GDPR Data Protection Policy
Last updated: April 2026
1. Data Controller
The data controller for your personal data is:
Pääkokin Keittiö
Turku, Finland
Email: info@paakokinkeittiö.fi
Phone: +358 XX XXX XXXX
2. Legal Basis for Processing
We process your personal data under the following legal bases as defined by GDPR Article 6:
- Contract performance (Art. 6(1)(b)): Processing necessary to fulfill your food orders and provide our services
- Legitimate interest (Art. 6(1)(f)): Improving our services, fraud prevention, and website analytics
- Consent (Art. 6(1)(a)): Marketing communications and non-essential cookies
- Legal obligation (Art. 6(1)(c)): Compliance with Finnish tax and accounting laws
3. Your Rights Under GDPR
As a data subject, you have the following rights:
Right of Access (Art. 15)
You may request a copy of all personal data we hold about you. We will respond within 30 days.
Right to Rectification (Art. 16)
You may request correction of inaccurate personal data.
Right to Erasure (Art. 17)
You may request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
Right to Restrict Processing (Art. 18)
You may request that we limit processing of your data in certain circumstances.
Right to Data Portability (Art. 20)
You may request your data in a structured, machine-readable format to transfer to another service.
Right to Object (Art. 21)
You may object to processing based on legitimate interest, including direct marketing.
Right to Withdraw Consent (Art. 7(3))
Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
4. Data Processing Activities
| Purpose | Data | Retention |
|---|---|---|
| Order processing | Name, phone, address, order details | 6 years (accounting law) |
| Customer accounts | Name, email, phone, loyalty points | Until account deletion |
| Marketing | Email, preferences | Until consent withdrawal |
| Website analytics | IP, browser, pages visited | 26 months |
| Reviews | Name, rating, comment | Until deletion request |
5. International Data Transfers
Your data is primarily stored within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure adequate protection through EU-approved Standard Contractual Clauses or adequacy decisions.
6. Data Protection Officer
For GDPR-related inquiries, please contact us at: info@paakokinkeittiö.fi
7. Supervisory Authority
You have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutetun toimisto):
Website: tietosuoja.fi
Email: tietosuoja@om.fi
Phone: +358 29 566 6700
8. Data Security Measures
- Encrypted data transmission (TLS/SSL)
- Access controls and authentication for staff
- Regular security assessments
- Secure payment processing via PCI-DSS compliant providers
- Data breach notification within 72 hours as required by GDPR Art. 33