PRIVACY POLICY

PRIVACY POLICY

DATA RESPONSIBILITY

We are the data controller for the processing of personal data that we handle about our customers and business partners. You can find our contact details below:

Pico Pizza ApS
Struenseegade 9
2200 Copenhagen N
CVR No.: 41700246

Our company is not required to have an external Data Protection Officer (DPO), but if you have any questions regarding the processing of your personal data, you can contact us at info@picopizza.dk.

PROCESSING ACTIVITIES

As the data controller under the GDPR, we carry out the following processing activities.

WEBSITE VISITS

When you visit our website, we use cookies to ensure the website functions properly. You can read more about this by pressing the icon located on the bottom right of this page.

COMMUNICATION WITH POTENTIAL CUSTOMERS

If you have questions about our site or want to learn more about our services, you can contact us via:

  • Contact form (for inquiries regarding catering orders and group bookings)
  • Email (info@picopizza.dk)

In doing so, we will process your personal data to engage in a dialogue with you, for example, to answer questions about our services. We only process the information you provide to us as part of our communication.

We typically process the following general personal data: name, email, and phone number.
Our legal basis for processing this personal data is Article 6(1)(f) of the General Data Protection Regulation (GDPR).

In special cases, if there is a need to retain your personal data for a longer period, this may occur.

COSTUMERS

We need to communicate with our customers to ensure that the service is delivered correctly. In doing so, we may process information such as name, address, services, special agreements, payment details, and similar data.
The legal basis for processing this personal data is Article 6(1)(b) of the General Data Protection Regulation (GDPR).

NEWSLETTER

We offer a newsletter that you can choose to subscribe to voluntarily – and you can unsubscribe at any time.
The purpose of the newsletter is to send subscribers emails with new information from the company, which may include updates to our website, announcements about our services etc.

We will only send you emails if you have given your explicit consent. This initially requires you to provide your email address, after which you will receive a confirmation email to complete your subscription and consent.

Our legal basis for processing your personal data (i.e. your email address) in connection with the newsletter is Article 6(1)(a) of the General Data Protection Regulation (GDPR).

We will process your personal data for as long as you remain subscribed to the newsletter. Once you unsubscribe, we will stop sending it to you.

ACCOUNTING

We are required to retain all accounting records in accordance with the Danish Bookkeeping Act. This means we store invoices and similar documents for bookkeeping purposes. These documents may contain general personal data such as name, address, and service descriptions.

Our legal basis for processing personal data for accounting purposes is Article 6(1)(c) of the General Data Protection Regulation (GDPR).

We retain this information for a minimum of 5 years after the end of the current financial year.

JOB APPLICATIONS

We gladly accept job applications in order to assess whether they match an employment need within our company.
If you send us your job application, our legal basis for processing your personal data is Article 6(1)(f) of the General Data Protection Regulation (GDPR).

DATA PROCESSORS

No one can do everything alone — and the same goes for us. We work with partners and use suppliers, some of whom act as data processors on our behalf.

External providers may, for example, supply systems for organizing our work, services, consultancy, IT hosting, or marketing.

Our data processors include:

  • EasyTable: table bookings
  • Heaps: webshop and app for takeaway orders
  • AllGravy: job applications
  • LifePeaks: gift card purchases
  • Google Analytics: website statistics and traffic measurement
  • Fluent Forms: service inquiries and email collection for newsletters
  • OneSignal: newsletters for marketing purposes
  • Simly.com: domain hosting

It is our responsibility to ensure that your personal data is processed properly. Therefore, we set high standards for our partners, who must guarantee that your personal data is protected.

We enter into agreements with companies (data processors) that handle personal data on our behalf to enhance the security of your personal data.

DISCLOSURE OF PERSONAL DATA

We do not disclose your personal data to third parties.

PROFILING AND AUTOMATED DECISIONS

We do not perform profiling or automated decision-making.

TRANSFERS TO THIRD COUNTRIES

As a rule, we use data processors within the EU/EEA or who store data within the EU/EEA.
In some cases, this is not possible, and data processors outside the EU/EEA may be used, provided they can ensure an adequate level of protection for your personal data.

DATA SECURITY

We ensure the security of personal data processing by implementing appropriate technical and organizational measures.
We have conducted risk assessments of our personal data processing and have subsequently implemented suitable technical and organizational measures to enhance data security.

YOUR RIGHTS

Under the General Data Protection Regulation (GDPR), you have a number of rights regarding our processing of your personal data.
If you wish to exercise your rights, please contact us so we can assist you.

RIGHT OF ACCESS

You have the right to access the personal data we process about you, as well as certain additional information.

RIGHT TO RECTIFICATION

You have the right to have incorrect personal data about you corrected.

RIGHT TO ERASURE

In certain cases, you have the right to have your personal data deleted before the time of our general retention period expires.

RIGHT TO RESTRICTION OF PROCESSING

In certain cases, you have the right to request a restriction of the processing of your personal data. If you are entitled to this, we may only process the data—apart from storage—with your consent, or for the establishment, exercise, or defense of legal claims, or to protect a person or important public interests.

RIGHT TO OBJECT

In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You can also object to the processing of your data for direct marketing purposes.

RIGHT TO DATA PORTABILITY

In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have these personal data transferred from one data controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Agency’s guide on data subject rights, available at www.datatilsynet.dk.

WITHDRAWAL OF CONSENT

When our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time.

COMPLAINT TO THE DANISH DATA PROTECTION AGENCY

You have the right to file a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data. You can find their contact details at www.datatilsynet.dk.

We generally encourage you to learn more about the GDPR to stay informed about your rights and the regulations.