Last Updated: July 29, 2025
At N4KU (”we”, ”us”, ”our”), your privacy is paramount. We are dedicated to protecting your personal data with the highest level of care and in full compliance with the European Union’s General Data Protection Regulation (GDPR – Regulation (EU) 2016/679). This Privacy Policy explains in detail how we collect, use, store, share, and protect your information when you visit and interact with our website. By using our website, you agree to the practices described in this policy.
N4KU acts as the data controller for the personal data processed through this website. This means we determine the purposes and means of the processing of your personal data.
Our contact details are:
N4KU Kulmavuorenkatu 4 00550 Helsinki, SUOMI Business ID (Y-tunnus): 3384146-3 Email: hello@n4ku.fi
We collect various categories of personal data, which you provide directly or which is collected automatically when you use our website. This data is collected for specific, explicit, and legitimate purposes:
Data You Provide Directly:
Contact Form Information: When you submit an inquiry through our contact form, we collect your name, email address, and the content of your message.
Purpose: To respond to your specific inquiries, provide customer support, and communicate with you.
Retention: This data is retained for as long as necessary to resolve your inquiry and for a limited period thereafter for record-keeping purposes, typically up to [Specify a period, e.g., 6 months – 1 year] after the last communication, unless a longer retention period is required by law.
Email Marketing Subscription Data (via Brevo): When you opt-in to receive our marketing emails, we collect your name and email address.
Purpose: To send you newsletters, promotional offers, updates about our services, and other marketing communications.
Retention: This data is retained for as long as you remain subscribed to our marketing list. You can unsubscribe at any time.
Data Collected Automatically:
Website Usage Data (via Google Analytics): We use Google Analytics to collect anonymized data about your interactions with our website. This includes:
Anonymized IP address: Your IP address is immediately anonymized upon collection.
Browser type and version.
Operating system.
Referring URLs (the website you came from).
Pages visited on our website.
Time spent on pages.
Date and time of access.
Clickstream data.
Purpose: To understand how visitors use our website, analyze trends, administer the site, track user movements, and gather broad demographic information for aggregate use. This helps us improve our website’s functionality, content, and user experience.
Retention: Google Analytics data is retained according to Google’s data retention policies, which you can typically manage within your Google Analytics account. Our setting for user and event data retention is currently [Specify retention period, e.g., 26 months or 14 months if applicable to your current setting].
Marketing Campaign Effectiveness Data (via Pixel Tracking): We utilize pixel tracking technologies (e.g., Facebook Pixel, Google Ads Conversion Tracking) to monitor the effectiveness of our advertising campaigns. This involves collecting:
User interaction data with our ads and website: Such as whether you clicked on an ad, visited a specific page after clicking an ad, or completed a conversion event (e.g., filling a form).
Limited device information: To help identify that you are the same user across different interactions, but without directly identifying you.
Purpose: To optimize our advertising spending, deliver more relevant advertisements to you on third-party platforms, measure campaign reach and frequency, and understand the impact of our marketing efforts.
Retention: Data collected via pixel tracking is retained according to the respective third-party platform’s data retention policies.
Under GDPR, we must have a valid legal basis to process your personal data. We rely on the following:
Your Consent (Art. 6(1)(a) GDPR): We process your personal data based on your explicit consent for specific purposes, particularly for sending marketing emails via Brevo and for the placement of non-essential cookies (analytics and marketing cookies). You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Legitimate Interests (Art. 6(1)(f) GDPR): We process certain personal data based on our legitimate interests in operating, maintaining, and improving our business, provided these interests do not override your fundamental rights and freedoms. Our legitimate interests include:
Analyzing website usage and improving user experience through Google Analytics.
Measuring the effectiveness of our marketing campaigns and optimizing advertising efforts through pixel tracking.
Responding to your inquiries and providing customer support through our contact form.
We conduct a balancing test to ensure that our legitimate interests are proportionate and that your privacy rights are adequately protected.
Compliance with Legal Obligations (Art. 6(1)(c) GDPR): In certain circumstances, we may process your personal data to comply with legal obligations to which we are subject, such as tax and accounting requirements.
Our website uses cookies and similar technologies to enhance your Browse experience, provide necessary functionality, and support our analytics and marketing efforts.
What are cookies? Cookies are small text files placed on your device (computer, tablet, mobile phone) when you visit a website. They are widely used to make websites work more efficiently and to provide information to the website owner.
Types of Cookies We Use:
Necessary Cookies: These cookies are essential for the website to function properly. They enable core functionality like security, network management, and accessibility. You cannot opt-out of these cookies as they are critical for the website’s operation.
Analytics Cookies (e.g., Google Analytics Cookies): These cookies collect information about how visitors use our website, such as which pages are visited most often, the duration of visits, and if users encounter error messages. This data is aggregated and anonymized, helping us to understand and improve the performance and design of our website. We only place these cookies with your explicit consent.
Marketing Cookies (e.g., from Facebook, Google Ads): These cookies are set by us or our third-party advertising partners to track your Browse habits and activity on our website and, in some cases, across different websites. The purpose is to build a profile of your interests and show you advertisements that are more relevant and engaging for you. We only place these cookies with your explicit consent.
Managing Your Cookie Preferences: When you first visit our website, you will be presented with a cookie consent banner, allowing you to choose your preferences for analytics and marketing cookies. You can change your cookie preferences at any time by [Describe how users can change their cookie settings, e.g., ”clicking the ’Cookie Settings’ link in our website footer” or ”revisiting your cookie consent options”].
Additionally, most web browsers allow you to control cookies through their settings. You can typically set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. Please note that disabling or refusing certain cookies, particularly necessary cookies, may affect the functionality and performance of our website. For more detailed information on managing cookies, please refer to your browser’s help documentation.
We are committed to maintaining your privacy. We do not sell your personal data to third parties.
We may share your data with trusted third-party service providers (data processors) who assist us in operating our website, conducting our business, or providing services to you. These include:
Google (Google Analytics, Google Ads): For website analytics and advertising services.
Brevo: For email marketing services.
Other Third-Party Marketing Platforms: Such as social media platforms (e.g., Facebook) for pixel tracking and targeted advertising purposes, where we have a relationship for specific marketing activities.
Before engaging any third-party processor, we ensure they provide sufficient guarantees to implement appropriate technical and organizational measures to comply with GDPR. We enter into Data Processing Agreements (DPAs) with all such providers, which legally bind them to process your personal data only on our documented instructions and to protect it adequately.
International Data Transfers: Your personal data may be transferred to, and stored at, a destination outside the European Union (EU) or European Economic Area (EEA) if any of our service providers operate in such regions. When this occurs, we ensure that appropriate safeguards are in place to guarantee a level of protection for your data equivalent to that provided by the GDPR. These safeguards may include:
Adequacy Decisions: Transferring data to countries deemed by the European Commission to provide an adequate level of data protection.
Standard Contractual Clauses (SCCs): Implementing the standard data protection clauses adopted by the European Commission, which provide contractual obligations for data protection.
Binding Corporate Rules (BCRs): For intra-group transfers within multinational companies, where BCRs have been approved by competent supervisory authorities.
Other GDPR-compliant mechanisms.
We also conduct Transfer Impact Assessments (TIAs) where necessary, to evaluate the risks associated with data transfers to third countries, particularly concerning governmental access to data, and to implement additional safeguards if required (e.g., encryption or pseudonymization).
We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider:
The amount, nature, and sensitivity of the personal data.
The potential risk of harm from unauthorized use or disclosure of your personal data.
The purposes for which we process your personal data and whether we can achieve those purposes through other means.
Applicable legal requirements (e.g., tax laws, consumer protection laws).
Once your data is no longer required, it will be securely deleted or anonymized.
Under the General Data Protection Regulation (GDPR), you have comprehensive rights concerning your personal data:
The Right to Be Informed (Art. 13 & 14 GDPR): You have the right to receive clear, transparent, and easily understandable information about how we use your data and your rights. This Privacy Policy serves this purpose.
The Right of Access (Art. 15 GDPR): You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and certain information about the processing.
The Right to Rectification (Art. 16 GDPR): You have the right to request that we correct any inaccurate or incomplete personal data we hold about you without undue delay.
The Right to Erasure (”Right to be Forgotten”) (Art. 17 GDPR): You have the right to request the deletion of your personal data under certain circumstances, for example, if the data is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.
The Right to Restriction of Processing (Art. 18 GDPR): You have the right to request that we restrict the processing of your personal data under specific conditions, for example, if you contest the accuracy of the data, or if the processing is unlawful.
The Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible and where the processing is based on consent or a contract.
The Right to Object to Processing (Art. 21 GDPR): You have the right to object to the processing of your personal data in certain situations, particularly where we are relying on legitimate interests as the legal basis for processing or for direct marketing purposes.
The Right to Withdraw Consent (Art. 7 GDPR): Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Rights in relation to Automated Decision-Making and Profiling (Art. 22 GDPR): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. (Note: N4KU does not currently engage in such processing.)
The Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that our processing of your personal data infringes GDPR.
To exercise any of these rights, please contact us at hello@n4ku.fi. We will respond to your request without undue delay and at the latest within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
The Supervisory Authority in Finland is: Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto) Address: Lintulahdenkuja 4, 00530 Helsinki, Finland Website: https://tietosuoja.fi/en/home
We are deeply committed to protecting the security and confidentiality of your personal data. We implement robust technical and organizational measures to safeguard your information against unauthorized access, accidental loss, destruction, alteration, disclosure, or misuse. These measures include:
Encryption: Using SSL/TLS encryption for data in transit (e.g., when you submit information via our contact form).
Access Controls: Implementing strict access controls to personal data, ensuring only authorized personnel have access on a need-to-know basis.
Pseudonymization/Anonymization: Where feasible and appropriate, we apply pseudonymization or anonymization techniques to reduce the identifiability of personal data.
Regular Security Assessments: Conducting periodic security audits, vulnerability assessments, and penetration testing.
Data Minimization: Collecting only the personal data that is strictly necessary for the stated purposes.
Staff Training: Ensuring our staff are regularly trained on data protection principles and best practices.
Backup and Recovery Procedures: Maintaining robust backup and disaster recovery plans to ensure data availability and resilience.
Despite our efforts, no security system is completely impenetrable. While we strive to protect your personal data, we cannot guarantee its absolute security.
Our website may contain links to third-party websites, plugins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal or regulatory requirements, or for other operational reasons. We will post any revised policy on this page, and the ”Last Updated” date at the top of the policy will be updated. For significant changes, we may also notify you directly via email or through a prominent notice on our website. We encourage you to review this policy periodically to stay informed about how we are protecting your information.
For any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please do not hesitate to contact us:
Email: hello@n4ku.fi
Restaurant closed this summer
Only caterings and pop ups
