Olo Group Oy, Emoresta Oy, Iloresta Oy, Oloresta Oy and Lumo Störsvik Oy c/o Olo Group Rikhardinkatu 14 00130 Helsinki
2. Contact person
Petri Lukkarinen, firstname.lastname@example.org , tel. +358 50 5678 995.
3. Name of the register
Olo Group Oy, Emoresta Oy, Iloresta Oy, Oloresta Oy, Lumo Störsvik Oy and Korkeavuoren Ravintola Oy c/o Olo Group Rikhardinkatu 14 00130 Helsinki
4. Purpose of the register
The legal basis for the processing of personal data is the EU’s general data protection regulation- the consent of the person (documented, voluntary, individualized, informed and unambiguous) – the agreement where the registered person is party (table reservation) The purpose of processing personal data is to communicate with customers, maintain customer relations, marketing and table reservation information. The information is not used for automated decision making or profiling.
5. Content of the register
The stored information in the register includes: person’s name, company / organization, contact phone number, e-mail address, web site addresses, IP address of the network, ID´s / profiles for social media services, information about subscribed services and their changes, billing information, special diets and other customer relationships and ordered services related information. Dietary information is used only for food preparation and serving.
Customer data is stored in: Table booking program DinnerBooking, Invoice program Netbaron, Customer relations system WebCrm, Creamailer newsletter services, Lahjakortti.eu/verkkotaito Oy gift card shop. The information is retained for the time being
6. Regular sources of information
The information stored in the register is obtained from the customer e.g. when making table reservation, by messages sent through our web page, via emails, telephone, social media, contracts, customer meetings and other situations where the customer delivers their information, as well as in competitions in which the customer participates.
A cookie is a small text file that is stored on a user’s computer when he or she visits the
Cookies do not contain personal information and do not allow you to run programs or
*) We use Google Analytics to track your site. The purpose of tracking is to collect statistics
Disabling cookies in your browser
8. Transfer of data outside EU and EEA countries
Personal data may be disclosed within the limits permitted and mandated by the applicable law. Information may be disclosed to Olo Group’s other companies under the Personal Data Act. Information will not be disclosed to third parties who do not cooperate with Olo Group. Data can also be transferred by the controller from outside the EU or the EEA. Creamailer´s server is in the Finland, Creamailer is committed to comply with customer protection in accordance with the EU Regulation.
9. Principles of data protection
The registry is handled carefully, and data processed by the information systems is adequately protected. Record information is kept on Internet servers, and the physical and digital security of their hardware is handled appropriately. The controller ensures that the stored data, server access rights and other critical data related to the security of personal data are processed confidentially and only by the employees whose job description it belongs
10. Registered person’s inspection right
Everyone in the register has the right to check their data stored in the register and to demand that any incorrect information to be corrected, or incomplete information supplemented. If a person wishes to check or request correction of their record, the request should be sent in writing to the contact person. The contact person may, if necessary, request the applicant to prove his/her identity. The controller is responsible for the customer within the time limit set by the EU Data Protection Regulation.
11. Other rights related to the processing of personal data
A person in the register has the right to request the deletion of his / her personal data from the register (“the right to be forgotten”). Also, those who are registered have rights under the EU’s general data protection regulation to restrict the processing of personal data in certain situations. Requests should be sent in writing to the contact person. The contact person may, if necessary, request the applicant to prove his identity. The controller is responsible for the customer within the time limit set by the EU Data Protection Regulation. Registered personal data will be destroyed at the request of the user, unless legislation, open invoices or debt collections prevent the deletion of data