For processing guests and supplier informations for Madklubben
1. Data responsible
Madklubben is data responsible.
Solbjergvej 10, 2000 Frederiksberg
Phone 33 32 32 34
Madklubben consits of the following companies:
Madklubben Bistro ApS
Madklubben Grill ApS
Madklubben Vesterbro ApS
Madklubben Frederiksberg ApS
Madklubben Aarhus ApS
Madklubben Østerbro ApS
Madklubben Værnedamsvej ApS
Madklubben Regnbuepladsen ApS
Madklubben Nørrebro ApS
Madklubben Åboulevarden ApS
Madklubben Esbjerg ApS
Madklubben Odense ApS
Madklubben Catering ApS
Bistro Royal ApS
Gran Torino Pizza ApS
Hanzo Aarhus ApS
Hanzo Frederiksberg ApS
Frankies Nørrebro ApS
Frankies Pizza ApS
Frankies Pizza Frederiksberg ApS
More Frankies Pizza ApS
Even More Frankies Pizza ApS
Food Club Aarhus ApS
Mamma’s Aarhus ApS
Sol og Luna
All companies will be collectively referred to as Madklubben.
Madklubben handles all the personal information in accordance with the applicable personal data legislation. Madklubben agrees with the guests and suppliers about the delivery – purchase and sale – of different services and products.
When a guest orders and purchases one or several of Madklubben’s services, and in addition to this gives personal data to Madklubben, the guests also at the same time gives consent to that the guests’/suppliers’ personal data can be processed by Madklubben. The same asserts to the possibly personal data that Madklubben’s suppliers gives Madklubben in addition to submission of offers or submissions of agreements with Madklubben.
2. Madklubben’s collection of personal data
Personal data is being collected by Madklubben in the following way:
• When a guest – or a representant of this – makes a table reservation, obtains offers for a company, event or other service, or when a supplier submits offers or sells products or services to Madklubben.
• Through the browser cookies on our websites.
• By purchasing gift cards through Madklubben’s website.
• From social media.
• When suppliers make agreements with Madklubben or makes offers to Madklubben.
Collecting and processing personal data, cf. above, will always happen in addition to the applicable personal data legislation.
3. Data in which Madklubben collects
Madklubben collects the following personal data:
• Name, address, phone number, email address, date of birth as well as other common non-personal andre almindelige non-personally sensitive data.
• Payment card data – by purchasing gift cards as well as tickets for events.
• Demographic data.
• Purchase history.
• Data from customer surveys and guest feedbacks.
• Data from any held competitions.
• Data from Madklubben’s social media and other digital platforms belonging to Madklubben.
• Browser data.
• Data regarding the guest’s company and relevant contacts.
• Data regarding supplier’s company as well as data about relevant contacts and key people, including key accounts.
A guest/supplier may voluntarily and at his/her own choice provide Madklubben with additional personal information which he/she believes may be relevant to Madklubben’s service of the guest/supplier, or which he/she believes should be provided for security reasons.
This can for instance be information about:
• Particular food preferences
• Other health or medication information
If a guest/supplier voluntarily and at their own choice chooses to provide such information, Madklubben perceives this as consent to be able to register and store this sensitive information about the person.
In addition to the information that Madklubben receives directly from the guests/suppliers, Madklubben will in some cases obtain and process additional information that Madklubben has received from third parties, e.g. an mediator or an emloyee of the company where the registered person is employed. Where this is the case, the third party is obliged to inform the guests/suppliers about Madklubben’s terms and conditions, as well as Madklubben’s personal data policy. It is also the responsibility of the third party to ensure that there is the necessary legal information for collecting and processing the information, including obtaining any necessary consent for processing any sensitive information.
When reserving and ordering services and products, Madklubben stores the information received by the guest/supplier for up to 2 years, after which the information will be deleted.
4. Payment with payment card
Madklubben uses DIBS www.dibs.dk (Nets) for redemption of payments with payment and credit cards in our restaurants. Madklubben uses DIBS and QuickPay for handling online purchases on our webshop, and we do not store information about means of payment, including e.g. card numbers on payment cards, bank account numbers or similar. DIBS as well as QuickPay and Madklubben are approved and certified by The Payment Business Services (www.pbs.dk).
For orders and reservations, Madklubben stores the information that the guest/supplier has provided for up to 2 years, after which the information will be deleted. Excluded from this is payment and credit cards information, which are deleted after the current year +5 years.
In addition to handling the order, the information provided will only be used if a guest/supplier e.g. addresses with questions or if there are errors in the order/payment.
5. What is the purpose of the collection and processing?
Madklubben only collects personal data that is necessary to fulfill the agreements with guests/suppliers about delivery of services, e.g. table reservation for one of Madklubben’s restaurants or purchase/sale of products and services. It is the content and nature of the individual agreement that determines which personal information Madklubben collects and processes, and which determines the purpose of the collection.
The purpose of the collection and processing of the personal data will primarily be:
• Processing of guests’ reservations and purchase of Madklubben’s services.
• Processing of suppliers’ offers about as well as sale of products and services.
• Contact to the guest before, during and after the visit.
• Fulfillment of the guest’s request for offers or purchases of services.
• Improvement and development of Madklubben’s services.
• Adaption of Madklubben’s marketing and other communication.
• Analysis of guests’/suppliers’ user behavior and marketing towards them.
• Administration of guests’/suppliers’ relation to Madklubben.
6. Warrant – the legal basis – for the processing
Madklubben will most often process personal data bevause it is necessary to fulfill an agreement with Madklubben to which a guest or supplier is a part of. This may, for instance, be in connection with holding an event, meeting or handling and fulfillment of cooperation and supplier agreements.
If a guest in connection with a visit to Madklubben states particular personal preferences or considerations, including e.g. health information, disability, religious beliefs or similar, Madklubben only uses the information to ensure that this i taken into account.
In some cases, Madklubben receives personal information from third parties, e.g. a travel agency, an agent or similar, i.a. in connection with group bookings. When this happens, the third party is required to inform the guests/suppliers about Madklubben’s terms and conditions as well as the content of this personal data policy.
7. The data subject’s rights
Regarding the rules in the personal data in GDPR the registered (guests/suppliers) the following rights:
• A registered has at any time the right to know which personal data that Madklubben has about the registered.
• A registered has at any time the right to change and update the personal data that Madklubben has about the registered.
• A registered has at any time the right to get deleted the personal data that Madklubben has about the registered. If a registered requests a deletion, all data that Madklubben is not obliged to save will be deleted. A deletion of someone registered can in some cases mean that Madklubben cannot fullfill appointments or deliver certain services to the registered. If some of the information that Madklubben has about the data subject is given on the basis of the data subject’s consent, he or she has the right to withdraw the consent at any time, which means that the information is deleted or no longer used by Madklubben.
The possibility to request deletion etc. may however be restricted for the sake of protecting the privacy of other people to trade secrets and property rights.
The registered person can at any time in writing request Madklubben to obtain an overview of and a copy of the personal information about the registered person that Madklubben is in possession of. A written request must be signed by the data subject and include his or her name, address, telephone number and e-mail address.
The registered person can also contact Madklubben if the registered person believes that his or her personal data is being processed in violation of the law or in violation of other legal obligations, e.g. the agreement/contract that the registered person has with Madklubben. Written request is sent to Madklubben, see contact information above under section 1. Madklubben will, as far as possible, within 1 month from receiving the data subject’s written request, send it to the data subject’s postal address.
If the data subject requests correction and/or deletion of his or her personal data, Madklubben will assess whether the conditions for the request have been met, in which case Madklubben will implement changes or deletion as soon as possible. The registered will at any time receive an answer regarding the request within 1 month after receiving it.
Madklubben reserves the right to reject requests that are in nature of harassing that require disproportionate technical measures that affect the protection of other data subject’s personal data, or in other situations where it will be disproportionately resource-intensive or very complicated to meet the request.
8. Security and sharing personal data
Madklubben protects the data subject’s personal data and has established guidelines that protect the data subject’s personal data against unauthorized access or knowledge of them.
Only the people employeed by Madklubben who, by virtue of their job function, need the registered personal information have access to it. Madklubben regularly checks that there is no unauthorized access to the registered personal information.
I the event of a security breach, where there is a high risk of misuse of the data subject’s personal information, Madklubben will notify the data subjects of the security breach as soon as possible. Madklubben’s safety procedures are continuously re-evaluated and updated in relation to technological development.
Madklubben uses a number of external suppliers of IT services, IT systems, payment solutions etc. Madklubben regularly enters into data processor agreements with all suppliers whereby it is also ensured in relation to external data processors that they maintain a necessary and high level of protection as far as the personal data is concerned.
Madklubben shares the data subject’s personal information internally within the group among Madklubben’s restaurants. The purpose is to give the guests the best service regardless of which department in Madklubbben the guests uses.
Madklubben deletes your personal information, when the legal obligation expires, or when the purpose of collecting and processing the information is no longer existing. As a general rule, financial data is stored for 5 years and other data for 2 years from the last visit.
Complain about Madklubben’s processing of personal information can happen to The Danish Data Protection Agency, Borgergade 28, 5, 1300 København K., phone 3319 3200, e-mail firstname.lastname@example.org.
This document will continuously be updated and minimum one time of the year. This document was last updated the 11th of February 2021.