Data protection information for guests

resmio respects the privacy of your personal data. Therefore, we are continuously working to protect any personal data in accordance with the General Data Protection Regulation (GDPR). At the same time, we want to create transparency by answering frequently asked questions about our processes, how we store, process and secure data.

Detailed information about data protection at resmio in our privacy policy.


Please note that this page is for information purposes only and does not replace legal advice from a specialist lawyer. Despite reasonable care, we cannot guarantee the timeliness, completeness and accuracy of the information provided in the content.

Table of contents

resmio und DSGVO

What personal data is collected and processed?

When you use our Services, i.e., use a resmio online reservation form (“Widget”) to reserve a table at a Participating Restaurant, order food for pickup/delivery, or purchase tickets/vouchers, we may collect and process the following Personal Data:

  • General personal data such as your first and last name.
    Purpose: To identify you for the reservation request.
  • Contact information such as email address and phone number.
    Purpose: The contact information is used to verify your reservation request, you will receive a booking confirmation and reminder via the contact information provided, for example.
  • Device information such as the IP address and browser settings.
    Purpose: e.g. the browser language in order to display our service automatically translated in the preferred language.
  • Payment data for processing deposits, online orders and ticket / voucher purchases.
    Purpose: payment for services requested by the restaurant.
  • Usage data such as number of reservations and orders and ticket sales.
    Purpose: The above data helps the restaurant, for example, to identify you as a regular guest and, if necessary, to offer a more personalized service on site.

In principle, it is possible that further personal data will also be stored and processed. This is the case, for example, if you voluntarily submit additional personal information in the optional message field within the widgets.

Personal data particularly worthy of being protected (Art.9 GDPR) are explicitly not collected and processed by resmio. There is no automated processing – including profiling – in the sense of Art. 22 GDPR.


For how long will my data be stored?

If you make a reservation or online order via resmio at the restaurant, all your provided data will be processed and stored in the system for up to 30 days, after which it will be automatically deleted. A separate revocation, which must be made to the restaurant, is not required.

Your personal data will not be automatically removed if you have explicitly consented to receive marketing content as part of the reservation, online order or ticket or voucher purchase.

Consent is given if the following two conditions (opt-in) are met:

  • During the reservation / order process, the guest agreed to receive the e-mail newsletter via a checkbox.
  • Subsequently, an e-mail is sent to the specified contact address, in which the guest agrees to the reception via another click on a button.

Opt-out in accordance with Art. 17 GDPR is possible at any time, further information on this below.


Where is the data stored?

For the services, resmio uses the high-quality, secure cloud infrastructure of Heroku, a subsidiary of Salesforce Inc.

The service uses data centers that are located within the European Union in compliance with the GDPR. Hosting and management of the certified data centers is handled by Amazon Web Services (AWW). Detailed information can be found at heroku.com/policy/security.

A Data Processing Agreement (DPA) has been concluded with Heroku / Salesforce Inc. which regulates the order data processing in accordance with the statutory provisions.


Right to information, right to object, deletion of data collected by resmio

According to Art. 15 GDPR, data subjects have the right to obtain information about the data stored or processed about them. Furthermore, data subjects have Art. 17 GDPR the right to revoke their consent to data processing and to request the deletion of their personal data.

Please address your request directly to the restaurant where your guest data is processed via resmio. The restaurant is responsible for removing your data from the system within the time limits specified by privacy laws.

In the unlikely event that you do not hear back from the restaurant, please contact us at support@resmio.com with a reference to the restaurant.