Privacy Policy

Last updated: 28 June 2026

This Privacy Policy explains how SIA “FINLAT TRADING” collects and processes personal data through the website karjala.lv and in connection with table reservations, enquiries and related services.

1. Data controller

The controller responsible for the processing of your personal data is:

SIA “FINLAT TRADING”
Registration number: 50103502561
VAT number: LV50103502561
Restaurant address: Kalēju iela 50, Riga, LV-1050, Latvia
Email: karjalabar50@gmail.com
Telephone: +371 67 229 880

In this Privacy Policy, “Karjala”, “we”, “us” and “our” refer to SIA “FINLAT TRADING”.

2. Scope of this policy

This Privacy Policy applies when you:

  • visit karjala.lv;

  • make or manage a table reservation;

  • contact us by email or telephone;

  • subscribe to restaurant offers or promotional communications;

  • interact with links to services such as Tableo, Google Maps, Facebook or other third-party platforms.

Karjala.lv does not currently provide public comments, customer accounts, public image uploads or user profile functionality. If these services are introduced, this Privacy Policy will be updated before the related personal data are collected.

3. Personal data we collect

Website and technical information

When you visit karjala.lv, our hosting, security and website systems may automatically process technical information such as:

  • your IP address;

  • browser type and version;

  • device type and operating system;

  • pages requested and actions performed;

  • referring website;

  • date and time of access;

  • error, diagnostic and security information.

We use this information to deliver the website, maintain its security, diagnose technical problems and prevent abuse.

Reservation information

Table reservations are handled through the Tableo booking service. When you make a reservation, the following information may be collected:

  • your name;

  • email address;

  • telephone or mobile number;

  • reservation date and time;

  • number of adults and children;

  • preferred dining area;

  • booking status, including confirmations, changes, cancellations or no-shows;

  • language preferences;

  • special requests or other information entered in a free-text field;

  • communication history relating to the reservation;

  • your choice concerning restaurant offers and promotional messages;

  • deposit, payment or card-token information when required for a particular reservation.

Full payment-card details are processed by the payment provider used through Tableo. Karjala does not normally receive or store your full card number or security code.

Please do not enter sensitive personal information in reservation notes unless it is necessary for us to accommodate your request.

Information concerning allergies, accessibility or health may constitute special-category personal data. Where you choose to provide such information, it will be used only to respond to your specific request and, where legally required, on the basis of your explicit consent.

Email and telephone enquiries

When you contact us by email or telephone, we may process:

  • your name;

  • email address or telephone number;

  • the contents of your request;

  • information relating to a reservation, event, complaint or other enquiry;

  • subsequent correspondence and notes needed to deal with your request.

Marketing information

Where you separately agree to receive occasional offers or promotions, we may process your name, contact details, language preference, consent record and communication preferences.

Marketing consent is optional and is not required to make a reservation.

4. Purposes and legal bases

We process personal data for the following purposes:

Providing reservations and restaurant services

We process reservation and contact information to create, confirm, change or cancel reservations, communicate with you and provide the requested restaurant services.

The legal basis is taking steps at your request before entering into a contract and performing our contract with you.

Responding to enquiries

We process information supplied by email or telephone to answer questions, handle complaints and respond to requests.

Depending on the enquiry, the legal basis is performance of a contract, taking pre-contractual steps or our legitimate interest in communicating with customers and managing our business.

Operating and protecting the website

Technical information is processed to provide the website, maintain security, prevent spam and abuse, investigate technical problems and protect our systems.

The legal basis is our legitimate interest in operating a secure and reliable website.

Meeting legal obligations

We may process and retain information where required by accounting, tax, consumer-protection, food-safety or other applicable laws.

The legal basis is compliance with a legal obligation.

Establishing or defending legal claims

Information may be retained or disclosed when reasonably necessary to establish, exercise or defend a legal claim.

The legal basis is our legitimate interest in protecting our legal rights.

Marketing

We send promotional emails, text messages or similar electronic marketing only where you have provided the required consent.

You may withdraw your consent at any time by using the unsubscribe method contained in the communication or by contacting us.

Withdrawal of consent does not affect processing that took place before consent was withdrawn.

5. Tableo reservations

When you select “Book a Table”, you are directed to a booking service provided by Tableo Ltd.

For reservation management, Karjala is the controller of your restaurant reservation information. Tableo generally processes this information on our behalf as a data processor.

Tableo may also act as an independent controller for certain activities, including:

  • operation and security of its platform;

  • fraud and abuse prevention;

  • service diagnostics and analytics;

  • management of its own legal obligations.

Tableo may use email, SMS or other communication providers to send confirmations, reminders, booking updates and post-visit messages.

Your use of the Tableo platform is also governed by Tableo’s own privacy policy and terms, which are displayed during the booking process.

6. Cookies and similar technologies

Karjala.lv may use cookies or similar technologies that are necessary for:

  • loading and operating the website;

  • maintaining website security;

  • remembering privacy or cookie preferences;

  • maintaining technical sessions;

  • providing features requested by the visitor.

Strictly necessary cookies may be used without consent where they are required to provide the website or a service requested by you.

Analytics, advertising or other non-essential cookies must remain disabled until you give consent through the website’s cookie-consent tool.

You may withdraw or change your consent at any time through the cookie-settings control, where available. You may also delete or block cookies through your browser settings. Blocking necessary cookies may affect the operation of parts of the website.

When you open the external Tableo booking page or another third-party service, that service may place its own cookies in accordance with its privacy and cookie policies.

The website’s cookie inventory should identify the active cookies, their provider, purpose and duration. This inventory may be updated when the website’s technology or service providers change.

7. External websites and social media

Karjala.lv contains links to third-party websites and services, including reservation, map, social-media and review platforms.

When you follow one of these links, the third party may receive information such as your IP address, browser information, referring page and information about your interaction with its service.

Those organisations process personal data under their own privacy policies. We do not control their independent processing activities.

8. Recipients of personal data

Depending on how you use our services, personal data may be disclosed to:

  • Tableo Ltd and its authorised reservation-service providers;

  • website hosting, maintenance and information-security providers;

  • email, telecommunications and messaging providers;

  • payment providers when a deposit or other payment is required;

  • professional advisers, including accountants, insurers and legal advisers;

  • public authorities, courts or law-enforcement bodies where disclosure is required by law;

  • another party where necessary for the establishment, exercise or defence of a legal claim.

Service providers acting on our behalf may process personal data only for the agreed purposes and in accordance with applicable data-protection requirements.

We do not sell personal data.

9. International transfers

We seek to process personal data within the European Union or European Economic Area.

Some service providers or independent third-party platforms may process information in countries outside the European Economic Area.

Where we are responsible for such a transfer, it will take place only where an appropriate legal transfer mechanism is available, such as:

  • a European Commission adequacy decision;

  • approved Standard Contractual Clauses;

  • another safeguard permitted by applicable data-protection law.

Independent platforms that you choose to visit are responsible for explaining their own international transfers in their respective privacy policies.

10. Retention periods

We retain personal data only for as long as necessary for the purpose for which it was collected.

The following general periods apply:

  • Reservation information: ordinarily for up to two years after the reservation or the last relevant interaction.

  • Email and telephone enquiries: until the request has been resolved and for a reasonable follow-up period, ordinarily no longer than two years.

  • Marketing information: until you withdraw consent or, unless continued retention is justified, after two years without meaningful interaction.

  • Website and security logs: for the period reasonably required for website security, troubleshooting and abuse prevention, after which the information is deleted or anonymised.

  • Accounting and transaction documents: for at least five years or for another period required by applicable accounting or tax law.

  • Information relating to disputes or legal claims: until the relevant claim or limitation period has ended.

Information may be retained for a longer period where this is required by law, an authority or an ongoing legal proceeding.

11. Your rights

Subject to the conditions and limitations established by the GDPR, you may have the right to:

  • request access to your personal data;

  • request correction of inaccurate or incomplete data;

  • request deletion of your personal data;

  • request restriction of processing;

  • object to processing based on legitimate interests;

  • receive certain data in a structured, commonly used and machine-readable format;

  • request transmission of eligible data to another controller;

  • withdraw consent at any time;

  • lodge a complaint with a data-protection supervisory authority.

To exercise your rights, contact us at karjalabar50@gmail.com.

We may ask for information necessary to confirm your identity before responding. We will normally respond without undue delay and within one month, as required by applicable law.

12. Complaints

Please contact us first if you have questions or concerns about how we process your personal data.

You also have the right to submit a complaint to the Latvian supervisory authority:

Data State Inspectorate of Latvia
Elijas iela 17
Riga, LV-1050
Latvia
Email: pasts@dvi.gov.lv
Website: dvi.gov.lv

You may also contact the supervisory authority in the European Union or European Economic Area country where you live or work.

13. Automated decision-making

Karjala does not use personal data collected through the website or reservation process to make decisions based solely on automated processing that produce legal or similarly significant effects concerning you.

14. Children

The website and reservation service are not specifically directed at children.

Persons under the minimum age required by the booking platform should make reservations through a parent or legal guardian. A parent or guardian should handle any reservation that involves a deposit, payment-card details or other financial commitment on behalf of a minor.

15. Data security

We use appropriate organisational and technical measures intended to protect personal data against accidental or unlawful destruction, loss, alteration, disclosure or access.

However, no internet transmission or electronic storage system can be guaranteed to be completely secure.

16. Changes to this policy

We may update this Privacy Policy when our services, website technology, service providers or legal obligations change.

The latest version will be published on karjala.lv with an updated revision date.