Ravintorengas Ltd
This Privacy Policy describes how Ravintorengas Oy ("Ravintorengas" or "the controller") processes personal data. The Privacy Policy applies to the processing of personal data relating to the Kari’s Pine Bark extract drink (karinhavu.fi), Pinena (pinena.fi and pinena.com) and Ravintorengas (ravintintorengas.fi) websites, marketing and customer relationship management, and the products and services we offer.
In all personal data processing, we comply with applicable data protection legislation. Data protection legislation refers to the applicable data protection legislation, such as the European Union's General Data Protection Regulation (2016/679) and the Finnish Data Protection Act (5.12.2018/1050). Those data protection-related concepts that are not defined in this privacy policy shall be interpreted in accordance with data protection legislation.
Our services and websites may also contain links to external websites and services operated by other organizations. This privacy policy does not apply to their use, so we encourage you to review their privacy policies separately. “Personal data” means any information relating to natural persons (“data subject”) from which the person can be directly or indirectly identified, as defined in more detail in the Data Protection Regulation.
Controller: Ravintorengas Oy
Business ID: 0222773-5
Address: Kuusistontie 3, 29810 Siikainen
Email: herttua(@)ravintorengas.fi
The purposes (and legal bases in parentheses) for processing personal data are:
When we process personal data based on a legitimate interest, we assess the benefits and potential disadvantages of the processing for the data subject and have assessed that the rights and interests of data subjects do not override the legitimate interest. We provide further information on the processing of personal data based on legitimate interest upon request.
Data group | Examples of data content |
Identification and contact information | Customer's name, address, telephone number and email address. |
Health information | Health and contact information of people who have volunteered to be interviewed for their user stories, or who have given us their user experience, solicited or unsolicited, via Ravintorenkaan's website, by phone or by email. |
Information on products and services, their orders and customer communications | Information on processed orders, order delivery times, and information relating to contracts, invoicing, customer communications and complaints. |
Information relating to marketing (including direct marketing) and events, as well as consents and prohibitions given by the data subject | Contact information for marketing purposes, and information collected in connection with events and occasions. Consents and prohibitions regarding direct marketing. |
Information on the use of websites and other electronic services | IP address, electronic communication identification data, search and browsing data, browser and operating system information and registration information |
We collect personal data directly from the data subject, for example in connection with transactions, or when the data subject purchases or orders our products or services either themselves or on behalf of the organization they represent, or in connection with registration, when the data subject visits our website or other electronic services, subscribes to our newsletter, responds to a survey or customer satisfaction survey, or otherwise contacts us. The information stored in the register can also be obtained from the customer by telephone or e-mail.
We receive information about payments made for our services from our payment service providers (including Stripe and Verifone).
We retain personal data for as long as necessary to fulfill the purposes set out in this privacy statement and always for the period required by law (for example, responsibilities and obligations relating to accounting or reporting obligations), or to investigate litigation or similar disputes. After the end of the purpose of use, personal data will be deleted or anonymized within a reasonable time.
We will provide further information on personal data retention practices upon request.
Various service providers and other third parties, such as providers of technical solutions or server space, or accounting and financial management service providers, may also be used in the processing of personal data. We take care of the agreements required by data protection legislation with the parties we use in the processing of personal data.
Personal data may be disclosed to third parties in situations required by law or by an authority, or to investigate abuses and to ensure security. In addition, personal data may have to be disclosed in connection with litigation or similar legal proceedings.
If the controller or a company belonging to the same group is involved in a merger, business transaction or other corporate reorganization, personal data may be disclosed to the parties to the reorganization or to parties assisting in the reorganization.
The customer's personal data may be published to the extent that the customer has given specific consent.
We can provide additional information about the recipients of personal data upon request.
When data is transferred outside the European Union or the European Economic Area, the company ensures an adequate level of protection for personal data by, among other things, agreeing on matters related to the processing of personal data in the manner required by data protection legislation, such as using standard contractual clauses approved by the European Commission. Data is transferred to the following recipients:
Data security and the protection of personal data are of utmost importance to us. We use appropriate technical and organizational safeguards to protect personal data. We also ensure the fault tolerance of our systems and data recovery capabilities. Access to personal data is limited to specifically authorized parties only. Parties processing personal data are subject to a duty of confidentiality regarding matters related to the processing of personal data.
Manual material is stored in the service providers' premises in a locked room in a locked filing cabinet.
Data subjects have rights under data protection legislation regarding their personal data. However, the application of rights in each individual situation depends on the purpose and situation of the use of personal data.
Exercising your rights
We hope you will contact us if you have any questions regarding the processing of your personal data.
You can send a request regarding the rights of the data subject by letter or email using the contact information provided in this privacy statement.
The identity of the requester may be verified before processing the request. The request will be answered within a reasonable time and, as a starting point, within one month of the submission of the request and verification of identity. If the request cannot be granted, the refusal will be notified separately.
The data subject has the right to lodge a complaint with the competent data protection authority if the data subject considers that their personal data has been processed in violation of data protection legislation.
You can find the contact information for the Finnish Data Protection Authority here.
This privacy policy may need to be changed from time to time. The changes may also be based on changes in data protection legislation. We encourage you to periodically review the privacy policy for changes. The latest version is available on our website.
This privacy policy was published on September 8, 2023.
