Privacy Policy

Last updated: 2026-07-02

This policy describes how Veno Café collects and processes your personal data when you visit our website or contact us, and what rights you have under the General Data Protection Regulation (GDPR).

Data controller

Domus Café AB (company reg. no. 559538-2481), Södra storgatan 16, 252 23 Helsingborg, Sweden, is the controller responsible for processing your personal data. For data protection questions, contact us at hej@venocafe.se.

What data we process and why

We only process the data we need, for the following purposes and on the following legal bases:

PurposeDataLegal basis
Answering and handling your catering enquiryName, email, phone, number of guests, event type, your order/wishes, delivery address, invoicing details and any other information you providePre-contractual steps at your request (Art. 6(1)(b))
Accounting for completed ordersInvoicing and payment detailsLegal obligation – the Swedish Bookkeeping Act (Art. 6(1)(c))
Operating, securing and troubleshooting the websiteTechnical data: IP address, browser type, timestampLegitimate interest (Art. 6(1)(f))
Statistics and analytics via cookiesSee our cookie policyConsent (Art. 6(1)(a))

How your enquiry is handled

When you submit the form, the data is received by our own server and sent to us as an email. We use no third-party form or automation tools. The server stores nothing – the data only remains in the email inbox where we receive it.

Who may access the data

We never sell your data. To run the website and receive your enquiry we use the following processors, which only process the data on our instructions and under data processing agreements:

ProviderRole
Cloudflare, Inc.Web hosting and operation of the server that receives the form
Resend, Inc.Delivers the enquiry email to us
Google (Gmail)The email inbox where received enquiries are stored

Transfers outside the EU/EEA

The providers above are based in the USA and some processing may take place outside the EU/EEA. Such transfers are safeguarded by the EU Standard Contractual Clauses and/or the EU-US Data Privacy Framework. [TO CONFIRM: Resend's exact transfer mechanism.] Contact us for a copy of the safeguards.

Cookies and consent

We use cookies as described in our cookie policy. Statistics and third-party cookies are only set if you consent, and you can change or withdraw your consent at any time:

How long we keep the data

  • Catering enquiries: at most 12 months after the enquiry (or after the event), then deleted.
  • Invoicing and accounting records: 7 years, as required by the Swedish Bookkeeping Act.
  • Technical server logs: a short period, for operation and security.

Your rights

Under the GDPR you have the following rights:

  • Access to your data (a copy of what we hold)
  • Rectification of inaccurate data
  • Erasure (the “right to be forgotten”)
  • Restriction of processing
  • To object to the processing
  • Data portability
  • To withdraw any consent you have given, at any time

Contact us at hej@venocafe.se to exercise your rights. We respond within one month, free of charge. Note that accounting records cannot be erased until the statutory retention period has ended.

Complaints

If you believe we process your data unlawfully, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY), imy@imy.se, www.imy.se.

Do you have to provide your data?

Providing data is voluntary. However, we need your name, email and your order to be able to answer a catering enquiry – without them we cannot help you with the enquiry.

Automated decision-making

We do not use automated decision-making or profiling.

Changes to this policy

We may update this policy when our routines or services change. The latest version is always available here, with the date of the most recent update shown at the top.