This Policy explains when and why we collect, use and share personal information about people that use our websites, mobile applications or use our digital channels to contact us (combined “online services”).
For questions related to data protection, please contact us at firstname.lastname@example.org
How we collect information, what we collect and why we collect it
Basic information you provide us when registering for a user account or place a guest order like, first and last name, e-mail address, telephone number, information collected from social media profiles and permissions for marketing on behalf of the branded website owner. A personal user identification code is created and used by the website. We may also store communication and correspondence if you contact us or report a problem with the technology we provide. This is used to be able to perform our services to you.
When you use our websites or mobile applications to place an order, your position is used to be able to customize the website and user journey as well as for fraud detection.
Details of transactions you carry out through our online service and the fulfilment of your transactions. This is used to keep track of your orders and provide a order history and for customization of content, to enhance user experience and permission marketing.
Details of your visits to our site including, but not limited to, traffic data, weblogs and other communication data. This is used to be able to improve our website and detect problems.
When you visit the website we may collect technical information, including the type of mobile device you use, a unique device identifiers like IMEI number, device token, MAC address of the Device’s wireless network interface, IP address, mobile phone number used by the Device, mobile network information, operating system, web browser and versions of the same. This is used to be able to improve our website and detect problems.
The payment options connected to orders and transactions. If you select to store credit card (Recurring Payments/EasyPayment) a tokenization solution provided by our bank and payment integration provider will be used. Card data is never stored in any of our online services.
The password provided during account registration that enable sign in to a user account is stored encrypted. You are responsible for selecting a strong password and keeping this confidential.
Sensitive personal information
We do not knowingly or intentionally collect data classified as “sensitive personal information”.
In some of our restaurants, we use security cameras to protect our guests, personnel and property from crime. Surveillance Videos are only shared with Law enforcement upon specific request when it is required in an investigation of a crime. Surveillance Videos are deleted after 30 days.
Conditions under which we may disclose it to others parties
Personal data may be disclosed to our service provider only to the extent necessary to run our business and to fulfill our obligations to you, and where required by law or to enforce our legal rights. We do not sell your personal information to third parties.
Transferring of data
Personal data may be transferred outside the European Union and the European economic zone, when we do so we will ensure that appropriate safeguards are in place and that parties involved are compliant with EU-U.S. Privacy shield or similar regulations.
How we keep it secure
Your Personal data is protected by both technical and organizational means. All transfers of Personal data and tokens will be encrypted. All Personal data are stored in a secure way and access to data is monitored, restricted to need to know basis and have committed themselves to confidentiality.
How long do we retain your information
We only retain Personal data as long as we deem necessary for performing our services to you, taking into account any legal obligations we have (e.g. maintain records for tax authorities).
Your rights to your Personal Data
You have the right to;
- access to your data in a personal data file.
- request corrections and/or completions
- erasing of erroneous, unnecessary, incomplete or obsolete data
- object to the use of individual automated decision making and/or profiling
- restrict us to further process or access your data
- have your data/account deleted
- to complain to a supervisory authority