Privacy Notice

This is the privacy policy of Sydvest Oy, (10 ja 24 §) according to

EU GDPR settings. Completed May 18th, 2018. Last change May 29th, 2018.

 

1. Controller

Ravintola Sydvest Oy

PL 29

26101 Rauma

 

2. Contact person

Tuomas Jokela, tuomas.t.jokela@gmail.com , p. 044 7756829

 

3. Name of register

Restaurant Sydvest’s customer register

 

4. Purpose of the register

The legal basis for the processing of personal data is the EU's general data protection

regulation- the consent of the person (documented, voluntary, individualized, informed and

unambiguous) - the agreement where the registered person is party (table reservation) The

purpose of processing personal data is to communicate with customers, maintain customer

relations, marketing and table reservation information. The information is not used for

automated decision making or profiling.

 

5. Content of the register

The stored information in the register includes: person's name, company / organization,

contact phone number, e-mail address, web site addresses, IP address of the network, IDs

/ profiles for social media services, information about subscribed services and their

changes, billing information, special diets and other customer relationships and ordered

services related information. Dietary information is used only for food preparation and

serving.

 

The information is stored in the email address varaukset@ravintolasydvest.fi, ravintolasydvest@gmail.com

and in Squarespace’s server.

 

The information is retained for the time being.

 

6. Regular sources of information

The information stored in the register is obtained from the customer e.g. when making table

reservation, by messages sent through our web page, via emails, telephone, social media,

contracts, customer meetings and other situations where the customer delivers their

information, as well as in competitions in which the customer participates.

 

7. Transfer of data outside EU and EEA countries

Personal data may be disclosed within the limits permitted and mandated by the applicable

law. Information will not be disclosed to third parties who do not cooperate with Restaurant Sydvest. Data

can also be transferred by the controller from outside the EU or the EEA.

Squarespace's server is situated in the United States and is committed to comply with customer

protection in accordance with the EU-US Regulation.

 

8. Principles of data protection

The registry is handled carefully, and data processed by the information systems is

adequately protected. Record information is kept on Internet servers, and the physical and

digital security of their hardware is handled appropriately. The controller ensures that the

stored data, server access rights and other critical data related to the security of personal

data are processed confidentially and only by the employees whose job description it

belongs.

 

9. Registered person’s inspection right

Everyone in the register has the right to check their data stored in the register and to

demand that any incorrect information to be corrected, or incomplete information

supplemented. If a person wishes to check or request correction of their record, the request

should be sent in writing to the contact person. The contact person may, if necessary,

request the applicant to prove his/her identity. The controller is responsible to reply to the customer

within the time limit set by the EU Data Protection Regulation.

 

10. Other rights related to the processing of personal data

A person in the register has the right to request the deletion of his / her personal data from

the register ("the right to be forgotten"). Also, those who are registered have rights under

the EU's general data protection regulation to restrict the processing of personal data in

certain situations. Requests should be sent in writing to the contact person. The contact

person may, if necessary, request the applicant to prove his identity. The controller is

responsible to reply to the customer within the time limit set by the EU Data Protection Regulation.

Registered personal data will be destroyed at the request of the user, unless legislation,

open invoices or debt collections prevent the deletion of data