Identity and contact details of Personal Data Responsible
At the end of this policy, respective service provider may submit their own information in order to e.g. clarify the identity and contact details of the personal data controller, indicate how long the contact information is saved before it is anonymized, reference to how to access your information or to delete your contact information. If no information is submitted, please contact the service provider for this information.
What information is collected about you?
In order for you to make a reservation through KUMI's booking service, you need to provide some information about yourself (customer data). For a regular table reservation, this information is currently: first and last name, mobile phone number and e-mail address. In cases where card payment is required to complete a reservation, usual bank-/creditcard information is collected when card payments are made over the Internet. Storing card data is done in a PCI-certified environment and card data can not be viewed by KUMI or its staff in plain text.
Cookies and collection of Traffic data
KUMI collects unit information and measurements to collect statistics about the use of our services to view flows and general patterns, to maintain and improve the booking service. This information is for example: which browsers are used, which operating systems, screen size, etc. IP addresses are not stored. The information from you cannot be linked to your identity. The information is used inter alia to analyze the use of the service through third-party features, for example Google Analytics. Google Analytics has been configured to not store your IP address.
What is the information used for?
The contact information collected is used by the service provider primarily to communicate (send) booking confirmations, reminders and similar information linked to a reservation. The purpose of the communication can be, for example, to confirm that a reservation has been created, allowing you to edit the reservation yourself, to allow the restaurant to send menu choices, send payment requirements if this is agreed, remind you about the booking, follow-up actions - in order to improve services based on your experience. Responsible for personal data (personally responsible) and how these are used, is the service provider.
Legal basis for processing personal data
As you make a reservation at the service provider, you confirm to the service provider that on the day and time for your reservation you will arrive with the number of people you booked for. By entering your contact details and completing the reservation, you agree to this agreement. Legal basis: completion of agreements. There is also a legitimate interest in sending booking confirmations, reminders, and similar items before arrival day, for example, to confirm that you have a reservation, allowing you to edit the reservation yourself, send menu choices, to pay for payment requirements, remind you of the booking or just inform you so that you get the best possible experience. A legitimate interest in processing personal information for reservations may also be that service providers can communicate follow-up actions to find out how you experienced the service (customer survey) in order to improve the customer experience. Recipients of the information you provide are the Service Provider. Legal basis: legitimate interest.
How long is the information saved?
KUMI's reservation service has a feature that enables the service provider to anonymize old "Contacts / Guests" and its contact information, unless there is a new reservation in the future. According to GDPR, contact information should not be saved longer than necessary for the specific purpose. How long the contact information is saved before being anonymized is handled by the respective service provider. Specific information about this is the responsibility of each service provider to give. If desired, you may request your information to be anonymized after your reservation has occurred provided that there is no future booking. If you agree to that the data is saved for future reservations, these are saved until another choice are made.
Access to your information
According to GDPR, you are entitled to request, free of charge, a transcript from the information gathered about you and that any errors are corrected in this information. If you wish to request access to your information, please contact the service provider where the visit was booked. Contact details for the service provider can be found on the booking confirmation. In order to be able to provide you with this information, you must be able to prove your identity in an acceptable manner for the service provider. A request for transcript must be answered within one month.
Right to be deleted
If you acknowledge that your contact information is saved for future bookings, these are saved until other choice are made. You have the right to have your contact information deleted, as long as there is no future booking that requires the contact information to be saved. In order to have your contact information deleted from a service provider you need to contact the service provider directly.
Right to object
You are entitled to object to the service provider's processing of your contact information. Contact the service provider and specify what treatment you are objecting against. You are always entitled to object to direct marketing.
Right to data portability
You have the right to obtain the information you provided to the service company to use them elsewhere. However, it is required that the information is provided by consent or required to fulfill an agreement. Information treated with legitimate interest does not fall within this.
Right to withdraw consent
You have the right to withdraw an agreement and, if so, return directly to the service provider in question.
Notification of violation (complaint)
If you believe your contact details were incorrectly processed, you should contact the service provider as soon as possible to assess this and, if applicable, be corrected. You can also file a complaint with the Swedish authority "Datainspektionen".
