Reading Time: 27 minutes

Privacy Notice – Ancon AB

 

Updated: December 2022

 

1.     Introduction

 

Ancon AB, with company registration number 556257-3039, (“Ancon”, “we” or “us”) is committed to the protection of your personal data. We take measures to ensure that your personal data is protected when we use your personal data and that the use of your personal data complies with applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR).

In this Privacy Notice, we describe how we collect, use and share your personal data, and which rights you have in relation to your personal data.

Personal data means any information that directly or indirectly identify you, for example your name, contact details, order and payment details, or the IP address that your device uses.

Processing means any action taken (normally electronically) with regard to your personal data, for example collection, structuring, storage and disclosure.

The website means Ancon’s website available on https://ancon.io.

 Ancon Order refers to the platform available on https://anconorder.com/, or the Ancon Order mobile application.

 

2.     Who is covered by this Privacy Notice

This Privacy Notice covers you who:

  • visit our website and/or digital channels,
  • contact us or otherwise communicate with us, for example via our website or e-mail,
  • are a representative of a customer (such as restaurants), supplier or partner to us, and/or
  • are an end user of our online services and who sign up to and/or make order request to restaurants via the Ancon Order platform.

 

3.     Responsibility for the use of your personal data

 

Ancon acts as a data controller

Ancon is responsible (data controller) for its own use of your personal data under this Privacy Notice, unless otherwise is stated.

 

4.     Personal data that we collect

We collect and use different categories of personal data about you. Please note that we may not collect and use all categories of personal data about you. Which personal data that we actually collect and use about you depends on how you interact with us and which role you have, for example if you are a visitor of our website, a user of Ancon Order, or a contact person of a customer or supplier of ours.

 

We collect and use the following categories of personal data:

  • Identity information, which makes it possible to identify you, for example your name.
  • Contact information, which makes it possible to contact you, for example your postal address, e-mail address and telephone number.
  • Organisational information, which relates to your professional role, for example your title, position and the company or organisation that you work for.
  • Communication with us, for example content in e-mail and submitted forms (such as requests for demos of our products) or the responses you provide when participating in a survey.
  • Profile information of you as an end user of Ancon Order, such as your name, e-mail address, phone number, saved addresses and language settings.
  • Order details which include order requests of food/product, order request date/time, purchase price and discounts, delivery method (takeaway or home delivery), pickup and delivery details, food preferences or other order instructions.
  • Order history which includes history of previous submitted orders, including related order details.
  • Payment data related to an end user’s order request in Ancon Order, including payment card details.
  • Technical information about the device that you use when visiting our website or digital channels and when using Ancon Order, for example IP address, type of device, version of browser and operating system.
  • User generated information that is generated based on your activity and use of our website or digital channels and Ancon Order, for example page views and length of sessions.
  • Picture, video and audio material which includes video footage or audio recording of you, for example during your participation in an event.

 

5.     Sources from which we collect personal data

The personal data that we collect about you is mainly collected directly from yourself when you provide your personal data to us, for example via our website, when creating an account and using Ancon Order, when participating in a survey or contact or otherwise communicate with us. 

 

We also collect where necessary personal data from other sources:

  • The company or organisation that you work for,
  • Social network platforms if you follow or interact with us on social media,
  • Partners that we collaborate with, for example to carry out an event or similar activities, and
  • External persons that provide your personal data to us, for example in connection with communication or an event or similar activity.

 

6.     Our use of personal data

We use the personal data that we collect for various purposes. Please note that all purposes for our use of personal data may not apply to you. For which purposes we use your personal data depends on how you interact with us and which role you have, for example if you are a visitor of our website, an end user of Ancon Order or a contact person of a customer or supplier of ours.

In summary, we use personal data to manage the business relationship with our customers (for example restaurants), suppliers and partners, provide and manage our website and the Ancon Order platform, communicate with you and others, develop and improve our business and services, carry out events and other activities, to fulfil our legal obligations, as well as to manage and defend legal claims and rights.

To read more about the categories of personal data, purposes and legal bases that we rely on for our use of personal data and for how long personal data is stored in relation to each purpose, please see our detailed information on our use of personal data.

 

7.     Transfers of personal data

 

Transfers of personal data to other data controllers

To read more about for which purposes and which categories of personal data we share with recipients and which legal basis we rely on for sharing personal data, please see our detailed information on our use of personal data. The recipient is responsible (controller) for its own collection and use of personal data, unless otherwise is stated. This means for example that relevant restaurants that we – in connection with Ancon Order – share end-user personal data with, will act as a separate controller for its own subsequent use of your personal data.

 

Transfers of personal data to service providers

We will transfer your personal data to recipients that provide services to us and that need access to your personal data to provide such services. These service providers provide inter alia IT services (for example business office tools and services relating to IT infrastructure/hosting and support) as well as analytics, performance and communication services (which inter alia enable us to analyse your use of Ancon Order and our website or other digital channels, provide you with tailored content and communicate with you). Where the service providers process personal data on our behalf, they act as processors for us, and we are responsible for the processing of your personal data. They must not use your personal data for their own purposes and are contractually and legally obligated to protect your personal data.

 

Joint controllership with Facebook

To provide you with relevant offers, marketing and communication about us, our businesses and services on our website and on our other digital channels, we share personal data about you (such as IP address, web browser, user behaviour and how you have navigated on our website) with Meta Platforms Ireland Limited (Facebook). Such disclosure is based on your provided consent (Article 6.1 (a) GDPR).

When automatically sharing personal data with Facebook by using cookies and similar technology we act, where applicable, as joint controllers for the collection and transfer of your personal data. We and Facebook are, however, sole and separate controllers for the subsequent processing of your personal data.

We have entered into an arrangement with Facebook that describes which role and responsibility that we and Facebook, respectively, have when using your personal data. You have the right to obtain the essence of such arrangement (see reference in below section). Information on Facebook’s use of your personal data and how you may exercise your rights towards Facebook can be found in their Data Policy.

We have entered into a Controller Addendum with Facebook to establish our responsibilities and roles with regard to the use of your personal data for which we and Facebook act as joint controllers.

 

Transfers of personal data to third countries outside the EU/EEA

 

We use service providers, which also may use sub-contractors, that are established in third countries outside of the EU/EEA. To ensure an essentially equivalent level of protection for your personal data when transferred (or otherwise made available) to service providers in third countries outside of the EU/EEA which do not provide an adequate level of protection, we use the EU Commission’s adopted standard contractual clauses for international transfers according to decision 2021/914 and implement – in light of the law and practices of the third country – necessary supplementary measures. Supplementary measures include technical, contractual and organisational measures that are necessary to bring the level of protection of the personal data transferred to an essentially equivalent level protection.

For more information on to which third countries your personal data is transferred and the safeguards that we have taken to protect personal data, please contact us at by emailing privacy@ancon.io

 

Your rights

 

You have certain rights in relation to your personal data. If you wish to exercise your rights, please contact us by e-mailing privacy@ancon.io. We normally respond to your request within one month following the date we received your request. However, if your request is complicated or if you have submitted several requests, we may need additional time to handle your request. We will in such a case notify you and the reasons of the delay. If we cannot, wholly or in part, comply with your request we will notify you and the reasons for this.

When you submit a request to exercise your rights, we need to confirm your identity to ensure that you are not somebody else than who you claim to be. This to avoid that we for example disclose personal data to an unauthorised person or in error delete personal data. If we do not have sufficient information to confirm your identity, we can request that you provide supplementary information about yourself needed to confirm your identity. We only request such information that is reasonable and necessary to your identity. The time to respond to your requests starts when we have confirmed your identity.  

Below we describe the rights that you have in relation to your personal data. For further information on your rights, please see the website of your supervisory authority. In Sweden, the supervisory authority is the Swedish Authority for Privacy Protection (IMY).

 

Right to access (Article 15 of the GDPR)

You have the right to request confirmation from us as to whether we handle your personal data and in such a case receive a copy of your personal data together with additional information on our use of your personal data. Please note that the right to a copy of your personal data may not adversely affect the rights of others.

 

Right to rectification (Article 16 of the GDPR)

You have the right to request that we rectify or supplement your personal data if you consider that your personal data is incorrect, incomplete, or misleading.

 

Right to withdraw your consent (Article 7 of the GDPR)

Where we rely on your consent for the processing of your personal data under this Privacy Notice, you have the right to at any time withdraw such consent. When you have withdrawn your consent, we will not continue to use your personal data based on the consent previously provided.

 

Right to erasure (Article 17 of the GDPR)

You have in certain situations the right to request erasure of your personal data (“the right to be forgotten”). Accordingly, the right to erasure is subject to certain conditions. By way of example, the right to erasure applies if we keep your personal data but no longer the personal data for the purposes for which it was collected, or if you object to our use of your personal data and we cannot show a compelling reason to further use your personal data notwithstanding your objection.

There are also several exemptions from the right to erasure, including if we are obligated under law to keep your personal data or if the personal data is needed to exercise, manage, and defend legal claims.

 

Right to object to our use of personal data (Article 21 of the GDPR)

In certain situations, you have the right to object to our use of your personal data. Where we rely on our or another’s legitimate interest for the use of your personal data, you have the right to object to the use for reasons which relates to your particular situation. You can see below in relation to each purpose for which we collect, use and share your personal data if we rely on a legitimate interest for the use of your personal data. If we cannot show a compelling reason to continue to use your personal data, we will stop using your personal data for the relevant purpose.

You always have an unconditional right to object to our use of your personal data for direct marketing purposes.

 

Right to request restriction of your personal data (Article 18 of the GDPR)

In certain situations, you have the right to request restriction of your personal data which means that you can, at least for a certain period, stop us from using your personal data. The right to request restriction of your personal data applies if you consider that the personal data about you is incorrect and during the period that we verify this, if the use of your personal data is unlawful and if you wish that we continue to store your personal data instead of deleting the personal data, and if we no longer need your personal data for the purposes for which we collected the personal data, but you need the personal data to manage, defend or exercise legal claims and rights.

You also have the right to request restriction of your personal data if you have objected to our use of your personal data and during the period, we verify whether we have a compelling reason to continue to use your personal data.

If the use of your personal data has been restricted, we are normally only allowed to store your personal data and not use them for any other purpose than to manage, defend or exercise legal claims and rights.

 

Right to copy of certain personal data and transfer of the personal data to an external recipient (data portability) (Article 20 of the GDPR)

 

The right to data portability means that you have a right to receive a copy of the personal data that you yourself has provided to us in a structured commonly used format. Moreover, where it is technically feasible, you also have the right to request that the copy of your personal data is transferred directly to an external recipient.

The right to data portability under this Privacy Notice only applies, however, to personal data that we handle for the performance of an agreement with you (Article 6.1 (b) of the GDPR) or based on your provided consent (Article 6.1 (a) of the GDPR). We have below in relation to each purpose for which we collect, use and share your personal data outlined which legal bases we rely on for the use of your personal data.

 

Right to lodge a complaint

You have the right to lodge a complaint with your supervisory authority. In Sweden, the supervisory authority is IMY.

 

Automated individual decision-making

We do not carry out any automated individual decision-making which have legal effects or similar significant effects on you.

 

8.     Updates to this Privacy Notice

We regularly update this Privacy Notice. Our use of personal data may change, for example we may collect personal data for new purposes, collect additional categories of personal data or share your personal data with other recipients than outlined in this Privacy Notice. If our use of personal data changes, we will update this Privacy Notice to reflect such changes. At the top of this page, you can see when this Privacy Notice was last updated. If we make material changes that are not only editorial to this Privacy Notice, we will notify you of any such changes and what they mean to you in advance.

 

9.     If you have questions

If you have questions about this Privacy Notice, our use of your personal data or if you wish to exercise your rights, please contact us at:

E-mail address: privacy@ancon.io

Postal address: Ancon AB, Kungsgatan 11, 451 30, Uddevalla

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your country. You can find the Swedish supervisory authority’s (IMY) contact details here.

 

 

Detailed information regarding the use of personal data

 

Our use of personal data

 

Representatives of customers, suppliers and partners

 

Manage the business relationship with customers, suppliers and partners

 

Examples of what we do: If you are a representative of a customer (for example a restaurant), supplier or a partner, we use your personal data to:

 

·         manage our business relationship with the company or organisation that you work for or represent, for example to register you as a contact person, manage invoices and to communicate with you, and

 

·         register orders for products and services, respond to requests for proposals (RFPs) and communicate with you for the same purpose.

 

 

 

Categories of personal data:

 

·         Contact information

·         Identity information

·         Organisational information

·         Communication

Legal basis:

 

Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of managing the business relationship with our customers, suppliers and partners.

 

It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since we otherwise would not be able to manage the relationship with the company or organisation that you represent.

 

Storage period: Personal data is stored for this purpose as long as there is an active business relationship with the company or organisation that you work for or represent.

 

 

Communicate with prospective customers, including performing product demos

 

Examples of what we do: If you are a representative of a prospective customer (for example a restaurant) of ours, we use your personal data to:

 

·         communicate with you about our services and products offered, including taking necessary steps prior to entering into a potential contract with the company or organisation that you represent, and

 

·         where you have requested a demo of our products and services, for example via our website, administrate and carry out such demo, as well answering other questions that you may have.

 

 

 

Categories of personal data:

 

·         Contact information

·         Identity information

·         Organisational information

·         Communication

Legal basis:

 

Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of communicating with you and taking other necessary steps prior to entering into a potential contract with the company or organisation that you represent, including (where relevant) performing product demos.

 

It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since we otherwise would not be able to take steps as necessary to enter into a contract with the company or organisation that you represent.

 

Storage period: Personal data is stored for this purpose until we have entered into a contract with the company or organisation what you represent, or until a decision is made not to enter into such contract.

 

 

Provide newsletters and other marketing content

 

Examples of what we do: If you are a representative of a prospective customer (for example if you have declared your interest in our products/services via our website or other digital channels), customer, supplier or partner of ours, we use your personal data to:

 

·         provide you with updates and information about our business, including newsletters and other marketing content that we believe will be of interest to you.

 

 

 

Categories of personal data:

 

·         Contact information

·         Identity information

·         Organisational information

·         Communication

Legal basis:

 

Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of communicating with you and provide you with information and updates about our business, including newsletters and other marketing content.

 

It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since you always can unsubscribe from our newsletters at any time.

 

Storage period: Personal data is stored for this purpose as long as there is an active relationship with the organisation that you represent and for a period of twelve (12) months thereafter. The relationship is active if we have an ongoing contractual relationship or communication with the organisation that you represent.

 

Please note that you may unsubscribe from newsletters and other marketing content at any time by clicking on the unsubscribe link available in each communication, or by contacting us on the above contact details.

 

 

Follow-up and evaluate the business

 

Examples of what we do: If you are a representative of a customer (for example a restaurant), supplier or a partner, we use your personal data to:

 

·         follow-up and evaluate the business, for example to compile reports with statistics on ordered products and services. This in order to better understand how our business performs. We do not profile your personal data for this purpose.

 

 

 

Categories of personal data:

 

·         Identity information

·         Organisational information

Legal basis:

 

Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of following-up and evaluating the business. This in order to better understand how our business performs.

 

It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since the reports and statistics will be on an aggregated level (and not include your personal data).

 

Storage period: Personal data is stored for this purpose for a period of 27 months calculated from the date of collection.

 

Statistics and reports on an aggregated level which do not include any personal data are stored until further notice or until deleted.

 

 

Carry out surveys

 

Examples of what we do: If you, as a representative of a customer, supplier or a partner, choose to participate in a survey that we carry out, we use your personal data to:

 

·         collect and compile the personal data that you provide in connection with the survey, since your opinions about our business are important to us.

 

You can unsubscribe from such communications at any time by clicking on the unsubscribe link in the communication or by contacting us.

 

 

 

Categories of personal data:

 

·         Communication

·         Contact information

·         Identity information

·         Organisational information

 

Legal basis:

 

Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of carrying out surveys in order to better understand what you think about and improve our business and services.

 

It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially when you voluntarily participate in the survey.

 

Storage period: Personal data is stored for this purpose during the period the survey is carried out and for a period of three (3) months thereafter to compile the responses in a report.

 

 

End users of Ancon Order

 

Set up and manage your Ancon Order user account

 

Examples of what we do: If you are an end user of Ancon Order, we use your personal data to:

 

·         set up and administrate your user account on the Ancon Order platform, in order for you to fully enjoy tailored features on our platform, such as saved language settings and pre-filled forms with your details for a smoother checkout and user experience.

 

 

 

Categories of personal data:

 

·         Identity information

·         Contact information

·         Profile information

 

 

Legal basis:

 

Performance of contract (Article 6.1 (b) of the GDPR). The use of your personal data is necessary to fulfil the Terms of Conditions with you as part of creating and managing your user account in the Ancon Order platform.

 

Storage period: Personal data is stored for this purpose as long as you have an active user account on the Ancon Order platform. If you have not been logged in to or used your user account for 18 months, the account is considered inactive. You may also choose to delete your user account at any time.

 

 

Provide the Ancon Order services to you

 

Examples of what we do: If you are an end user of Ancon Order, irrespective of whether you have created a user account or not, we use your personal data to:

 

·         provide the services offered to you under Ancon Order, which includes allowing you to make order requests to restaurants on the platform, and

 

·         disclose such order request to the relevant restaurant (see the below section when we share personal data for further information).

 

 

 

Categories of personal data:

 

·         Identity information

·         Contact information

·         Profile information (if you have

created a user account)

·         Order details

·         Payment data

·         Communication

 

 

Legal basis:

 

Performance of contract (Article 6.1 (b) of the GDPR). The use of your personal data is necessary to fulfil the Terms of Conditions with you as part of managing your order requests in the Ancon Order platform.

 

Storage period: Personal data is stored for this purpose until the order request has been made to the restaurant.

 

 

Compile order statistics to evaluate and promote the services

 

Examples of what we do: If you are an end user of Ancon Order, irrespective of whether you have created a user account or not, we use your personal data to:

 

·         analyse and compile statistics of submitted orders to restaurants, including order amounts, to assess and evaluate the result and efficiency of using Ancon Order for restaurants (for example for restaurants to compare the average bill/payment made by end-users of Ancon Order with other “traditional” restaurant guests), and

 

·         in addition to what is described above, use such aggregated statistics to promote and inform about or services towards restaurants and other partners.

 

The complied statistics will be anonymised, meaning that you as an end user cannot (neither directly nor indirectly) be identified on an individual level. Moreover, as part of fulfilling the above purpose, such anonymised statistics will be shared with the relevant restaurants.

 

 

 

Categories of personal data:

 

·         Identity information

·         Contact information

·         Profile information (if you have created a

user account)

·         Order details

·         Order history

·         Payment data

 

Legal basis:

 

Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest in compiling order statistics to evaluate and promote our services.

 

It is our assessment that our legitimate interest outweighs your interests in not having your personal data used for this purpose, especially since the personal data will be anonymised.

 

Storage period: Statistics and reports on an aggregated level which do not include any personal data are stored until further notice.

 

 

Analyse your use of the Ancon Order platform

 

Examples of what we do: If you visit and/or use the Ancon Order platform, we collect your personal data by using cookies and similar technologies to:

 

·         analyse for example which pages that you have visited are for how long, to generate statistics on the use of our platform. This in order to better understand how our digital platform is used.

 

We will only use your personal data for the above purpose if you have provided us with your consent.

 

 

 

Categories of personal data:

 

·         Technical information

·         User generated information

Legal basis:

 

Consent (Article 6.1 (a) of the GDPR). The use of your personal data relies on the consent that you provide by accepting the use of cookies and similar technologies for the same purpose.

 

Storage period: Personal data is stored for this purpose during the period as stated in our cookie policy.

 

 

All individuals

 

Provide support and respond to questions

 

Examples of what we do: We use your personal data to:

 

·         respond to questions when you contact us,

 

·         register and manage support matters,

 

·         investigate, identify and resolve identified issues, errors and incidents, and

 

·         communicate with you and others for the same purpose.

 

The categories of personal data that we use for this purpose, as described below, may vary depending on the role in which you contact us (for example as an end user of Ancon Order or as a representative of a restaurant, supplier or partner) and the type of support matter.

 

 

 

Categories of personal data:

 

·         Identity information

·         Organisational information

·         Contact information

·         Communication

·         Order details

·         Order history

·         Profile information

·         Payment data

·         Technical information

 

Legal basis:

 

Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of providing support to you with regard to our services, website and/or relationship with you.

 

It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since the processing usually takes place on your initiative and to your benefit.

 

Storage period: Personal data is stored for this purpose for a period of 18 months calculated from the date the support matter was closed or the last communication in the same matter.

 

 

Analyse the use of our website and digital channels

 

Examples of what we do: If you visit our website and/or digital channels, we collect your personal data by using cookies and similar technologies to:

 

·         analyse for example which pages that you have visited and for how long, to generate statistics on the use of our website or other digital channels. This in order to better understand how our website and other digital channels are used.

 

We will only use your personal data for the above purpose if you have provided us with your consent.

 

 

 

Categories of personal data:

 

·         Technical information

·         User generated information

Legal basis:

 

Consent (Article 6.1 (a) of the GDPR). The use of your personal data relies on the consent that you provide by accepting the use of cookies and similar technologies for the same purpose.

 

Storage period: Personal data is stored for this purpose during the period as stated in our cookie policy. Statistics and reports on an aggregated level which do not include any personal data are stored until further.

 

 

Provide you with relevant marketing and tailored content

 

Examples of what we do: If you visit our website and/or digital channels, we collect your personal data by using cookies and similar technologies to:

 

·         provide with marketing and other tailored content which we believe are of interest to you, for example based on your browsing behaviour and websites visited.

 

We will only use your personal data for the above purpose if you have provided us with your consent.

 

 

 

Categories of personal data:

 

·         Technical information

·         User generated information

Legal basis:

 

Consent (Article 6.1 (a) of the GDPR). The use of your personal data relies on the consent that you provide by accepting the use of cookies and similar technologies for the same purpose.

 

Storage period: Personal data is stored for this purpose during the period as stated in our cookie policy.

 

 

Improve user experience on our website

 

Examples of what we do: If you visit our website and/or digital channels, we collect your personal data by using cookies and similar technologies to:

 

·         improve user experience and functionality on our website and other digital channels, for example to remember your settings and preferences (such as language).

 

We will only use your personal data for the above purpose if you have provided us with your consent.

 

 

 

Categories of personal data:

 

·         Technical information

·         User generated information

Legal basis:

 

Consent (Article 6.1 (a) of the GDPR). The use of your personal data relies on the consent that you provide by accepting the use of cookies and similar technologies for the same purpose.

 

Storage period: Personal data is stored for this purpose during the period as stated in our cookie policy.

 

 

Develop and improve the business

 

Examples of what we do: We use your personal data, when needed, to:

 

·         carry out analyses on an aggregated level to develop and improve the business, our business methods and business strategies.

 

It is important to us to continuously develop the business in order to ensure that that we work in an efficient way. We do not profile your personal data for this purpose.

 

 

 

Categories of personal data:

 

·         Identity information

·         Organisational information

·         Contact information

·         Communication

·         Order details

·         Order history

·         Profile information

·         Technical information

 

Legal basis:

 

Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of developing and improving the business, our business methods and business strategies.

 

It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since the analyses will be made on an aggregated level (without including your personal data).

 

Storage period: Personal data is stored for this purpose for a period of 27 months calculated from the date of collection.

 

Statistics and reports on an aggregated level which do not include any personal data are stored until further notice or until deleted.

 

 

Manage re-organisations and restructuring of the business

 

Examples of what we do: We use your personal data where needed to:

 

·         take necessary steps in connection with a re-organisation or restructuring of the business, including a sale or investment process of the business wholly or partly or otherwise a transfer of the business to a buyer.

 

 

 

Categories of personal data:

 

Relevant categories of personal data that are necessary

to manage the re-organisation or restructuring of

the business, or as part of selling the business or

other investment process.

 

Legal basis:

 

Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of managing the sale of our business, investment or re-organisations and restructuring of the business.

 

It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose if the buyer carries out the same or similar type of business.

 

Storage period: Personal data is stored for this purpose as long as necessary in order to manage the sale, investment, re-organisation or restructuring.

 

 

Carry out events and similar activities

 

Examples of what we do: We use your personal data to:

 

·         carry out events and similar activities that we arrange, for example to register your participation and to communicate regarding the activity.

 

 

 

Categories of personal data:

 

·         Communication

·         Contact information

·         Identity information

·         Organisational information

·         Picture, video and audio material

 

Legal basis:

 

Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of carrying out events and similar activities.

 

It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially if you have voluntarily signed up for or participates in the activity.

 

Storage period: Personal data is stored for this purpose during the period that the event or activity is carried out. Personal data, such as photos of you, may be stored until further notice for the purpose of documenting our business.

 

 

Follow-up on and evaluate activities carried out

 

Examples of what we do: If you have participated in an activity that we have carried out, for example an event, we use your personal data to:

 

·         follow-up on and evaluate the activity, inter alia to compile reports with statistics on how many that attended the event and to plan future activities.

 

 

 

Categories of personal data:

 

·         Communication

·         Contact information

·         Identity information

·         Organisational information

·         Picture, video and audio material

 

Legal basis:

 

Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of following-up on and evaluating activities carried out. This helps us understand how we can improve and plan future activities.

 

It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially if you have voluntarily signed up for or participate in the activity.

 

Storage period: Personal data is stored for this purpose for a period of up to 13 months calculated from the date of the relevant activity. Statistics and reports on an aggregated level which do not include any personal data are stored until further notice.

 

 

Fulfil legal obligations

 

Examples of what we do: We will use, when needed, your personal data to:

 

·         fulfil our legal obligations, for example to fulfil our accounting and data protection obligations. 

 

 

 

Categories of personal data:

 

Relevant categories of personal data that are necessary to fulfil the specific legal obligation.

Legal basis:

 

Fulfil legal obligation (Article 6.1 (c) of the GDPR). The use of your personal data is necessary to fulfil our legal obligations.  

 

 

Storage period: Personal data is stored for such period that is necessary for us to fulfil the specific legal obligation. By way of example, personal data necessary to fulfil book-keeping obligations will be stored for a minimum period of seven (7) years from the end of the relevant calendar year.

 

 

Manage, defend and exercise legal claims and rights

 

Examples of what we do: We use, when needed, your personal data to:

 

·         manage, defend and exercise legal claims and rights, for example in connection with a dispute or court proceeding.

 

 

 

Categories of personal data:

 

Relevant categories of personal data that are necessary to manage, defend or exercise the legal claim or right in the specific case.

 

Legal basis:

 

Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of managing, defending and exercising legal claims and rights.

 

It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose.

 

Storage period: Personal data is stored for this purpose as long as there is an active relationship and for a period of up to ten (10) years thereafter.

 

 

Ensure technical functionality and security in our IT systems and services

 

Examples of what we do: We use your personal data to:

 

·         ensure necessary technical functionality and security of our IT systems and services, for example in connection with access controls and for security logging, error handling, and backups. For this purpose, we will also use strictly necessary cookies and other technologies on our website and digital channels.

 

 

 

Categories of personal data:

 

Relevant categories of personal data that are stated in relation to the purposes of the use of personal data.

 

Legal basis:

 

Legitimate interest (Article 6.1 f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of ensuring technical functionality and security of our IT systems and services. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose.

 

Storage period: Personal data is stored for the same period as stated in relation to each relevant purpose of the processing.

 

Personal data in logs is retained in order to satisfy our legitimate interest of troubleshooting and incident management for a period of 13 months from the date and time of the log entry. Personal data in backups are stored for a period of 13 months from the date of the backup.

 

 

Detect and prevent misuse of our services

 

Examples of what we do: We use your personal data to:

 

·         ensure and follow-up on access controls to ensure that only authorised end users have access to the Ancon Order Platform, and

 

·         investigate any suspected misuse of the Ancon Order platform and/or our website or other digital channels, as well as taking necessary measures to resolve any identified issues or incidents.

 

 

 

Categories of personal data:

 

·         Identity information

·         Technical information

 

Legal basis:

 

Legitimate interest (Article 6.1 f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of detecting and preventing misuse of our Ancon Order platform and/or our website or other digital channels. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose.

 

Storage period: Personal data is stored for this purpose until the misuse or error is resolved.

 

 

When we share personal data

 

Representatives of customers, suppliers and partners

 

 

 

 

 

Purpose:

 

Recipients:

Categories of personal data:

Legal basis for the transfer:

Manage the business relationship with customers, suppliers and partners

 

·         Organisation that you work for

·         Identity

information

·         Contact

information

·         Organisational

information

·         Communication

Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of managing the business relationship with our customers, suppliers and partners. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose.

 

 

 

 

End users of Ancon Order

 

 

 

 

 

Purpose:

 

Recipients:

Categories of personal data:

Legal basis for the transfer:

Provide our Ancon Order services to you, including sharing your order request with the relevant restaurant and allow such restaurant to manage your order and provide its services to you.

 

·         Restaurants (customers of Ancon)

·         Identity

information

·         Contact

information

·         Order details

·         Payment data

·         Communication

 

Performance of contract (Article 6.1 (b) of the GDPR). The use of your personal data is necessary to fulfil the Terms of Conditions with you as part of managing your order requests in the Ancon Order platform, including sharing such orders with the relevant restaurant.

 

 

 

All individuals

 

 

 

 

 

Purpose:

 

Recipients:

Categories of personal data:

Legal basis for the transfer:

Carry out events and similar activities

·         Partners

·         Communication

·         Contact

information

·         Identity

information

·         Organisational

information

 

Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of carrying out events and similar activities. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially if you have voluntarily signed up for or participates in the activity.

 

Manage sales, investments, re-organisations and restructuring of the business

·         Buyers

·         Potential buyers

·         External

advisors

·         Public

authorities

 

Relevant categories of personal data that are necessary to manage the sale, investment, re-organisation or restructuring of the business.

 

Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of managing the sale, investment, re-organisation and restructuring of the business. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose if the buyer or investor carries out the same or similar type of business.

 

Fulfil legal obligations

 

·         Public

authorities

·         Law

enforcement

 

Relevant categories of personal data that are necessary to fulfil the specific legal obligation.

Fulfil legal obligation (Article 6.1 (c) of the GDPR). The use of your personal data is necessary to fulfil our legal obligations.  

 

Manage, defend and exercise legal claims and rights

 

·         Opposing party

·         External

advisors

·         Public

authorities

·         Law

enforcement

 

Relevant categories of personal data that are necessary to manage, defend or exercise the legal claim or right in the specific case.

 

Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of managing, defending and exercising legal claims and rights. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose.

 

Respond to legal requests

·         Public

authorities

·         Law

enforcement

 

Relevant categories of personal data that are necessary to respond to the legal request in the specific case.

 

Legitimate interest (Article 6.1 f) of the GDPR). If there is no explicit legal obligation for us to respond to the legal request, but we consider that we and the public authority have a legitimate interest of we responding to the legal request, we rely on this legitimate interest for the use of your personal data for this purpose. This provided that we make the assessment that the legitimate interest in the specific case, considering the circumstances and context of the legal request, outweighs your interest of not having your personal data processed for this purpose.