RDLA Restaurant ApS (Det Lille Apotek)
Company number: 41037369

1. Who are we?

RDLA Restaurant ApS (hereinafter “we,” “us,” or “The Little Pharmacy”) is responsible for the processing of your personal data as described in this privacy policy. If you have any questions about this policy or our processing of your personal data, you are always welcome to contact us.

RDLA – Restaurant ApS
Store Kannikestræde 15
1169 København
info@detlilleapotek.dk

2. We process your personal data.

We process personal data for various purposes, which you can read more about below. We only process personal data when it is necessary to fulfill the purposes for which the personal data was collected, or when it is necessary to comply with our legal obligations.

We process personal data for various purposes, which you can read more about below. We only process personal data when it is necessary to fulfill the purposes for which the personal data was collected, or when it is necessary to comply with our legal obligations.

2.1. Private customers and restaurant visitors.

In order to manage the restaurant’s operations and deliver our services to you, we process the following main categories of personal data about you:

• Common personal data, according to Article 6(1)(b), Article 6(1)(f), and Article 6(1)(c) of the General Data Protection Regulation, including, for example, name, contact information, and payment information.

Additionally, in connection with the booking, you may voluntarily and at your own discretion provide us with additional personal data that you believe may be relevant to our service to you, or that you believe should be provided for security reasons. This may involve processing the following categories of personal data in some cases:

• Sensitive personal data, according to Article 9(2)(a) of the General Data Protection Regulation, such as information about disabilities, allergies, health, or medication, as your choice to provide us with such information is considered consent to the processing of this personal data about you.

To the extent necessary for the operation of the restaurant, we may disclose such personal data to business partners, suppliers, etc., including software providers, shipping companies, accountants, and lawyers. We generally store the above-mentioned personal data for 3 months.

2.2. Satisfaction surveys

In order to investigate your satisfaction with your restaurant visit at Det Lille Apotek and our services provided in connection with this, we process the following main categories of personal data about you when conducting satisfaction surveys:

• General information such as your name and contact information, in accordance with the balancing of interests rule in Article 6(1)(f) of the GDPR.

We will contact you after your restaurant visit to get your evaluation of your visit with us. You always have the option to choose not to respond to the inquiry or to request not to receive any more satisfaction surveys. To the extent necessary for the operation of the restaurant, we may disclose such personal data to partners and suppliers. We keep the personal data associated with the satisfaction survey for 3 months, after which the personal data is anonymized.

2.3. Publication of images on website and social media platforms

For marketing purposes, we publish mood pictures of you when visiting the restaurant on Det Lille Apotek’s website, Facebook and/or Instagram profile based on your consent, according to Article 6, Paragraph 1, Letter a of the General Data Protection Regulation, or to a limited extent based on our legitimate interest, according to Article 6, Paragraph 1, Letter f. You are welcome to contact us afterwards to request the deletion of any pictures or to withdraw your consent. See more information on withdrawal of consent under point 3. Such pictures will be published as a starting point, as long as you have not withdrawn your consent or our legitimate interest in publication remains. However, pictures will be deleted no later than 5 years after publication.

2.4. Contacts at partners and suppliers

In order to manage the operation of the restaurant, we process the following main categories of personal data about contact persons at our business partners, suppliers, and corporate customers:

• Common personal data, as per Article 6(1)(f) of the General Data Protection Regulation and Article 6(1)(c) of the General Data Protection Regulation, including for example name and contact information.

To the extent necessary for the operation of the restaurant, we may disclose such personal information to business partners, suppliers, etc., including software suppliers, shipping companies, auditors, and lawyers. We generally store the above-mentioned personal information for as long as the cooperation/customer relationship exists, or until the respective contact person is no longer employed by our supplier, etc. Personal information recorded in connection with sales, delivery, invoicing, etc., will be stored for 5 years after the end of the relevant accounting year.

2.5. Job applicants

In order to process application materials that we receive unsolicited or in connection with a job posting, we process the following general categories of personal data:

• Basic personal data that we receive from you in connection with your application, including for example, name, contact information, work history, education, skills, photo, etc., cf. Article 6 (1) (b) of the GDPR and Article 6 (1) (f) of the GDPR.
• Basic personal data that we collect from public sources, such as LinkedIn, Facebook, etc., cf. Article 6 (1) (b) of the GDPR and Article 6 (1) (f) of the GDPR.
• Basic personal data that we collect from your references or public authorities, if you have given consent to this, cf. Article 6 (1) (a) of the GDPR.

If we process special categories of personal data (sensitive data) about you, according to article 9, paragraph 2 of the GDPR, or your CPR number, because you have provided such information in your application material without being prompted to do so, we consider your submission of the application material as your consent to the processing of this information in connection with the recruitment process, according to article 9, paragraph 2, letter a of the GDPR and section 11, paragraph 2, number 2 of the Data Protection Act. To the extent necessary to carry out the recruitment process, we may need to disclose your personal data to our software providers, partners, and data processors. If your application leads to employment with us, we will generally retain your personal data in accordance with our employee data protection policy. If your application does not lead to employment with us, we will generally delete your application material at the conclusion of the recruitment process. Under special circumstances, we may retain your personal data for a longer period if we assess that it is necessary to defend ourselves against a potential legal claim, according to article 6, paragraph 1, letter c of the GDPR. In that case, we will keep your personal data in accordance with the applicable statute of limitations. If we wish to retain your application material for possible future employment, we will ask for your consent to keep your application material for 6 months, according to article 6, paragraph 1, letter a of the GDPR. If you have submitted an unsolicited application, we will keep it until we have evaluated the application and determined whether it is relevant to keep it for possible future employment. If we wish to keep your application for a period of 6 months, we will ask for your consent, according to article 6, paragraph 1, letter a of the GDPR. Otherwise, we will delete your application after the evaluation has been completed.

3. If you wish to withdraw consent

If we process your personal data based on your consent, you may withdraw your consent at any time by contacting us as indicated above under point 1. If you withdraw your consent, please be aware that it does not affect the legality of our processing prior to the time you withdraw your consent, and that in special cases, we may be entitled to continue processing your personal data, for example, to defend ourselves against a potential legal claim or based on our legitimate interest.

4. Transfer of personal data to third countries

To the extent necessary to comply with the purposes of processing your personal data, we may need to transfer personal data to international organizations or companies established in countries outside the EU/EEA. We only make such transfers if we have a sufficient legal basis for doing so, including for example: If the EU Commission has assessed that the security in the relevant third country is adequate in accordance with Article 45 of the GDPR, if there are necessary guarantees for security, such as entering into EU Commission’s standard contractual clauses in accordance with Article 46 of the GDPR, or if one or more of the exceptions in Article 49 of the GDPR apply.

5. Security measures

We prioritize data security very highly and therefore have a strong focus on ensuring that we process your personal data in accordance with applicable data protection laws. To best protect your personal data, we continuously assess the risks associated with our processing of your personal data. We pay particular attention to protecting your personal data against discrimination, identity theft, financial loss, loss of reputation, and confidentiality. In the event of a security breach that poses a high risk to your rights, we will notify you of the security breach as soon as reasonably possible.

6. Your rights

When we process your personal data, you have the following rights with respect to us. If you wish to exercise these rights, you are always welcome to contact us as described above under item 1. Access. You have the right to access and obtain a copy of the personal data we process about you. Rectification. If we have registered incorrect information about you, you generally have the right to have such inaccurate personal data about you corrected. Erasure. In special cases, you have the right to have the personal data we process about you erased. Restriction of processing. In special cases, you have the right to have the processing of your personal data restricted to storage. Objection. In special cases, you have the right to object to our processing of your personal data. Data portability. In special cases, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transfer this data from one data controller to another without hindrance.

You can read more about your rights on the Data Protection Authority’s website: www.datatilsynet.dk

7. Appeal possibilities

You have the right to file a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we handle your personal information. However, we hope that you will always contact us first so that we can find a reasonable solution.

You can find the Danish Data Protection Agency’s contact information and complaint guidelines at the following website: www.datatilsynet.dk.