Privacy Policy

Updated: 2022-05-02.

At MAX Burgers Aktiebolag, we care about your privacy. When you come into contact with us in any way, this may mean that we have to process your personal data (such as your name, address, email address, Swedish civil registration number, telephone number etc.). This Privacy Policy is intended to explain why we need to process your personal data, when it happens and how we process it.  We will also explain the obligations that we are under and the rights that you have.  You only need to read the parts which are relevant to you.

MAX Burgers Aktiebolag (”MAX”) is the Personal Data Controller for data processing as described in this Policy.  This means that it is up to us to “determine" why we need to process your personal data and that we have the primary responsibility.  If you have any questions or thoughts about this Policy and/or our processing of your personal data, you are always welcome to contact us at info@max.se or by phone 0920–89000.

We will shortly explain why we process your personal data, the type of data involved and whether we share the data with anyone else.  We have divided this between consumers (private citizens) and representatives of companies.

There will then be a common section which deals with where we store your personal data and how we protect it.  We also explain your rights and who you can contact if you have any questions, if you want to exercise your rights or if you are dissatisfied about something.

Consumers

Why we process your personal data (our purpose)

Fulfilment of contract with consumer customers 

Why we process your personal data for this purpose

We process your personal data to enable us to fulfil our contract with you, for example to make it possible for us to receive and handle your order, to tell you that the order is ready and to enable us to deliver it.  We also need to be able to administer your order. If you decide to store your credit card (Repeated payments / EasyPayment), a tokenisation solution provided by our payment suppliers will be used.  Card data is never stored in any of our online services.

The processing that we do carry out is done in compliance with the contract that you entered into or are in process of entering into with us (fulfilment of contract).

How long do we save your data?

We store your data to enable us to administer and implement your order and for a short time after that, but not for longer than 24 months after your latest activity.

Who do we share your personal data with?

Our partners receive your personal data on our behalf, but only for the purposes specified here.  They do not retain your data after our cooperation with them ceases.  We do not sell your personal information to third parties.

Marketing to consumers

Why we process your personal data for this purpose

Like other companies and organisations, it is in our interest to market ourselves and our products to people who are customers of ours or who want to be customers.  Accordingly, we process your personal data for marketing purposes (to consumers).  We consider that we have what the law calls a "legitimate interest" when we process the personal data we have collected to market ourselves and our products.  We will, for example, send out and/or present offers and discounts through channels such as email or SMS or via social media.

The personal data used in preparing marketing, and in the actual marketing, is ordinary information which is not sensitive and which is very often available in public registers or which you have provided to us yourself.  This would typically be your name, email address and telephone number. We also obtain information such as telephone number, email address, address and postal address from public sources such as the Swedish Tax Agency or from private address providers. When your data comes from a third party, we identify the third party involved in our communications with you.

You have the right at all times to decide for yourself how you want to receive information about offers by saying yes or no, for example, to emails or SMS.

How long do we save your data?

We store your data as long as we have a customer relationship with you, e.g. by you having a user account online, but no longer than for 24 months after you have last been in contact with us.

Who do we share your personal data with?

Our partners receive your personal data on our behalf, but only for the purposes specified here.  They do not retain your data after our cooperation with them ceases.  We do not sell your personal information to third parties.

Profiling

Naturally, we want you to feel that the information we present to you is interesting and relevant.  As part of our marketing process, we use "profiling" to help us do this.  This involves looking at your order history or the products you have shown interest in so that we can send you offers that we believe you will like.

If you allow us to know your location on your mobile and/or computer, we use that location to tailor our online services and user experience for you.  We can also use your location to show you local offers.

You can inform us at any time that you don't want us to use profiling or that you don't want to keep receiving direct marketing from us.  You just need to contact us via info@max.se or phone us on 0920–89000 and ask for help to set up a block.

Advertising block

Why we process your personal data for this purpose

If you have informed us that you don't want to receive our marketing, we must be able to comply with your request, and to do that we need to save your personal data on our block list (otherwise we can’t keep track on just who does not want to receive our advertising in the future). 

The data we process is name, telephone number and postal address.  Out of respect for your privacy, we will not check that you are still living at the address you gave us, so you yourself must remember to update the information if you move.  We process the data on the basis that we have a legal obligation to do so. 

How long do we save your personal data?

We save your data as long as it is relevant, i.e. as long as we must ensure that we do not process your personal data for marketing purposes.

User account and customer club

To enable us to administer your user account or MAX customer club and to fulfil our obligations, we must process some of your personal data.  This may include contact information such as your name, telephone number and email address, or your order history. This also includes the password provided during account registration and which activates logging in to a user account.  This is stored in encrypted form, and you are responsible for choosing a strong password and keeping it confidential.

We process personal data for this purpose under what the law calls fulfilment of contract.

Profiling etc.

Our obligations in the customer club mean that we must be able to provide you with offers tailored to you, so we look at what you usually order (your order history).   If you decide not to provide the information or if you object to profiling, we will only provide you with general offers.

How long do we save your data?

We store your data for as long as you are a registered user/member of the customer club and for up to 24 months after that.

Who do we share your personal data with?

Our partners receive your personal data on our behalf, but only for the purposes specified here.  They do not retain your data after our cooperation with them ceases.  We do not sell your personal information to third parties.

Consumer surveys

We process your personal data to enable us to send out customer surveys. 

We use a variety of players (third parties) to carry out a range of surveys on our behalf.  When you are contacted for one of the surveys, accordingly, it is not because you are on our register but in the third party's register, e.g. because you have indicated that you are willing to take part in surveys.  We can, however, contact the surveying organisation and send out a survey through them. Under the General Data Protection Regulation (GDPR) this means that we are also processing your personal data – and this makes us the Personal Data Controller.

We contact only the third party, and tell them which we want to carry out and which target group we want them to send it to.

We process your personal data in accordance with a legitimate interest where we consider that we have a legitimate interest in sending out surveys linked to our operation and the products we offer, for the purpose of analysing, developing and improving the efficiency of our operation.  If you do not wish to take part in future surveys, you can either contact us at info@max.se, or follow the link in every mailing.

How long do we save your data?

We process your data to enable us to carry out the survey and for a short time after that.

Who do we share your personal data with?

We do not share your personal data with any third party unless we are required to do so by law.

Analysis and development of online services

So that we can detect problems with our online services, develop and improve them and make them even more attractive for you as a customer, we sometimes need to analyse their use and results.  We may, for example, collect technical information such as which type of mobile device you are using, a unique device identifier such as the IMIE number, device token, MAC address for the device's wireless network interface, IP address, mobile phone number used by the device, mobile network information, operating system versions and web browser.  This could also involve details of your visit to our online services, including, but not limited to, traffic data, weblogs and other communication data.

Personal data processing that we are legally obliged to carry out

Why we process your personal data for this purpose

We are legally obliged to take certain actions, for example, when we enter into a contract with you.  This includes an obligation to have accurate financial records.  To fulfil these legal obligations, we have to process certain of your personal data. 

How long do we save your data?

Your data is stored for as long as we are legally required to do so but we are not allowed to use it for any other purpose.

Who do we share your personal data with?

We do not share your personal data with any third party unless we are required to do so by law.

Protecting our rights and interests

Why we process your personal data for this purpose

So that we can protect our interests in any dispute or similar situation, to prevent or investigate scams, other breaches of the law or misuse of our online services.  For this purpose, you data can be stored for a period of up to 10 years, but no longer than necessary.  We may share your data with courts or the authorities, for example.

Our lawful basis for processing your personal data is a legitimate interest in establishing, exercising, investigating or defending the legal claim. 

Video surveillance – security footage

We believe that we have a common interest in ensuring that visits to us at MAX are safe and secure.  Accordingly, in some of our restaurants we use security cameras to protect our guests, personnel and property from criminal acts.  This means that we may process personal data such as images of people.  The security footage is shared only with the police by special request when this is required for the investigation of a crime.  Security footage is erased after 30 days.

Our lawful basis for processing your personal data is our legitimate interest in preventing and combating crime.

Where we store your data

We make every effort to store and process your personal data within the EU/EEA at all times.  In exceptional cases, however, your personal data may be transferred to and processed in countries outside the EU/EEA through our suppliers or processors.  In the event that we do this, we will ensure that the transfer takes place in accordance with the European Commission's standard contractual clauses, or, alternatively, binding company provisions, supplemented with the technical and administrative protection measures considered necessary to guarantee a level of protection for the data which is in all essentials equivalent to that within the EU/EEA.

How we protect your personal data

Your personal data is protected by both technical and organisational measures.  All transfers of personal data and tokens will be encrypted.  All personal data is stored securely, access to data is monitored and limited to those individuals whose work requires it.

Your rights

Right to access

You can contact us at any time (info@max.se) to request an extract of the personal data processing that involves you.

Right to rectification

You can contact us at any time to request that any inaccurate personal data is rectified and any incomplete personal data is completed.

Right to be forgotten

You have the right to ask us to erase [delete] your personal data.  Even if you ask us to erase your personal data, we sometimes have to save certain personal data, for example when the law requires us to do so or if processing is required to protect or assert our legitimate interests.  In such cases, we will block the use of your personal data for the purposes that you want to be forgotten for.

Right to restrict processing

You have the right to request that the processing of your personal data is restricted, for example while waiting for inaccurate data to be checked and possibly corrected.  Please note that if your personal data is restricted or erased this may mean that we are not able to fulfil our obligations towards you.

We must also inform you when the restriction on processing your personal data ends.

Right to object

You can object to our processing of your personal data at any time, for example for direct marketing.  This includes any profiling carried out on you for such purposes.  If you object to your personal data being processed for direct marketing, we will stop processing your data immediately.  Please note that if it is you who contacts us to ask for more information on our services, this is not an example of direct marketing.

Right to data portability

You have the right to receive your personal data in a machine readable format and to transfer this data to another personal data controller. This is called data portability.  This applies only to personal data which you have given us yourself, which is processed automatically by us and which we process to enable us to fulfil the contract with you or because you have given your consent.

Complaints

If you have any concerns or complaints about our processing of your personal data, you are welcome to contact us at info@max.se. We will be pleased to help you.  In the unlikely event that we do not manage to find a solution together, you can contact Integritetsskyddsmyndigheten [the Swedish Authority for Privacy Protection] which is the supervisory authority for personal data processing.

Integritetsskyddsmyndigheten can be reached at:

Integritetsskyddsmyndigheten
Box 8114
104 20 Stockholm, Sweden
Email: imy@imy.se
Switchboard: 08-657 61 00
https://www.imy.se/

Changes to our Privacy Policy

Routine minor changes to our Privacy Policy will be posted on our website.  You will be notified of any substantial changes in how your data is processed by email (if we have access to your email address), SMS or by letter.  If you have any concerns about our processing of your personal data as a result of the changes, please contact our Customer Service team at info@max.se.

Cookies Policy

Read our cookie policy »