Privacy Policy

• Data controller: Delhi Rasoi Oy (Business ID: 2331506-4)
• Address: Metsälammentie 4 A, 02810 ESPOO
• Data Protection Officer: Roni Auvinen
• DPO Contact: roni.auvinen@delhirasoi.fi

Personal data is processed primarily for the following purposes:

• Ordering Delhi Rasoi Oy's products and services
• Stakeholder relations management
• Delivery of products and services
• Stakeholder satisfaction, opinion and market research
• Personalization of products and services, personalized customer service, targeted customer communications and recommendations, and monitoring of service usage
• Marketing communications and its targeting
• Statistical analysis and processing of data to develop business and improve product and service offerings
• Internal reporting
• Implementation of rights and obligations arising from legislation
• Risk management and prevention of abuse
• Protecting the assets of Delhi Rasoi Oy and the safety of stakeholders

The legal basis for processing personal data is the contractual relationship between the controller and the data subject when processing is for the purpose of delivering products and services and managing related obligations and customer communications.

Processing is also based on the legitimate interests of the controller for research, personalization, marketing, statistical analysis, business development, risk management and security. When processing is based on legitimate interests, the benefits of processing are weighed against potential disadvantages for data subjects.

Delhi Rasoi Oy collects and processes only such personal data about registered persons that is relevant and necessary for the purposes described in this privacy policy.

Information sources: Personal data is mainly collected from registered individuals themselves through surveys and other measures carried out on Delhi Rasoi Oy's channels and services.

Personal data may also be collected from third parties, external service providers used in marketing, from the entity on whose behalf the data subject acts, and from registers maintained by third parties where permitted by law.

Delhi Rasoi Oy retains personal data for as long as is necessary to fulfill the purposes specified in this privacy policy, unless the law requires retention for a longer period.

• Personal data is processed for the duration of the customer and contractual relationship and for the necessary period after it ends
• Customer identification information is retained for the period required by law
• The retention period varies by personal data group depending on the purpose of use

Personal data may be transferred between companies within the Delhi Rasoi Oy group and to external service providers acting as data processors. The company selects service providers carefully and ensures through contractual obligations that personal data is processed appropriately and lawfully.

Personal data may also be disclosed in emergency situations to protect the life, health and property of people, in connection with legal proceedings, or in the event of a merger, business transaction or other corporate arrangement.

We primarily process data in Finland, but it may also be processed within the European Union and the European Economic Area (EU/EEA). If personal data is transferred outside the EU/EEA, we ensure the lawfulness of the transfer by using an appropriate safeguard mechanism, such as the European Commission's Model Contractual Clauses.

We will provide additional information on request regarding transfers of personal data and the protection mechanisms used.

Delhi Rasoi Oy processes personal data in a manner that aims to ensure appropriate security, including protection against unauthorized processing and accidental loss, destruction or damage.

• Use of firewalls and encryption technologies
• Secure equipment facilities and appropriate access control and access management
• Instruction of personnel and subcontractors involved in data processing
• Careful storage of contracts and original documents with restricted access
• Secure destruction of documents

Data subjects have rights guaranteed by data protection legislation. The application of these rights depends on the purpose and situation of the processing.

Right to access — You may obtain confirmation of whether your personal data is being processed and receive a copy in written or electronic form. A reasonable fee may be charged if less than one year has passed since the previous request.

Right to rectification and deletion — You may demand correction of incorrect data and deletion of your data in accordance with applicable legislation. Delhi Rasoi Oy also corrects data discovered on its own initiative to be incorrect, unnecessary or outdated.

Right to data portability, restriction and objection — You may request transfer of your data to another controller, restriction of processing, or object to processing based on legitimate interests including profiling. You always have the right to object to processing for direct marketing purposes.

Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect processing carried out before. You may unsubscribe from direct marketing via the unsubscribe function in each communication.

The request must include: full name, date of birth or Business ID, email, phone, home address, postal code, city, date, place, signature, the nature of the request (access / correction / deletion / portability / objection / restriction), and which register the request is directed to.

Requests will be responded to within one month. If a request cannot be complied with, you will be notified in writing with reasons.

You have the right to lodge a complaint with the data protection authority if you believe that your personal data has been processed in violation of applicable law.

• Authority: Office of the Data Protection Commissioner
• Visiting address: Ratapihantie 9, 6th floor, 00520 Helsinki
• Postal address: P.O. Box 800, 00521 Helsinki
• Switchboard: 029 56 66700  ·  Fax: 029 56 66735

Delhi Rasoi Oy is constantly developing its services and may change and update this privacy policy as necessary. Changes may also be based on changes in data protection legislation.