Information

Customer’s name, address, phone number, and email address.

Health Information

Health info and contact details given voluntarily or when asked by people who've agreed to be interviewed about their experiences through Ravintorengas’ website, by phone, or email.

Information related to products and services, including orders and customer communication.

Information about processed orders, delivery times, and details related to agreements, billing, customer communication, and complaints.

Information related to marketing (including direct marketing) and events, as well as consents and opt-outs provided by you.

Contact details used for marketing, plus info gathered during events. Also, your consent choices regarding direct marketing.

Information about how you use our websites and other online services.

IP address, electronic communication identifiers, search and browsing data, browser and operating system data, and registration information.

We get payment info for our services from payment providers like Stripe and Verifone.

5. How long we keep your data

We keep your data as long as we need it for the purposes outlined in this policy, and always for the time required by law (like for accounting or reporting), or to sort out legal stuff. After that, we'll delete or anonymize it within a reasonable time.

Just ask if you want more details about how we keep your data.

6. Who gets your data

We use different service providers and other companies, like tech support, server hosts, or accounting services, to help us process your data. We make sure they have the right agreements in place, as required by data protection laws.

We might have to share your data if the law or authorities require it, or to investigate misconduct and keep things secure. We might also need to share it for legal proceedings.

If we're merging, selling the business, or reorganizing, your data might be shared with the parties involved.

Your data might be published if you've given us permission to do so.
Just ask if you want more details about who gets your data.

7. Transferring data outside Europe

If we send data outside the European Union, we make sure it's protected by using agreements that meet data protection laws, like the standard contractual clauses approved by the European Commission. We transfer data to these recipients:

  • Google LLC
  • Stripe
  • Verifone
  • Meta – Social Metaverse Company

8. How we protect your data

Keeping your data safe is super important to us. We use all sorts of technical and organizational measures to protect it. We also make sure our systems are reliable and can recover data if needed. Only authorized people can access your data, and they're all bound by confidentiality agreements.

Paper records are stored in locked rooms, in locked cabinets at our service provider's facilities.

9. Your rights

You have rights when it comes to your personal data, according to data protection laws. How these rights apply depends on why and how we're processing your data.

  • Right to see your data. You have the right to know if we're processing your data and to get certain information about it, as per data protection laws. You also have the right to a copy of your data.

  • Right to correct your data. You can ask us to fix or delete any incorrect or inaccurate information, with some limitations.

  • Right to delete your data. You can ask us to delete your data, as long as it doesn't conflict with the law or some other exception under data protection laws.

  • Right to restriction of processing. Data subjects have the right, in certain situations and in accordance with data protection legislation, to request a restriction of the processing of their personal data.

  • Right to data portability. Data subjects have the right to request the transfer of their personal data to another data controller. The right to data portability primarily applies to personal data that the data subject has provided to the data controller in a structured, machine-readable format and for which processing is based on the data subject’s consent or contract, and/or for which processing is carried out automatically.

  • Right to object to processing. In accordance with data protection legislation, data subjects have the right to object to the processing of personal data based on legitimate interests, including profiling. We may refuse the request if processing is necessary for the compelling and legitimate interests of the data controller or a third party. However, data subjects always have the right to object to the processing of personal data for direct marketing purposes and related profiling.

  • Right to withdraw consent. If the processing of personal data is based on the data subject’s consent, the data subject has the right to withdraw their consent to the processing of their personal data. The withdrawal of consent does not affect the processing that has been carried out prior to the withdrawal.

Exercising Rights

We encourage you to contact us if you have any questions regarding the processing of your personal data.

You can submit a request regarding data subject rights by mail or email using the contact information mentioned in this privacy policy.

The identity of the requester may be verified before processing the request. Requests are generally responded to within a reasonable time, typically within one month from the request and identity verification. If a request cannot be accommodated, this will be communicated separately.

10. Right to lodge a complaint with a supervisory authority

Data subjects have the right to lodge a complaint with the relevant data protection authority if they believe that their personal data has been processed in violation of data protection legislation.

You can find the contact information for the Finnish data protection authority here.

11. Changes to the privacy policy

This privacy policy may need to be amended from time to time, which may also be based on changes in data protection legislation. We recommend regularly checking the privacy policy for any updates. The latest version is available on our website.

This privacy policy was published on October 13th, 2023.