WHAT IS GDPR?


The General Data Protection Regulation (GDPR) is a regulation that is common to all countries within the EU/EES. It has replaced previous domestic privacy legislation. The idea of the GDPR is to harmonise legislation and to remove any differences that have existed between the EU countries. It also means better protection for each individual when we have a common regulation for how personal data should be handled across the EU. A regulation automatically becomes law in EU countries.

One of the new aspects of the GDPR is that EU citizens have the right to demand that a company remove their personal data after they have chosen to stop buying services or products form a company for example, provided that data is not required in order for the company to be able to fulfil its other legal requirements.

Personal data is all information that can be used to identify a person. For us here at Pinchos/Pincho Nation it is important that you feel secure with how we process your personal data. We protect the information that you entrust us with, and we comply with the laws and regulations that are there to protect your privacy.


____

PRIVACY POLICY PINCHO GUESTS


Pincho Nation AB (”Pincho Nation” or “We”) needs to collect and process information about you in order for you to be able to book tables, order and pay for requested services and products in our app. If you join our guest club ‘The Circus’, We will collect and process additional information about you in order for us to establish and manage your guest club account and be able to provide you with requested, personal and relevant offers on services and products within the framework of The Circus. We care for your personal integrity and strive to protect your personal data in the best way.

We process your personal data in accordance with this privacy policy and applicable personal data legislation. The privacy policy describes why We retrieve information about you and how that information is processed. Furthermore, information about your rights regarding personal data processing is provided.

Pincho Nation is the franchisor for all Pincho-restaurants and together they form the Pinchos/Pincho Nation chain (“The Pincho chain”). The Pincho chain has common IT systems where all data is managed and centrally owned by Pincho Nation. Pincho Nation has the overall responsibility for all data and, through an agreement with the Pincho chain's affiliated companies, has ensured the processing of your personal data. Pincho Nation is the data controller and responsible for making sure that your personal data is properly and legally processed in these IT systems.


1. PERSONAL DATA THAT IS BEING PROCESSED

We process personal data that you submit when you log in or create your guest club account in ‘The Circus’ in the app as well as data which We gather when you book a table, order, pay and interact with the app, website and/or email. We also process personal data that another person may have provided about you when they want to invite you to dine at a Pinchos/Pincho Nation restaurant, get and/or give bonus points or give you a gift voucher. In some cases We may also supplement your personal data from personal data supplement services, cookies, pixels and other tracking technology.

The following data is for example processed by Pincho Nation: name, surname, telephone number, telephone model, push token, booking information, purchase and payment history, order and booking history, receipt information, restaurant visits, bonus points, email address, app-, website- and email usage/interaction, IP number, date of birth, sex, used offers and an indication of the latest terms/policies that you have approved/taking part of.


2. THE PURPOSE OF PERSONAL DATA PROCESSING

Pincho Nation gathers, stores and processes your personal data in accordance with good practice and for business reasons with the purpose of:

a. Providing and managing services/products and on-demand, relevant and personalized offers and news.
b. Enabling and managing payments for services/products.
c. Registering bonus points and providing receipts.
d. Be able to identify and verify a member to ensure that the user of the app service is a real person and that the correct person receives its requested offers, news etc. This is necessary to protect the service from being used by unauthorised users and ensure that the terms of the agreement are complied with. As part of this, we may also update or correct your personal information through supplementary services.
e. Perform logging to detect fraud, errors, hacking attempts and otherwise quality assuring the systems in your interest.
f. Preventing misuse of the service.
g. Making statistical summaries, understanding trends and improving and developing our offerings, services, products and business in general using statistics.
h. Communicating with you to provide service, support and to manage bookings/orders, send booking- and order confirmations, and other administrative matters as well as to inform about changes in the service, updates in terms/policies and reminders about expiring offers etc.
i. Sending offers, information about new products, events and other similar direct marketing messages through push notifications, text messages, email and/or mail up to two (2) years from your last purchase or as long as you consent to it.
j. Analysing your behaviour in connection with the email messages through the use of so-called tracking pixels or web beacons, which are one-pixel image files stored on our CRM supplier’s website. For analysis purposes our supplier links your personal data and the web beacons to your email address and an individual ID. Links received in the email marketing/newsletter also include this ID. The data generated is used to create a user profile in order to personalise the emails/newsletter and give you a better user experience to your personal interest based on when you read our emails/newsletter and which links you click in them.
k. Managing and defending complaints and other legal claims.
l. Accounting of transactions.


3. LEGAL BASIS FOR THE PROCESSING

Processing of personal data for the purposes set out in 2 a) to d) is necessary for the performance of a contract to which you are a party.

Processing of personal data for the purposes set out in 2 e) to j) is necessary for Pincho Nation's legitimate interest based on a balancing of interests. If you consented to the processing of personal data for the purposes set out in 2 i), the legal basis for the processing of the data by Pincho Nation will instead be consent.

Processing of personal data for the purposes set out in 2 k) and l) is necessary for Pincho Nation to fulfil a legal obligation.


4. UNDER 13 YEARS OF AGE

We do not intentionally collect and store personal data from persons
under 13 years of age. Guardians are encouraged to contact Pincho Nation if they become aware that their child has provided personal data to Pincho Nation. If Pincho Nation notes that personal data has been gathered from a person under 13 years of age without a guardian's permission, Pincho Nation will request the person to contact our support so that We can obtain the consent of the child's guardian for the person's personal data processing and at the same time minimise the personal data processing of the person.


5. STORAGE PERIOD

The personal data that Pincho Nation processes to fulfil our contractual obligations is stored until the contract is fulfilled.

The personal data that We process to provide specific offers, news, services or products are stored until these services/products are no longer requested, such as when the account in the app is terminated or when you are no longer a member of The Circus. In other words, we save your personal data only for as long as required to fulfil our contractual obligations.

The personal data that We process to communicate with you in service and support matters (eg. questions, technical errors, consumer law complaints, legal claims or similar), handle your legal claims or otherwise assist you is stored until the matter is considered closed, unless it must be saved for legitimate reasons to prove and defend any legal claims or handle disputes that may arise up to three (3) years from the time the purchase was made or the case was initiated.

The personal data that We process in order to fulfil its accounting obligation is stored for a maximum of seven (7) years.

Other personal data will not be stored for a period longer than necessary for the purpose of the processing.

We keep your personal information for a longer period of time if there are legal requirements.


6. RECIPIENTS

Pincho Nation does not sell your personal data to third parties.

The Pincho chain’s franchisees that are connected to the app have access to the personal data provided by ordering in the app or booking in the app/at the website.

Pincho Nation shares information with suppliers and partner companies (data processors) that We use to provide services within following categories:

  • Service providers of server logs and database services;
  • Suppliers of support and communication tools/customer management systems;
  • Providers of payment solutions and payment transfers;
  • Providers of guest relationship services (CRM) and their sub-processors for distribution of messages, log management, analysis, segmentation, tracking technology and customer support;
  • Providers of marketing and statistics services;
  • Providers of offers of services and products; and
  • Providers of personal data supplement services.

In some cases, data storage, log management, service analysis, email message delivery services and customer support service provider may take place outside the EU, in the US, which is why appropriate safeguards have been taken through agreements on and application of the standard contractual clauses that the European Commission has decided upon in accordance with Article 46.2c GDPR and in some cases also supplementary measures. You can take part in the standard contractual clauses here.

Pincho Nation may share information about your use of the app with the police and/or other authorities in necessary cases.


7. PERSONAL DATA FROM/TO THE PAYMENT SERVICE PROVIDER

Personal data provided when using the payment services in the app is gathered and processed by the payment service provider Bambora AB (“Worldline”). Worldline provides Pincho Nation with a reference to the registered credit/debit card, for Us to receive certain transaction information to ensure that the payment has been completed. Worldline also provides certain card information to Pincho Nation so that you can identify which card to use for payment. However, the credit/debit card number is incomplete in such a way that only the first six and the last four digits are visible, i.e. the card data is truncated.
Further information on how Worldline processes your card and transaction information can be found under section 1 here: bambora-privacy-policy-eng.

8. YOUR RIGHTS

You have the right to know, free of charge, which data about you is stored by Pincho Nation. You have the right to receive personal data you have provided in a machine-readable format (data portability).

You can request to have your data corrected if it is shown to be inaccurate or out of date. You can change your name and email address yourself and manage your saved card details under your profile in the "Pinchos/Pincho Nation" app.

You also have the right to request a restriction in the use of the data or request to have your data erased. This does not necessarily mean that we will comply with your request if we need to process your data for legal reasons.

You have the right, at any time, to withdraw your consent for the personal data processing that requires your consent.

You may object to processing based on a balancing of interests.

The easiest way to send a request to delete your account and associated data is under your profile and under the heading "Manage account" in the "Pinchos/Pincho Nation" app. Your account is deleted immediately and your associated data in deleted within 90 days.

You can change your settings regarding push notifications or direct marketing send outs yourself under your profile and under the heading "Communication settings" in the app "Pinchos/Pincho Nation" or by pressing "subscribe" in connection to individual send outs.

You can exercise your other rights by sending an email to privacy@pinchos.se. You must give the name and telephone number used for purchases through the app "Pinchos/Pincho Nation" together with a message stating which right you wish to invoke.

Handling on and response to your request is provided within one (1) month at the latest.

If you consider that your personal data is handled incorrectly, you can submit a complaint to the Swedish Authority for Privacy Protection (IMY). You can find the contact details to IMY at imy.se/eng. You have the right to contact the supervisory authority in your country of residence or employment.


9. CHANGES AND UPDATES

As Pincho Nation’s practices and policies change, so will this privacy policy. We reserve the right to change and update the privacy policy at any time, for any reason, without notice to you, other than the posting of the amended privacy policy on our website and in the updated version of the app. We recommend that you regularly check this site to keep yourself updated on our privacy practices.


Data controller
Pincho Nation AB, org.no. 556870-7623
Trädgårdsgatan 2, SE-411 08 Gothenburg
privacy@pinchos.se

____


FREQUENTLY ASKED QUESTIONS


What data do you collect?

When you book a table and order food and drinks from us, we gather for example the following data: your name and telephone number, what you have ordered, how much you have paid and method of payment, if you have given incomplete card information, what telephone model and how many bonus points you earned during your visit.

Why do you gather personal data?

To be able to provide our services such as messaging when your food and drink are ready for collection, protecting your account from misuse, following up claims, finding and rectifying faults, and saving your earned bonus points.

How long do you save the data?

The personal data will not be stored for a period longer than necessary for the purpose of the processing. Data stored in your interest is deleted when you request it.

Do you sell the guests’ personal data?

No, never.

Will you send me advertisements or other mailshots?

We send out push notifications when food/drink is ready, when updating the app and terms, in connection with your data being cleared and similar. We may occasionally send out direct marketing messages up to two years from your last purchase, but as a rule, we only do so if you have explicitly consented to it. If you are a member of The Circus guest club, you will receive information about offers on a continuous basis. If you request that we stop sending direct marketing messages, you will not receive them either.

Do you carry out analyses of individuals' purchasing behaviour?

All analysis of sales and use is carried out on unidentifiable anonymous information unless you have joined The Circus guest club and explicitly want personalized offers or have approved cookies for these purposes.

How do I remove my data from you?

You can change or send a request to delete your data under your profile in the app. Email your name and phone number to privacy@pinchos.se and state what data you want corrected or removed.

How do you protect my data?

All traffic is encrypted, and the data is saved on encrypted disks. Logging onto the databases is protected by two factor authentication and the services are monitored for hacking attempts. All payment card data is processed by Worldline, who are certified to protect and process such data.