Privacy Notice

This is the privacy policy of Olo Group Oy, Emoresta Oy, Iloresta Oy and Oloresta Oy (10 ja 24 §)
according to EU GDPR settings. Completed May 16th, 2018. Last change 01.07.2019.

  1. Controller
    Olo Group Oy, Emoresta Oy, Iloresta Oy and Oloresta Oy
    c/o Olo Group
    Rikhardinkatu 14
    00130 Helsinki
  2. Contact person
    Petri Lukkarinen, petri.lukkarinen@olo-group.fi , +358 50 5678 995.
  3.  Name of the register
    Restaurant Emo’s customer register
    Restaurant Olo’s customer register
    Restaurant Nude’s customer register
    Olo Group customer register
  4. Purpose of the register
    The legal basis for the processing of personal data is the EU’s general data protection
    regulation- the consent of the person (documented, voluntary, individualized, informed and
    unambiguous) – the agreement where the registered person is party (table reservation) The
    purpose of processing personal data is to communicate with customers, maintain customer
    relations, marketing and table reservation information. The information is not used for
    automated decision making or profiling.
  5. Content of the register
    The stored information in the register includes: person’s name, company / organization,
    contact phone number, e-mail address, web site addresses, IP address of the network, IDs
    / profiles for social media services, information about subscribed services and their
    changes, billing information, special diets and other customer relationships and ordered
    services related information. Dietary information is used only for food preparation and
    serving.
    Customer data is stored in:
    Table booking program DinnerBooking
    Invoice program Netbaron
    Customer relations system Microsoft Dynamics
    Mailchimp, newsletter services
    Gifti online gift card shop
    The information is retained for the time being
  6. Regular sources of information
    The information stored in the register is obtained from the customer e.g. when making table
    reservation, by messages sent through our web page, via emails, telephone, social media,
    contracts, customer meetings and other situations where the customer delivers their
    information, as well as in competitions in which the customer participates.
  7. How we use cookies
    A cookie is a small text file that is stored on a user’s computer when he or she visits the
    site. Cookies do not contain personal information and do not allow you to run programs or
    store viruses on the user’s computer.
    We use cookies on this site for a wide range of uses related to site functionality, analysis
    and marketing.
    *) We use Google Analytics to track your site. The purpose of tracking is to collect statistics
    about, for example, the number of visitors to the page and the most popular content.
    You can read more about Google cookies here: Google’s cookie policy. Cookie information
    helps us improve the functionality and usability of our site.
    Disabling cookies in your browser
    To prevent cookies, change your browser cookie settings.
    If you block the use of cookies in your browser, your device will not be tracked when you
    visit the site. Note, however, that blocking the use of cookies may also prevent you from
    accessing some of your site’s features.
  8. Transfer of data outside EU and EEA countries
    Personal data may be disclosed within the limits permitted and mandated by the applicable
    law. Information may be disclosed to Olo Group’s other companies under the Personal
    Data Act. Information will not be disclosed to third parties who do not cooperate with Olo
    Group. Data can also be transferred by the controller from outside the EU or the EEA.
    Mailchimp’s server is in the United States, Mailchimp is committed to comply with customer
    protection in accordance with the EU-US Regulation.
  9. Principles of data protection
    The registry is handled carefully, and data processed by the information systems is
    adequately protected. Record information is kept on Internet servers, and the physical and
    digital security of their hardware is handled appropriately. The controller ensures that the
    stored data, server access rights and other critical data related to the security of personal
    data are processed confidentially and only by the employees whose job description it
    belongs
  10. Registered person’s inspection right
    Everyone in the register has the right to check their data stored in the register and to
    demand that any incorrect information to be corrected, or incomplete information
    supplemented. If a person wishes to check or request correction of their record, the request
    should be sent in writing to the contact person. The contact person may, if necessary,
    request the applicant to prove his/her identity. The controller is responsible for the customer
    within the time limit set by the EU Data Protection Regulation.
  11. Other rights related to the processing of personal data
    A person in the register has the right to request the deletion of his / her personal data from
    the register (“the right to be forgotten”). Also, those who are registered have rights under
    the EU’s general data protection regulation to restrict the processing of personal data in
    certain situations. Requests should be sent in writing to the contact person. The contact
    person may, if necessary, request the applicant to prove his identity. The controller is
    responsible for the customer within the time limit set by the EU Data Protection Regulation.
    Registered personal data will be destroyed at the request of the user, unless legislation,
    open invoices or debt collections prevent the deletion of data.