Data Controller

The company, LocaFood Aps, CVR. 38640584, is the Data Controller. Any contact regarding personal data can be pointed to the Data Protection Officer (DPO), Nikolaj Læsøe, on nil@locafood.dk.

Purpose

The purpose of the data collection is to serve the guest before, in the meantime, and after the visit of the guest in the restaurants of LocaFood. In other words, the purpose, fundamentally, is to optimize guest administration. The information stems from the guests themselves through online booking, by telephoning, or physically reaching out to the restaurants of LocaFood Aps, or after answering questions from LocaFood. The data collection is also in order to develop the benefits of LocaFood Aps.

Information is collected regarding booking and restaurant visits, participating in LocaFoods loyalty program and by subscribing to the newsletter when a guest chooses to collect offerings on the benefits of LocaFood and voluntarily are being registered in regards to receiving a benefit, and, finally, in relation to video surveillance at the houses of LocaFood. Video surveillance, set up inside or around the restaurants, is due to prevent crime, and it functions as a safety optimizing tool for employees and guests.

The collecting and processing of personal data will always be with regards to the law.

Data Information

LocaFood collects the following personal data regarding guests:

  • Name, phone number, e-mail address,
  • Payment information if needed – solely regarding larger bookings,
  • Registration of the guest within the voluntary loyalty program of LocaFood, i.e. number of visits, eating preferences, and other special and professional information,
  • Anonymized information through customer investigations.

In order to optimize the visit for the guest in LocaFoods restaurants and to make sure that guests dealing with allergies are being treated optimally, the following information is being collected:

  • Allergies
  • Special food preferences

Processing and legal basis

Personal data in relation to guest administration is processed in compliance with The Danish Data Protection Agency guidelines. No consent is needed for this information, as long as the processing is needed for the purpose, and it only matters regular personal data. The basis for processing guest data is art. 6, litra b and f within the GDPR of EU.

When using photos of guests on our website, an extraordinary consent is needed from the guests, and this consent can at any given time be withdrawn by the guest.

LocaFood will often process personal data when necessary in order to fulfill an agreement with a guest that LocaFood is part of, in example, meeting settlements or processing of larger companies. Furthermore, LocaFood also processes personal data regarding booking in advance of meetings, companies, conferences, etc.

If a guest in relation to the visit at the restaurants of LocaFood informs about special preferences or attitudes to, in example, information on health, disabilities, religion, or anything alike, LocaFood will only use this information in order to make sure that this special consideration is fulfilled towards the guest.

If a guest signs up for a Loyalty Program of the restaurants of LocaFood, LocaFood can share the personal data registered internally within the organization, hereby, on the entirety of the restaurants. The purpose of this is to provide the guest with the ultimate service no matter which restaurant of LocaFood the guest visits.

In some situations, LocaFood receives personal data from a third party, in example, a Travel Agency, an agent, or alike, with regards to group bookings. In such situations, it is the obligation of the third party to inform the respective clients (guests of LocaFood through the Travel Agency) about the terms of the GDPR policy of LocaFood.

Retention and access to data

Personal data is being retained on an external server at a third party with whom LocaFood Aps has a Data Processing Agreement. It is, alone, relevant employees; Leaders and the HR-department, that have access to this information. Personal data on a guest is retained internally in the company for until six months after the visit, unless the guest has provided the consent to retention at the third party for longer, or if the guest is a member of the loyalty program of LocaFood and, therefore, expressly has provided its consent for LocaFood to collect and store the information as, in example, but not limited to, prevalence of visits, preferences, and birthday.

The right to insight and correction

According to the regulation of the GDPR, the registered parties have several rights:

  1. A registered person always has the right to insight into personal data that LocaFood processes on the registered person.
  2. A registered person always has the right to having personal data which LocaFood has stores corrected and updated. The registered part can at any given time ask LocaFood for a copy of the personal data that LocaFood has on the registered part in writing. Such a request must be signed by the registered part, and contain the registered part’s name, address, phone number, e-mail address. LocaFood will within a month after receiving this request in writing send information on the personal data on the registered part to the mailing address of the registered part.
  3. A registered part has at any given time the right to having personal data deleted which LocaFood has stored on the registered part. If a registered part requests for deletion, al information, that, according to the regulation, LocaFood is not obliged to save, will be deleted. The deletion of the information on the registered part can in some instances lead to LocaFood not being able to fulfill any agreements or supply certain service benefits for the registered part. The registered part can also contact LocaFood, if she is of the opinion that the personal data is being processed against the regulation or are against other regulations, in example, the agreement or contract which the registered part holds with LocaFood. A request in writing is to be sent to LocaFood (see chapter two of this part). If the registered part asks for correction or deletion of her personal data, LocaFood will assess if the conditions for the request are fulfilled, and, in that case, LocaFood will go through with changes or deletion as quickly as possible.

The possibility for requesting deletion, etc., can be limited in regard to the protection of other persons' private life, business secrets, or immaterial rights, and, in example, in regards to the possibility of enforcing a potential legal requirement.

  1. If any of the information that LocaFood holds on the registered part is given on the consent of the registered part, she can at any given time withdraw this consent, which means that the information will be deleted or no longer used by LocaFood. This does not include information that LocaFood is legally obliged to save.

LocaFood has reservations on declining requests that characterize repetitive harassment or which demands non-proportional technical measurements (in example, developing a new IT system), or which affects the protection of other registered parts’ personal data, or in other situations where it will be non-proportionally resource-demanding or complicated to accommodate the request.

The right to insight and correction

LocaFood protects the personal data of the registered part, and, in order to do so, LocaFood has established guidelines and regulations, which protect the registered part from unauthorized publication or unauthorized personnel getting access or knowledge to this.

Only the employees of LocaFood which in terms of their job function needs to have access to the personal data of the registered part have the access to systems storing these personal data (these systems are controlled by third parties with whom LocaFood has Data Protection Agreements) or files on the internal system with personal data. LocaFood controls regularly that unauthorized access to personal data on the registered parties does not occur.

In the case of security breaches where there is a high risk of abuse of the personal data of the registered parties, in example, identity theft, economic losses, loss of reputation, or other sorts of abuse, LocaFood will, in cooperation with the IT-partner, inform the registered parties about the security breach as quick as possible.

LocaFood makes use of external suppliers of IT-services and systems, payment solutions, etc. LocaFood holds Data Protection Agreements with these suppliers, where, in regards to these data processors, the necessary and high-security level is established concerning the registered parties’ personal data.

The security procedures of LocaFood is continually reassessed and updated according to the technological development and current law.

Cookies

LocaFood uses cookies. This is a small text file that makes it possible for LocaFood to receive information about the activity of visitors on the websites. A cookie is being stored in the browser of a visitor in order to recognize the computer in regard to recurrent visits, and a cookie does not contain or store personal data.

The data on the activity of a visitor is not shared with third parties, and the information which LocaFood receives is solely used to improve the website, marketing initiatives, and the user experience on behalf of the visitor.

Visitors can opt-out through the settings of the browser. We recommend not to opt-out as the user experience and marketing quality hereof will be decreased. Cookies have an automatic expiration date but will be renewed after a new visit on the website.

LocaFood collects, through the use of Google Analytics, the following anonymous information on visitors having visited the websites of LocaFood:

  • IP address
  • Websites visited
  • How the visitor arrived at the website (in the example, Google, Facebook, or another third party)
  • The activity on the website, in example, what pages on the website are visited, what actions are made, and the time used on the website
  • Information on the apparatus used to arrive at the website, including geo-location when used by a smartphone, recurrent user activity, indirect demographic information based on Google Third-Party Data Collections
  • Other information. Kindly, attend to Google Analytics description of their protection of private personal data.

LocaFood uses Facebook Pixel. This concerns the following data collection:

  • Http Headers. In other words, a standard protocol sent between search and server. This includes IP address, information about the browser, page location, documents, point of referral, and the person using the website
  • Pixel-specific data
  • Button Click-data: All buttons used on the website by the visitor and pages visited hereof
  • Optional Values: Developers and marketing staff can send extra information regarding the page visit using Conversion Tracking
  • Form Fields Names: Boxes for “e-mail”, “address”, “number”, etc., when a product or reservation is made.

Complaints

If a guest or visitor is unhappy with the processing of personal data by LocaFood, complaints can be directed to the Data Protection Officer (DPO) or the Human Ressource Department. If this does not provide the wanted clarification, a complain, hereafter, can be directed to Datatilsynet, Borgergade 28, 5, 1300 København K, tel. 3319 3200, dt@datatilsynet.dk.