This notice contains the information on personal data required by articles 13 and 14 of the EU General Data Protection Regulation (2016/679) which we process in relation to our website, (“the Service”).

1. Controller

Rinheat Oy

Business ID: 0954041-7

Address: Kutojantie 11
FI-02630 Espoo, Finland

Domicile: Espoo

Contact person for data protection matters: Tiina Dove


2. Groups of data subjects

 This notice concerns personal data which we process on the users of the Service and/or corporate users’ contact persons, as well as on other people whose personal data need to be processed for the provision and usage of the Service.

3. Purposes of data processing

Personal data are primarily gathered to provide the Service, as well as for the purposes of managing and maintaining customer relationships. Data may also be used to track and investigate abuses and to plan and develop the controller’s business and services. We may also process personal data for marketing purposes within the legally permitted boundaries.

4. Legal basis for processing

The processing described in this notice is primarily based on delivery of our website service and our legitimate interest in processing personal data to offer the Service, as well as to run and develop our business. In the case of individual data, processing may also be based on consent or our legal obligation to process your personal data, for example, for taxation or accounting purposes.

5. Data processed

 We process the following user-related data:

6. Disclosure of data

The Service is a website service. Placing orders and reservations on the Service may require the disclosure of personal data to third parties who process data independently to process the order or reservation, as well as for other, separately advised, purposes.

In addition, our subcontractors and service providers may process your data insofar as is necessary for delivery of the Service. Additionally, data may be disclosed to our service providers for normal data processing, financial administration and other corporate service, as well as to competent authorities or other third parties, if we believe disclosure of the data is necessary because of an applicable law or regulation, to exercise or defend our legal rights, or to defend any person’s vital interests.

As a rule, the controller has no need to transfer your data outside the European Union (EU) or the European Economic Area (EEA) to provide the Service. For marketing or statististical purposes your data may, however, be transferred, within legal boundaries, outside the EU or EEA on the basis of your consent or the need to transfer your data to fulfil a contract signed with you or in your interest, or in other situations permitted by relevant legislation. In these cases the the software in question is Google Analytics.

7. Data storage

Personal data are only stored for as long as we have a justified need related to the processing purposes mentioned above.

We regularly evaluate the existence of such needs in relation to the personal data we store, and, insofar as we deem deletion necessary, delete personal data from the system or anonymize them, or, if this is not possible (for example insofar as the data are stored in backup archives), store them securely and prevent further processing until deletion of the data is possible.

As a rule, we only store data related to customer relationships for the duration of an active customer relationship and for a reasonable time after this to respond to questions and contact related to the customer relationship. However, insofar as the data are bound by a storage obligation derived, for example, from accounting or taxation legislation, the data are in any case stored for the minimal period required by such obligation.

8. Data protection

Access to material is limited solely to the controller’s employees and service providers who have the right to access pursuant to their duties. The controller uses appropriate technical and organizational measures to protect data from unauthorized access, alteration, disclosure, loss or other unauthorized processing. The controller requires confidentiality, appropriate data security and commitment to applicable statutory data protection requirement and principles of all the service providers it uses.

9. Rights of the data subject

 In accordance with applicable data protection legislation, you have the following rights as a data subject:

You may exercise your rights by contacting us using the contact information provided in this notice.

10. Updates to the notice

From time to time we may update this notice due to changes in legislation or our business operations. We will strive to inform the data subjects about changes in a way appropriate to the significance of the changes.


We use cookies in the Service to enable and ease use of the Service. A cookie is a small text filed stored on the user’s browser. Cookies help us improve the functionality of the Service. You may disable the use of cookies in your browser settings. Please note, however, that in such a case the Service may not work in the intended fashion.