Privacy Policy

1. Background

We process personal data in our daily operations every day. This privacy policy applies generally to the processing of personal data and is intended to explain what kind of data we process. Personal data is processed in our various systems, applications, and social media, as well as on our different websites:

• www.massrestauranger.se

• www.stadshusrestauranger.se

• www.stadshuskallarensthlm.se

• www.teaterbarenstockholm.se

• www.engsholm.se

Our privacy policy applies to our employees, suppliers, and guests.

2. What is personal data?

Personal data is “all information that directly or indirectly can be linked to a living natural person.” For example, names, phone numbers, images, and IP addresses may be personal data. Actions that can be connected together and thereby lead to an individual/data subject are also considered personal data.

We sometimes process special categories of personal data. For instance, handling a booking where someone has allergies requires processing of health-related data. Such processing only takes place with consent. Trade union membership may also be processed in employment relationships if required under labor law.

3. Data Controller

The data controller is the party responsible for the processing of personal data and determines why and how personal data is processed. In our case, each legal entity/company is the data controller. In some cases, another party determines which personal data is processed and why. The corporate group or legal entity is then the data processor and processes personal data on behalf of that party. It is also possible that the corporate group, together with a third party, is jointly responsible for the processing.

The data controllers within our corporate group are:

• Mässrestauranger AB (556367-0347)

• Mässrestauranger i Malmö AB (556844-5968)

• Stadshusrestauranger Stockholm AB (556782-8222)

• Fair Clean AB (556605-3756)

• Glada Ankan Restaurang & Catering AB (556489-9580)

• Engsholm Slott AB (556593-3735)

Hereafter referred to as the “Corporate Group.”

3.1 Data Processors

To be able to deliver our services, we use data processors. This means that the company/legal entity is the data controller and determines which personal data is processed and why, but we have partners who carry out parts of the processing, such as IT solutions for processing, storage, and booking.

The Corporate Group always enters into data processing agreements with data processors to ensure a high level of protection for all data. In some cases, personal data may be shared within the Corporate Group, with subcontractors and partners, in order to provide services. To comply with legal requirements, personal data may also be shared with auditors and authorities.

4. Personal Data Processing with Us

Within the Corporate Group, we always rely on a legal basis for the processing of personal data that is necessary to fulfill an agreement, but this can also occur based on consent. We may also process personal data on the basis of legitimate interest, for example, marketing to existing customers/guests.

We strive to process as little personal data as possible. Below is an overview of current areas where personal data processing takes place with us.

4.1 Administration and Communication

The Corporate Group processes personal data for the administration and communication with employees, guests, and suppliers. The purpose is to manage employment, bookings, and business administration.

• Personal data: Name, email address, address, phone number, bookings, food preferences, allergies.

• Legal basis: The processing is necessary to fulfill agreements and deliver our services.

• Source of data: The data comes from the data subject themselves when provided to us at booking or when entering into agreements.

4.2 Marketing

The Corporate Group uses personal data to market its services through digital channels and by sending offers and information. We also use customer surveys to improve our services.

• Personal data: Name, email addresses, in some cases images, survey responses.

• Legal basis: The processing takes place based on consent or legitimate interest.

• Source of data: From the data subjects themselves, e.g., via newsletters or information they have provided.

4.3 Employment Relationships

To manage payroll administration and communication with our employees, the Corporate Group must process employee personal data.

• Personal data: Name, personal identity number, email address, address, phone number, emergency contacts, account number, payslips, absence records, tax information, income information, employer certificates.

• Legal basis: The processing is necessary to fulfill employment contracts and to administer and pay salaries. The Corporate Group has a legal obligation as an employer to provide the Swedish Tax Agency with employees’ tax information.

• Source of data: The data comes from the employee themselves when entering into the contract or during employment. Payslips are generated in the Corporate Group’s payroll system, and employer certificates are created by HR.

4.4 Payments and Claims

To manage different payments, the Corporate Group needs personal data. Personal data may also be required to handle complaints, etc.

• Personal data: Name, personal identity number, email, phone number, card number, invoice number, amount, sales location, time of transaction, order details.

• Legal basis: In order to trade services and goods and fulfill agreements by receiving payment, personal data must be processed. The processing is necessary to safeguard the Corporate Group’s legitimate interests.

• Source of data: From the data subjects themselves during payments/bookings, and from other actors.

4.5 Cookies

The Corporate Group processes the personal data you have provided to us in order to fulfill our commitments to you.

• Legal basis: Depending on the type of technical data collected, processing takes place either based on legitimate interest or consent.

• Source of data: From the data subjects themselves when using digital channels.

This website does not use cookies and does not store personal information in your browser. We use Plausible Analytics to understand how the website is used. Plausible is a privacy-friendly analytics solution that does not use cookies and does not collect personally identifiable information. The statistical data collected is fully anonymized and is used solely to improve the website’s content and functionality.

The website is built with Kirby CMS, which does not place any cookies in the user’s browser.

5. Sharing Information

5.1 Corporate Group

Mässrestauranger AB is part of the Corporate Group’s parent company but also handles some administration and overarching matters for the other companies, which means data from all companies in the group is shared with Mässrestauranger AB. In some cases, the group’s different legal entities collaborate, for example for marketing purposes.

5.2 Service Providers

To deliver our services, the Corporate Group uses various providers for IT solutions, storage services, and email services. Providers may only process personal data in accordance with the Corporate Group’s instructions and are legally and contractually obligated to protect our personal data.

5.3 Payment Recipients and Payment Service Providers

For payments, personal data may be shared with payment service providers, recipients, and our banks.

5.4 Other Recipients

In some cases, our companies may also share data with other recipients, primarily authorities due to legal requirements or in connection with legal proceedings.

6. Where Are Your Personal Data Processed?

Our goal is to process all personal data within the EU/EEA area. However, some providers may process personal data outside the EU/EEA. In such cases, we always ensure that the data is protected and that safeguards are in place through agreements that impose the same requirements as EU regulations.

7. Your Rights

7.1 Storage

In general, we retain your data for as long as it is necessary to fulfill the purposes for which it was collected. Data may also be retained for as long as required under applicable law, for example 7 years under the Accounting Act. Otherwise, we regularly review our personal data processing.

7.2 Your Rights

If you wish to access information about how your personal data is processed, you have the right to request access to your data. We grant a maximum of one extract per year per individual, and the request must be in writing and signed by the data subject. If we receive a request, we may ask for additional information to ensure that we disclose data to the correct person. You also always have the right to request correction of your personal data.

7.3 Erasing Your Personal Data

We will always erase your data to the extent required by applicable law, and we will of course do our best to accommodate your request for erasure. You also have the right to object to our processing or request that the data you have provided to us be transferred to another controller (“data portability”).

Your personal data may not be processed for direct marketing or profiling if you object to such processing. You also have the right to withdraw your consent at any time, for example, the consent you give as a private individual when you subscribe to our newsletter.

7.4 Complaints and Supervisory Authority

If, after dialogue with us, you believe that we have processed your personal data incorrectly, you have the right to file a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten), which is the supervisory authority for personal data processing.

7.5 Contact Us

If you still have questions about how we process your personal data, you are welcome to contact us at info@massrestauranger.se.

To exercise your rights or for any questions, please contact us:

The data controller is the respective company/legal entity.

• Mässrestauranger AB (556367-0347) info@massrestauranger.se

• Mässrestauranger i Malmö AB (556844-5968) info@malmomr.se

• Stadshusrestauranger Stockholm AB (556782-8222) info@stadshusrestauranger.se

• Fair Clean AB (556605-3756) info@massrestauranger.se

• Glada Ankan restaurang & catering AB (556489-9580) info@gladaankan.se

• Engsholms Slott AB (556593-3735) info@engsholm.se