This is the register and privacy policy of Restaurant Uleåborg in accordance with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared on 17 April 2026. Last updated on 17 April 2026.

1. Data Controller
Aittatorin Ravintola Oy (Business ID: 1859749-0)
Aittatori 4–5, 90100 Oulu, Finland

2. Contact Person Responsible for the Register
+358 8 88 111 88, ravintola@uleaborg.fi

3. Name of the Register
Customer Register of the Company

4. Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data under the EU General Data Protection Regulation is the legitimate interest of the data controller (e.g. customer relationship). The purpose of processing personal data is to maintain contact with customers and to manage customer relationships. The data is not used for automated decision-making or profiling.

5. Data Content of the Register
The information stored in the register includes: name, contact details (telephone number, email address), and information related to ordered services/table reservations.

6. Regular Sources of Information
The data stored in the register is obtained from the customer, for example through messages sent via website forms, email, telephone, customer meetings, and other situations where the customer provides their information.

7. Regular Disclosures of Data and Transfer of Data Outside the EU or EEA
Data is not regularly disclosed to other parties. Data may be published to the extent agreed with the customer. Data may also be transferred by the data controller outside the EU or EEA.

8. Principles of Register Protection
Due care is taken in processing the register, and data processed by information systems is appropriately protected. When register data is stored on Internet servers, the physical and digital security of the hardware is properly ensured. The data controller ensures that stored data, server access rights, and other information critical to personal data security are handled confidentially and only by employees whose job duties require it.

9. Right of Access and Right to Rectification
Every individual in the register has the right to check their personal data stored in the register and to request correction of any incorrect or incomplete data. Requests must be submitted in writing to the data controller. The data controller may request the individual to verify their identity if necessary. The data controller will respond within the time specified in the EU GDPR (generally within one month).

10. Other Rights Related to the Processing of Personal Data
Individuals in the register have the right to request the deletion of their personal data (“right to be forgotten”). They also have other rights under the EU GDPR, such as restriction of processing in certain situations. Requests must be submitted in writing to the data controller. The data controller may request identity verification if necessary and will respond within the timeframe specified by the GDPR (generally within one month).

Due to service development and changes in legislation, we reserve the right to amend this privacy policy. Significant changes will be communicated to registered customers in connection with updates to the terms.