Data Processing Info
resmio is taking the issue of data privacy seriously. In accordance with the General Data Protection Regulation (GDPR), we are working continuously to ensure the best possible level of protection for any personal data of our customers (generally restaurant owners) and the users of our widgets (customers of restaurant owners). At the same time, we aim to create transparency by answering frequently asked questions about our processes, how we store, process and protect data.
For more detailed information about data protection at resmio, please check our privacy policy.
General
As a non-public entity that processes personal data itself or on behalf of others, we are required to take appropriate technical and organizational measures (“TOM”) based on Article 32 of the GDPR. Key security measures to protect our infrastructure and control mechanisms for secure data storage include:
- Access control systems to restrict third party access to data on our production systems.
- Obtaining mutually signed Data Processing Agreements (DPAs) with all external service providers who process personal data on behalf of resmio
- Access controls built into our service, such as user management to ensure that users (restaurant owners, waiters, …) cannot access other users’ data
Regular, automated creation of encrypted back-ups for data backup and recovery in case of failure - Use of encryption technology (TLS) for secure data transmission
In addition, all resmio employees participated in the online training on “Data privacy in daily business routine” at PROLIANCE GmbH. As part of the training, our staff was sensitized to the topic of data protection and trained in the handling of personal data. The knowledge was subsequently tested with an online exam, which our employees had to pass successfully.
resmio uses the high-quality, secure cloud infrastructure of Heroku, a subsidiary of Salesforce Inc. for its services.
The service uses data centers that are located within the European Union in compliance with the GDPR. Hosting and management of the certified data centers is handled by Amazon Web Services (AWW). Detailed information can be found at heroku.com/policy/security.
A Data Processing Agreement (DPA) has been concluded with Heroku / Salesforce Inc. which regulates the order data processing in accordance with the statutory provisions.
When you create a user account with resmio via the sign-up form, using our services, guest booking, ordering or purchasing tickets / vouchers via our widgets, we may collect and process, among other things, the following personal data:
- Contact information such as your email address, name, phone number, and other information you might share.
- Device information such as IP address and browser settings (e.g., browser language to automatically display our Service translated in your preferred language).
- Usage and profile data such as number of reservations and orders, ticket sales, account activity such as reservations created and email notifications sent to guests.
Communication data, such as when you submit a request to our support via email, live chat (intercom) or other electronic means.
Your payment data, such as bank account details, which are required exclusively for the processing of chargeable services (e.g. PREMIUM / ULTIMATE tariff, acceptance of orders). - Recordings of phone calls that come in and out of resmio may be stored, for example, for documentation purposes of contract conclusions and for internal quality assurance and may contain personal data, if disclosed on the phone.
- Guest data such as the name, address, email address as well as phone number that users enter via our widgets to make bookings with our customers, to order food & beverages and to purchase tickets / vouchers. More detailed information on the handling of guest data and notes on data protection responsibility below.
resmio Widgets and Privacy
To use resmio in the most privacy compliant way, you should go through the following sections:
If you want to embed our widgets natively on your website as a script, we recommend that you block the widget loading via so-called script blockers until the user has given active consent (“opt-in“).
Blocking third-party applications such as resmio is the most secure solution in terms of compliance with data protection regulations (if properly set up), but usually has to be done by hand and therefore requires technical know-how as well as credentials to access the website.
If you are uncertain, consult your web developer and/or agency if possible.
Instructions for common cookie consent solutions are available at the following link:
In addition, we advise you to add a reference regarding the use of resmio to your privacy policy. We have prepared sample texts.
Frequently asked questions and answers
If your widgets are natively integrated as an iFrame or script on your website, only technically necessary cookies are loaded when the page is called up, which are absolutely necessary for providing the service. This includes, for instance, the so-called session cookie, which is required to associate online activity (e.g. an ordering process via our digital menu) with a single browser session.
However, functional cookies of any service providers activated by our customers, such as Stripe and PayPal, which are indispensable for secure payment processing, are also loaded. We explicitly avoid third-party marketing cookies for promotional purposes in our widgets.
Google Analytics is integrated exclusively for internal monitoring (widget calls), the integration takes place without setting cookies and using IP anonymization.
Actually, yes, since the IP address – and thus the user’s online identifier – is logged when the widgets are loaded. This is technically necessary to provide our services. Through the IP address and with the help of authorities, it is basically possible to identify the individual concerned.
Other personal data of the user, however, will only be logged after the user has sent the reservation request and clicked on the “Confirm” button in the booking widget and transmitted to the digital reservation system of the respective customer. The same applies to orders as well as voucher and ticket purchases via the respective corresponding widgets.
For in-house performance monitoring, we use Google Analytics to measure, for instance, the traffic of integrated widgets. IP anonymization is activated to ensure that Google Analytics is used in a privacy-compliant manner.
In the light of the ongoing controversy surrounding Google Analytics, particularly with regard to the data transmitted to the US, it may nevertheless be recommended to block resmio widgets natively embedded on the website until the user has given his or her consent.
resmio has prepared sample texts for the implementation of our services (widgets), which you can include in the privacy policy on your restaurant’s website. Please replace the placeholder email in the sample texts with the contact email address of your venue.
The online-based reservation application ("registration widget") of resmio GmbH, Katzwanger Straße 150, 90461 Nuremberg, Germany, is integrated on this website. resmio acts as a partner in this context. The widget enables users of this website to reserve a table in the restaurant. In order to provide the service (in this case: the table reservation and, if necessary, to contact the user with any queries regarding the reservation), personal data of the person making the reservation (first and last name, e-mail address, telephone number and, if necessary, other details, if explicitly requested by the restaurateur for the reservation request) are collected, stored and processed by our partner resmio on the basis of consent pursuant to Art. 6 (1) sentence 1 lit. f of the German Data Protection Act (DSGVO). You can object to the collection and storage of data at any time by sending an e-mail to >> INSERT YOUR E-MAIL HERE <<. Subsequently, we will delete your personal data from the system.
The online ordering system of resmio GmbH, Katzwanger Straße 150, 90461 Nuremberg, Germany, is embedded on this website. resmio acts as a partner in this context. Visitors to this website have the option of using the ordering system to order food and drinks for self-collection and delivery and, if necessary, to pay for them online. In doing so, resmio collects, stores and processes personal data on the basis of Art. 6 para. 1 p. 1 lit. f of the German Data Protection Act (DSGVO), which is necessary to process the orders placed. The consent to this is given by the user with confirmation of his order. If the payment is non-cash (e.g. via SEPA direct debit or PayPal), personal data is encrypted by resmio and forwarded to external payment service providers for payment processing. You can object to the collection and storage of data at any time by sending an e-mail to >> INSERT YOUR E-MAIL HERE << . Subsequently, we will delete your personal data from the system.
To enable visitors to this website to purchase vouchers and tickets (e.g. for in-house events) online, we use the voucher and ticket sales system of resmio GmbH, Katzwanger Straße 150, 90461 Nuremberg, Germany. resmio acts as a partner in this context. As far as necessary for the order processing, the desired voucher or ticket will be sent to the interested party / recipient by e-mail after entering his personal data and selecting the payment option. In doing so, resmio collects, stores and processes personal data on the basis of Art. 6 para. 1 p. 1 lit. f of the German Data Protection Act (DSGVO), which are necessary for the processing of the orders placed. The consent to this is given by the user with confirmation of his order. If the payment is non-cash (eg via SEPA direct debit or PayPal), data from resmio encrypted to external payment service providers for further payment processing. You can object to the collection and storage of data at any time by sending an e-mail to >> INSERT YOUR E-MAIL HERE <<. Subsequently, we will delete your personal data from the system.
We use resmio in order to send e-mail newsletters, informing interested guests about the latest news and promotions relating to our restaurant. Our service provider in this context is resmio GmbH, Katzwanger Straße 150, 90461 Nuremberg, Germany ( in the following "resmio"). Signing up for the newsletter is done either via a form integrated on the website or during the process of a table reservation, online order or voucher purchase made via resmio widgets. Before receiving the newsletter, the prospective subscriber must in all cases give his or her explicit consent in line with the double opt-in consent procedure. resmio enables us to segment newsletter recipients into groups based on certain characteristics such as activity (e.g. recent bookings). This enables us to provide you with content that is more appropriate to your interests. The data processing is in compliance with your consent to Art. 6 (1) sentence 1 lit. f of the German Data Protection Act (DSGVO). You can opt out of marketing newsletters at any time via the unsubscribe link in the footer of all email newsletters.
Managing guest data
Our customers (restaurant owners) are fully responsible for compliance with the applicable data protection regulations for their guests, as the responsible party within the context of Art. 4 No. 7 of the German Data Protection Regulation (DSGVO).
Therefore, restaurant owners are required to delete personal guest data in accordance with their legal requirements.
- With this in mind, we have implemented a feature in our services via
“Facility Account” > “Data Privacy” that enables all guest data to be removed after customizable intervals. - By default, this feature is enabled in every account, guest and table reservation data is automatically deleted on a scheduled basis every 30 days based on the default config.
“Facility Account” > In case a guest wishes to exercise their right to information or to withdraw their consent to the collection and storage of data in accordance with legal requirements, we ask you to include a corresponding contact option in the privacy policy of your website.
DPA, Withdrawal, Data Protection Officer
In accordance with Art. 28 DSGVO, we provide our customers with this option.
To sign a contract for the processing of personal data with resmio, we ask you to download the attached document (184 kb, PDF) and send it to support@resmio.com with the marked parts filled out and signed (pages 1 and 10).
We will then send you back a countersigned version for your records.
Please contact us directly at support@resmio.com. We will check your request as soon as possible and initiate the deletion of the data, provided that there are no legal retention periods.
resmio has appointed an external data protection officer at PROLIANCE GmbH, Leopold Straße 21, 80802 Munich. For questions regarding data protection, contact the data protection officer via the e-mail address datenschutzbeauftragter@datenschutzexperte.de.
