Privacy policy
PRIVACY POLICY
Restaurant Tiende Aps ("Tiende", “LLG”, "we" or "us") processes personal data about you when you visit our restaurant and bar, Den Fede Drue, or visit our website. Our processing is in compliance with the principles and requirements set out in the General Data Protection Regulation (GDPR) and the Danish Data Protection Act.
The purpose of this Privacy Policy is to inform you of our processing of your personal data and your rights in that regard.
If you have any questions about the Privacy Policy or wish to exercise your individual rights described below, we are available via the following contact details:
Restaurant Tiende ApS
CVR-nr.: 27696279
Dagmar Petersens Gade 62, 10.
8000 Aarhus C
Tel.: +45 86 10 30 00
E-mail: [email protected]
1. Purpose, types of personal data, and legal basis for processing
We process the following ordinary personal data as detailed below.
|
Purpose |
Types of personal data |
Legal basis |
Storage period |
|
Management of booking or room rental |
· Name · Contact information · Time of visit · Comments specified in the booking or rental agreement (possible) |
Processing is necessary for the fulfilment of your visit at us (GDPR Art. 6(1)(b)).
Our legitimate interest in ensuring a fulfilling customer experience (GDPR Art. 6(1)(f)).
|
For regular bookings, we delete your personal data after your visit.
For room rental agreements, we delete your personal data no later than 2 years after your event has been organised. |
|
Management of gift card |
· Name · Company name (possible) · Contact information · Gift card number · Gift card value |
Processing is necessary for the purpose of handling your gift card (GDPR Art. 6(1)(b)).
Our legitimate interest in ensuring a fulfilling customer experience (GDPR Art. 6(1)(f)). |
We delete your personal data when the gift card is redeemed or at the end of the validity period. |
|
Administration of competitions |
· Name · Contact information · Competition information · Prize information
|
Processing is necessary for the purpose of handling your participation in the competition (GDPR Art. 6(1)(b)).
|
The winner's contact information will be stored for 3 years from the receipt of the prize.
Information subject to bookkeeping requirements in relation to the winner's prize distribution is stored for 5 years after the end of the financial year in which the prize is distributed. |
|
Administration of Klub198 membership |
· Name · Company name and CVR-nr. (possible) · Address · Contact information · Key and locker-number · Membership information, including: o Participation in events o Purchase history o Payments and payment method o Inventory
|
Processing is necessary for the purpose of handling your membership (GDPR Art. 6(1)(b)).
Processing of your personal data for marketing purposes is based on your consent (GDPR Art. 6(1)(a)).
Our legitimate interest in ensuring a satisfactory membership (GDPR Art. 6(1)(f)).
|
We delete personal data on an ongoing basis and no later than 12 months after cancellation of membership.
We will delete the documentation of consent to marketing cookies for at least 2 years after the consent was withdrawn. |
|
Improving our website and marketing (re-targeting) |
· Ip-address · Time of visit and exposure |
Our legitimate interest in using necessary cookies is GDPR Art. 6(1)(f).
The legal basis for the processing of personal data through the use of non-necessary cookies is your consent (GDPR Art. 6(1)(a)).
Consent can be withdrawn at any time. |
The maximum storage period for cookies and other similar tracking information depends on the purpose of the individual cookie or tracking information.
The storage periods for individual cookies and similar tracking information are set out in the Cookie Policy. |
|
Other communication with you, for example via our email [email protected] |
· Name · Contact information · Time of communication · Content of our correspondence |
Our legitimate interest in ensuring a satisfactory customer experience and adequate communication with you (GDPR Art. 6(1)(f)). |
We delete the personal data when we determine that it is no longer necessary for the fulfilment of the purpose. |
|
TV monitoring in order to
Create safety and security for our employees and guests;
Prevent and solve crime and other security incidents;
to protect assets and values and provide insurance documentation, including documentation, including documentation related to theft, accident and injury;
to prevent and detect unauthorised entry onto our property. |
· Footage from TV monitoring · Time |
Our legitimate interest to fulfil the purposes (GDPR Art. 6(1)(f)).
If the TV monitoring footage shows criminal offences or contains sensitive information sensitive, the legal basis for our processing is section 8(3)-(5) of the Danish Data Protection Act and GDPR Art. 9(2)(f) (pursuit of legal claims). |
We delete personal data no later than 30 days after it has been recorded, unless it is to be used as documentation in connection with specific cases. |
|
Job applications |
· Application material |
Our legitimate interest in processing the application (GDPR Art. 6(1)(f)).
If the application material contains sensitive data, the legal basis for our processing is your consent (GDPR Art. 9(2)(a)). |
We delete the personal data when we consider that it is no longer necessary for the fulfilment of the purpose, but no later than 6 months after the end of a recruitment process. |
2. With whom do we share personal data?
We may share your personal data with persons, undertakings and authorities that need the data for fulfilment of the processing purposes listed above, or to whom we are required to disclose your data under applicable law.
In some cases, personal data may be disclosed to data processors that perform various tasks on our behalf, for example suppliers of backup and cloud solutions or of other IT systems used by us.
However, these data processors may access and process personal data only on explicit instructions from us and for the fulfilment of specific purposes agreed in a written data processing agreement between us and the data processor.
3. Transfer of personal data to third countries
To the extent that personal data are transferred to third countries, we ensure an adequate level of protection by using EU standard contractual clauses in the agreements with the data recipients, or by ensuring that the recipients are at least subject to special certification mechanisms or that they constitute "safe" third countries approved by the European Commission.
You can request a copy of the basis for the transfer by us via the contact details above.
4. RIGHTS
You may at any time request access to, rectification of and erasure of your personal data. In addition, you may restrict the processing of your personal data, object to the processing and exercise your right to disclosure and transfer of your personal data to another data controller (right to data portability).
If you have consented to the processing of your personal data, you can withdraw the consent at any time by contacting us. However, such withdrawal will not affect any processing of personal data that has taken place prior to the withdrawal.
If you wish to exercise your rights, you can contact us via the contact details above.
5. COMPLAINTS
You can complain to the Danish Data Protection Agency about our processing of your personal data at any time via the contact details below:
Danish Data Protection Agency
Carl Jacobsens Vej 35
2500 Valby
Tel.: +45 33 19 32 00
6. AMENDMENTS TO THE PRIVACY POLICY
This Privacy Policy will be updated and amended regularly, including if required due to changes to legislation and practice within the data protection area. You should therefore keep yourself updated on any amendments to the Privacy Policy. Some amendments will be communicated directly to you by e-mail, and you may in certain situations be asked to accept significant amendments.
Date of latest amendment to the Privacy Policy: 31-07-2023