Privacy Policy
Last updated: 2026-07-02
This policy describes how Veno Café collects and processes your personal data when you visit our website or contact us, and what rights you have under the General Data Protection Regulation (GDPR).
Data controller
Domus Café AB (company reg. no. 559538-2481), Södra storgatan 16, 252 23 Helsingborg, Sweden, is the controller responsible for processing your personal data. For data protection questions, contact us at hej@venocafe.se.
What data we process and why
We only process the data we need, for the following purposes and on the following legal bases:
| Purpose | Data | Legal basis |
|---|---|---|
| Answering and handling your catering enquiry | Name, email, phone, number of guests, event type, your order/wishes, delivery address, invoicing details and any other information you provide | Pre-contractual steps at your request (Art. 6(1)(b)) |
| Accounting for completed orders | Invoicing and payment details | Legal obligation – the Swedish Bookkeeping Act (Art. 6(1)(c)) |
| Operating, securing and troubleshooting the website | Technical data: IP address, browser type, timestamp | Legitimate interest (Art. 6(1)(f)) |
| Statistics and analytics via cookies | See our cookie policy | Consent (Art. 6(1)(a)) |
How your enquiry is handled
When you submit the form, the data is received by our own server and sent to us as an email. We use no third-party form or automation tools. The server stores nothing – the data only remains in the email inbox where we receive it.
Who may access the data
We never sell your data. To run the website and receive your enquiry we use the following processors, which only process the data on our instructions and under data processing agreements:
| Provider | Role |
|---|---|
| Cloudflare, Inc. | Web hosting and operation of the server that receives the form |
| Resend, Inc. | Delivers the enquiry email to us |
| Google (Gmail) | The email inbox where received enquiries are stored |
Transfers outside the EU/EEA
The providers above are based in the USA and some processing may take place outside the EU/EEA. Such transfers are safeguarded by the EU Standard Contractual Clauses and/or the EU-US Data Privacy Framework. [TO CONFIRM: Resend's exact transfer mechanism.] Contact us for a copy of the safeguards.
Cookies and consent
We use cookies as described in our cookie policy. Statistics and third-party cookies are only set if you consent, and you can change or withdraw your consent at any time:
How long we keep the data
- Catering enquiries: at most 12 months after the enquiry (or after the event), then deleted.
- Invoicing and accounting records: 7 years, as required by the Swedish Bookkeeping Act.
- Technical server logs: a short period, for operation and security.
Your rights
Under the GDPR you have the following rights:
- Access to your data (a copy of what we hold)
- Rectification of inaccurate data
- Erasure (the “right to be forgotten”)
- Restriction of processing
- To object to the processing
- Data portability
- To withdraw any consent you have given, at any time
Contact us at hej@venocafe.se to exercise your rights. We respond within one month, free of charge. Note that accounting records cannot be erased until the statutory retention period has ended.
Complaints
If you believe we process your data unlawfully, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY), imy@imy.se, www.imy.se.
Do you have to provide your data?
Providing data is voluntary. However, we need your name, email and your order to be able to answer a catering enquiry – without them we cannot help you with the enquiry.
Automated decision-making
We do not use automated decision-making or profiling.
Changes to this policy
We may update this policy when our routines or services change. The latest version is always available here, with the date of the most recent update shown at the top.