Last updated: February 24, 2026

This Privacy Policy explains how Barrelia processes personal data in accordance with the EU General Data Protection Regulation (GDPR).

1. Data Controller

Barrelia is the data controller for personal data processed in connection with our café operations in Sweden.

Barrelia AB, 211 10 Malmö, Sweden

2. What Personal Data We Process

We do not offer online accounts, reservations, or e-commerce services. However, we may process personal data in the following situations:

• Contact information provided when you email us.
• Payment information processed via our payment service providers.
• CCTV recordings on our premises (if applicable).
• Accounting information required under Swedish law.

3. Legal Basis for Processing

We process personal data on the following legal grounds:

• Compliance with legal obligations (e.g., accounting laws).
• Legitimate interest (e.g., maintaining safety through CCTV).
• Consent, where applicable.

4. Payment Processing

Card payments are processed by independent payment service providers. We do not store full card details. Please refer to your payment provider’s privacy policy for information about how they handle your data.

5. CCTV (If Applicable)

CCTV may be used on our premises for security and safety purposes. Recordings are retained only as long as necessary and are accessible only to authorised personnel.

6. Data Retention

Personal data is retained only as long as necessary to fulfil its purpose or as required by Swedish law.

7. Your Rights

Under GDPR, you have the right to request access to your personal data, request correction or deletion, restrict processing, and lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten).

8. Contact

If you have questions regarding this Privacy Policy or how we process personal data, you may contact us at:

contact@vv-nordic.com