Privacy Policy

This Privacy Policy describes how Ravintola Rioni Oy processes the personal data of its customers and business partners in accordance with the EU General Data Protection Regulation (EU 2016/679, “GDPR”).



1. Data Controller

Ravintola Rioni Oy
Business ID: 2854694-5
Address: Espoonlahdenkatu 8, 02320 Espoo, Finland
Email: info@ravintolarioni.fi

Contact person: Sini Salminen
Contact phone number: +358 50 513 1119

Requests and inquiries regarding data protection can be sent using the contact details above.


2. What personal data do we process?


We process only personal data that is necessary for our operations. The processed data may include:

  • name
  • email address
  • phone number
  • table and venue reservations
  • information related to private events
  • feedback and other communications
  • direct marketing consents and prohibitions
  • allergies, special dietary requirements, and other preferences communicated by the customer

Personal data is mainly obtained directly from the data subject in connection with reservations, inquiries, or customer interactions.


3. Purposes and legal basis for processing personal data


We process personal data for the following purposes:

Provision of services and customer relationship management

Personal data is processed for receiving and managing reservations, providing services, customer communications, and possible invoicing.
Legal basis: performance of a contract or pre-contractual measures.

Marketing and communications

We send electronic direct marketing messages only based on the data subject’s consent. Telephone or postal marketing may be conducted based on legitimate interest in accordance with applicable legislation.
Legal basis: consent or legitimate interest.

Statutory obligations

Personal data may be processed to comply with accounting obligations or other mandatory legal requirements.
Legal basis: compliance with a legal obligation.


4. How long do we store personal data?


Personal data is generally stored for 12 months after the most recent transaction or reservation.

After this period, the data is deleted or anonymized unless there is another legal basis for retention, such as:

  • a valid marketing consent
  • a statutory obligation (e.g. accounting legislation)

If the data subject opts out of direct marketing, we retain the opt-out information and necessary contact details to ensure compliance with the prohibition.


5. Rights of the data subject


The data subject has the following rights:

  • Right of access: to know what personal data is processed
  • Right to rectification: to request correction of inaccurate or incomplete data
  • Right to erasure: to request deletion of data when there is no legal basis for processing
  • Right to restriction of processing: in certain situations
  • Right to object: particularly to processing based on legitimate interest
  • Right to data portability: to receive the data provided in a machine-readable format
  • Right to withdraw consent: at any time
  • Right to lodge a complaint: with the supervisory authority

Supervisory authority in Finland:
Office of the Data Protection Ombudsman
www.tietosuoja.fi


6. Transfers of personal data


We use trusted service providers (such as reservation and communication systems) for processing personal data. Personal data may be transferred outside the EU or EEA only if an adequate level of data protection is ensured in accordance with GDPR, for example through EU standard contractual clauses.


7. Disclosure of personal data


Personal data is not disclosed to third parties except in the following situations:

  • to authorities based on a legal obligation
  • for debt collection and legal matters
  • in connection with corporate restructurings
  • with the explicit consent of the data subject

We do not disclose personal data for independent third-party direct marketing without the data subject’s consent.


8. Data security


We apply appropriate technical and organizational security measures to protect personal data. These measures include, among others:

  • restricted access rights
  • encryption and firewalls
  • staff training and instructions
  • careful selection of service providers


9. Changes to this Privacy Policy

We may update this Privacy Policy as our services develop or due to changes in legislation. The most current version is always available on our website.

This Privacy Policy was last updated on 12 January 2026.