1. Definitions 

• “Partner” refers to a restaurant or other collaborator that has entered into an agreement with Food Butik Sweden AB to offer its products and services through the Food Butik Sweden AB platform. 
• “Purchase Agreement” refers to an agreement for the purchase of products and any delivery services from a Partner. 
• “Food Butik” refers to Food Butik Sweden AB, company registration number 559221-7391. 
• “Food Butik App” refers to the digital application provided by Food Butik Sweden AB for ordering products from Partners. 
• “Food Butik Service” refers to both the Food Butik App and the Food Butik Sweden AB website. 
• “User,” “you,” or “your” refers to an individual who uses the Food Butik Service. 
• “Retail Products” refers to food items and other consumer products offered by a Partner through the Food Butik Service. 
• “Foodbonus” refers to credits that can be used to obtain discounts on orders through the Food Butik Service.

2. Introduction

• This Privacy Policy explains how Food Butik Sweden AB (“Food Butik,” “we,” “us,” or “our”) collects, uses, shares, and protects your personal data when you use our Food Butik Service, including our mobile application and website (collectively, the “Service”). We are committed to protecting your privacy and ensuring that your personal data is processed in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

Food Butik Sweden AB, with company registration number 559221-7391 and located at Råsta Strandväg 13 C, 169 79 Solna, Sweden, is the data controller responsible for the processing of your personal data under this Privacy Policy.

If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us at:

• Privacy Inquiries
  Email: support@foodbutik.se
  Postal Address: Food Butik Sweden AB, Råsta Strandväg 13 C, 169 79 Solna, Sweden, Attn: Privacy Inquiries

3. Data We Collect

We collect the following categories of personal data:

• Account Information: This includes your full name, email address, phone number, a hashed version of your password (for security), and any address(es) you provide for delivery.
  
  
• Order Information: This includes a history of your orders placed through the Food Butik Service, the specific items purchased in each order, the date and time of your orders, the delivery address, any special delivery instructions you provided, and payment information. Please note that Food Butik itself does not directly store your full payment card details. We only receive confirmation of successful payments and a transaction ID from these processors.
  • Sweden: Stripe (for card payments), Klarna (for invoice and installment payments), and Swish for (Swish payments).
    
    
• Device Information: We collect information about the device you use to access the Food Butik Service, including your IP address, device type (e.g., mobile phone, tablet), operating system (e.g., iOS, Android), browser type (e.g., Chrome, Safari), and unique device identifiers (e.g., IDFA, Android Advertising ID).
  
  
• Usage Data: We collect information about how you interact with the Food Butik Service, including the pages you visit on our website or within our app, the features you use, the time you spend on the Service, and the links you click.
  
  
• Location Data: We collect approximate location data based on your IP address. This is used to suggest Partners (restaurants) near you and to help provide accurate delivery time estimates. We do not collect precise GPS-based location data unless you explicitly grant us permission to do so for enhanced delivery tracking features (if applicable).
  
  
• Communications: We retain records of your correspondence with our customer support team, including emails, chat logs, and phone call recordings (where permitted by law and with your consent, if required).
  
  
• Foodbonus Information: We collect information about your Foodbonus balance, history of Foodbonus accrual (how you earned them), and redemption (how you spent them).
  
  

• How We Collect Data: (e.g., directly from users when they register, automatically through cookies and tracking technologies).

We collect your personal data in the following ways:

• Directly from you: We collect information directly from you when you register for an account, place an order, contact customer support, participate in surveys or promotions, or otherwise interact with the Food Butik Service.
  
  
• Automatically: We collect certain information automatically through the use of cookies, web beacons, and other tracking technologies when you access and use the Food Butik Service. These technologies allow us to collect Device Information and Usage Data. You can manage your cookie preferences through your browser settings or through a consent management platform on our website (if applicable).
  
  
• From Partners: In some cases, we may receive information about you from our Partners (restaurants), such as confirmation of order fulfillment or details related to your order.

4. How We Use Your Data

We use your personal data for the following purposes:

• Providing the Food Butik Service:

• • Processing your orders, including transmitting your order details to the relevant Partner (restaurant), arranging for delivery or pickup, and processing payments (through our payment processors).
  • Managing your user account, including creating and maintaining your profile, allowing you to log in and out, and managing your preferences.
  • Personalizing your experience by suggesting Partners (restaurants) and menu items based on your past orders, location (if you have granted permission), and preferences.
    Providing you with order updates and notifications.

• Customer Support:

• • Responding to your inquiries and requests for assistance.
  • Troubleshooting technical issues and resolving any problems you may encounter while using the Food Butik Service.
  • Investigating and addressing complaints or disputes.

• Marketing:

• • Sending you promotional emails and newsletters about new Partners (restaurants), special offers, discounts, and other relevant information about the Food Butik Service, but only if you have provided your explicit consent to receive such communications (where required by applicable law). You can withdraw your consent at any time by unsubscribing from our marketing emails or by contacting us directly.
  • Delivering targeted advertising to you on the Food Butik Service or on third-party platforms based on your demographics, interests, and browsing behavior. We will only engage in targeted advertising where we have a lawful basis to do so, such as your consent or our legitimate interests (subject to your right to object).

• Communication with Partners (Restaurants):

• • Sharing your necessary order details (full name, phone number, order details, delivery address, and any special instructions) with the Partner (restaurant) from whom you placed your order. This is essential for the Partner to fulfill your order, contact you if there are any issues with your order (e.g., item unavailability, delivery delays), and ensure proper delivery.

• Improving the Food Butik Service:

• • Analyzing usage data to understand how users interact with the Food Butik Service, identify areas for improvement, and develop new features and functionality.
  • Conducting research and testing to optimize the performance, usability, and security of the Food Butik Service.

• Security:

• • Preventing fraud, unauthorized access, and other illegal activities.
  • Protecting the security and integrity of the Food Butik Service and your personal data.
  • Monitoring and investigating suspicious activity.

• Legal Compliance:

• • Complying with applicable laws, regulations, and legal processes.
  • Responding to requests from law enforcement or other government authorities.
  • Enforcing our Terms of Service and other agreements.

5. Legal Basis for Processing:

We process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

• Contractual Necessity: We process personal data where it is necessary for the performance of a contract with you, or to take steps at your request before entering into such a contract. This applies to:
  • Providing the Food Butik Service: Processing your Account Information, Order Information, relevant Location Data, and Foodbonus Information to manage your account, fulfill your orders, process payments, facilitate delivery/pickup, and provide the core functionalities of the Service as described in our Terms of Service.
  • Customer Support: Processing Account Information, Order Information, and Communications to respond to your inquiries and resolve issues related to the Service provided under our contract.
  • Communication with Partners: Sharing necessary Order Information (name, phone, order details, delivery address, special instructions) with Partners is essential to fulfill the purchase agreement (contract) you make with the Partner through our platform.

• Legitimate Interests: We process personal data where it is necessary for our legitimate interests (or those of a third party), provided that your interests and fundamental rights do not override those interests. We have conducted Legitimate Interest Assessments (LIAs) for processing based on this ground. This applies to:
  • Improving the Food Butik Service: Analyzing Usage Data and Device Information to understand user behavior, improve our platform’s functionality, performance, and user experience, and develop new features. Our legitimate interest is to enhance and optimize our Service.
  • Security: Processing Account Information, Order Information, Device Information, and Usage Data to prevent fraud, protect the security and integrity of our platform and user data, and investigate suspicious activity. Our legitimate interest is to maintain a secure and trustworthy Service.
  • Limited Marketing Activities: We may use Account Information and Order History to provide personalized suggestions or display targeted advertising within the Food Butik Service itself, based on our legitimate interest in promoting relevant offers to our users. You have the right to object to this processing.

• Consent: We process personal data based on your explicit consent for specific purposes. This applies to:
  • Direct Marketing Communications: Sending you promotional emails, newsletters, or push notifications about offers, new partners, or features. We will only send these communications if you have explicitly opted-in.
  • Precise Location Data: Collecting and using your precise GPS-based location data for features like real-time delivery tracking (if applicable).
  • Certain Cookies and Tracking Technologies: Using non-essential cookies and similar technologies for analytics or advertising purposes, as detailed in our Cookie Policy and managed through our consent management platform (if applicable).
  • You have the right to withdraw your consent at any time for any processing based on consent, without affecting the lawfulness of processing based on consent before its withdrawal. You can typically withdraw consent through your account settings, by clicking the “unsubscribe” link in emails, or by contacting us.

• Legal Obligation: We process personal data where it is necessary for compliance with a legal obligation to which we are subject. This applies to:
  • Compliance with Laws: Processing data as required by applicable laws, such as tax regulations (e.g., retaining transaction records), accounting rules, or responding to lawful requests from authorities (e.g., law enforcement).
  • Enforcing Terms: Processing data necessary to enforce our Terms of Service or other legal rights.

6. Data Sharing

We do not sell your personal data. However, we may share your personal data with the following categories of third parties for the purposes described in this Privacy Policy:

• Partners (Restaurants): We share necessary information with the specific Partner (restaurant) from whom you place an order to enable them to prepare, fulfill, and, if applicable, deliver your order. This information typically includes your full name, phone number, order details (items purchased, quantity), delivery address, and any special instructions you provide. This sharing is necessary for the performance of the purchase agreement (contract) you enter into with the Partner via our Service.
  
  
• Payment Processors: To securely process your payments, we share necessary payment information with our trusted third-party payment processors. We do not store your full credit card or debit card number. Our current payment processors include:
  • Stripe, Klarna, Swish, (Sweden)
  • Stripe, Klarna, PayPal. (Germany)
  • These processors are responsible for handling your payment data securely and in compliance with relevant regulations (e.g., PCI DSS).
    
    
• Cloud Hosting Providers: We use third-party cloud hosting services to store your data and operate the Food Butik Service infrastructure. Your personal data may be stored and processed on servers provided by:
  • Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure.
  • These providers are contractually obligated to maintain the security and confidentiality of the data they host.
    
    
• Marketing Platforms: If you have consented to receive marketing communications, we may share limited personal data (such as your email address and name) with third-party marketing platforms to manage and send these communications. Our marketing platform providers include:
  • Mailchimp, Sendinblue, HubSpot.
    
    
• Analytics Providers: We use third-party analytics services to help us understand how users interact with the Food Butik Service, allowing us to improve functionality and user experience. These providers may collect Usage Data and Device Information (often in an aggregated or pseudonymized form). Our analytics providers include:
  • Google Analytics, Mixpanel, Firebase Analytics.
  • Data shared with analytics providers is typically governed by their own privacy policies and processed based on our legitimate interests or your consent (particularly for cookie-based tracking).
    
    
• Other Service Providers: We may engage other third-party companies and individuals to perform services on our behalf, such as customer support platforms (e.g., Zendesk, Intercom), communication services, technical infrastructure services, fraud detection, and data analysis. These providers will only have access to the personal data necessary to perform their functions and are contractually obligated to protect your data.

• Legal Authorities and Compliance: We may disclose your personal data if required to do so by law or in the good faith belief that such action is necessary to:
  • Comply with a legal obligation, subpoena, court order, or other lawful request by public authorities.
  • Protect and defend the rights or property of Food Butik Sweden AB.
  • Prevent or investigate possible wrongdoing in connection with the Service.
  • Protect the personal safety of users of the Service or the public.
  • Protect against legal liability.

• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your personal data.

International Data Transfers:

Some of the third parties listed above may be located outside the European Union (EU) / European Economic Area (EEA). When we transfer your personal data outside the EU/EEA, we ensure that appropriate safeguards are in place to protect your data in accordance with GDPR requirements. These safeguards may include:

• Transferring data to countries deemed to provide an adequate level of data protection by the European Commission.
• Implementing Standard Contractual Clauses (SCCs) approved by the European Commission between Food Butik and the third party.
• Relying on Binding Corporate Rules (BCRs) for intra-group transfers (if applicable).
• [If you rely on specific adequacy decisions for certain countries, e.g., UK, Switzerland, list them here].

We take steps to ensure that any recipient of your personal data provides an adequate level of protection and is contractually bound to confidentiality and data protection obligations.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, and as described in this Privacy Policy. The retention periods we apply vary depending on the type of data and the purpose for which we process it.

Here’s how we determine retention periods:

• Account Information: We retain your Account Information (full name, email address, phone number, hashed password, address(es)) for as long as your Food Butik account remains active. If your account becomes inactive (e.g., no logins or orders for a continuous period of [Specify Timeframe – e.g., 2 years, 3 years]), we may contact you to confirm if you wish to keep the account. If we do not receive confirmation or if you request deletion, we will take steps to delete or anonymize your Account Information, subject to any overriding legal or regulatory requirements.
  
  
• Order History: We retain your Order History (items purchased, date/time, payment confirmation details, delivery information) for a minimum period required by law for accounting and tax purposes. In Sweden, under the Bookkeeping Act (Bokföringslagen), accounting records must generally be kept for seven (7) years after the end of the calendar year in which the financial year concluded. Therefore, we retain Order History for at least this mandatory period. We may retain it for a slightly longer period if necessary for customer service purposes (e.g., handling disputes or warranty claims related to past orders) or analytics, but will anonymize or delete it when no longer reasonably needed.
  
  
• Marketing Data and Consent: If you have consented to receive marketing communications, we retain your contact information (email address, phone number) for marketing purposes until you withdraw your consent (unsubscribe). We also maintain a record of your consent preferences (including opt-ins and opt-outs) for as long as necessary to demonstrate compliance with data protection regulations, which may be longer than the period we actively send you marketing.
  
  
• Usage Data and Device Information: Data collected for analytics and service improvement (Usage Data, Device Information, approximate location derived from IP) is typically retained in an identifiable form for a shorter period, such as [Specify Timeframe – e.g., 12 months, 24 months], after which it is either deleted or anonymized/aggregated so that it can no longer be linked back to you. Logs used for security purposes may be retained for a period necessary to investigate incidents, typically [Specify Timeframe – e.g., 6 months, 12 months].
  
  
• Precise Location Data: If collected with your explicit consent (e.g., for real-time delivery tracking), precise location data is retained only for the duration necessary to provide that specific service and is typically deleted shortly after the order delivery is completed or the session ends.
  
  
• Communications: Records of your communications with customer support are retained for a period necessary to resolve the specific inquiry and for a reasonable period afterward to handle follow-up questions or potential disputes, typically [Specify Timeframe – e.g., 1 year, 2 years] after the issue is considered closed or after account deletion, unless a longer period is required for legal reasons.
  
  
• Foodbonus Information: Your Foodbonus balance and history are retained as long as your account is active and the bonuses are valid according to the terms of the Foodbonus program. Upon account deletion, associated Foodbonus information will also be deleted.

Anonymization:

In some instances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Legal Holds:

Please note that notwithstanding the periods outlined above, we may retain certain data for longer periods if required by law, court order, or if necessary to establish, exercise, or defend legal claims.

8. Your Rights

Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have several rights concerning your personal data that we process. We are committed to facilitating the exercise of these rights.

• Right to Access: You have the right to request confirmation from us as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and information about how we process it. You can request a copy of the personal data we hold about you.
  
  
• Right to Rectification: You have the right to request the correction of inaccurate personal data concerning you. If you believe that any information we hold about you is incomplete or incorrect, you can request that we complete or correct it. You may be able to update some of your information directly within your account settings.
  
  
• Right to Erasure (“Right to be Forgotten”): You have the right to request the deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, you withdraw consent (and there is no other legal ground for processing), or you object to the processing and there are no overriding legitimate grounds. Please note that this right is not absolute and we may be legally required to retain certain information (e.g., for accounting purposes as detailed in Section 7: Data Retention).
  
  
• Right to Restriction of Processing: You have the right to request the restriction of processing of your personal data under certain conditions, for example, if you contest the accuracy of the data or if the processing is unlawful but you oppose erasure. When processing is restricted, we will only store your data and process it with your consent or for legal claims.
  
  
• Right to Data Portability: Where processing is based on your consent or on a contract, and the processing is carried out by automated means, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format (such as CSV or JSON) and have the right to transmit those data to another controller without hindrance from us.
  
  
• Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on our legitimate interests (as outlined in Section 5). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. You also have the absolute right to object at any time to the processing of your personal data for direct marketing purposes, including profiling related to direct marketing. If you object to processing for direct marketing, your personal data will no longer be processed for such purposes.
  
  
• Right to Withdraw Consent: Where we rely on your consent as the legal basis for processing your personal data (e.g., for marketing emails, precise location data), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal. You can typically withdraw consent via the mechanism provided when consent was obtained (e.g., unsubscribe link in emails, device settings for location) or by contacting us.

How to Exercise Your Rights:

To exercise any of the rights described above, please contact us using the following details:

• Email: [Use the same privacy contact email you decided on in Section 2, e.g., privacy@foodbutik.se or support@foodbutik.se]
• Postal Address: Food Butik Sweden AB, Råsta Strandväg 13 C, 169 79 Solna, Sweden, Attn: Privacy Rights Request

You may also be able to exercise some of these rights directly through your account settings on the Food Butik App or website (e.g., updating your profile information, managing marketing preferences, requesting data download/deletion if technically implemented).]

To protect your privacy and security, we may need to verify your identity before processing your request. We will respond to your request within the timeframes required by law (typically within one month), although this period may be extended in complex cases. Please note that we may charge a reasonable fee or refuse to act on a request if it is manifestly unfounded or excessive, particularly if it is repetitive.

Right to Lodge a Complaint:

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes applicable data protection laws. The competent supervisory authority in Sweden is:

• Integritetsskyddsmyndigheten (IMY) Website: https://www.imy.se/

We would, however, appreciate the chance to deal with your concerns before you approach the IMY, so please contact us in the first instance.

9. Security

Security Measures:

We take the security of your personal data seriously and implement appropriate technical, administrative, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, use, or destruction. These measures include, but are not limited to:

• Encryption: We employ encryption technologies to protect data both while it is stored (at rest) and while it is being transmitted over networks (in transit), including the use of Transport Layer Security (TLS)/Secure Sockets Layer (SSL) for data transmission.
  
  
• Access Controls: Access to personal data is restricted on a “need-to-know” basis. We utilize role-based access controls, authentication mechanisms, and authorization protocols to limit access to sensitive information to authorized personnel only.
  
  
• Password Security: User passwords are required for account access and are stored in a hashed format, meaning they are not stored in plain text.
  
  
• Network Security: We utilize firewalls and other network security technologies to protect our systems from unauthorized external access.
  
  
• Secure Development Practices: We incorporate security considerations into our software development lifecycle.
  
  
• Third-Party Security: We rely on reputable third-party service providers (such as cloud hosting and payment processors) who maintain high standards of security, often certified under recognized security frameworks. We conduct due diligence on our vendors’ security practices.
  
  
• Internal Policies and Training: We maintain internal policies regarding data security and provide regular training to our employees on data protection best practices and their security responsibilities.
  
  
• Monitoring and Testing: We regularly monitor our systems for potential vulnerabilities and security incidents and conduct periodic security testing.

While we strive to use commercially acceptable means to protect your personal data, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. You also play a role in keeping your data safe by using a strong password and keeping your login credentials confidential.

Data Breach Notification:

We have procedures in place to detect, investigate, and respond to suspected personal data breaches. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority (the Swedish Integritetsskyddsmyndigheten – IMY) without undue delay, and where feasible, not later than 72 hours after having become aware of it, unless the breach is unlikely to result in a risk to your rights and freedoms.

Furthermore, if a personal data breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay. This notification will typically be sent via email to the address associated with your account or through a prominent notification within the Food Butik Service. The notification will describe, in clear and plain language:

• The nature of the personal data breach.
• The likely consequences of the breach.
• The measures taken or proposed to be taken by us to address the breach, including, where appropriate, measures to mitigate its possible adverse effects.
• The contact details where more information can be obtained.
• We will document all personal data breaches, comprising the facts relating to the breach, its effects, and the remedial action taken.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (such as web beacons, pixel tags, scripts, and local storage) to operate and improve the Food Butik Service, understand how you use it, and personalize your experience, including for advertising purposes.

• What are Cookies? Cookies are small text files placed on your device (computer, tablet, mobile phone) when you visit websites or use apps. Tracking technologies work similarly to gather information about your interactions with our Service.
  
  
• Why We Use Them: We use these technologies for various purposes, including:
  • Essential Operations: To enable core functionalities of the Service, such as keeping you logged in, managing your shopping cart, and ensuring security. These are often called “strictly necessary” cookies.
  • Performance and Analytics: To collect information about how you interact with our Service (e.g., which pages you visit, how long you stay), helping us analyze performance, identify issues, and improve the user experience.
  • Functionality and Personalization: To remember your preferences and settings (like language or location) and provide enhanced, more personalized features.
  • Advertising and Marketing: To deliver advertisements that may be more relevant to your interests, both on our Service and on third-party websites, and to measure the effectiveness of advertising campaigns. We request your consent before placing non-essential cookies for these purposes.

Your Choices and Managing Preferences:

You have choices regarding the use of cookies and tracking technologies.

• Cookie Consent Banner/Platform: When you first visit our Service, you may be presented with a cookie banner or consent management platform where you can manage your preferences for non-essential cookies.
  
  
• Browser Settings: Most web browsers allow you to control cookies through their settings preferences. You can usually set your browser to block certain cookies, clear existing cookies, or notify you when a cookie is set. However, please be aware that blocking or deleting essential cookies may negatively impact your ability to use the Food Butik Service effectively, as certain features may not function correctly.

More Information:

For a detailed explanation of the specific cookies and tracking technologies we use, their purposes, the third parties involved, their duration, and more specific information on how to manage your preferences, please refer to our dedicated Cookie Policy: [Link to Your Cookie Policy].

11. Changes to this Privacy Policy

In case of changes in the privacy terms an email will be sent from (privacy@foodbutik.com).
It is up to the User to read and sign out from Food Butik services if they don’t agree with the new Privacy Policy

12. Contact Us

Our contact information for privacy inquiries are:
Email: (privacy@foodbutik.com)
Phone:
Postal: Food Butik Sweden AB, Råsta Strandväg 13 C, 169 79 Solna, Sweden

Version: 1.0
Updated on: 31.03.2025