Privacy policy

CRM Creative Restaurant Management AB's privacy policy

1. background

CRM Creative Restaurant Management AB, hereinafter referred to as Kasai, processes personal data in its daily operations. The privacy policy applies generally to the processing of personal data within Kasai and exists to explain what kind of data Kasai processes, why and how. Personal data is processed in Kasai's administration and booking systems. Personal data is also processed in Kasai's applications, social media platforms and on the website kasai.se ("Digital Channels"). The privacy policy applies to employees, suppliers and guests.

2. Personal data and personal data processing

Personal data is any information that can be linked directly, or indirectly together with other data, to a living natural person. Names, phone numbers, pictures and IP addresses can be personal data. Bookings, behaviors and orders can also be personal data if, together with other data, they can be linked to a person. Actions taken with personal data are personal data processing, such as storage, collection, modification, deletion and dissemination.

2.1. Special categories of personal data

Kasai sometimes processes special categories of personal data. For example, data relating to health, trade unions and religious beliefs are considered to be special categories and worthy of extra protection. For example, handling a reservation where someone is allergic requires the processing of data about someone's health. Such processing is only done with consent. Trade union membership can also be processed in employment relationships, if necessary for employment law purposes.

3. Data controller

The controller is the party responsible for processing personal data and deciding why and how personal data is processed. In this case, Kasai Aktiebolag is the controller. In some cases, another party determines what personal data is processed and why. Kasai is then a data processor and processes personal data on their behalf. It is also possible that Kasai together with a third party is responsible for the processing.

4. Data processors

In order to deliver its services, Kasai uses data processors. This means that Kasai is the data controller and decides what personal data is processed and why, but that we outsource parts of the processing. This concerns, for example, IT solutions such as systems for storage and booking. Kasai then decides on the processing and is responsible for it, but uses other suppliers to deliver its services. Kasai always enters into data processing agreements with data processors to ensure a high level of protection for all data.

5. Kasai's processing of personal data

Kasai and our data processors always have a lawful basis for processing personal data. Most often, it is necessary for the performance of a contract or agreement, but it can also be done on the basis of consent, if it is necessary to defend legal claims or due to legal requirements. Kasai may also process personal data if there is a legitimate interest. The legitimate interest then outweighs the data subject's interest in Kasai not processing their personal data. For example, marketing to guests we have previously been in contact with is done after a balance of interests. However, as a data subject, it is always possible to easily object to such personal data processing.

Below is an overview of Kasai's personal data processing. Kasai strives to process as little personal data as possible. Therefore, not all categories of personal data are processed on every occasion. For example, addresses and e-mail addresses are not always processed for bookings, but they do occur.

5.1 Communication and administration

Kasai processes personal data for administration and communication with guests, employees and suppliers. The purpose is to manage bookings, employment and administer the business.

  1. Personal data
    Name, e-mail address, address, telephone number, reservations, food preferences, allergies.
  2. Legal basis
    The processing is necessary to fulfill the agreements and provide our services.
  3. Origin of the data
    The data comes from the data subject himself, which is provided to us when making reservations and entering into contracts.

5.2. Employment conditions

In order to manage the administration and payment of salaries and contact with employees, Kasai needs to process employees' personal data.

  1. Personal data
    1. Name, e-mail address, address, telephone number, dependants (if any), account number, employer's certificate, payslips, absences.

2. Control data, income data.

  1. Legal basis
    1. The processing is necessary to fulfill employment contracts and to administer and pay salaries.
    2. Kasai has a legal obligation as an employer to provide the Swedish Tax Agency with employees' control information.
  2. Data origin
    1. The data comes from the data subject himself/herself and is provided to us when entering into a contract or during the contractual relationship. Pay slips are generated in the Kasai payroll system and employer certificates are created by the HR department.
    2. The data originates from the payroll system and is based on what is recorded in the light of the employee's salary and work grade.

5.3. Marketing

Kasai uses personal data to market its services in Digital Channels and through mailings with offers and information.

  1. Personal data
    Names, e-mail addresses, in some cases pictures.
  2. Legal basis
    Processing is based on consent or a balance of interests.
  3. Origin of data
    From the data subjects themselves through newsletter subscription. Photos are sometimes taken by Kasai photographers.

5.4. Payments

To process payments, Kasai processes personal data.

  1. Personal data
    Card number, invoice number, name, e-mail address, telephone number, amount, point of sale, time of transaction, details of the order.
  2. Legal basis
    In order to trade services and goods and fulfill contracts by receiving payment or insuring its own payment, Kasai needs to process personal data related to payments.
  3. Data origin
    The data comes from the data subjects themselves at the time of payment or booking.

5.5 Guest surveys

To improve its services, Kasai sends out requests for participation in guest surveys.

  1. Personal data
    Name, e-mail address, response results.
  2. Legal basis
    Processing is based on a balance of interests.
  3. Data origin
    The data for the mailings come from the data subjects themselves who have provided them to a group company. The responses to the surveys come directly from the data subject.

5.6. Managing claims

In order to handle any legal claims such as complaints, claims or lawsuits, Kasai may need to process personal data.

  1. Personal data
    Name, social security number, address, e-mail address, telephone number, account number, sequence of events, location information.
  2. Legal basis
    The processing is necessary for the purposes of the legitimate interest pursued by Kasai in the establishment, exercise or defence of legal claims.
  3. Data origin
    The data may come from the data subjects themselves but also from authorities or other actors such as insurance companies.

5.7. Cookies etc.

In order to improve the user experience in the Digital Channels, Kasai may collect technical data.

  1. Personal data
    IP addresses, cookies, browser information, device IDs.
  2. Legal basis
    Depending on the type of technical data collected, processing is based on either a balance of interests or consent.
  3. Data origin
    Data subjects themselves when using the Digital Channels.

6. recipients with whom Kasai can share information.

6.1. Service providers

In order to provide its services, Kasai uses various suppliers for, among other things, IT solutions such as networks, storage services and e-mail services. The suppliers may only process personal data according to Kasai's explicit instructions and may not process the data for their own purposes. All are also bound by law and contract to protect personal data.

6.2. Payees and payment service providers

In the case of payments, personal data may be shared between the payment service provider, the payee and both parties' banks.

6.3. Other beneficiaries

In some cases, Kasai may also share data with other recipients, mainly authorities due to legal requirements or in connection with legal processes. Personal data may also be shared with potential buyers and sellers of all or part of the business.

7. technical and organizational measures

Kasai is committed to the privacy of its guests and employees and takes appropriate technical and organizational security measures to protect personal data from unauthorized access, alteration, disclosure or destruction. These include procedures and access restrictions to prevent unauthorized access.

8. Where does Kasai process personal data?

Kasai aims to process all personal data within the EU/EEA area. However, some suppliers may process personal data outside the EU/EEA area. In such cases, we always ensure that the data is protected and that there are safeguards in place, through contracts that require the same requirements as the EU data protection rules.

9. How long is personal data stored?

Kasai processes personal data for as long as there is a relationship with the data subject and for some time thereafter, as long as there is a legal basis. If there is no longer a reason to process personal data, it is deleted.

10. rights

Kasai would like to remind you of the rights the GDPR gives to individuals who have their personal data processed.

10.1. Access to personal data

As a data subject, you have the right to request confirmation as to whether or not we process personal data about you. If we do, you have the right to see what data we process about you through a register extract.

10.2. Correction

If a piece of information is incorrect or incomplete, you have the right to request that it be corrected.

10.3. Withdrawing consent

If we process your personal data with consent as the legal basis for the processing, you have the right to withdraw your consent at any time with future effect.

10.4. Object to processing for direct marketing purposes

Data subjects have the right to object to personal data processing for direct marketing purposes. This is most easily done by unsubscribing from mailings by clicking on the unsubscribe link in the mailing or contacting us.

10.5. Right to complain to the supervisory authority

The data subject also has the right to lodge a complaint directly with the supervisory authority. The supervisory authority must then investigate what has happened.

10.6. Opposing processing based on Kasai's legitimate interest

As a data subject, you have the right to object to processing based on legitimate interest if there are reasons in your specific case that speak against the processing. However, if you object to the processing and there are compelling legitimate grounds that outweigh these, we may continue the processing.

10.7. Erasure

Data subjects have the right to request and, under certain circumstances, have their personal data deleted. An exception is if we are required by law to keep the data.

10.8. Restriction of processing

Data subjects have the right to request that the processing of their personal data be restricted.

10.9. Data portability

Data subjects also have the right to receive copies of their personal data in a structured, commonly used and machine-readable format. This right only covers personal data provided by the data subject and the legal basis is either consent or the existence of a contract.

Stockholm

Instagram Facebook-f

Opening hours
Tuesday - Thursday 17 - 23
Friday 17 - 03
Saturday 12 - 03

Malmö

Instagram Facebook-f

Opening hours
Monday - Thursday 17 - 23
Friday - Saturday 17 - 00

Visby

Instagram Facebook-f

Opening hours April 2025
Wednesday - Thursday 17 - 23
Friday - Saturday 17 - 02

Language

PR / Media

Economy

Main Menu
Kasai is part of the Kasai Group.
2025 KASAI. All Rights Reserved.