Ravintorengas Ltd
This Privacy Policy describes how Ravintorengas Oy ("Ravintorengas" or "the controller") processes personal data. The Privacy Policy applies to the processing of personal data relating to the Kari’s Pine Bark extract drink (karinhavu.fi), Pinena (pinena.fi and pinena.com) and Ravintorengas (ravintintorengas.fi) websites, marketing and customer relationship management, and the products and services we offer.
We comply with applicable data protection legislation in all processing of personal data. Data protection legislation refers to applicable data protection legislation, such as the General Data Protection Regulation of the European Union (2016/679) and the Finnish Data Protection Act (5.12.2018/1050). Any data protection-related terms that are not defined in this Privacy Policy shall be interpreted in accordance with data protection legislation.
Our services and website may also contain links to external websites and services operated by other organisations. This Privacy Policy is not applicable to their use, so we encourage you to consult their privacy policies separately. "Personal data" means any information relating to a natural person ("data subject") from which the person can be directly or indirectly identified, as further defined in the Data Protection Regulation
.
Controller: Ravintorengas Oy
Business ID: 0222773-5
Address: Kuusistontie 3, 29810 Siikainen
E-mail address: herttua(@)ravintorengas.fi
The purposes (and in brackets the legal grounds) for processing personal data are:
Where we process personal data on the basis of legitimate interests, we assess the benefits and potential harm of the processing to the data subject and we have assessed that the rights and interests of the data subject do not override the legitimate interests. We will provide further information on the processing of personal data on the basis of legitimate interests upon request.
Data group | Examples of data content |
Identification and contact details | Customer's name, address, telephone number and email address. |
Health information | Health information and contact details of persons who have agreed to be interviewed for their user profile or who have provided us with their user profile via the Restaurant Ring website, by telephone or email without being asked or requested to do so. |
Information on products and services, including subscriptions and customer communications | Information on processed orders, delivery time of orders, as well as information related to contracts, invoicing, customer communication and complaints. |
Information relating to marketing (including direct marketing) and events, and the data subject's consents and prohibitions. | Contact information for marketing purposes, as well as information collected in connection with events and occasions. Consents and prohibitions on direct marketing. |
Information about the use of websites and other electronic services | IP address, electronic communication identification data, search and browsing data, browser and operating system data and registration data |
We collect personal data directly from the data subject, for example, in the course of a transaction, or when the data subject purchases or orders our products or services, either on their own behalf or on behalf of an organisation they represent, or in connection with registration, when the data subject visits our website or other electronic services, subscribes to our newsletter, responds to a survey or customer satisfaction survey, or otherwise communicates with us. The information recorded in the register may also be obtained from the customer by telephone or e-mail.
We receive information about payments made for our services from our payment service providers (including Stripe and Verifone).
We will retain personal data for as long as necessary for the purposes set out in this Privacy Policy and always for the period required by law (for example, in relation to accounting or reporting obligations), or for the purposes of litigation or similar dispute resolution. After the end of the purpose, the personal data will be deleted or anonymised within a reasonable period of time.
We will provide further information on our personal data retention practices upon request.
Various service providers and other third parties, such as providers of technical solutions or server space or accounting and financial service providers, may also be used to process personal data. We will ensure that the parties we use to process personal data have the necessary agreements with us as required by data protection legislation.
Personal data may be disclosed to third parties in situations required by law or by a public authority, or for the purpose of investigating misconduct or ensuring security. In addition, personal data may need to be disclosed in connection with legal proceedings or similar legal proceedings.
If the controller or a company belonging to the same group as the controller is involved in a merger, business transaction or other business arrangement, personal data may be disclosed to the parties to the arrangement or to parties assisting in the arrangement.
Customer's personal data may be published to the extent that the customer's individual consent has been obtained.
On request, we will provide you with more information about the recipients of your personal data.
When data is transferred outside the European Union or the European Economic Area, the company ensures an adequate level of protection of personal data, including by agreeing on the issues related to the processing of personal data as required by data protection legislation, such as standard contractual clauses adopted by the European Commission. Data will be transferred to the following recipients:
Data security and the protection of personal data is of paramount importance to us. We use appropriate technical and organisational safeguards to protect personal data. We also ensure that our systems are fault-tolerant and that data can be recovered. Access to personal data is limited to specifically authorised parties. Those who process personal data are bound by a duty of confidentiality in relation to the processing of personal data.
Manual material is stored in a locked room in a locked filing cabinet at the service providers' premises.
Data subjects have rights to their personal data under data protection legislation. However, the application of these rights in each individual situation depends on the purpose and context in which the personal data are used.
Exercising rights
We hope you will contact us if you have any questions about the processing of your personal data.
You can send a request for data subject rights by letter or email using the contact details provided in this Privacy Policy.
The identity of the applicant may be verified before the request is processed. The request will be answered within a reasonable time and, in principle, within one month of the request and the verification of identity. If the request cannot be granted, the refusal will be made explicit.
The data subject has the right to lodge a complaint with the competent data protection authority if he or she considers that his or her personal data have been processed in breach of the data protection legislation.
You can find the contact details of the Finnish Data Protection Authority here.
This Privacy Policy may need to be amended from time to time. Changes may also be based on changes in data protection legislation. We therefore encourage you to periodically review this Privacy Statement to identify any changes. The latest version is available on our website.
This Privacy Policy is published on 8.9.2023.
Newsletter subscription
Ravintorengas Oy | Y-0222773-5 | Kuusistontie 3, 29810 Siikainen, Finland