resmio » Help » Processing and protection of your data

Information on the processing and protection of your data

resmio is taking the issue of data privacy seriously. In accordance with the General Data Protection Regulation (GDPR), we are working continuously to ensure the best possible level of protection for any personal data of our customers (generally restaurant owners) and the users of our widgets ( customers of restaurant owners). At the same time, we aim to create transparency by answering frequently asked questions about our processes, how we store, process and protect data.

For more detailed information about data protection at resmio, please check our privacy policy.

info

Please note that this page is for information purposes only and does not replace legal advice from a specialist lawyer. Despite reasonable efforts, we cannot guarantee the accuracy, completeness and up-to-date nature of the content provided.

Table of contents

resmio und DSGVO
General
help

How do we protect your data?

As a non-public entity that processes personal data itself or on behalf of others, we are required to take appropriate technical and organizational measures (“TOM”) based on Article 32 of the GDPR. Key security measures to protect our infrastructure and control mechanisms for secure data storage include:

  • Access control systems to restrict third party access to data on our production systems.
  • Obtaining mutually signed Data Processing Agreements (DPAs) with all external service providers who process personal data on behalf of resmio
  • Access controls built into our service, such as user management to ensure that users (restaurant owners, waiters, …) cannot access other users’ data
    Regular, automated creation of encrypted back-ups for data backup and recovery in case of failure
  • Use of encryption technology (TLS) for secure data transmission

In addition, all resmio employees participated in the online training on “Data privacy in daily business routine” at PROLIANCE GmbH. As part of the training, our staff was sensitized to the topic of data protection and trained in the handling of personal data. The knowledge was subsequently tested with an online exam, which our employees had to pass successfully.

help

Where is the data stored?

resmio uses the high-quality, secure cloud infrastructure of Heroku, a subsidiary of Salesforce Inc. for its services. The service uses data centers that are located within the European Union in compliance with the GDPR. Hosting and management of the certified data centers is handled by Amazon Web Services (AWW). Detailed information can be found at heroku.com/policy/security. A Data Processing Agreement (DPA) has been concluded with Heroku / Salesforce Inc. which regulates the order data processing in accordance with the statutory provisions.

help

What personal data do resmio collect?

When you create a user account with resmio via the sign-up form, using our services, guest booking, ordering or purchasing tickets / vouchers via our widgets, we may collect and process, among other things, the following personal data:

  • Contact information such as your email address, name, phone number, and other information you might share.
  • Device information such as IP address and browser settings (e.g., browser language to automatically display our Service translated in your preferred language).
  • Usage and profile data such as number of reservations and orders, ticket sales, account activity such as reservations created and email notifications sent to guests.
    Communication data, such as when you submit a request to our support via email, live chat (intercom) or other electronic means.
    Your payment data, such as bank account details, which are required exclusively for the processing of chargeable services (e.g. PREMIUM / ULTIMATE tariff, acceptance of orders).
  • Recordings of phone calls that come in and out of resmio may be stored, for example, for documentation purposes of contract conclusions and for internal quality assurance and may contain personal data, if disclosed on the phone.
  • Guest data such as the name, address, email address as well as phone number that users enter via our widgets to make bookings with our customers, to order food & beverages and to purchase tickets / vouchers. More detailed information on the handling of guest data and notes on data protection responsibility below.
resmio Widgets and Privacy
help

resmio and GDPR – 5 steps towards more compliance

To use resmio in the most privacy compliant way, you should go through the following sections:

  1. Data protection compliant integration of resmio widgets
  2. Update own privacy policy with references to resmio
  3. Sign DPA
  4. Managing of guest data
help

Data confidential integration of resmio widgets

resmio Widget Cookie Consent

If you want to embed our widgets natively on your website as a script, we recommend that you block the widget loading via so-called script blockers until the user has given active consent (“opt-in“).

Blocking third-party applications such as resmio is the most secure solution in terms of compliance with data protection regulations (if properly set up), but usually has to be done by hand and therefore requires technical know-how as well as credentials to access the website.

info

Due to the large number of different solutions and content management systems in use, we are unable to provide support during setup. We ask for your understanding.

If you are uncertain, consult your web developer and/or agency if possible.

Instructions for common cookie consent solutions are available at the following link:

In addition, we advise you to add a reference regarding the use of resmio to your privacy policy. We have prepared sample texts.

Frequently asked questions and answers

help

Sample texts for the privacy policy when integrating resmio widgets

resmio has prepared sample texts for the implementation of our services (widgets), which you can include in the privacy policy on your restaurant’s website. Please replace the placeholder email in the sample texts with the contact email address of your venue.

Managing guest data
help

What do I have to consider as a restaurant owner when dealing with guest data at resmio?

Our customers (restaurant owners) are fully responsible for compliance with the applicable data protection regulations for their guests, as the responsible party within the context of Art. 4 No. 7 of the German Data Protection Regulation (DSGVO).

Therefore, restaurant owners are required to delete personal guest data in accordance with their legal requirements.

With this in mind, we have implemented a feature in our service that allows all guest data to be deleted after customizable time periods. The feature is enabled by default in each account. Guest data is automatically deleted on a 30-day cycle based on the default settings.

info

The data obtained via our QR Code Check-in services are kept in the account for up to 28 days on the basis of the duty of documentation and are then automatically removed from the system.

In case a guest wishes to exercise their right to information or to withdraw their consent to the collection and storage of data in accordance with legal requirements, we ask you to include a corresponding contact option in the privacy policy of your website.

DPA, Withdrawal, Data Protection Officer
help

Can I sign an data processing agreement (“DPA”) with resmio?

In accordance with Art. 28 DSGVO, we provide our customers with this option. In order to sign a contract for the processing of personal data with resmio, we ask you to download the attached document (184 kb, PDF) and send it to support@resmio.com with the marked parts completely filled out and signed (page 1 and 10). We will then send you back a countersigned version for your records.

help

Can I have the data collected by resmio deleted?

Please contact us directly at support@resmio.com. We will check your request as soon as possible and initiate the deletion of the data, provided that there are no legal retention periods.

help

Does resmio work with a data protection officer?

resmio has appointed an external data protection officer at PROLIANCE GmbH, Leopold Straße 21, 80802 Munich. For questions regarding data protection, contact the data protection officer via the e-mail address datenschutzbeauftragter@datenschutzexperte.de.

These topics might also interest you

Menu