Aurora Restaurant
Privacy Policy
Effective date: 1 January 2026 · Last updated: 6 May 2026
Aurora Restaurant (“we”, “us”, or “our”), located at Kauppurienkatu 12, 90100 Oulu, Finland, is committed to protecting your personal information. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights regarding that data. By using our website, making a reservation, or placing an order with us, you agree to the practices described herein.
1. Information We Collect
Personal Information
When you make a reservation, place an order, or contact us, we may collect: your full name, email address, phone number, and billing/delivery address.
Order & Reservation Data
We record reservation details (date, time, party size, special requests) and order history (items ordered, special dietary instructions, payment method, order status) to fulfil your requests and improve our service.
Payment Information
Payment card details are processed directly by our PCI-DSS-compliant payment processor. Aurora Restaurant does not store full card numbers on its own servers.
Usage & Technical Data
We automatically collect certain technical data when you visit our website: IP address, browser type, operating system, pages visited, and referring URLs. This helps us maintain website performance and security.
Cookies & Similar Technologies
We use essential cookies to keep your shopping cart active and to authenticate your session. Analytics cookies (e.g. Google Analytics) help us understand how visitors use our site. You may disable non-essential cookies through your browser settings.
2. How We Use Your Information
Service Delivery
To confirm and manage table reservations, process takeaway and delivery orders, and communicate order or booking status updates to you.
Customer Support
To respond to your enquiries, handle complaints, and process any refunds or amendments to your order.
Marketing & Newsletter
If you have opted in, we will send you promotional emails about new dishes, seasonal menus, and exclusive offers. You may unsubscribe at any time by clicking the unsubscribe link in any email or contacting us directly.
Legal & Safety Obligations
To comply with applicable Finnish and EU laws, including tax, food-safety, and consumer-protection regulations.
Service Improvement
Aggregated and anonymised data may be used to analyse trends, improve our menu, and enhance the overall dining experience.
3. How We Share Your Information
Payment Processors
We share necessary payment details with our authorised payment processor solely to complete your transaction. They are contractually bound to protect your data.
Delivery Partners
For delivery orders, we share your name, delivery address, and phone number with our logistics partners to fulfil your order.
IT & Hosting Providers
Our website and reservation system are hosted by trusted service providers who process data on our behalf under strict data-processing agreements.
Legal Requirements
We may disclose your information when required to do so by law, court order, or governmental authority.
No Sale of Personal Data
Aurora Restaurant does not sell, rent, or trade your personal information to any third party for their own marketing purposes.
4. Data Retention
Retention Periods
We retain personal data only for as long as necessary to fulfil the purposes set out in this policy. Order and reservation records are typically kept for seven (7) years to comply with Finnish accounting and tax laws. Marketing consent records are kept until you withdraw consent.
Deletion
When data is no longer needed, it is securely deleted or anonymised.
5. Your Rights Under GDPR
Right of Access
You may request a copy of the personal data we hold about you.
Right to Rectification
You may ask us to correct inaccurate or incomplete personal data.
Right to Erasure
You may ask us to delete your personal data where there is no lawful reason for continued processing.
Right to Restriction
You may ask us to limit how we process your data in certain circumstances.
Right to Data Portability
You may request your data in a structured, commonly used, machine-readable format.
Right to Object
You may object to our processing of your data for direct marketing purposes at any time.
How to Exercise Your Rights
Send your request to hello@aurorarestaurant.fi. We will respond within 30 days. If you believe we have not handled your data correctly, you may lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi).
6. Data Security
Technical Safeguards
Our website uses HTTPS/TLS encryption for all data in transit. Access to personal data within our organisation is restricted on a need-to-know basis.
Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.
7. Third-Party Links
Our website may contain links to external websites (e.g. Google Maps). We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.
8. Children's Privacy
Our website is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The revised policy will be published on this page with an updated effective date. We encourage you to review this page periodically.
10. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data-handling practices, please contact us: