GDPR – Export and Erase Customer Data

GDPR (the EU regulation) and the Swedish Data Protection Act give every guest the right to request their data and the right to be "forgotten". As the restaurant, you are the data controller – Vendion is the processor. This means you handle the request, but Vendion has the tools.

Guest rights under GDPR:

How to handle a request step-by-step:

1. Verify it is the right person. Requests can come by phone, email, or letter. Before handing out data – verify identity. Ask for a phone number that matches the guest profile, or have the guest confirm via email from the address on file. This is a GDPR requirement – you must not hand out data to the wrong person.

2. Find the guest. Go to Marketing → Guests and search by name, phone, or email. Click the guest to open the profile.

3a. If the request is EXPORT (guest wants to see their data):

• Click "Export guest data" in the guest profile (coming Q2 2026; today it is manual).
• Vendion generates a PDF/JSON with:
  • Name, phone, email, birthday, notes
  • All visits with date, amount, and ordered dishes
  • All bookings with date, party size, no-show status
  • All campaigns received (date and text)
  • All tags (manual and automatic)
  • Consent history (when SMS and email consent was given/withdrawn)
• Send the file to the guest's verified email. Do not delete data at this stage.

3b. If the request is ERASURE ("forget me"):

• Click "Delete guest" in the guest profile.
• Confirmation dialog warns: "This action cannot be undone."
• On confirmation:
  • Name, phone, email, and notes are anonymized (name replaced with "Deleted guest", contact fields nulled)
  • Visit history is kept but without personal data (required for 7-year bookkeeping)
  • All tags are removed
  • Campaign history is nulled (guest can no longer be linked to sends)
  • The guest can no longer be reached via SMS or email
• Document in an internal register: date, who requested, who handled.

4. Reply to the guest in writing within 30 days. Template you can copy:

"Hi [name], we have received your request for [access to / deletion of] personal data dated [date]. We have now [exported your data and attached it / deleted your data from our systems]. If you have questions, contact us at [email]. Best regards, [restaurant]"

What CANNOT be deleted (and why):

Note: When you delete a guest in Vendion, contact details disappear but order history remains as "Unknown guest" orders. This is fully GDPR-compliant – the personal data is deleted, and the financial transaction is preserved as the law requires.

Right to object (marketing stopped immediately): If the guest just wants to stop receiving marketing (not delete the whole profile) – simply disable SMS and email consent in the guest profile. No deletion needed. This must happen immediately, not within 30 days.

STOP-SMS counts too: If a guest replies "STOP" to a campaign SMS, the guest's consent is updated automatically – SMS consent is turned off and the unsubscribe timestamp is recorded. You don't need to do anything manually – the system handles it.

Tools to know:

• Consent history – Vendion logs exactly when SMS and email consent was given/withdrawn
• System change log – all deletions are logged with user + timestamp
• Monthly GDPR reports (coming) – overview of requests handled

Privacy policy on vendion.com: /integritetspolicy (Swedish) and /en/privacy-policy (English) should always be linked in consent boxes, campaign SMS (via short link), and email footers.