Privacy Policy
for Dinner-Group AS

1. Introduction
We take your privacy seriously. This privacy policy explains how Dinner-Group AS processes your personal data, what rights you have, and how you can exercise them. All processing is carried out in accordance with the EU General Data Protection Regulation (GDPR) and applicable Norwegian legislation.
‍

2. Data Controller
Data Controller: Dinner-Group AS
Organisation number: 989 471 716
Business address: Stortingsgata 22, 0161 Oslo, Norway
Postal address: P.O. Box 1698 Vika, 0120 Oslo, Norway
Email: dinnergroup@dinnergroup.no

Dinner-Group AS is the data controller for all personal data processed by the following companies:
• Nodee Barcode AS
• Nodee Sky AS
• Tatakii Asian AS
• Südøst Restaurant AS
• Dinner AS
• Südøst Eiendom AS
• Mr. Noods
‍

3. Personal data we collect
We only collect data that is necessary and relevant to the services we provide. Typical personal data we process includes:
• Name
• Telephone number
• Email address
• Date of birth (for membership registration)
• Address (for food delivery)
• Payment information
• Company name (when booking on behalf of a company)
• Comments (e.g. allergies or preferences)
• IP address and website usage (cookies)
• Order history and visit data
• CV, application and references (for job applications)
‍

4. Purpose and legal basis for processing
a) Table reservations
Purpose: Registering and managing reservations
Legal basis: Contract
Additional: Health data is only processed with consent
b) Takeaway / delivery
Purpose: Handling and delivering orders
Legal basis: Contract
c) Customer service and inquiries
Purpose: Responding to inquiries
Legal basis: Legitimate interest
d) Orders via third-party platforms
Purpose: Delivering food ordered via e.g. Wolt or Foodora
Legal basis: Contract
e) Customer database
Purpose: Managing customer relationships
Legal basis: Legitimate interest
f) Marketing (newsletter / membership club)
Purpose: Providing relevant news and offers
Legal basis: Consent
g) Recruitment
Purpose: Assessing and contacting job applicants
Legal basis: Consent
h) Legal obligations
Purpose: Accounting and statutory requirements
Legal basis: Legal obligation
‍

5. Automated decision-making and profiling
We may use profiling and automated decision-making to provide you with more relevant information, particularly in newsletters and membership programs.
‍

What does this mean?
We may analyse previous orders, visit times, or interactions with newsletters to better understand your preferences. This helps us send you more relevant offers.
Legal basis: Consent
Your rights: You may object to profiling at any time, and you have the right to request that decisions are not based solely on automated processing where such decisions significantly affect you.
‍

6. Cookies
We use cookies on our website to:
• Analyse usage patterns
• Improve user experience
• Provide tailored content and advertisements
‍

You can read more about how to manage your consent in our cookie policy.

7. Sharing of personal data
We do not share your personal data with third parties unless:
• Required by law (e.g. tax authorities)
• You have given consent
• It is necessary to provide the service (e.g. IT service providers)
‍

We do not sell your personal data.
‍

8. Use of data processors
We use data processors for, among other things:
• Table reservation systems
• IT services
• Newsletters and marketing

All data processors are subject to data processing agreements and may only process personal data according to our instructions.
‍

9. Transfers outside the EU/EEA
We primarily process data within the EU/EEA. If personal data is transferred to third countries, we ensure adequate safeguards through EU Standard Contractual Clauses or other approved mechanisms.
‍

10. Data retention
We store personal data only for as long as necessary for the purpose:
• Table reservations: 36 months after completed or cancelled booking
• Marketing data: Until consent is withdrawn
• Accounting data: In accordance with the Accounting Act (5 years)
• Job applications: Up to 6 months after the recruitment process ends, unless longer retention is consented to
‍

11. Your rights
You have the right to:
• Request access to your personal data
• Request correction of inaccurate data
• Request deletion
• Request restriction of processing
• Object to certain processing activities
• Request data portability
To exercise your rights, please contact us at:
dinnergroup@dinnergroup.no
‍

12. Complaints
If you believe that our processing of personal data violates applicable regulations, you may lodge a complaint with the Norwegian Data Protection Authority:
www.datatilsynet.no
‍

13. Changes to this privacy policy
We may update this privacy policy as needed.
Last updated: 22 January 2026