Little Thai logo

Privacy Policy

Effective from: 18.10.2025

1. DATA CONTROLLER

Name: Pieni Thai Oy
Business ID: 3568100-2
Address: Puntarikatu 1, 20780, Kaarina
Phone number: +3584578710649
Email: contact@littlethai.fi
Contact person: Toni Lehtinen

2. NAME OF THE REGISTER

Pieni Thai Oy's customer and marketing register

3. PURPOSE AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

We process your personal data for the following purposes:

Newsletter subscriptions

  • Purpose: Sending lunch menus, offers, and campaigns

  • Legal basis: Consent (GDPR Article 6(1)(a))

Information of registered users

  • Purpose: Maintenance of user account and possible e-commerce activities in the future

  • Legal basis: Performance of a contract (GDPR Article 6(1)(b))

Website development

  • Purpose: Improving the service by analyzing user activity on the site

  • Legal basis: Legitimate interest (GDPR Article 6(1)(f)) – improving service quality and user experience

4. DATA CONTENT OF THE REGISTER

We may collect and process the following information:

Newsletter subscribers:

  • Name (optional)

  • Email address

  • Time of subscription

  • Selected language on the site

  • Consent for marketing communications

Registered users:

  • Name

  • Email address

  • Phone number

  • Address details (when the online store is launched)

  • Username and password (encrypted)

  • Time of registration

  • Selected language on the site

  • Order information (in the future)

Website usage data:

  • IP address

  • Browser type and version

  • Operating system

  • Visit times

  • Clicked pages and content

  • Information collected via cookies

5. REGULAR SOURCES OF INFORMATION

  • Information is obtained from the data subject themselves via online forms, orders, and contacts

  • Website usage data is collected automatically using cookies and analytics tools

6. DATA RETENTION PERIOD

  • Newsletter subscribers: Information is stored until the subscription is canceled or consent is withdrawn

  • Registered users: Information is stored for the duration of the user account's validity and for two years after the last login

  • Website usage data: Analytics data is stored for a maximum of 26 months

  • Invoicing data: In accordance with accounting legislation (6 years from the end of the financial year)

7. DISCLOSURE AND TRANSFER OF DATA

We do not sell, rent, or disclose your personal data to third parties for commercial purposes.

Data may be disclosed in the following situations:

Service Providers:

  • Email marketing service provider

  • Web hosting service

  • Analytics services (e.g., Matomo)

  • Payment brokerage services

Authorities:

  • To fulfill statutory obligations at the request of authorities

Data may be transferred outside the EU/EEA only if the recipient country or recipient offers an adequate level of data protection in accordance with the GDPR.

8. PRINCIPLES OF REGISTER PROTECTION

Information systems and files are appropriately protected:

  • Electronic data is protected by firewalls, passwords, and access control

  • Data is transferred via an SSL-encrypted connection

  • Only persons whose duties require it have access to the data

  • Service providers have been carefully selected, and data processing agreements have been concluded with them

  • Staff have been trained in data protection matters

9. RIGHTS OF THE DATA SUBJECT

You have the following rights related to the processing of your personal data:

Right of access

You have the right to inspect what personal data about you is in the register.

Right to rectification

You can request the correction of incorrect or incomplete information.

Right to erasure

You can request the deletion of your data, unless there is a statutory obligation to retain it.

Right to restriction of processing

You can request the restriction of the processing of your data in certain situations.

Right to object

You can object to the processing of your personal data when the legal basis for processing is legitimate interest.

Right to data portability

You have the right to receive your data in a structured format and transfer it to another controller.

Right to withdraw consent

You can withdraw your consent (e.g., newsletter) at any time without affecting the lawfulness of processing carried out before the withdrawal.

Right to lodge a complaint with a supervisory authority

You can lodge a complaint with the Data Protection Ombudsman if you consider that the processing of your personal data violates data protection legislation.

Contact information:
Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: P.O. Box 800, 00531 Helsinki
Switchboard: 029 566 6700
Email: tietosuoja@oikeus.fi

10. EXERCISING YOUR RIGHTS

Contact the data controller using the contact details mentioned above to exercise your rights. We may ask you to verify your identity before processing the request. We generally respond to your request within one month.

11. COOKIES

Our website uses cookies to improve user experience and analyze site usage.

12. CHANGES TO THE PRIVACY POLICY

We reserve the right to update this privacy policy. We will notify you of significant changes on our website.

Last updated: 18.10.2025