This is Panorama Bar & Cafe’s register and privacy policy in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared
21.9.2018. Last modified 16.10.2019
1. Controller
Panorama Bar & Cafe, Tahkomäentie 333, 73320 Nilsiä
tel. 0440 493 462
2. Contact person responsible for the register
Harri Jokela, harri.jokela@panoramabar.fi, 0440 493 462
3. Name of the register
The name of the register is the customer register for the table reservation and contact forms on the Panorama Bar & Cafe website.
4. Legal basis and purpose of processing personal data
The purpose of processing personal data is to communicate with customers and maintain customer relationships. The data is not used for automated decision-making or profiling. The legal grounds for processing personal data are the following under the EU General Data Protection Regulation (hereinafter also referred to as “GDPR”):
5.Data content of the register
The data stored in relation to the table reservation form on the website are: number of adults and children, name of the booker, street address, city and postal code of the booker, phone number and email address of the booker, possible company name, menu selections.
The data stored in relation to the contact form on the website are: name, phone number, email address and message.
Panorama Bar & Cafe does not store personal data for longer than is necessary for its intended purpose or as required by agreement or law.
6.Regular data sources
The data stored in the register is obtained from the customer from messages sent via www forms, table reservations, by email, by telephone and other situations in which the customer provides their data.
7. Regular disclosure of data and transfer of data outside the EU or EEA
The data is not routinely disclosed to other parties. The data may be published to the extent that this has been agreed with the customer.
The data will not be transferred by the controller outside the EU or EEA.
8. Principles of register protection
The register is handled with care and the data processed by information systems is protected appropriately. When register data is stored on Internet servers, the physical and digital security of their equipment is appropriately ensured. The controller ensures that the stored data, as well as the access rights to the servers and other information critical to the security of personal data, are handled confidentially and only by employees whose job description requires it.
9. Right to inspect and right to demand correction of information
Every person in the register has the right to inspect their data stored in the register and to demand correction of any incorrect information or completion of incomplete information. If a person wishes to inspect the data stored about them or to demand correction of it, the inspection request must be made in writing, and the request must be accompanied by proof of their identity. The controller will respond to the customer within the time period stipulated in the EU Data Protection Regulation (generally within one month).
10. Other rights related to the processing of personal data
A person in the register has the right to request that personal data concerning him or her be deleted from the register (“right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as the restriction of the processing of personal data in certain situations. Requests must be sent in writing to the controller. The controller may, if necessary, ask the person making the request to prove their identity. The controller will respond to the customer within the time period specified in the EU Data Protection Regulation (generally within one month).