Privacy Policy
Last updated: May 17, 2026
This Privacy Policy explains how La Paella Copenhague I/S ("we", "us", "our") collects, uses and protects personal data when you visit www.lapaella.dk or contact us to book an event. We comply with the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act.
1. Data controller
The data controller is La Paella Copenhague I/S, CVR 45739961, Robert Jacobsens Vej 35, 1. th, 2300 København S, Denmark. You can contact us at lapaellacopenhague@gmail.com.
2. What data we collect
- Booking form data: name, email, phone number, event date, number of guests, paella choice and any event details you provide.
- Technical data: IP address, browser type, device and basic usage data when you visit the site.
- Communications: any emails or messages you send us.
3. Why we use your data (legal basis)
- To respond to your booking enquiry and provide our catering service — GDPR art. 6(1)(b), contract.
- To comply with Danish accounting and tax law — GDPR art. 6(1)(c), legal obligation.
- To secure and improve the website — GDPR art. 6(1)(f), legitimate interest.
4. Who we share data with
We only share your data with processors strictly needed to run our service:
- Resend (email delivery) — to send your booking enquiry to us.
- Supabase (hosting and database) — to store enquiries securely in the EU.
- Lovable / Cloudflare (web hosting) — to serve the website.
We never sell your personal data.
5. How long we keep your data
Booking enquiries are kept for up to 3 years after our last contact, unless Danish bookkeeping law requires us to keep accounting records for longer (typically 5 years).
6. Your rights
Under GDPR you have the right to:
- access the personal data we hold about you;
- correct inaccurate data;
- request deletion ("right to be forgotten");
- restrict or object to processing;
- data portability;
- withdraw any consent at any time.
To exercise your rights, email us at lapaellacopenhague@gmail.com. You can also lodge a complaint with the Danish Data Protection Agency (Datatilsynet, datatilsynet.dk).
7. Security
We use industry-standard technical and organisational measures (encrypted transport, access controls, EU-based hosting) to protect your data.
8. Changes
We may update this policy. The latest version is always available on this page with the date shown above.
