Privacy policy

Last updated 7th of January 2024.

1. INTRODUCTION

Moyagi Group AB, a company with the registration number 559199-5476 and registered address at Brunkebergstorg 3, 111 51, Stockholm, Sweden, (“Moyagi“, “we” or “us“) is the controller and responsible for the processing of your personal data, as described in this privacy notice (“Notice”).

We understand that your privacy is important to you, and we want you to feel that you can trust Moyagi when you share your personal information with us. This Notice is published with the aim of enabling you to understand the instances where Moyagi is responsible for the processing of your personal data, how we process your personal data, why we do so, and to inform you about your data protection rights. You have a right to information about how we process your personal data, therefore, we encourage you to read this Notice in full.

In any case, we are responsible for and committed to processing personal data in accordance with applicable data protection laws, such as the EU General Data Protection Regulation 2016/679 (“GDPR”) and applicable national data protection legislation. You can always get in touch with us using the contact details set out in section 10 below.

2. SCOPE

This Notice applies when we process personal data, that is any information (or combination of such information) that directly or indirectly can identify you as a unique person, as defined in the GDPR. Information that can directly identify you is, for example, your name or your email address. Information that can indirectly reveal your identity is, for example, an internal reference number such as your reservation number.

Please note that, in any case, we will not collect any categories of personal data that are considered special categories of personal data under the GDPR (e.g., information about your racial or ethnic origin or health, political opinions, religious or philosophical beliefs, trade union membership, etc) or about your criminal background. You may, however, disclose information about allergies or food preferences when you make a reservation, which may reveal information about a guest’s health. We will process this information to ensure that we respect such preferences or that we will not jeopardise the health of our guests.

This Notice applies to you in the following cases, if you are a:

Guest: When you make or wish to make a reservation to our restaurants and facilities.
Member: When you are a member of our membership club.
Visitor: When you visit or otherwise interact with us through our website: www.moyagi.com (“Website”).
Job applicant: When you apply for a job with us.

3. WHAT PERSONAL DATA DO WE COLLECT AND HOW DO WE COLLECT IT

Most of the time, we collect your personal data directly from you, such as when you make a reservation through our Website. However, in some cases, you may disclose information about other guests, e.g. food preferences or disabilities. We strongly encourage you to be careful with any additional information you provide to us about yourself and other guests and that you only provide information that we actually need in the notes field. For example, if a specific guest has a specific allergy or needs specific assistance when visiting us, we don’t need to know the exact name of the guest but merely what we need to be aware of in relation to your reservation.

When it comes to corporate clients, we will also collect personal data from other sources, such as information that is publicly available, on your company’s website to contact you to discuss the opportunity of hosting your corporate event with us. In certain circumstances, personal data will be generated internally by our systems, such as internal reference numbers (e.g. reservation number).

When it comes to job applicants, we will collect the information that you choose to share with us in relation to your job application, such as your CV or personal letter. The further you proceed in the recruitment process, the more personal data will be collected/generated by us, such as interview notes or references from prior employers (after you have provided us with their contact details and have informed them that we will reach out for this purpose). In certain circumstances, personal data will be generated internally by our systems, such as internal reference numbers (e.g. application number). We strongly encourage you to be careful with any additional information that you provide to us about yourself and that you only provide information that we actually need for the recruitment purpose. For example, in your personal letter, we kindly ask you to not share any information that is considered a special category of personal data (see section 2) unless that is considered crucial in relation to the job tasks.

4. WHY AND HOW WE USE YOUR PERSONAL DATA

4.1 Guests, members and visitors

In the following table, you will find information about why and how we are processing your personal data when you are a Guest, Member, or Visitor:

Purpose for the processing

Your personal data processed

Legal basis upon which we process the personal data

How long we will store your personal data

To enable you to make a reservation at our restaurants and to handle such requests.

First and last name, email address, phone number, reservation information and notes, date of birth, postal code, preferred language, reservation number

We base the processing on the necessity to enter into a contract with you when you make a reservation in accordance with our Terms and Conditions.

We will store your personal data for as long as it is necessary to fulfil our contract with you and in any case 12 months after your last visit to our facilities.

To respond to your inquiries regarding reservations, cancellations, or other relevant requests or questions that you may have.

Name, email address, content of your communication

We base the processing on our legitimate interest in responding to your inquiries.

We will store your personal data for as long as relevant depending on your inquiry.

To send our newsletter to you.

Email address

We base the processing on our prior consent. We collect such consent when you subscribe to our newsletter on our Website.

We will store your personal data for as long as we have your consent to do so or until you unsubscribe from our newsletter. You can always unsubscribe by clicking the unsubscribe button at the end of each email communication we send over.

To send you marketing material.

Name and email address

We base the processing on your prior consent that we obtain when you make a reservation and you have ticked the relevant box. However, we may contact you for marketing purposes based on our legitimate interest if you represent a company, to discuss the arrangement of a corporate event.

We will store your personal data for as long as we have your consent to do so or until you unsubscribe from our marketing communications.

To enable you to be part of our membership club and be awarded for being a regular guest at Moyagi restaurants and other facilities.

Name, email address, phone number, reservation information and notes, date of birth, address

We base the processing on your consent to be a part of our membership club. You provide your consent by affirmative action when you choose to register to our membership club and be rewarded for your loyalty to us.

We will store the personal data for as long as you wish to be part of our membership club. You can withdraw your consent anytime by contacting us at [email protected] or directly through the membership application.

To measure the satisfaction of our guests after their visit to our restaurants.

Name, email address, your review

We base this processing on our legitimate interest in obtaining feedback about your experience and improving our services.

Once we receive your rating, will will anonymise your personal data.

For billing and invoice purposes when you represent a corporate client and we need to send you an invoice after your company event.

Name, email address, company name, any personal data that may be on the invoice itself

We base the processing on our legitimate interest in being able to invoice our corporate clients and on the necessity to comply with applicable laws.

We will need to keep the invoice itself for seven (7) years to comply with the Swedish Bookkeeping Act (Bokföringslag (1999:1078). We will store the rest of the personal data only for as long as we will need to fulfil our purpose.

4.2 Job applicants

In the following table, you will find information about why and how we are processing your personal data when you are a Job applicant:

Purpose for the processing

Your personal data processed

Legal basis upon which we process the personal data

How long we will store your personal data

To evaluate and manage your job application for potential employment.

Name, email address, phone number, CV, Interview notes (where relevant), other personal data provided by you through your job application or provided by a third party such as references from your prior employers.

We base the processing on our legitimate interest in managing your application internally and evaluating your application in order to ensure that we recruit suitable employees for the relevant job opening.

We will store your personal data for as long as necessary for the evaluation of your job application. In any case, we will store your personal data for two years to be able to defend against claims according to the Swedish Anti- Discrimination Act (Diskrimineringslagen (2008:567). A longer storage period may be needed if a discrimination claim is initiated within the two-year period.

To sign the employment agreement.

Name, email address, home address, personal identity number (personnummer) or similar, salary, vacation balance, insurances and pension benefit

We base the processing on the necessity to enter into an employment agreement with you.

We will store your personal data for as long as it is necessary to fulfil our contract with you.

4.3 General purposes

Purpose for the processing

Your personal data processed

Legal basis upon which we process the personal data

How long we will store your personal data

To comply with various legal obligations.

In order to comply with applicable laws, we are obliged to process certain personal data. The personal data categories collected and stored for this purpose may vary depending on the specific requirements stipulated in applicable legislation.

We base the processing of your personal data on our necessity to comply with legal obligations.

The retention of your personal data at hand will depend on the legal requirement at hand. For more details about the retention in relation to legal requirements, please contact us at [email protected].

To enable Moyagi to establish, exercise, or defend legal claims. “Legal claims” in this context are not limited to current legal proceedings but also include: actual or prospective court proceedings; obtaining legal advice; or establishing, exercising or defending legal rights in any other way.

In order to fulfil this purpose, we will process only personal data that is relevant in relation to the matter in question.

We base the processing on our legitimate interest to be able to establish, exercise, and defend against legal claims.

10 years according to the Swedish Act on Limitations, unless otherwise stipulated in another applicable law.

5.COOKIES AND SIMILAR TECHNOLOGIES

When you visit our Website, if you agree, we place Cookies on your device which will collect and share with us technical information, such as your IP address and the type of browser that you are using which constitute personal data (“Technical data”). We will further process this personal data collected through the cookies to improve the quality, functionality, and user experience of our Website. We base the processing on your prior consent and for as long as we have such consent. For more information about the types of cookies we use, the personal data categories processed, the purposes of processing and retention time, as well as how you can control cookies, please read our Cookie Policy.

6. RETENTION PERIODS

We retain the personal data we collect from you where we have an ongoing legitimate business need to do so (e.g., to provide you with information you have requested or to exercise or defend legal claims) or to comply with applicable legal, tax requirements. Please see section 4 for information on the specific retention periods we apply for the purposes we have set out above.

When we have no ongoing legitimate business need or legal reason to process your personal data, we will either delete or anonymise it.

7. RECIPIENTS AND TRANSFERS OF PERSONAL DATA

We disclose the personal data described above to the following categories of recipients:

Courts and similar judicial entities and/or law enforcement authorities if we are required to do so by law.
Service providers upon which we rely for our core operational activities.
If there is a change of ownership of our business, we will share personal data with the new owners so that they can continue to operate our business, provided that the new owners will only process personal data as we have set out in this Notice.

In certain cases, the processing of your personal data either directly by us or through our service providers, entails a transfer of your personal data outside the EU/EE. In such cases, we ensure that adequate safeguards are in place to require that your personal data will remain protected in accordance with this Notice and applicable data protection laws. We do this through one of the following measures:

By transferring the personal data to a country that is on the European Commission’s list of countries with an adequate level of protection, or;
By implementing a transfer mechanism such as the controller-to-controller or controller-to-processor standard contractual clauses that have been approved by the European Commission (as applicable from time to time) for the transfer of personal data to third countries.

If a standard contract is deemed ineffective due to the national law of the country of destination, we will take additional technical, organisational, or contractual measures to ensure an adequate level of protection when transferring personal data to countries covered by paragraph (ii) above.

8. YOUR RIGHTS

According to the GDPR, you have various data protection rights that you can exercise, including the right to be informed in accordance with this Notice. Once we receive a request from you, we will respond as soon as possible, and in any case, within the deadline stipulated in applicable legislation. Kindly note that before taking any action, we will ask you to verify your identity.

The table below provides a summary of these rights including information on possible conditions and limitations on how each right can be exercised and executed.

YOUR RIGHT

WHAT DOES IT MEAN

HOW YOU CAN EXERCISE YOUR RIGHT

CONDITIONS AND LIMITATIONS

Right to access

You have the right to access and receive a copy of your personal data that we process, as well as other supplementary information at any given time.

Such requests should be made to [email protected]. If possible, please specify the type of information you would like to access to ensure that our disclosure meets your request.

Your request may not affect the rights and freedoms of other individuals, such as their privacy and confidentiality rights.

Right to rectification

You can challenge the accuracy of your personal data at any given time, e.g. if you misspelled your name or email address when you make a reservation or send a job application, or request the completeness of your personal data.

We encourage you to notify us of any inaccuracies regarding your personal data as soon as they occur, including changes to your contact details. A request to exercise this right is made in writing to [email protected].

If appropriate, we may ask you to provide a supplementary statement, depending on the purpose of processing.

Right to erasure

In certain cases, you are entitled to have your personal data erased (also known as the “right to be forgotten”), such as in cases where the personal data is no longer needed for the purpose for which it was collected, or if we no longer have a legal basis to continue processing it.

A request to exercise this right is made in writing to [email protected].

Kindly note that this right is not absolute and there are various lawful reasons why we may not be able to erase your personal data, for example: (i) where we have to comply with a legal obligation, (ii) where there is another lawful purpose for processing your personal data at hand.

Right to objection

You have the right to object to the processing of your personal data at any time. This means that we will stop or be prevented from processing further your personal data. You have the absolute right to object to receiving further marketing material or communications from us.

A request to exercise this right is made in writing to [email protected]. If possible, please specify to which purpose of processing you wish to object to ensure that our actions meet your request.

This right is only applicable where the processing is based on our legitimate interest which does not override your rights and freedoms. For more information see section 4.

Right to restriction

By exercising this right, you limit the way we will process your personal data for a certain period of time. This right is an alternative to requesting the erasure, in case you don’t want the deletion of your personal data.

A request to exercise this right is made in writing to [email protected]. If possible, please specify for how long you would like to restrict the processing, to ensure that our actions meet your expectations.

You have the right to request you restrict the processing of their personal data in certain circumstances, such as: (a) If you have contested the accuracy of your personal data. (b) If you consider that your personal data has been unlawfully processed and you oppose to erasure of your personal data. (c) When we no longer need the personal data, but you need to keep it in order to establish, exercise or defend a legal claim.

Right to withdraw your consent

You have the right to withdraw your consent to any processing for which you have previously given consent at any given time.

A request to exercise this right is made in writing to [email protected]. For the purpose of sending you marketing material, you can withdraw your consent by clicking the “unsubscribe button at the end of each email communication we send over.

If you withdraw your consent, such withdrawal will only take effect in regard to future processing.

Right to data portability

You have the right to request that we send your personal data to another controller in a n a structured, commonly used and machine-readable format.

A request to exercise this right is made in writing to [email protected]. If possible, please specify the type of information you would like to share and the recipient to ensure that our disclosure meets your expectations.

Such sharing is possible when the processing is based on your consent or a contract in place between us.

If you have any comments or complaints regarding our processing of your personal data, please contact us directly by using the contact information in section 10.

You also have the right to contact and lodge a complaint with the Swedish Authority for Data Protection Authority (“IMY”), which is the supervisory authority for the processing of personal data. IMY can be reached at:

Integritetsskyddsmyndigheten
Box 8114, 104 20 Stockholm
Email: [email protected]
Phone number: 08-657 61 00
IMY’s website: www.imy.se

Kindly note that IMY requires that you exhaust our internal complaint process before looking into your complaint.

9. CHANGES TO THIS NOTICE

If we make changes to this Notice, we will notify you on our Website. You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice. Significant changes to how we collect or process your personal data will be notified to you via email.

10. CONTACT INFORMATION

Our contact information is:

Name: Moyagi Group AB (registration number 559199-5476)
Address: Brunkebergstorg 3, 111 51, Stockholm, Sweden
Email address: [email protected]