Privacy Policy

Restabar Group Oy / Ravintola Koski

This is the privacy policy of Restabar Group Oy in accordance with the EU General Data Protection Regulation (GDPR). In this privacy policy, we explain what personal data we process, for what purposes the data is used, on what legal basis the data is processed, to whom the data may be disclosed, how long the data is stored, and how you can exercise your data protection rights.

Last updated: 2 June 2026
Effective from: 2 June 2026

1. Data Controller

Restabar Group Oy
Business ID: 3232474-7
Postal address: Pispalan Valtatie 18 B, 33250 Tampere, Finland
Email: ravintola@ravintolakoski.fi
Website: ravintolakoski.fi

2. Name of the Register

Customer, marketing and online service register of Restabar Group Oy / Ravintola Koski.

3. Data Protection Officer

Restabar Group Oy has not appointed a Data Protection Officer, unless required by legislation or the scope of the company’s operations. For matters related to data protection, you can contact us by email at:

ravintola@ravintolakoski.fi

4. What Personal Data Do We Process?

We only process personal data that is necessary for customer relationships, services, enquiries, reservations, orders, invoicing, marketing, or the operation of the website.

We may process the following personal data:

Basic Information of the Customer or Contact Person

• name

• email address

• telephone number, if provided by the customer

• name of the company or organisation

• job title or role in the company, if the customer represents a company

• customer’s or company’s invoicing and contact details

Reservation, Order and Customer Relationship Data

• information related to reservations, quote requests and orders

• information related to lunch, event, meeting, catering and other restaurant services

• date and time, number of guests and service needs related to an event or occasion

• special dietary requirements or other needs voluntarily provided by the customer

• information related to customer communication, feedback, complaints and customer service

• information related to invoicing and payments

Data Related to the Use of the Website and Digital Services

When you use our website, we may process technical data such as:

• IP address

• device and browser information

• operating system information

• time of website visit

• pages viewed and events related to website use

• identifiers and usage data collected through cookies and similar technologies

We use analytics and marketing cookies only if you have given your consent.

5. Where Do We Obtain Personal Data From?

We primarily obtain personal data directly from you when you, for example:

• contact us by email, phone, online form or social media

• make a reservation or request a quote

• order catering, event, meeting or restaurant services

• provide feedback

• interact with us as a representative of a company or organisation

• subscribe to a newsletter or give marketing consent

• use our website and accept the use of cookies

We may also receive data from service providers, such as providers of reservation, payment, analytics, advertising, website, email or form services, when this is necessary for providing the service.

For business customers, we may also process publicly available company contact information if it is needed for managing the customer relationship, B2B communication or offering our services.

6. For What Purposes Do We Process Personal Data?

We process personal data for the following purposes:

Customer Service and Responding to Enquiries

We process personal data so that we can respond to enquiries, quote requests, questions and feedback.

Managing Reservations, Orders and Services

We process personal data so that we can provide restaurant, lunch, event, meeting, catering and other services ordered by the customer.

Managing Customer Relationships

We process personal data for maintaining customer relationships, customer communication, service planning, improving the customer experience and handling possible complaints.

Invoicing, Payments and Accounting

We process personal data for invoicing, payment processing, accounting and compliance with statutory obligations.

Marketing and Customer Communication

We may process personal data for customer communication, informing customers about our services and direct marketing. Electronic direct marketing is sent in situations permitted by law, for example to existing customers regarding similar services, or based on separate consent.

You always have the right to object to direct marketing.

Website Analytics and Development

We process website usage data to improve the functionality, usability, visitor statistics and content of the website. Analytics cookies are used only with your consent, unless the processing is strictly necessary for the technical operation of the website.

Advertising Measurement and Targeting

We may use cookies and similar technologies for advertising measurement, remarketing and targeted advertising, for example in Google and Meta services. These cookies are used only if you have given your consent.

7. Legal Bases for Processing Personal Data

We process personal data based on the following legal bases:

Contract or Pre-contractual Measures

When you request a quote, make a reservation, order a service or become our customer, we process personal data in order to enter into a contract and provide the service.

Examples:

• handling reservations

• responding to quote requests

• providing catering and event services

• customer service related to an order or reservation

Legal Obligation

We process data when required by law.

Examples:

• accounting

• tax-related obligations

• responding to lawful requests from authorities when required by law

Legitimate Interest

We may process personal data based on our legitimate interest when the processing is necessary for our business, customer relationships or services, and the processing does not override the rights and freedoms of the data subject.

Examples:

• managing customer relationships

• customer communication

• improving service quality

• handling feedback and complaints

• B2B communication

• establishing, exercising or defending legal claims

• direct marketing to existing customers within the limits permitted by law

Consent

We process personal data based on consent when you have given voluntary and specific consent for the processing.

Examples:

• subscribing to a newsletter

• analytics cookies

• marketing cookies

• remarketing

• advertising targeting

You may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

8. Special Diets and Health-Related Information

If you provide us with information about a special diet, allergy or other health-related information concerning meals, we process the data only for the purpose of providing the relevant service or event and ensuring safe dining.

Such data is processed only to the extent necessary. The data is not used for marketing or any other purposes.

9. Recipients and Service Providers

We do not sell personal data to third parties.

We may disclose or transfer personal data to service providers who process the data on our behalf and for our benefit. Such service providers may include, for example:

• technical website maintenance providers

• website hosting providers

• email and form service providers

• reservation system or customer management system providers

• payment and invoicing service providers

• accounting and financial administration service providers

• analytics services, such as Google Analytics

• advertising and marketing services, such as Google Ads and Meta/Facebook

• IT and information security service providers

Service providers may process personal data only in accordance with our instructions and only for the purposes for which the data has been provided.

We may also disclose data to authorities if required by law or by a lawful request from an authority.

10. Transfers of Personal Data Outside the EU or EEA

As a rule, we process personal data within the EU and EEA.

However, some of the service providers we use, such as analytics, advertising, cloud or technology service providers, may also process personal data outside the EU or EEA. In such cases, we ensure that the transfer has a lawful basis under data protection legislation and that appropriate safeguards are in place, such as the European Commission’s Standard Contractual Clauses or another approved transfer mechanism.

11. Retention Periods for Personal Data

We retain personal data only for as long as necessary to fulfil the purposes described in this privacy policy or for the period required by law.

The main retention periods are:

• quote requests and enquiries: generally no longer than 24 months, unless the customer relationship continues

• reservation and order data: for the duration of the customer relationship and for a reasonable period thereafter for possible complaints, customer service or legal claims

• invoicing and accounting data: for the period required by accounting legislation

• marketing consents and opt-outs: for as long as the consent is valid or the opt-out needs to be observed

• newsletter subscription data: until you unsubscribe or request deletion of the data

• cookie consents: for the period determined by the cookie management tool in use

• technical website log data: only for as long as necessary for information security, maintenance and troubleshooting

When personal data is no longer needed, it is deleted or anonymised appropriately.

12. Principles of Register Protection

We process personal data carefully and protect it with appropriate technical and organisational measures.

Data is protected, for example, by the following means:

• access to personal data is limited only to persons who need the data to perform their work duties

• system access rights are managed on a user-specific basis

• data is processed confidentially

• servers, systems and online services are protected with appropriate information security measures

• necessary agreements are concluded with personal data processors

• data is stored only for as long as necessary

13. Rights of the Data Subject

You have rights under data protection legislation regarding your personal data.

You have the right to:

• receive information on whether we process your personal data

• access personal data concerning you

• request correction of incorrect or incomplete data

• request deletion of data in certain situations

• request restriction of processing in certain situations

• object to the processing of personal data in certain situations

• object to the processing of personal data for direct marketing purposes

• request the transfer of data from one system to another, if the processing is based on consent or contract and is carried out automatically

• withdraw your consent at any time

Please note that not all rights can be exercised in all situations. For example, statutory accounting obligations may prevent the deletion of certain data before the end of the statutory retention period.

We generally respond to data protection requests within one month of receiving the request. If necessary, we may ask for additional information to verify your identity.

You can exercise your rights by contacting us by email:

ravintola@ravintolakoski.fi

14. Right to Lodge a Complaint with a Supervisory Authority

If you believe that your personal data is being processed in violation of data protection legislation, you have the right to lodge a complaint with a supervisory authority.

In Finland, the supervisory authority is:

Office of the Data Protection Ombudsman
Website: tietosuoja.fi

15. Cookies and Similar Technologies

Our website uses cookies and similar technologies.

A cookie is a small text file that is stored in the user’s browser or device. Cookies allow the website, for example, to function correctly, remember user choices, measure website usage and display targeted advertising.

We use cookies for the following purposes:

Necessary Cookies

Necessary cookies are required for the technical operation, security and basic functions of the website. These cookies may be used without separate consent.

Examples:

• technical operation of the website

• information security

• form functionality

• remembering cookie settings

Analytics Cookies

Analytics cookies allow us to monitor, for example, the number of visitors to the website, pages used and the functionality of the website. We use this information to improve our website and services.

Analytics cookies are used only if you have given your consent.

Marketing and Advertising Cookies

Marketing and advertising cookies may be used for advertising measurement, remarketing and advertising targeting. These cookies allow us, for example, to show advertisements to users who have visited our website and to measure the effectiveness of advertising.

Marketing and advertising cookies are used only if you have given your consent.

Analytics and marketing services we may use include, for example:

• Google Analytics

• Google Ads

• Meta/Facebook Pixel

• other similar analytics and advertising services

16. Cookie Management

When you visit our website, you can accept or reject cookies other than necessary cookies through the cookie banner or cookie settings.

You can change or withdraw your cookie consent at any time through the website’s cookie settings, if a cookie management tool is in use on the website.

You can also block or delete cookies in your browser settings. However, blocking cookies may affect the functionality of some parts of the website.

17. Automated Decision-Making and Profiling

We do not make automated decisions that would have legal effects or similarly significant effects concerning you.

We may use marketing targeting based on cookies and website usage if you have given your consent. This may mean, for example, that you are shown advertising related to Ravintola Koski’s services online based on your previous visit to our website.

18. Changes to This Privacy Policy

We may update this privacy policy if our operations, services, systems we use or legislation change.

The up-to-date privacy policy is available on our website. If the changes are material, we may inform users about them on the website or by other appropriate means.

19. Contact

If you have any questions about this privacy policy, the processing of your personal data or if you wish to exercise your data protection rights, you can contact us:

Restabar Group Oy / Ravintola Koski
Email: ravintola@ravintolakoski.fi
Postal address: Pispalan Valtatie 18 B, 33250 Tampere, Finland