GDPR Notice for Guests

When you use our services, i.e., use a resmio online reservation form (“Widget”) to reserve a table at a participating restaurant, order food for pickup/delivery, or purchase tickets/vouchers, we may collect and process the following Personal Data:

Data Category	Purpose of Processing
General personal data (first and last name)	To identify your person for the reservation request.
Contact data (email address, phone number)	Verification of the reservation request; sending of booking confirmations and reminders.
Device information (IP address, browser settings)	Displaying the service in your preferred language (e.g. via browser language settings).
Payment data	Processing of deposits, online orders, as well as ticket and voucher purchases.
Usage data (number of reservations, orders, tickets)	Identification as a regular guest to enable a more personalized service on-site.
Call recordings (via phone assistant)	Traceability of individual conversations (e.g. in the event of incorrect information).

Service Providers used for guest Data: For the secure processing of online payments (e.g. deposits, voucher purchases), we transmit necessary transaction data to the certified payment service providers Stripe or PayPal. For the reliable sending of SMS reminders, we use the telecommunications provider Vonage

In principle, it is possible that further personal data will also be stored and processed. This is the case, for example, if you voluntarily submit additional personal information in the optional message field within the widgets.

Personal data particularly worthy of being protected (Art.9 GDPR) are explicitly not collected and processed by resmio. There is no automated processing – including profiling – in the sense of Art. 22 GDPR.

If you make a reservation or online order via resmio at the restaurant, all your provided data will be processed and stored in the system for up to 30 days, after which it will be automatically deleted. A separate revocation, which must be made to the restaurant, is not required.

Your personal data will not be automatically removed if you have explicitly consented to receive marketing content as part of the reservation, online order or ticket or voucher purchase.

Consent is given if the following two conditions (opt-in) are met:

• During the reservation / order process, the guest agreed to receive the e-mail newsletter via a checkbox.
• Subsequently, an e-mail is sent to the specified contact address, in which the guest agrees to the reception via another click on a button.

Opt-out in accordance with Art. 17 GDPR is possible at any time, further information on this below.

For the services, resmio uses the high-quality, secure cloud infrastructure of Heroku, a subsidiary of Salesforce Inc.

The service uses data centers that are located within the European Union in compliance with the GDPR. Hosting and management of the certified data centers is handled by Amazon Web Services (AWS). Detailed information can be found at heroku.com/policy/security.

Data processing agreements are in place with Heroku (Salesforce Inc.) and AWS. Insofar as data processing takes place in the USA, we rely on the European Commission’s adequacy decision for the EU-US Data Privacy Framework (DPF), under which both providers are certified.