Privacy Notice

Updated 22.05.2023

At Sticks ’n’ Sushi, we are committed to protecting and respecting your privacy.

This privacy notice explains when, why and how we collect, use and share personal information about people that visit our restaurants, use our websites, mobile applications, booking solutions or communicate with us.

Our collection and use of personal information cover information from and about our suppliers, customers, recipients of our newsletters and visitors to our website and social media platforms. We collect information for a variety of purposes depending on which of our services you use.

The purpose of this notice is to give you easily accessible information about our collection and use of your personal data.

1. General Privacy Notice

1.1. How we collect information, what we collect and why we collect it

Depending on how you interact with us, we may collect and process information about you as described below:

Customer information

We collect the information you provide us with when using our website and mobile app to create user accounts, make reservations or place orders with us. This includes name, contact details (e-mail address, phone number and postal address), account information (username and password), language and payment preferences, and transactions (orders, bookings, and purchases). We may also process sensitive information about dietary restrictions or allergies, if you provide such information in your profile or when placing orders. If you contact us, we may also retain the correspondence to respond to and keep a record of your inquiry, complaint etc.

We process this information to: (i) handle bookings and deliver the products and services you order, cf. article 6(1)(b) of the EU General Data Protection Regulation (“GDPR”), (ii) comply with applicable law (e.g. information on financial transactions in accordance with tax and bookkeeping rules), cf. article 6(1)(c) of GDPR, and (iii) pursue our legitimate interests in communicating with you, carrying out statistical analysis, and improving our products, services and customer experience, cf. article 6(1)(f) of GDPR. Information about dietary restrictions allergies is processed for your safety and subject to your consent, cf. article 6(1)(a) and 9(2)(a) of GDPR.

Newsletters

If you register to receive information or news from us, we process information about your name, e-mail address and information preferences.

We process this information to: (i) deliver the information and news in accordance with your preferences, cf. article 6(1)(b) of GDPR, and (ii) pursue our legitimate interest in communicating with recipients and improving our services and offerings, cf. article 6(1)(f) of GDPR.

Sticks'n'Sushi loyalty

If you register as a user of the SNS loyalty app and join the SNS loyalty programme - Frequent Fisher, we collect and process the information you provide when signing up (name, address, e-mail, and telephone number), information about your membership (member ID and start date of membership), and information your activities (benefits, points and you have earned and used, purchases you have made, offers you have received, and communication with us). Information about your creditcard is collected and used to process payments, but such information is only accessible to the third party payment provider that is handling the payment processing.

We process the information to administer and fulfill our obligations to you as part of your SNS loyalty membership, including by giving access to the member benefits, sending relevant offers and communicating about your membership. The legal basis is article 6(1)(b) of GDPR, and article 6(1)(f) in respect of the legitimate interest we pursue in communicating with members about the membership, and improving our services and offerings. Our processing of your information for the purpose of sending you tailored marketing materials and offers is based on your consent, cf. article 6(1)(a) of GDPR.

Websites

We collect data about our website visitors by using cookies and similar technologies to: ensure that the sites work (necessary cookies), enable functionality on the sites (e.g. remembering language preferences and login), and to keep track of the website visitors for statistical and marketing purposes. The cookies for functionality, statistics and marketing are optional and only used on basis of your consent, cf. article 6(1)(a) of GDPR. The necessary cookies are used to pursue our legitimate interest in operating our websites and managing cookie settings, cf. article 6(1)(f) of GDPR.

See the details about the use of cookies on our websites in our cookie policy further below.

Surveillance videos

We use security cameras in our restaurants to record surveillance videos to ensure the safety and security of our guests, personnel and property, and to prevent and document criminal offences. Surveillance videos are only shared with law enforcement upon specific request when it is required in relation to an investigation of a crime.

This processing is based on our legitimate interest in protecting our guests, personnel and property, and in preserving evidence, cf. article 6(1)(f) of GDPR. If the video shows criminal offenses it may also be based on the establishment and exercise of a legal claim, cf. article 9(2)(f).

Whistleblower Scheme

We have established a whistleblower scheme to enable former and current employees, suppliers, business partners and other external parties to report concerns and reasonable suspicions about actual or potential breaches. Read more about the scheme and how to report here.

To manage the whistleblower scheme we may process information about the whistleblowers as well as persons mentioned in the reports or whose information otherwise becomes relevant in connection with an investigation. The processing we carry out includes receiving and processing reports, carrying out investigations and notifying relevant authorities and taking appropriate action.

The processing is based on our obligation to comply with applicable law, our legitimate interest in having serious wrongdoing reported and investigated, and management of legal claims, cf. articles 6(1)(c), 6(1)(f) and 9(2)(f) of GDPR. Persons whose data has been processed under the whistleblower scheme will be notified in accordance with applicable law.

a. Who will receive the information

Your personal information may be disclosed to the employees at Sticks ’n’ Sushi who has a need to handle the information for the purposes stated above. The information will be treated responsibly and in a safe manner.

Personal data may also be disclosed to third party processors, e.g. our payment, delivery and hosting providers, but only to the extent necessary to run our business and to fulfill our obligations to you. The third party processors will only process the information in accordance with our instructions and for our purposes. They will not share the information with others and they will delete the information when their tasks are completed. We do not sell your personal information to third parties.

If public authorities request access to your information we make a legal assessment of the request, and if applicable law requires us to disclose the information, we will comply with the request. You will be notified in accordance with applicable law in the event of any such disclosure of your information.

1.2. Where we store the information

We may transfer your personal information outside the European Union and the European economic zone. Regardless of where your information is transferred to, we ensure that appropriate safeguards are in place. An adequate level of protection is ensured in accordance with applicable privacy law. For example by use of standard contractual clauses on data protection adopted by the EU, cf. article 46(2)(c) of GDPR, or Binding Corporate Rules, cf. article 46(2)(b) of GDPR. More information about this can be obtained by contacting us at [email protected].

1.3. How we keep the information secure

Your personal data are protected by both technical and organizational means. All transfers of personal data and tokens will be encrypted. All personal data are stored in a secure way; access to data is monitored and restricted to need to know basis and any receivers have committed themselves to confidentiality.

1.4. How long we retain the information

We only retain personal data as long as we deem necessary for performing our services to you, taking into account any legal obligations we have (e.g. on retention of records for tax authorities). The criteria for the period of time that we need to store your information relates to e.g. whether there is an active contractual relationship with you, whether you are an active customer, and the nature of your inquiries, including whether a possible dispute has arisen with you.

For example:

Data about transactions are retained in accordance with applicable local law, e.g. regarding bookkeeping or tax.
Data related to subscriptions to receive information and news are retained until you unsubscribe.
Surveillance videos will be stored in accordance with applicable law and for a maximum of 30 days.
If you have created an account on our websites or mobile app, the account will be deleted 30 days after your request to have it deleted. Information about allergies may be deleted earlier, if you withdraw your consent.
Posts, comments or likes you make on our social media sites will be deleted if you decide to delete them from your profile.

1.5. Your rights to your personal data

You have the following rights in respect of the data we process about you:

Right to access:You are entitled to request access to the data we are processing about you.
Right to rectify:You are entitled to request that we rectify any inaccurate data we are processing about you.
Right to erasure:You are entitled to request to have your data deleted before the general time for deletion according to our retention rules.
Right to restrict processing:You are entitled to request that we restrict our processing of your data. In such cases we are only entitled – apart from storage – to process such data for handling legal claims, to protect the rights of another natural person, or for reasons of important public interest.
Right to withdraw consent:Where our processing is based on your consent, you are always entitled to withdraw the consent. If this is the case, you will have received a specific written notice from Sticks’n’Sushi that will contain further details. You are entitled to withdraw any such consent at any time, and Sticks’n’Sushi will then cease to use such personal information.
Right to object:You are entitled to object to our processing of your data.
Right to data portability:You are entitled to request to receive your data in a structured, commonly used format.

If you want to exercise any of these rights or have other queries or questions related to our use of your data, please contact [email protected].

If you are dissatisfied with our processing of your personal information, you may also file a complaint with the relevant supervisory authority. The relevant authority for Denmark is the Danish Data Protection Authority. You can read more on the Authority’s official website where you can also access the guideline on subject rights. You can access a complete list of European supervisory authorities here.

1.6. Responsible entities

The legal entity responsible for the processing of your personal data is the local company that operates the location you interact with:

Denmark
Sticks’n’Sushi A/S
Nansensgade 49, 1366 København

Phone.: +45 3311 7030
Email: [email protected]

Great Britain
Sticks’n’Sushi UK Ltd
58 Wimbledon Hill Road
SW19 7PA, London

Phone: + 44 0203 141 8840
Email: [email protected]

Germany
Sticks’n’Sushi Restaurants Berlin GmbH
Potsdamer Straße 85
10785 Berlin

Sticks’n’Sushi Germany GmbH
Kantstraße 152
10623 Berlin

Sticks’n’Sushi Kantstraße 152 GmbH
Kantstraße 152
10623 Berlin

Phone: +49 (0) 30 261 036 56
Email: [email protected]

1.7. Updates and legal information

We reserve the right to make changes to this privacy notice. Any changes will take effect immediately upon posting. You can see the date of the current version of the privacy notice on the top of this page.

The privacy notice shall, save for mandatory local law, be governed and construed in accordance with the laws of Denmark and be subject to the jurisdiction of the courts of Denmark.

2. Social Media Policy

Sticks’n’Sushi and the individual social media platforms are joint data controllers in the processing of your personal data on our sites on social media. This notice is a supplement to the general privacy policy issued by the social medias individually. Our social media partners include Facebook, Instagram and LinkedIn.

2.1. How do we process your personal data through social medias?

We use your personal data such as behavior (e.g. based on your likes, comments or visits) or other information on the social medias to develop and improve our services and to perform research activities and statistics. We process these data on the basis of our legitimate interest in being able to improve our services, cf. article 6(1)(f) of GDPR. To see more about the data we collect through cookies on our social media platforms, please refer to our <u>cookie policy</u> further below.

Our social media partners collect statistical data on the visitors’ behavior for their own purposes through cookies and pixels on your device when you visit the sites. You can read more about the social medias’ processing of personal data by visiting their privacy policies (Facebook, Instagram and LinkedIn) and cookie policies (Facebook, Instagram and LinkedIn).

2.2. How do we share your personal data?

We will at no point sell your personal data collected via social medias to third parties.

The social medias may share your personal data internally among its subsidiaries and externally among its partners using analytical services, advertisers, and other individuals, surveying partners and researchers and academics. For more information, please refer to the social medias’ terms and conditions and privacy policies linked to above.

2.3. How I use my rights towards the social medias?

The general set-up of the social media platforms dictate that you must contact the social media in question if you wish to exercise your rights. This is owing to the fact that only the social medias are capable of taking the steps necessary to comply with most of your requests. If, however, you are of the opinion that we are capable of complying with your request, please do not hesitate to contact us.

If you are a Facebook user, you may exercise your rights by changing your private settings (link) or configure your preferences (link) in order to have an influence on how your personal data will be collected and processed when you visit and use the Facebook site. If you are a LinkedIn user, click here (link) to change your settings or here (link) to exercise your rights. If you are an Instagram user, click here (link) to change your settings or here (link) to exercise your rights.

3. Cookie Policy

Part of the information we process, we collect through cookies on our websites and social media sites.

3.1. What is Cookie

Cookies are files sent by web servers to web browsers and stored by the web browsers. The information is then sent back to the server each time the browser requests a page from the server. This enables a web server to identify and track web browsers.

There are two main kinds of cookies: session cookies and persistent cookies. Session cookies are deleted from your computer when you close your browser, whereas persistent cookies remain stored on your computer until deleted or until they reach their expiry date.

3.2. The purposes of cookies on our websites

The cookie-collected information is used for operating the websites, and for analyzing and optimizing the general user experience and functionality of our websites and for measurements of traffic so we can document how many users visit the site and where they come from.

Our websites also use advertising and targeting cookies to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organizations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by other organizations.

3.3 Which information is gathered?

We may collect information such as technical information (type of mobile device you use, a unique device identifier like IMEI number, device token, MAC address of the device’s wireless network interface, IP address, mobile phone number used by the device, mobile network information, operating system, web browser and versions of the same), location information (if you allow sharing of your location on your mobile device and/or computer), and behavioral data (including, but not limited to, traffic data, weblogs and other communication data).

You can see further details about the specific cookies we use on our websites via <u>our cookie management platform</u>.

3.4 How Do i Delete or Block a Cookie?

Most browsers allow you to refuse to accept cookies. If you change your website browser settings to reject cookies this will affect the functionality of our website and is not advisable since we cannot guarantee the service or behavior.

Owner Information
Sticks’n’Sushi
Nansensgade 49
1366 Copenhagen
Denmark

Phone: +45 3311 7030
Email: contact_[email protected]

Cookie Policy

What is a Cookie
Cookies are files sent by web servers to web browsers, and stored by the web browsers.

The information is then sent back to the server each time the browser requests a page from the server. This enables a web server to identify and track web browsers.

How Do I Delete or Block a Cookie?
Most browsers allow you to refuse to accept cookies. By following this link, you’ll receive information on how to refuse cookies: http://help.ft.com/tools-services/how-to-manage-cookies/#axzz3uNhz3zXO

The purposes of cookies on sticksnsushi.com
Analyse and optimize the general user experience and functionality of sticksnsushi.com. Measurements of traffic so we can document how many users visit the site and where they come from.

The site uses cookies from the following third parties, which also have access to the respective cookie

Google Analytics:
Our site uses cookies from Google Analytics to measure traffic on the site. You can refuse the use of cookies from Google Analytics here http://tools.google.com/dlpage/gaoptout

Facebook:
Cookies from Facebook tracks your traffic to sticksnsushi.com and collects data and information accordingly.

You can read more about the use of cookies here http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm