Privacy policy

1. Owner of the register

H5 Restaurants Oy

Hämeenkatu 13, 33100 Tampere

2. Contact persons for matters concerning the register

Contact person for the register: Jessica Aaltonen

3. Name of the register

Marketing register of H5 Restaurants Ltd.

4. Purpose of processing personal data

Personal data is processed in connection with marketing, service development, customer surveys, contacts, credits, billing, collection, reporting and other measures related to customer relationship management.

Purchase and transaction data and location data processed in the register may also be used for profiling and to target marketing activities and customer communications to the data subject. Personal data is also processed in connection with sending newsletters, participating in events and other marketing activities.

5. Data content of the register and categories of personal data

The categories of persons whose data may be processed are the contact persons of a company or organisation that is or has been a customer of the controller, a potential customer, persons who have been in contact with the controller, participants in events organised by H5 Restaurants Ltd, or persons who have given their marketing authorisation.

The following categories of data, among others, may be processed in the register as necessary for the purposes for which the register is intended:

(a) basic information about the employer community that is or has been a customer of the controller, such as name and contact details (address, email address, telephone number) and the name and contact details of the contact person.

(b) information relating to the customer relationship between the controller and the data subjects, such as subscription details, appointment details, any direct marketing authorisations and opt-outs, and other communications between the parties and information relating to the service.

(c) information about the data subject’s behaviour on the controller’s website and other similar aggregated data, participation in events, data entered into events, contacts, and data relating to newsletter subscriptions.

(d) the first name and surname of the data subject who has registered for an event of the controller, as well as any contact details and information provided for the event. The data entered by the data subject himself/herself to register for the event may include, but is not limited to: email, telephone number, address and allergy information.

6. Regular sources of information

The data sources are the data provided by the customer, the customer information system and billing database, the usage and transaction data of websites, blogs and newsletters, the customer relationship management system, partners, and companies and authorities providing services concerning personal data.

Personal data may also be collected and updated from paid address registers and other similar registers.

7. Regular disclosures of data

Register data may be shared within H5 Restaurants Ltd, as well as with subcontractors of H5 Restaurants Ltd.

As a general rule, H5 Ravintolat Oy does not disclose personal data to third parties. If necessary, the controller may also outsource the processing of personal data to companies outside the company, which may also be located in countries outside the European Union and the European Economic Area, such as the United States. These companies may process personal data to provide, for example, infrastructure, IT or other services. In such cases, adequate data security and data processing will be ensured through the EU-U.S. Privacy Shield arrangement, or through contractual arrangements using model clauses approved by the EU Commission. The personal data to be transferred may include name, address, email address and telephone number.


The data will be stored in a technically secure manner. Physical access to the data is prevented by access control and other security measures. Access to the data requires adequate rights. Unauthorised access is also prevented by firewalls and technical protection. Only the controller and specifically designated persons have access to the register data. Only the designated persons are entitled to process and maintain the data in the register. Users are bound by confidentiality.

9. Right to review and modify the information in the register

The person concerned has the right to check what information is held on him/her in the register. The request must be made in writing to the keeper of the register. The request should specify and justify what information is required to be corrected, what the customer considers to be the correct information and how the correction is requested.

The person concerned has the right to have the information about him or her which has been incorrectly recorded in the register amended. The right of rectification is exercised free of charge once a year.

Personal data may be erased completely at the request of the person concerned in the event of termination of the customer relationship.

10. Right of refusal

Data subjects have the right to object to the disclosure and processing of their data for direct marketing and other marketing purposes.