In this privacy policy, we will explain how Hesburger collects, processes, transfers and protects the personal data of its customers (hereinafter "Customer"). Personal data is data on the basis of which the Customer can be identified, such as their name and telephone number.

Hesburger refers hereinafter to Burger-In Oy., AS Hesburger, RigaBurger SIA, Hes-Pro Vilnius UAB, Bulgarian Burger EOOD and other Hesburger Group-owned subsidiaries, which are collectively joint controllers.

Why do we process your personal data?

We process your personal data for the following purposes:

  • Managing and developing the customer relationship between Hesburger and the Customer
  • Holding drawings and contests, delivering prizes and publishing the names of the winners in accordance with the contest rules
  • The delivery and processing of orders placed on the Hesburger website (Hesburger's webshop is only accessible on the Finnish Hesburger website at www.hesburger.fi)
  • The technical maintenance of the Hesburger website and analysis of data.

Personal data is processed, for example, when we receive Customer feedback or the Customer makes a purchase on the Hesburger webshop.   We explain the processing of Bonus Club member personal data in a separate privacy policy (Bonus Club privacy policy), which you can view either in the Hesburger app or the Bonus Club section of the Hesburger website.

We request the Customer's consent for the processing of personal data when collecting personal data on the Hesburger website and filling out customer and/or feedback forms. A basic legal prerequisite for processing personal data is the Customer's own consent. Alternatively, in cases where Hesburger has not specifically received the consent of the Customer, the processing of personal data may be based on a legitimate interest in the customer relationship. As a prerequisite for processing, a legitimate interest is based on the law and its application requires that the controller takes the interests and rights of the data subject into extremely precise consideration with regard to the interests of the controller. 

Personal data may only be processed for specifically prescribed purposes. On the basis of personal data provided by the Customer, the Customer may not be, for example, solicited with direct marketing without the express consent of the Customer, nor may their personal data be processed in any way that violates the terms of this privacy policy. 

What kind of data concerning me is collected and what are the sources of the data?

Data is collected directly from the Customer when the Customer contacts Hesburger, such as to give feedback or participate in a contest, or when the Customer places an order on the Hesburger webshop (www.hesburger.fi). This data includes the Customer's name, address, email address, phone number, Hesburger Bonus Club member number, drawing and contest response information, permissions and consent, gift card recipient contact details and messages for the gift card recipient.

Data is also collected in connection with use of the service. When the Customer places an order on the Hesburger webshop, the Customer's purchase data (e.g. order time and payment information) is stored in the register. User data, such as IP address, browser information and the time of use, is collected when using the Hesburger website.

Who processes personal data?

At Hesburger, personal data is processed by personnel whose job descriptions include the maintenance and management of the services in question. 

Data is transferred to the following parties outside of Hesburger:

  • Hesburger franchise operators receive restaurant-specific customer feedback, which the Customers submit using Hesburger's common feedback channels. The full names and contact information of Hesburger franchise operators are presented on the Hesburger website in connection with the details of each location.
  • Data is transferred to service providers, which are responsible for the maintenance and development of Hesburger's IT services.
  • Data is transferred to law enforcement agencies and other authorities based on requests for information in accordance with local legislation.
  • Data is transferred to insurance companies for the processing of damage claims.

Personal data is not transferred outside of the EU or EEA.

Data protection

Hesburger employs technical and organisational measures to prevent the unauthorised use, transfer, deletion or other processing of personal data that may jeopardise data protection. The register is kept in electronic form. Use of the register, altering data and processing are only done using multilevel user identification by means of an encrypted application. Only appointed persons tasked with maintaining and managing the system are allowed to use the register. Register data is protected against being accessed from outside and use of the register is monitored.

How long is the data stored?

Data is stored as follows:

  • Customer feedback: Data is deleted one (1) year after the date on which the Customer submitted feedback. However, data may be stored for a longer period of time if there is a justifiable reason for doing so, such as customer credit given on the basis of customer feedback, compensation for damages, or any other legal reason.
  • Drawing and contest participant information: The data is deleted when the winner has been contacted and the prizes have been awarded.
  • Webshop personal data and transaction data: The data is stored for as long as is necessary, as stipulated in accounting and consumer protection legislation.
  • Website data: Six (6) months after the date on which the website was visited.
  • Other Customer data: Data is stored for as long as it is necessary to process data for one of the above-mentioned purposes.

Customer rights

The Customer may exercise the rights mentioned below by contacting Hesburger by mail or email.

Right of access

The Customer has the right to inspect their own data in the register.

Right to request correction of incorrect or incomplete data

The Customer has the right to request that incorrect or incomplete data be corrected.

Right to erasure

The Customer has the right to request that their personal data be deleted from the Bonus Club register ("Right to be forgotten"). At the Customer's request, Hesburger shall make every effort to delete the data without undue delay, except in cases where there are legal reasons for denying the deletion of data. 

Right to restrict and oppose processing

The Customer has the right to restrict and oppose the processing of their personal data. When the Customer has submitted a request, Hesburger may no longer process the Customer's personal data, unless there is a legal reason for processing.

Right to transfer data from one system to another

The Customer has the right to receive their personal data in a structured and commonly used form, in which the customer is able to transfer the data to the controller of another personal data register.

Right to file a complaint

The Customer may file a complaint concerning the processing of personal data with the competent authority in their country of residence. Detailed information on National Data Protection Authorities can be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

Who is the controller of your personal data and where can you contact them?

The joint controllers of the customer egister are Burger-In Ltd., AS Hesburger, RigaBurger SIA, Hes-Pro Vilnius UAB, Bulgarian Burger EOOD and other Hesburger Group-owned subsidiaries. Enquiries may be made by post or email:

Burger-In Oy
Linnankatu 34
20100 Turku, Finland