1. Introduction – why this policy exists

This privacy policy explains how personal data is processed when you use Joan's ordering and payment app or visit the website www.joans.se. The purpose is to describe clearly and understandably what data is collected, why it is needed, and how it is protected.

We protect your personal integrity and process personal data in accordance with the EU's General Data Protection Regulation (GDPR) and other applicable data protection legislation.

2. Who is responsible for your personal data?

When you use the app to order and pay at a restaurant within the Joan's chain, the restaurant where you make your purchase is the data controller (”the Restaurant”). Information about which Restaurant is the data controller is indicated in connection with your order in the app and in your order confirmation.

This means that the Restaurant is responsible for how your personal data is processed in connection with ordering, payment, delivery, complaints, and customer service.

Joans AB acts as a common administrative contact point for inquiries regarding personal data and this policy, but is normally not the data controller for the purchase itself.

3. What personal data is collected?

Depending on how you use the app or website, different types of personal data may need to be processed. The data is collected either directly from you or automatically when you use our digital services.

3.1 Information you provide yourself

This may include, for example, your name, contact information, details needed to process an order, and information you provide when you contact customer service.

3.2 Tasks Created During Use

When using the app, information about your orders, transactions, payment method choices, and technical information about your device and usage may be processed.

4. Why is your personal data processed?

Personal data is processed only for clearly defined and legitimate purposes. The most common purposes and the legal basis used are explained below.

4.1 To process orders and purchases

The processing is necessary to fulfill the agreement between you and the Restaurant, for example, to receive your order, handle payment, and deliver goods or services.

4.2 To meet legal requirements

Certain personal data must be processed to meet legal obligations, such as requirements under accounting and tax legislation.

4.3 For customer service and support

Personal data may be processed to answer questions, handle complaints, and provide you with support. This processing is based on a legitimate interest.

4.4 For operation, safety, and development

Information may also be processed to ensure the app functions correctly, to prevent fraud and abuse, and to improve the user experience. 

To ensure the app and website function correctly and to improve functionality and user experience, we may use analytics tools. Processing is done with the support of legitimate interest and in accordance with applicable legislation.

4.5 Marketing and Communication

If marketing or mailings are carried out, personal data is only used in accordance with applicable legislation and, when required, after you have given your consent. If processing is carried out based on your consent, you have the right to withdraw this consent at any time.

5. Who can access the personal data?

Personal data may be shared with suppliers who provide technical services on behalf of the Restaurant, such as IT operations, system platforms, hosting, and payment solutions.

Payments in the app are handled by our payment provider Henynow AB, which is independently responsible for the processing of personal data within the scope of the payment service. Henynow AB processes personal data in accordance with its own privacy policy. Joan's restaurants do not have access to and are not responsible for Henynow AB's processing of personal data within the scope of their payment service.

Joan’s restaurants also use external technical suppliers for the operation of their app, ordering system, hosting, and technical support. These suppliers process personal data solely on behalf of the Restaurant and act as data processors in accordance with data protection legislation.

Data processors are obliged to take appropriate technical and organizational security measures, ensure confidentiality, and may not use personal data for their own purposes.

6. How long are personal data stored?

Personal data is only stored for as long as it is necessary for the purposes stated in this policy or as required by law. Thereafter, the data will be deleted or anonymized.

7. Your Rights

You have the right to be informed about which personal data is being processed about you and to request rectification, erasure, or restriction of processing.

You also have the right to object to certain processing and the right to data portability, to the extent provided for by data protection legislation. 

Requests can be directed to the restaurant where you made your purchase or via contact information provided on www.joans.se.

8. How is your personal data protected?

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access, loss, or misuse.

9. Cookies and similar technologies

The website uses cookies and similar technologies to enhance functionality and user experience. More information can be found in our separate cookie policy.

10. Policy Changes

This personal data policy may be updated. The latest version is always available at www.joans.se.

11. Contact Information and Complaints

If you have questions about how your personal data is processed, please feel free to contact us. You can contact the Restaurant where you made your purchase or Joans AB using the contact details on www.joans.se, which serves as the central point of contact for data privacy matters within the Joan's chain.

You also have the right to submit a complaint to the Swedish Authority for Privacy Protection (IMY).