General information

Thank you for your interest in our website. The protection of your personal data is important to us. In the following you will find information on the handling of your data that is collected through your use of our website. Your data will be processed in accordance with the legal data protection regulations. Insofar as links are provided to other websites, we have neither influence nor control over the linked contents and the data protection regulations there. We recommend checking the data protection declarations on the linked websites to determine whether and to what extent personal data is collected, processed, used or made available to third parties.


Responsible body within the meaning of data protection law

resmio GmbH
Katzwanger Straße 150
90461 Nuremberg, Germany
0911 3749230


Contact details of the data protection officer

Leopoldstr. 21
80802 München



Our privacy policy should be simple and understandable to everyone. The data protection declaration generally uses the official terms of the Basic Data Protection Ordinance (DSGVO). The official definitions are explained in Art. 4 DSGVO.


Data processing by visiting our website

When you visit our website, it is technically necessary that data is transmitted to our web server via your Internet browser. The following data is recorded during a running connection for communication between your Internet browser and our web server:


  • Visited domain
  • the date and time of the request
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • IP address of the requesting computer
  • Amount of data transferred

We collect the listed data to ensure a smooth connection establishment of the website and to enable a comfortable use of our website by the users. In addition, the log file serves the evaluation of system security and stability as well as administrative purposes. The legal basis for the temporary storage of data or log files is Art. 6 para. 1 lit. f DSGVO.

For reasons of technical security, in particular to prevent attempts to attack our web server, these data may be temporarily stored by us. It is not possible for us to draw conclusions about individual persons on the basis of this data. After seven days at the latest, the data is made anonymous by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. These data are not evaluated in anonymous form except for statistical purposes. These data are not combined with data from other data sources.


Contact form and contact by e-mail

If you send us enquiries via contact form or e-mail, your details from the enquiry form or e-mail, including the contact data you have provided there, will be stored for the purpose of processing the enquiry and in the event of follow-up questions. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 letter f DSGVO and, if applicable, Art. 6 para. 1 letter b DSGVO, provided that your request is aimed at concluding a contract. Your data will be deleted after final processing of your inquiry, provided that there are no legal storage obligations to the contrary.



You have the possibility to register for certain services provided on our website and thus create a user profile. We collect and use the following personal data during registration and setup:


  • restaurant
  • name
  • email
  • street and number
  • town

With your user account you will have the possibility to use further parts of our website and to log in for the offers you have purchased. If consent is given, the legal basis for data processing is Art. 6 para. 1 lit. a DSGVO or Art. 6 para. 1 lit. b DSGVO, insofar as the processing is necessary for the provision of the requested services. Your data will be deleted as soon as the user account on our website is deleted and insofar as there are no legal storage obligations. You can usually change and/or delete your user account, including the data you have provided, directly in your user account after logging in or by sending a message to the responsible person named at the beginning.



If you would like to receive the newsletter offered on the website with regular information about our offers and products, we need your e-mail address as mandatory information. We use the so-called double opt-in procedure for sending the newsletter. This means that we will not send you our newsletter by e-mail until you have expressly confirmed to us that you agree to the dispatch of newsletters. In the first step you will receive an e-mail with a link to confirm that you as the owner of the corresponding e-mail address would like to receive the newsletter in the future. With the confirmation you give us your consent according to art. 6 para. 1 lit. a DSGVO that we may use your personal data for the purpose of the desired newsletter dispatch.

When registering for the newsletter, in addition to the e-mail address required for sending the newsletter, we store the IP address via which you have registered for the newsletter as well as the date and time of registration and confirmation so that we can trace any possible misuse at a later point in time.

You can cancel the newsletter at any time via the link inserted in each newsletter or by sending an e-mail to the above-mentioned responsible person. After your cancellation, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to continued use of the data collected or continued processing is otherwise legally permissible.


Google Analytics

Our website uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“). Google Analytics uses so-called cookies. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. We use Google Analytics only with IP anonymization enabled. This means that Google will reduce the IP address of users within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area, which may exclude any personal relationship. Google Inc., based in the USA, is certified for the US-European Datenschutzübereinkommen “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. Processing is carried out in accordance with Art. 6 Para. 1 letter f DSGVO and § 15 Para. 3 TMG on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes.


Facebook Pixel

For conversion measurement our website uses the visitor action pixel from Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).

This allows the behaviour of visitors to the site to be tracked after they have been forwarded to the provider’s website by clicking on a Facebook advertisement. The effectiveness of the Facebook advertisements can then be analysed for statistical and market research purposes so that future advertising measures can be optimised.

The collected data are anonymous for us as operator of this website; we cannot draw any inferences about the identity of the users. However, the data are stored and processed by Facebook, so it is possible to link them to the respective user profile and Facebook can use the data for its own advertising purposes in accordance with the Facebook privacy policy. Facebook can therefore enable the delivery of advertisements on Facebook pages and outside Facebook. We as the site operator cannot influence how the data are used.

Further information about the protection of your privacy can be found in Facebook’s data privacy policy:

You can also disable the “Custom Audiences” remarketing function in the settings for advertisements at You must log in to Facebook in order to do so.

If you do not have a Facebook account, you can disable use-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance:

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. The terms of use of Google Analytics and information on data protection can be accessed via the following links: and at

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in at URL

Information on the handling of user data at Google Analytics can be found in Google’s data protection declaration:


Google Web Fonts

This site uses web fonts provided byGoogle Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“) to uniformly display fonts. Google Web Fonts allows us to use external fonts, so-called Google Fonts. When you visit our website, the required Google Font is loaded from your web browser into your browser cache to display texts and fonts correctly. This is necessary so that your browser can also show an optically improved representation of our texts. If your browser does not support this feature, your computer will use a standard font for display. These web fonts are integrated by a server call, usually a Google server in the USA. This transfers to the server which page of our website you have visited. Google also stores the IP address of the browser of the visitor’s terminal device.

We use Google Web Fonts for optimization purposes, in particular to improve the use of our Internet presence for you and to make its design more user-friendly. This is also our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO.

Google has signed and certified itself under the Privacy Shield Agreement between the European Union and the USA. By doing so, Google undertakes to comply with the standards and regulations of European data protection law.

Further information on data protection can be found in Google’s data protection declaration:

For more information about Google Web Fonts, visit:



Third-Party Providers

We currently use the services of the following providers:



We use’s CRM system to collect and manage contract data. We collect the following personal data for this purpose: Name, e-mail address, telephone number and address of restaurant owners and partners.

Salesforce’s privacy policy can be found here:



In order to ensure the smooth operation of our webpages and to optimise the user experience, we or our hosting provider process content data, usage data, meta data and communication data of interested parties and visitors to these pages on the basis of our legitimate interest pursuant to Art. 6 Para. 1 lit. f DSGVO in conjunction with Art. 6 Para. 1 lit. f DSGVO. Art. 28 DSGVO.

This page is hosted using the Heroku service from, Inc. (The Landmark @ One Market, Suite 300, San Francisco, California 94105, USA).

The privacy policy can be found here:, Inc. is certified under the Privacy Shield Agreement, providing a guarantee of compliance with European privacy standards.


Collection of access data and log files

We, and/or our hoster, raise on the basis of our entitled interests in the sense of the art. 6 Abs. 1 lit. f. DSGVO data about each access to the server on which this service is located (so-called server log files).

The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud actions) for the duration of maximally 7 days and will be deleted afterwards.

Data, necessary for evidence purposes, is excluded from deletion until the respective incident has been finally clarified.



We use Nexmo to send notifications and messages via smartphone. We transmit the following personal data for this purpose: Name, e-mail address, telephone number and address as well as other data required for sending short messages. Sent with voice mail via Nexmo Inc. 217 Second Street, 4th Floor, San Francisco, CA 94105. The transmission takes place in accordance with Art. 6 para. 1 lit. b DSGVO and only to the extent necessary for dispatching the message.

Nexmo’s privacy policy can be found here:



We use Coralogix for general logging of our application. The following personal data could be included in the logs: IP address, name, e-mail address, telephone number and address and other personal data of restaurant owners and guests.

Coralogix’s privacy policy can be found here:



We use the services of SendGrid for automated e-mails. The provider is SendGrid, Inc., 1801 California Street, Suite 500, Denver, CO 80202, USA.

SendGrid is a service with which, among other things, the sending of e-mails and newsletters can be organized and analyzed. If you enter data such as an e-mail address, it will be stored on SendGrid’s servers in the USA.

SendGrid allows us to analyze and monitor the sended e-mails. In this way it can be determined whether a message has been opened and which links have been clicked. Technical information is also recorded (e.g. time of access, IP address, browser type and operating system).

They are used exclusively for the statistical analysis of messages. The results of these analyses can be used to better identify delivery problems.

For further details, please refer to the SendGrid data protection regulations at:


DigitalOcean (DigitalOcean Inc.)

DigitalOcean is a web hosting service provided by DigitalOcean Inc. Personal data collected: various types of data as described in the Service’s Privacy Policy.

For more information, please refer to DigitalOcean’s Privacy Policy:



We use GitHub for bug and issue management. For this purpose, personal data is collected in the form of tickets to describe the error.

GitHub’s privacy policy can be found at



We use Sentry (Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA) to improve the technical stability of our service by monitoring system stability and detecting code errors. Personal data may be collected as part of the code errors.

For more information, please see Sentry’s privacy policy:


Crashlytics (Fabric)

In order to better solve technical issues related to our resmio Tables iPad App, we use Fabric. Fabric is an analysis service provided by Google, Inc.

Fabric collects technical information about each used device (such as operating system and model) and gives us immediate insights into which versions of our app is being used.

For additional information, see Fabrics Terms of Use:



Pusher is a websocket technology from Pusher Ltd, 28 Scrutton Street, London EC2A 4RP, which resmio uses for real-time exchange between the backend and various frontends (WebApp/iPad App).

The data transmitted via Pusher may contain the following personal data: E-mail address, name, address, telephone number, IP address.

Here you can find more information about Pusher and the privacy policy of Pusher



To integrate different databases and tools we use Zapier, a service of Zapier Inc., 548 Market St #62411, San Francisco, California 94104, USA. The following personal data can be passed on: E-mail address, name, address, telephone number, IP address.

Further information on data protection at Zapier can be found at



We use the aircall service to contact clients via phone.

You can view aircall’s privacy policy here:



in order to better understand and optimize the user behaviour in the apps, we use Firebase. In this case, user data is transferred to Firebase in an anonymised form.

In addition, other Firebase functions are used to improve user guidance or to detect the causes of errors in the apps and also to enable push notifications.

Firebase is a subsidiary of Google. The data privacy statement can be found at The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. f GDPR.


Social media links

Social networks (Facebook, Twitter and Xing) are only integrated on our website as links to the corresponding services. After clicking on the integrated text/image link you will be redirected to the page of the respective provider. Only after forwarding is user information transmitted to the respective provider. For information on the handling of your personal data when using these websites, please refer to the respective data protection regulations of the providers you use.



Our website uses cookies, which are stored by the browser on your device and which contain certain settings for the use of the website (e.g. for the current session). Cookies serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called session cookies, which are automatically deleted after closing the browser. Other cookies remain stored on your end device until you delete them or the storage period expires. These cookies enable us to recognize your browser the next time you visit our website.

In some cases, cookies are used to simplify website processes by saving settings (e.g. the provision of already selected options). If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO either for the execution of the contract or in accordance with Art. 6 para. 1 lit. f DSGVO to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. The cookie settings can be managed using the following links for the respective browser.


You can also individually manage the cookies of many companies and features used in für advertising. Use the corresponding user tools, available at or

Most browsers also offer a so-called “Do-Not-Track function” with which you can specify that you do not want to be “tracked” by websites. When this feature is enabled, your browser tells advertising networks, websites and applications that you do not want to be tracked for behavior-based advertising and the like. Information and instructions on how to edit this function are available from the links below, depending on the provider of your browser:


You can also prevent scripts from being loaded by default. NoScript allows you to run JavaScripts, Java and other plug-ins only on trusted domains of your choice. For information and instructions on how to edit this feature, contact your browser vendor (e.g. for Mozilla Firefox at:

Please note that when cookies are deactivated, the functionality of this website may be limited.

Cookie Settings / Cookie Consent


Adjust cookie settings


Data transfer and recipient

Your personal data will not be passed on to third parties unless,


  • if we have explicitly indicated this in the description of the respective data processing. if your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a DSGVO has been given, – the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have a predominant interest in not disclosing your data, – in the event that the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c DSGVO and – insofar as this is required by Art. 6 para. 1 sentence 1 lit. b DSGVO for the processing of contractual relationships with you.

We also use external service providers, which we have carefully selected and commissioned in writing, to carry out our services. They are bound by our instructions and are regularly checked by us. With which we have concluded order processing contracts in accordance with Art. 28 DSGVO, if necessary. These are service providers for web hosting, sending e-mails and maintaining and maintaining our IT systems, etc. The service providers will not pass this data on to third parties.


Duration of storage of personal data

The duration of the storage of personal data is determined by the relevant legal retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data are required for Vertragserfüllung or contract initiation or if we have a legitimate interest in further storage, the data will be deleted if they are no longer necessary for these purposes or if you make use of your right of revocation or objection.


Your rights

In the following you will find information on the rights of data subjects that the applicable data protection law grants you vis-à-vis the person responsible with regard to the processing of your personal data:

The right to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details.

The right to immediately request the correction of incorrect or complete personal data stored by us in accordance with Art. 16 DSGVO.

The right to request the deletion of your personal data stored with us in accordance with Art. 17 DSGVO, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

The right, pursuant to Art. 18 DSGVO, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to have it deleted and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have filed an objection against the processing pursuant to Art. 21 DSGVO.

The right, in accordance with Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another person responsible.

The right to complain to a supervisory authority pursuant to Art. 77 DSGVO. As a rule, you can contact the supervisory authority of the federal state in which we have our registered office or, if applicable, that of your usual place of residence or work.

Right to revoke consent granted pursuant to Art. 7 para. 3 DSGVO: You have the right to revoke consent to the processing of data once granted at any time with effect for the future. In the event of revocation, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.


Right of objection

If your personal data are processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO, insofar as this is for reasons arising from your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to indicate a special situation.

If you wish to exercise your right of revocation or objection, simply send an e-mail to


Payment provider



On our website we offer payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”).

If you choose to pay via PayPal, the payment details you enter will be sent to PayPal.

The transfer of your data to PayPal is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing to fulfill a contract). You have the possibility to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of past data processing operations.



If you pay by credit card, your credit card details will not be stored by us, but encrypted and passed on to the payment service provider Stripe Payments Europe Ltd., Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland and processed by Stripe. Stripe processes the following information:


With regard to all transactions:


  • Date of the transaction
  • Monetary amount of the transaction.
    Status of the transaction (accepted/rejected)


When paying by credit card:


  • Credit card origin (only the last four digits are visible to us and stored at Stripe)


  • The IP address where the order was placed to identify fraudulent activities.


  • Card expiry date (month and year)


  • Country of origin of the credit card


  • Credit card type (credit or debit)


  • Name of the credit card company (Visa, American Express, Mastercard…)


When paying via SEPA:

Name and first name of account holder

The latest data protection information on Stripe and additional information can be found on this website: We also use the above data for statistical evaluation of our website. Processing is carried out in accordance with Art. 6 Para. 1 S. 1 Letter b DSGVO for the execution of a contract with you or for legitimate interests in accordance with Art. 6 Para. 1 S. 1 Letter f DSGVO. The data are processed only as long as it is necessary for the purposes mentioned. The financial information is stored exclusively by Stripe. We have no access to this.


Deletion or removal of personal guest-data

Restaurateurs are required to delete personal data in accordance with their legal requirements. For this reason, restaurateurs are able to delete personal data of guests on individually adjustable periods of time.


Changes to our privacy policy

We reserve the right to adopt or update this data protection declaration if necessary in compliance with the applicable data protection regulations. In this way, we can adapt them to current legal requirements and take account of changes in our services, e.g. when introducing new services. The most current version applies to your visit.

Status of this data protection declaration: 28.02.2020