Last updated 7th of January 2024.
Moyagi Group AB, a company with the registration number 559199-5476 and registered address at Brunkebergstorg 3, 111 51, Stockholm, Sweden, (”Moyagi”, ”we” or ”us”) is the controller and responsible for the processing of your personal data, as described in this privacy notice (“Notice”).
We understand that your privacy is important to you, and we want you to feel that you can trust Moyagi when you share your personal information with us. This Notice is published with the aim of enabling you to understand the instances where Moyagi is responsible for the processing of your personal data, how we process your personal data, why we do so, and to inform you about your data protection rights. You have a right to information about how we process your personal data, therefore, we encourage you to read this Notice in full.
In any case, we are responsible for and committed to processing personal data in accordance with applicable data protection laws, such as the EU General Data Protection Regulation 2016/679 (“GDPR”) and applicable national data protection legislation. You can always get in touch with us using the contact details set out in section 10 below.
This Notice applies when we process personal data, that is any information (or combination of such information) that directly or indirectly can identify you as a unique person, as defined in the GDPR. Information that can directly identify you is, for example, your name or your email address. Information that can indirectly reveal your identity is, for example, an internal reference number such as your reservation number.
Please note that, in any case, we will not collect any categories of personal data that are considered special categories of personal data under the GDPR (e.g., information about your racial or ethnic origin or health, political opinions, religious or philosophical beliefs, trade union membership, etc) or about your criminal background. You may, however, disclose information about allergies or food preferences when you make a reservation, which may reveal information about a guest’s health. We will process this information to ensure that we respect such preferences or that we will not jeopardise the health of our guests.
This Notice applies to you in the following cases, if you are a:
- Guest: When you make or wish to make a reservation to our restaurants and facilities.
- Member: When you are a member of our membership club.
- Visitor: When you visit or otherwise interact with us through our website: www.moyagi.com (“Website”).
- Job applicant: When you apply for a job with us.
Most of the time, we collect your personal data directly from you, such as when you make a reservation through our Website. However, in some cases, you may disclose information about other guests, e.g. food preferences or disabilities. We strongly encourage you to be careful with any additional information you provide to us about yourself and other guests and that you only provide information that we actually need in the notes field. For example, if a specific guest has a specific allergy or needs specific assistance when visiting us, we don’t need to know the exact name of the guest but merely what we need to be aware of in relation to your reservation.
When it comes to corporate clients, we will also collect personal data from other sources, such as information that is publicly available, on your company’s website to contact you to discuss the opportunity of hosting your corporate event with us. In certain circumstances, personal data will be generated internally by our systems, such as internal reference numbers (e.g. reservation number).
When it comes to job applicants, we will collect the information that you choose to share with us in relation to your job application, such as your CV or personal letter. The further you proceed in the recruitment process, the more personal data will be collected/generated by us, such as interview notes or references from prior employers (after you have provided us with their contact details and have informed them that we will reach out for this purpose). In certain circumstances, personal data will be generated internally by our systems, such as internal reference numbers (e.g. application number). We strongly encourage you to be careful with any additional information that you provide to us about yourself and that you only provide information that we actually need for the recruitment purpose. For example, in your personal letter, we kindly ask you to not share any information that is considered a special category of personal data (see section 2) unless that is considered crucial in relation to the job tasks.
4.1 Guests, members and visitors
In the following table, you will find information about why and how we are processing your personal data when you are a Guest, Member, or Visitor:
4.2 Job applicants
In the following table, you will find information about why and how we are processing your personal data when you are a Job applicant:
4.3 General purposes
We retain the personal data we collect from you where we have an ongoing legitimate business need to do so (e.g., to provide you with information you have requested or to exercise or defend legal claims) or to comply with applicable legal, tax requirements. Please see section 4 for information on the specific retention periods we apply for the purposes we have set out above.
When we have no ongoing legitimate business need or legal reason to process your personal data, we will either delete or anonymise it.
We disclose the personal data described above to the following categories of recipients:
- Courts and similar judicial entities and/or law enforcement authorities if we are required to do so by law.
- Service providers upon which we rely for our core operational activities.
- If there is a change of ownership of our business, we will share personal data with the new owners so that they can continue to operate our business, provided that the new owners will only process personal data as we have set out in this Notice.
In certain cases, the processing of your personal data either directly by us or through our service providers, entails a transfer of your personal data outside the EU/EE. In such cases, we ensure that adequate safeguards are in place to require that your personal data will remain protected in accordance with this Notice and applicable data protection laws. We do this through one of the following measures:
- By transferring the personal data to a country that is on the European Commission’s list of countries with an adequate level of protection, or;
- By implementing a transfer mechanism such as the controller-to-controller or controller-to-processor standard contractual clauses that have been approved by the European Commission (as applicable from time to time) for the transfer of personal data to third countries.
If a standard contract is deemed ineffective due to the national law of the country of destination, we will take additional technical, organisational, or contractual measures to ensure an adequate level of protection when transferring personal data to countries covered by paragraph (ii) above.
According to the GDPR, you have various data protection rights that you can exercise, including the right to be informed in accordance with this Notice. Once we receive a request from you, we will respond as soon as possible, and in any case, within the deadline stipulated in applicable legislation. Kindly note that before taking any action, we will ask you to verify your identity.
The table below provides a summary of these rights including information on possible conditions and limitations on how each right can be exercised and executed.
WHAT DOES IT MEAN
HOW YOU CAN EXERCISE YOUR RIGHT
CONDITIONS AND LIMITATIONS
If you have any comments or complaints regarding our processing of your personal data, please contact us directly by using the contact information in section 10.
You also have the right to contact and lodge a complaint with the Swedish Authority for Data Protection Authority (“IMY”), which is the supervisory authority for the processing of personal data. IMY can be reached at:
Kindly note that IMY requires that you exhaust our internal complaint process before looking into your complaint.
If we make changes to this Notice, we will notify you on our Website. You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice. Significant changes to how we collect or process your personal data will be notified to you via email.
Our contact information is:
Name: Moyagi Group AB (registration number 559199-5476)
Address: Brunkebergstorg 3, 111 51, Stockholm, Sweden
Email address: [email protected]