Data protection information for guests

When you use our Services, i.e., use a resmio online reservation form (“Widget”) to reserve a table at a Participating Restaurant, order food for pickup/delivery, or purchase tickets/vouchers, we may collect and process the following Personal Data:

• General personal data such as your first and last name.
  Purpose: To identify you for the reservation request.
• Contact information such as email address and phone number.
  Purpose: The contact information is used to verify your reservation request, you will receive a booking confirmation and reminder via the contact information provided, for example.
• Device information such as the IP address and browser settings.
  Purpose: e.g. the browser language in order to display our service automatically translated in the preferred language.
• Payment data for processing deposits, online orders and ticket / voucher purchases.
  Purpose: payment for services requested by the restaurant.
• Usage data such as number of reservations and orders and ticket sales.
  Purpose: The above data helps the restaurant, for example, to identify you as a regular guest and, if necessary, to offer a more personalized service on site.
  

In principle, it is possible that further personal data will also be stored and processed. This is the case, for example, if you voluntarily submit additional personal information in the optional message field within the widgets.

Personal data particularly worthy of being protected (Art.9 GDPR) are explicitly not collected and processed by resmio. There is no automated processing – including profiling – in the sense of Art. 22 GDPR.

If you make a reservation or online order via resmio at the restaurant, all your provided data will be processed and stored in the system for up to 30 days, after which it will be automatically deleted. A separate revocation, which must be made to the restaurant, is not required.

Your personal data will not be automatically removed if you have explicitly consented to receive marketing content as part of the reservation, online order or ticket or voucher purchase.

Consent is given if the following two conditions (opt-in) are met:

• During the reservation / order process, the guest agreed to receive the e-mail newsletter via a checkbox.
• Subsequently, an e-mail is sent to the specified contact address, in which the guest agrees to the reception via another click on a button.

Opt-out in accordance with Art. 17 GDPR is possible at any time, further information on this below.

For the services, resmio uses the high-quality, secure cloud infrastructure of Heroku, a subsidiary of Salesforce Inc.

The service uses data centers that are located within the European Union in compliance with the GDPR. Hosting and management of the certified data centers is handled by Amazon Web Services (AWW). Detailed information can be found at heroku.com/policy/security.

A Data Processing Agreement (DPA) has been concluded with Heroku / Salesforce Inc. which regulates the order data processing in accordance with the statutory provisions.