Madklubben is the data controller.
Østergade 22, 3. 1100 København K.
Tlf. +45 33 32 32 34
Madklubben consists of the following companies:
Madklubben Bistro ApS
Madklubben Steak ApS
Madklubben Vesterbro ApS
Madklubben Frederiksberg ApS
Madklubben Aarhus ApS
Madklubben Østerbro ApS
Madklubben Værnedamsvej ApS
Bistro Royal ApS
Steak Royal ApS
Restaurant Frank ApS
Madklubben Nørrebro ApS
Gran Torino Pizza ApS
Alabama Social ApS
From here on collectively referred to as Madklubben.
Madklubben handles all personal data in accordance with applicable personal data law. Madklubben concludes agreements with guests and suppliers on the delivery – purchase and sale – of various services and products.
When a guest orders and purchases one or more of Madklubben’s services, and, in connection with this purchase, provides their personal data to Madklubben, the guest/supplier also consents to the processing of their personal data by Madklubben. The same applies in regard to any personal data provided to Madklubben by suppliers in connection with the submission of offers or conclusion of agreements with Madklubben.
Personal data is collected by Madklubben as follows:
The collection and processing of personal data, cf. the above, will always be performed in accordance with applicable personal data legislation.
Madklubben collects the following personal data:
A guest/supplier can voluntarily provide Madklubben with additional personal data that they deem important for Madklubben’s servicing of them, or which they believe should be provided for safety/security reasons.
Examples of such data include:
If a guest/customer/supplier voluntarily chooses to provide such data, Madklubben perceives this as consent to register and store this sensitive data.
In addition to the data that Madklubben receives directly from guests/suppliers, Madklubben will in some cases collect or process additional data received by Madklubben from third parties, e.g. a travel agency, another intermediary or an employee of the company at which the data subject is employed. In such cases, the applicable third party is obliged to inform the applicable guests/suppliers of Madklubben’s terms and conditions, and Madklubben’s personal data policy. It is also the applicable third party’s responsibility to ensure the required legal basis for the collection and processing of the applicable data, including collection of required consent for the processing of any sensitive data.
Madklubben uses DIBS www.dibs.dk(Nets), for redemption of payments with payment and credit cards in our restaurants. Madklubben uses QuickPay for the online payment on our webshop, and do not keep any information regarding payments such as credit card number or bank account. DIBS, QuickPay and Madklubben are all approved and certified by Pengeinstitutternes Betalingssystem (www.pbs.dk).
In connection with orders and bookings, Madklubben stores the data provided by the guest/supplier for a period of up to two years, after which the data is deleted. All financial data is by law currently stored for the current calendar year plus 5 years due to demands from our accounting department.
Besides processing the order, the data provided will only be used if, for example, a guest/supplier contacts Madklubben with a question, or if there are errors in the order.
Madklubben solely collects personal data necessary to fulfill the agreements conducted with guests/customers/suppliers on the delivery of services, e.g. a table reservation at one of our restaurants or purchase/sale of products or services. The content of the individual agreement or the nature of the service determines, which personal data is collected and processed by Madklubben, as well as the purpose of the collection.
The purpose of collection and processing of personal data will primarily be:
Madklubben will typically process personal data because it is necessary to fulfill an agreement between Madklubben and a guest/supplier. For example, this may involve functions, meetings, events or administration and fulfillment of cooperation and supplier agreements.
If, in connection with a visit at Madklubben, a guest provides data about special personal preferences or considerations, e.g. health data, disability, religious belief or the like, Madklubben only uses this data to ensure consideration of the guest’s/customer’s personal preferences, health, etc.
In some cases, Madklubben receives personal data from a third party, e.g. a travel agency, an agent or the likes, including in connection with group bookings. In such cases, the applicable third party is required to inform the applicable guests/customers/suppliers of Madklubben’s terms and conditions, and the contents of this personal data policy.
Under the rules of the Personal Data Regulation, the data subjects (customers/suppliers) have various rights.
However, the option of withdrawing consent, requesting deletion, etc. may be limited as regards the protection of the privacy of others, trade secrets and intellectual property rights, and, for example, for the purpose of asserting potential legal claims.
The data subject may at all times request in writing that Madklubben provides an overview and a copy of the personal data possessed by Madklubben regarding the data subject. A written request to this effect must be signed by the data subject and include the data subject’s name, address, telephone number and e-mail address.
The data subject may also contact Madklubben if the data subject believes that their personal data is being processed in violation of the law or in violation of other legal obligations, e.g. this agreement/contract between the data subject and Madklubben. This written request must be sent to Madklubben, see contact data in section 1 above. After receipt of the data subject’s written request, Madklubben will, as far as possible, send this data to the data subject’s mail address within one month.
If the data subject requests correction and/or deletion of their personal data, Madklubben will assess whether the conditions for the request are met, and, if so, Madklubben will perform changes or deletion as quickly as possible.
Madklubben reserves the right to reject requests which are of a harassing repetitive nature, which require disproportionate technical measures which impact the protection of other data subjects’ personal data, or in other situations where it would be disproportionately resource-demanding or highly complicated to accommodate the request.
Madklubben protects the data subject’s personal data and has established guidelines protecting the data subject’s personal data from unauthorized disclosure and preventing unauthorized parties from gaining access to, or knowledge of, this data.
Only the employees at Madklubben who require the data subject’s personal data in connection with their job function have access to this data. Madklubben performs continuous monitoring to prevent any unauthorized accessing of the data subjects’ personal data.
In the event of a security breach where there is a high risk of abuse of the data subjects’ personal data, including, for example, identity theft, financial loss, damage to reputation or other forms of misuse, Madklubben will notify the data subjects of the security breach as quickly as possible. Madklubben’s security procedures are continuously reviewed and updated in relation to technological developments.
Madklubben utilizes a number of external suppliers of IT services, IT systems, payment solutions, etc. Madklubben regularly concludes data processor agreements with all of Madklubben’s suppliers, ensuring that external data processors maintain a required and high level of protection of the data subjects’ personal data.
Madklubben shares and transfers the data subjects’ personal data internally in the restaurant group. The purpose of this sharing is to give the guest the best possible service, regardless of the restaurant with which the guest is in contact.
Madklubben deletes your personal data when Madklubben’s legal obligation ceases, or when the purpose of collecting and processing the data is no longer present. As a general rule, financial data is stored for the current calendar year + five years, and other data for two years after the last visit.
Complaints regarding Madklubben’s processing of personal data can be directed to the Danish Data Protection Agency, BORGERGADE 28, 5, DK-1300 COPENHAGEN K, DENMARK, TELEPHONE (+45) 3319 3200. E-MAIL: firstname.lastname@example.org
Changes and adjustments to this policy will be added on a continuous basis. This document has been updated on May 24th2018.