1.1 Contact details of the responsible person
This data protection information applies to data processing by:
- resmio GmbH
- Katzwanger Straße 150
- 90461 Nuremberg / Germany
- support@resmio.com
- + 49 911 3749230
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.2 Contact details of the data protection officer
- PROLIANCE GmbH / www.datenschutzexperte.de
- Data protection officer
- Leopoldstr. 21
- 80802 Munich / Germany
- datenschutzbeauftragter@datenschutzexperte.de
1.3 Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done based on legal permission (e.g., if a transfer of data to third parties, such as payment service providers, according to Art. 6 para. 1 lit. b GDPR is necessary for the performance of the contract), you have consented, a legal obligation provides for this or because of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data based on a so-called “order processing agreement”, this is done because of Art. 28 GDPR.
1.4 Transfer to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or do so in the context of using third-party services or disclosing, or transferring data to, third parties, this will only be done if it is done to fulfill our (pre)contractual obligations, based on your consent, because of a legal obligation or because of our legitimate interests.
Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special requirements of Art. 44 et seq. GDPR process. I.e. the processing is carried out, for example, based on special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU or compliance with officially recognized special contractual obligations (“Standard Contractual Clauses”).
2. Information on the processing of personal data
2.1 Data collection when you visit our website
When you merely call up our website, i.e. when you do not register or otherwise transmit information to us, we only process data that your browser transmits to our server (“server log files”). This information is stored temporarily in a log file. When you access our website, we collect the following data without your intervention to display the website to you:
- Our visited website
- The date and time at the time of access
- Source or reference from which you arrived at the website (“referrer URL”)
- Access status (file transferred, file not found, etc.)
- Web browser and operating system used
- IP address of the requesting computer, anonymized if necessary
- Transmitted amount of data
We collect the listed data to ensure a smooth connection setup of the website and to enable a comfortable use of our website by the users. In addition, the log file is used to evaluate system security and stability and for administrative purposes.
The legal basis for the temporary storage of the data or the log files is Art. 6 para. 1 lit. f GDPR.
Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person. For reasons of technical security, in particular to defend against attempted attacks on our web server, we may store this data for a short period of time. After seven days at the latest, the data is anonymized by shortening the IP address at the domain level so that it is no longer possible to establish a link to the individual user. There is no evaluation of this data except for statistical purposes in anonymous form. A combination of this data with data from other data sources is not made.
In addition, we use cookies and analysis services when visiting our website. You can find more detailed explanations of this under points 3, 6 and 7 of this data protection declaration.
(1) Type of data processed
- Inventory data (e.g., names, addresses).
- Contact data (e.g., email, phone numbers).
- Content data (e.g., text inputs, photographs, videos).
- Use data (e.g., web pages visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
(2) Category of data subjects
Visitors and users of the online offer (Hereafter, we also refer to the data subjects collectively as “users”).
(3) Purpose of the processing
-
- Providing the online offer, its functions and content.
- Responding to contact requests and communication with users.
- Security measures.
- reach measurement/marketing
(4) Duration of storage of personal data
We store your data as long as it is needed for the respective processing purpose. Please note that numerous retention periods require that data (must) continue to be stored. This relates in particular to retention obligations under commercial or tax law (e.g. Commercial Code, Fiscal Code, etc.).
If there are no further retention obligations, the data is routinely deleted after the purpose has been achieved. In addition, we may retain data if you have given us your permission to do so or if legal disputes arise, and we use evidence under statutory limitation periods, which can be up to thirty years; the regular limitation period is three years.
2.2 Transfer of Data
There is no transfer of your personal data to third parties for purposes other than those listed below. Within our company, we ensure that only those persons receive your data who need them to fulfill contractual and legal obligations.
In certain cases, IT service providers support us in fulfilling our tasks. With all service providers, the necessary data protection contract has been concluded.
We will only disclose your personal data to third parties if:
-
- You have given your express consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR,
-
- the disclosure under Art. 6 para 1 p. 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to believe that you have an overriding legitimate interest in the non-disclosure of your data,
- in the event that a legal obligation exists for the disclosure pursuant to Art. 6 para. 1 p. 1 lit. c GDPR, as well as
this is legally permissible and required pursuant to Art. 6 para. 1 p. 1 lit. b GDPR for the processing of contractual relationships with you.
2.3 Data collection in the application process
We only process applicant data as part of the application process in accordance with the legal requirements. Applicant data is processed to fulfill our (pre-)contractual obligations in the context of the application process within the meaning of Art. 6 para. 1 lit. b, lit. f. GDPR, § 26 BDSG
The application procedure requires that applicants provide us with applicant data. The necessary applicant data is marked, if we offer an online form, and result from the job descriptions. Required are the personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, resume and the certificates. In addition, applicants may voluntarily provide us with additional information.
By submitting the application to us, applicants consent to the processing of their data for the purposes of the application process in the manner and to the extent set out in this privacy policy.
Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily communicated as part of the application process, their processing is also carried out in accordance with Art. 9 para. 2 lit. b GDPR (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants as part of the application process, their processing is also carried out in accordance with Art. 9 para. 2 lit. a GDPR (e.g. health data if this is necessary for the exercise of the profession).
If provided, applicants can submit their applications to us using an online form on our website. The data is transmitted to us encrypted in accordance with the state of the art. Also, applicants can submit their applications to us via e-mail.
Note that e-mails are not sent encrypted, and applicants themselves must ensure encryption. We are not responsible for the transmission path of the application between the sender and the reception on our server.
The data sent by the applicants via email is not encrypted.
The data provided by the applicants, will be transmitted to our recruitment clients at the request of the applicants. Our customers are themselves responsible for the careful processing of data within the framework of the GDPR and liable for violations.
The deletion of the applicant data takes place, subject to a justified revocation of the applicants, e.g. in the case of an explicit declaration to be contacted for further potential positions (via e-mail, via telephone) after the expiry of a period of six months, so that we can answer any follow-up questions about the application and satisfy our obligations to provide evidence under the Equal Treatment Act.
3. Cookies
Our website uses cookies, which are stored by the browser on your device and which contain certain settings for the use of the website (e.g. for the current session). Cookies are used to make our website more user-friendly, effective and secure.
Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called session cookies, which are automatically deleted after closing the browser. Other cookies remain stored on your terminal device until you delete them or the storage period expires. These cookies allow us to recognize your browser on your next visit.
In some cases, cookies are used to simplify website processes by storing settings (e.g. providing options that have already been selected). Insofar as individual cookies implemented by us also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of the contract or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you.
These cookies allow us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined time in each case.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, as well as activate the automatic deletion of cookies when closing the browser. The cookie settings can be managed under the following links for the respective browsers.
You can also individually manage the cookies of many companies and features that are used for advertising. To do so, use the appropriate user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.
Most browsers also offer a so-called “do-not-track” feature, which allows you to indicate that you do not want to be “tracked” by websites. When this feature is enabled, the respective browser tells ad networks, websites, and applications that you do not want to be tracked for the purpose of behavioral advertising and the like.
For information and instructions on how to edit this feature, depending on your browser provider, please see the links below:
In addition, you can prevent the loading of so-called scripts by default. No Script allows JavaScript’s, Java and other plugins to run only on trusted domains of your choice. For information and instructions on how to edit this feature, contact your browser vendor (e.g. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/).
Please note that if you disable cookies, the functionality of this website may be limited.
4. Contact forms
Personal data is collected when you contact us (e.g. via contact form or email). You can see which data is being collected from the respective contact form. These data are stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration.
The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR.
If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your request. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
5. Web Analytics
5.1 Tracking tools
The tracking measures listed below and used by us are based on Art. 6 para. 1 sentence 1 lit. f GDPR.
With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website.
On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
(1) Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of resmio GmbH, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout
This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in abbreviated form, making it impossible to relate them to a specific person. As far as the data collected about you a personal reference comes, this is excluded immediately and the personal data is deleted immediately.
We use Google Analytics to analyze and regularly improve the use of our website. Through the statistics obtained, we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f GDPR.
Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. user terms: https://marketingplatform.google.com/about/analytics/terms/de/, privacy overview: https://support.google.com/analytics/answer/6004245?hl=de&ref_topic=2919631, and Privacy Policy: https://policies.google.com/privacy?hl=de&gl=en.
(2) Google Adwords
We use “Google Ads” (formerly Google AdWords) on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.
Google Ads enables us to draw attention to our attractive offers with the help of advertising media on external websites. This allows us to determine how successful individual advertising measures are. These advertising media are delivered by Google via so-called “AdServers”. For this purpose, we use so-called AdServer cookies, which can be used to measure certain parameters for measuring success, such as display of the ads or clicks by users. If you access our website via a Google ad, Google Ads will store a cookie on your PC. These cookies usually lose their validity after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). These cookies allow Google to recognize your web browser.
If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each Ads customer. Cookies therefore cannot be tracked across Ads customers’ websites. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising tools; in particular, we cannot identify users based on this information. Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. According to our knowledge, Google receives the information that you have called up the relevant part of our website or clicked on an ad from us. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google, or have not logged in, there is a possibility that Google learns your IP address and stores it.
We use Google Ads for marketing and optimization purposes, in particular to display ads that are relevant and interesting to you, to improve campaign performance reports and to achieve a fair calculation of advertising costs. This is also our legitimate interest in the processing of the above data by the third-party provider. The legal basis is Art. 6 para. 1 p. 1 lit. f) GDPR.
You can prevent the installation of cookies by deleting existing cookies and disabling a storage of cookies in the settings of your web browser. We point out that in this case you may not be able to use all features of our website in full. Preventing the storage of cookies is also possible by setting your web browser to block cookies from the domain “www.googleadservices.com” (https://www.google.de/settings/ads). Please note that this setting will be deleted when you delete your cookies. In addition, you can disable interest-based ads via the link http://optout.aboutads.info. Please note that this setting will also be deleted when you delete your cookies.
Information from the third-party provider: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland. For more information on data use by Google, on setting and objection options, and on data protection, please refer to the following Google web pages:
Privacy policy: https://policies.google.com/privacy?hl=de&gl=en
Google website statistics: https://services.google.com/sitestats/de.html
(3) Google Maps
On our website we use Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Maps is a web service for displaying interactive (land) maps to visually display geographical information. Via the use of this service, our location is displayed to you and a possible approach is facilitated.
When you call up those sub-pages in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers and stored there; this may also involve transmission to the servers of Google LLC. in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.
The collection, storage and evaluation are carried out in accordance with Art. 6 para. 1 lit. f GDPR based on Google’s legitimate interest in the insertion of personalized advertising, market research and / or the needs-based design of Google websites. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
If you do not agree with the future transmission of your data to Google in the context of the use of Google Maps, there is also the possibility to completely disable the web service of Google Maps by turning off the application JavaScript in your browser. Google Maps and thus the map display on this website then cannot be used.
You can view Google’s terms of use at https://www.google.de/intl/de/policies/terms/regional.html, and the additional terms of use for Google Maps can be found at https://www. google.com/intl/en_US/help/terms_maps.html
For detailed privacy information related to the use of Google Maps, please visit Google’s website (“Google Privacy Policy”): https://www.google.de/intl/de/policies/privacy/.
(4) Meta Pixel, Custom Audiences and Facebook Conversion
As part of our website, we use the so-called “meta pixel” from Meta Platforms, Inc (formerly Facebook, Inc.), located at 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are located in the EU, Meta Platform Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, based on our legitimate interests in the analysis, optimization and economic operation of our website and for these purposes.
Meta Platforms, Inc. is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
With the help of the meta pixel, Meta can determine the visitors of our online offer as a target group for the display of advertisements (so-called “meta ads”).
Accordingly, we use the meta pixel to display the meta ads placed by us only to those users on Facebook and Instagram who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined because of the websites visited) that we transmit to Meta (so-called “custom audiences”).
With the help of the meta pixel, we also want to ensure that our meta ads correspond to the potential interest of users and are not annoying.
In addition, the meta pixel helps us to track the effectiveness of Facebook ads for statistical and market research purposes by showing us whether users were redirected to our website after clicking on an ad on Facebook and Instagram (so-called “conversion”).
Meta Platforms, Inc. processes the data in accordance with the Meta Data Usage Policy. Accordingly, general information on the presentation of Meta Ads, in Meta’s Data Usage Policy: https://www.facebook.com/policy.php.
Specific information and details about the meta pixel and how it works can be found in Meta’s help section: https://www.facebook.com/business/help/651294705016616.
You can object to the collection by the Meta pixel and use of your data to display advertisements on Facebook and Instagram, or prevent it directly by deactivating Meta tracking.
To set which types of advertisements are displayed to you within Facebook, you can go to the page set up by Meta and follow the instructions on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
(5) GetResponse for web analytics and email marketing
resmio uses GetResponse to send newsletters with marketing content. The provider is GetResponse Sp. z o.o., with a registered office in Gdańsk, Poland, ul. Arkonska 6, A3, 80-387 Gdańsk, website: https://www.getresponse.com (hereinafter “GetResponse”).
GetResponse is a service that can be used, among other things, to organize and analyze the sending of newsletters. The data entered for the purpose of receiving the newsletter is stored on the servers of GetResponse. Registration for the marketing newsletter takes place via the forms embedded on this website. Alternatively, enrollment is possible when registering to use our online reservation system. In both cases, the user must give explicit consent for data processing. Our newsletters sent with GetResponse allow us to analyze the behavior of newsletter recipients.
Hereby, among other things, it can be analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be determined whether a predefined action (e.g. purchase of a product, sharing of information on social media, unsubscribes) has taken place after clicking on the links in the newsletter. Furthermore, we can also record when a newsletter message was opened. This enables us to deliver newsletter mailings when the respective newsletter recipient is likely to be most active. The time zone of the newsletter recipient can also be considered in this regard.
GetResponse also gives us the ability to divide newsletter recipients into groups based on their interest. In this way, we can provide our newsletter recipients with content that is as interest-based as possible. For more information about GetResponse features, please visit: https://www.getresponse.com/features/email-marketing.
The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by clicking the “unsubscribe” link in the mails. The legality of the data processing operations already carried out remains unaffected by the revocation. The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers, as well as from the servers of GetResponse after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.
For more details, please refer to the privacy policy of GetResponse at: https://www.getresponse.com/legal/privacy.
We have entered into an order processing agreement with GetResponse, in which we require GetResponse to protect our customers’ data and not to disclose it to third parties.
6. Business-Related Processing
In addition, we process
-
- Contract data (e.g., subject of the contract, term, customer category).
- Payment data (e.g., bank details, payment history) of our customers, prospects and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
6.1 Provision of contractual services
We process the data of our contractual partners and interested parties as well as other clients, customers, clients, clients or contractual partners (uniformly referred to as “contractual partners”) in accordance with Art. 6 para. 1 lit. b. GDPR, in order to provide you with our contractual or pre-contractual services. The data processed in this context, the nature, scope and purpose and the necessity of their processing, are determined by the underlying contractual relationship.
The processed data includes the master data of our contractual partners (e.g., names and addresses), contact data (e.g., e-mail addresses and telephone numbers) as well as contractual data (e.g., services used, contract contents, contractual communication, names of contact persons) and payment data (e.g., bank details, payment history).
We do not process special categories of personal data as a matter of principle, unless these are components of a commissioned or contractual processing.
We process data that is necessary for the justification and fulfillment of the contractual services and point out the necessity of their disclosure, unless this is not evident to the contractual partners. Disclosure to external persons or companies is made only if it is necessary in the context of a contract. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client and the legal requirements.
In the context of the use of our online services, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the interests of users, in the protection against misuse and other unauthorized use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims pursuant to Art. 6 para. 1 lit. f. GDPR, or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c. GDPR.
The deletion of the data takes place when the data is no longer required for the fulfillment of contractual or legal duties of care as well as for dealing with any warranty and comparable obligations, whereby the necessity of the retention of the data is reviewed every three years; otherwise, the legal retention obligations apply.
6.2 Sign up
(1) Creation of a user profile:
You have the option to sign up for certain services provided on our website and thus create a user profile.
As part of the registration and setup process, we collect and use the following personal data:
- Name of the account holder
- Mobile phone number of the account holder
- Email address
- Restaurant name
- Street and house number (restaurant location)
- City (restaurant location)
- Phone number (restaurant location)
Your user account gives you the opportunity to use other parts of our website and log in for the offers you have purchased. The legal basis for data processing is, in the case of consent, Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 lit. b GDPR provided that the processing is necessary for the provision of the requested services (performance of the contract).
Your data will be deleted as soon as the user account on our website is deleted and insofar as no legal retention obligations exist. A change and / or deletion of their user account, including the data provided by you, you can usually make directly in your user account after logging in or by sending a message to the responsible person mentioned in the introduction.
(2) Coralogix
We use the service Coralogix for general logging of our application. The provider is Coralogix Ltd, 680 Folsom St., San Francisco CA, 94107.
The following personal data may be included in the logs: IP address, name, email address, phone number, address and other personal data of restaurant owners and guests. For this purpose, we have concluded a GDPR-compliant addendum to the data processing agreement with Coralogix. In it, Coralogix Ltd. undertakes to protect our customers’ data and not to pass it on to third parties.
The privacy policy of Coralogix can be found here: https://coralogix.com/privacy-policy/
(3) Facebook Connect
We offer you the possibility to register for our service with Facebook Connect. Thus, an additional registration is not necessary. To register, you will be redirected to the Facebook page, where you can log in with your usage data. This links your Facebook profile and our service. Through the link, we automatically receive data from your profile from Facebook Inc.
The following information is transmitted to us:
- Your public profile (everything that third parties can also easily see and learn about when you call up your Facebook profile),
- as well as your e-mail address.
Of this data, we use only your email address.
You can manually revoke access at any time via Facebook’s privacy features (opt-out). For more information about Facebook Connect and the privacy settings, please refer to the privacy guide lines and terms of use of Facebook Inc.
(4) Logging in with Google
We offer you the option to log in to our service using your Google account. An additional registration is then not required. To register, you will be redirected to the Google Inc. page, where you can log in with your usage data. This links your Google profile and our service. Through the link, we automatically receive data from your profile from Google Inc. The following information is transmitted to us:
Your public profile (everything that third parties can also easily see and find out when you call up your Google profile), as well as your e-mail address. Of this data, we use only your email address.
For more information on this and privacy settings, please see the privacy notices and terms of use of Google Inc.
(5) Sign in with Apple
We offer you the option to register and log in with us using your Apple account. An additional registration is then not required. To register, you use your Apple ID and your password stored with Apple. In the course of such registration, Apple, represented by Apple Inc, Infinite Loop, Cupertino, CA 95014, USA, processes data about you.
resmio stores the information that you have registered via the so-called “Sign in with Apple”. The following information is transmitted to us: Your public profile (everything that third parties can also easily see and learn about when you call up your Apple profile), as well as your email address. Of this data, we use only your email address.
For more information about this and privacy settings, please see the Apple Inc. privacy notice and terms of use.
6.3 Newsletter
If you would like to receive the newsletter offered on the website with regular information about our offers and products, we require your e-mail address as mandatory information.
For sending the newsletter, we use the so-called double opt-in procedure. This means that we will only send you our newsletter by e-mail if you have expressly confirmed that you consent to the sending of newsletters. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, want to receive newsletters in the future. With the confirmation, you give us your consent pursuant to Art. 6 para. 1 lit. a GDPR that we may use your personal data for the purpose of the desired newsletter dispatch.
When registering for the newsletter, we store, in addition to the e-mail address required for sending, the IP address through which you registered for the newsletter, as well as the date and time of registration and confirmation. The purpose of this procedure is to be able to prove their registration and, if necessary, to clarify a possible misuse of your personal data.
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. They can cancel the revocation by clicking, on the link provided in each newsletter email or by email to the responsible person designated above. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to the continued use of the collected data or the continued processing is otherwise permitted by law.
6.4 Contacting
If you send us your personal data via contact form (e.g. by contact form, e-mail, telephone or via in-app chat), your information will be stored for the purpose of processing the contact request and its handling.
We will not pass this data on to third parties under any circumstances. The legal basis for this is Art. 6 para. 1 p. 1 lit. b) GDPR.
6.5 Third-party providers
We currently use the services of the following providers:
(1) CRM system from Odoo
We use the CRM system of the provider Odoo, Chausseé de Namur 40, 1367 Ramillies, Belgium, to collect and manage contractual data of our customers. The legal foundation for this purpose lies in Art. 6. para. 1 lit. f. GDPR.
In doing so, we collect the following personal data:
- Personal master data (e.g. first name and last name of the interested party / customer).
- Communication data (business telephone number / e-mail address)
- Business-related conversations such as chat logs, emails).
- Contract master data (contractual relationship, product or contractual interest)
- Customer history (e.g. professional position of contact person, nationality)
- Contract billing data (account holder’s last name, first name and address, signature)
- Planning and control data (information data from third parties, e.g. credit agencies or from public directories).
You can find Odoo’s privacy policy here: https://www.odoo.com/privacy
(2) Hosting
The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services that we use for the purpose of operating our online offerings.
We, or our hosting provider, process the following services.
We, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer.
In the following, we provide specific information about the service providers used:
(2.1) Web hosting resmio.com / website
This website is operated on server systems of Hetzner Online GmbH, Industriestrasse 25, 91710 Gunzenhausen. Hetzner’s data centers are located in data center parks in Nuremberg and Falkenstein. In addition, Hetzner operates a data center in Helsinki, Finland.
Hetzner Online is certified according to DIN ISO/IEC 27001. The certificate demonstrates adequate security management, data security, confidentiality of information and availability of IT systems. For the purpose of providing and delivering the website, connection data is processed. For the mere purpose of delivery and provision of the website, the data is not stored beyond the call.
The legal basis for the data processing is the legitimate interest (absolute technical necessity for the provision and delivery of the service “website” explicitly requested by them through your call) in accordance with Art. 6 para. 1 lit. f GDPR.
For the operation of the website, the connection data and other personal data are additionally processed within the scope of various other functions or services. This is informed in detail within the framework of this privacy policy for the individual functions or services. The privacy policy of Hetzner Online AG is available at https://www.hetzner.com/legal/privacy-policy.
(2.2) Web hosting app.resmio.com / application
The app.resmio.com site is hosted using the “Heroku” service provided by hosting provider Salesforce.com, Inc. (The Landmark @ One Market, Suite 300, San Francisco, California 94105, USA). To ensure the smooth operation of our reservation and management solution and to optimize the user experience for users, we process content data, usage data, metadata and communication data of interested parties and visitors to these pages based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.
Salesforce.com, Inc. is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection levels. The privacy policy of the hosting provider can be found here: https://www.salesforce.com/company/privacy.
(2.3) Amazon Web Services Hosting
Our web application uses services from Amazon Web Services (AWS) Inc, located at 410 Terry Avenue, North Seattle, WA 98109, USA.
AWS supports our website through cloud-based delivery of website content. Information such as your (anonymized) IP and visit duration may also be transmitted. For this purpose, we have concluded a GDPR-compliant data processing addendum with AWS.
The personal data is transferred to the USA under the EU-US Privacy Shield Agreement based on the European Commission’s adequacy decision.
Further information on this and on AWS data protection measures can be found here: https://aws.amazon.com/compliance/eu-data-protection/.
(2.4) CloudAMQP
We use CloudAMQP from the provider 84codes AB, Sveavägen 98, 11350 Stockholm, Sweden. Through CloudAMQP, we can transfer and temporarily store certain pending processes in the reservation and yield management system, some of which are computationally intensive, in a kind of “data queue” at CloudAMQP.
Examples include background processes such as sending newsletters, sending automated feedback mailings and email notifications, and importing customer data by the user. Any waiting times for the user are reduced to a minimum through the use of CloudAMQP. In this context, we have a legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR).
We have concluded a so-called “Data Processing Agreement” with the provider 84codes AB, which obliges the provider to protect the data of our users, to process it on our behalf in accordance with their data protection provisions and, in particular, not to pass it on to third parties.
The privacy policy of CloudAMQP can be viewed at the link.
(2.5) DigitalOcean
We use DigitalOcean (Digital Ocean LLC, 101 Avenue of the Americas, 10th Floor, New York, NY 10013) as a cloud hosting service provider for Sentry, a software error logging system. Depending on the nature of the problem, logged error messages may contain personal data in addition to technical information. Corresponding data could be transmitted to DigitalOcean as a result.
We have concluded a so-called “data processing agreement” with DigitalOcean LLC.
For more information on data security, please see https://www.digitalocean.com/security/gdpr/.
(2.6) OpenRedis
To reduce the load on the database for maintaining our services related to our software, we sub-store the so-called “cache” (buffer memory).
For this purpose, we use the Redis hosting solution of the provider OpenRedis, controlled and operated by the company Amakawa Pte. Ltd. (Reg. No. 201226194W), located at 16 Raffles Quay #33-03 Hong Leong Building, Singapore, 048581.
Our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in using a hosting service for our database is to optimize the provision of our services.
Further information on data security can be found here: https://openredis.com/privacy.
(3) Vonage
For sending SMS, we use Vonage. The provider is Vonage B.V., Prins Bernhardplein 200, 1097 JB Amsterdam, The Netherlands.
The service includes notifications about incoming reservations, which are sent to the resmio user via SMS. Against this background, specific reservation data (name of the customer), the phone number of the customer and user as well as other data necessary for sending the SMS are transmitted to the service.
The transfer takes place in accordance with Art. 6 para. 1 lit. b GDPR and only insofar as this is necessary for sending the message. We have concluded a “Data Processing Agreement” with Vonage B.V. (formerly: Nexmo Pte Ltd.), in which we oblige Vonage to protect our customers’ data and not to pass it on to third parties.
The Nexmo / Vonage privacy policy can be found here: https://www.vonage.com/legal/privacy-policy/
(4) Intercom (live chat)
To communicate via live chat or to answer your support requests, we use Intercom, a service of Intercom, Inc, 98 Battery Street, Suite 402, San Francisco, CA 94111, USA (hereinafter referred to as “Intercom”) on our website and the web application.
For this purpose, we transmit your name, your e-mail address and your IP address to the Intercom servers. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b) GDPR.
Intercom also processes your data in the USA, among other places. Against this background, the provider has submitted to the EU-US Data Privacy Framework, which regulates the transfer of personal data of EU citizens to the USA.
The Intercom Data Processing Terms (Data Protection Agreement), which corresponds to the standard contractual clauses, can be found at: https://www.intercom.com/legal/data-processing-agreement
Detailed information on data protection at Intercom can be found at https://www.intercom.com/legal/privacy.
(5) Amazon SES (Simple Email Service) / Amazon SNS (Simple Notification Service)
We use Amazon SES (Simple Email Service) for sending emails in our web application. The provider is Amazon Web Services, Inc. 410 Terry Avenue North, Seattle, WA 98109, USA. Email delivery by the provider Amazon SES is preferably handled via the server location in Frankfurt, Germany.
Via Amazon SES, we are able to send automated transactional emails to our customers (usually restaurant operators) and their guests. Examples of transactional emails are reservation notifications, order confirmations and invoices. We also use Amazon SES within the web application to send regular newsletters and other periodic emails.
With the help of Amazon SNS (Simple Notification Service), we can analyze the sending of e-mails. This allows us to determine whether a message has been opened and which links, if any, have been clicked on. Technical information is also recorded (e.g. time of retrieval, IP address, browser type and operating system). They are used exclusively for the statistical analysis of messages. The results of these analyses can be used to better identify delivery problems.
The legal basis for processing the data is our legitimate interest in providing the service in accordance with Art. 6 para. 1 lit. f GDPR.
The above-mentioned provider offers a GDPR-compliant data processing addendum (DPA), which contains the standard contractual clauses for the transfer of data outside the European Economic Area. The AWS GDPR DPA is included in the AWS Terms of Service and automatically applies to all customers worldwide who must comply with the GDPR.
The Amazon SES and Amazon SNS Privacy Policy can be found at the following address: https://aws.amazon.com/compliance/data-privacy/
(6) Pusher
Pusher is a websocket technology by MessageBird UK Limited (formerly Pusher Ltd), 160 Old Street, EC1V 9BW London , which serves resmio for real-time exchange between backend and various frontends (WebApp / iPad App). The data transmitted via Pusher may include the following personal data: Email address, name, address, phone number, IP address.
Here you can find more information about Pusher and the Privacy Policy.
(7) GitHub
We use GitHub for bug and issue management. For this purpose, personal data is collected for bug description in the form of tickets.
You can find GitHub’s privacy policy at: https://help.github.com/articles/github-privacy-statement/
(8) Firebase
To better understand and optimize user behavior in the apps, we use Firebase. Here, user data is transmitted anonymously to Firebase.
In addition, other functions of Firebase are also used, which enable a better user experience or an evaluation of error causes in the apps as well as push notifications. Firebase is a subsidiary of Google.
The privacy policy can be found at https://policies.google.com/privacy. The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. f GDPR.
(9) Sentry
We use the Sentry service (Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA) to improve the technical stability of our service by monitoring system stability and detecting code errors. Personal information may be collected as part of the code errors.
For more information, please see Sentry’s privacy policy: https://sentry.io/privacy/
(10) Crashlytics (Fabric)
To better troubleshoot technical issues related to our resmio Tables iPad app, we use Fabric.
This is an analytics service provided by Google, Inc. Fabric collects technical information about each device (such as operating system and model) and gives us immediate insight into which versions of our app are being used.
For more information, please see Fabric’s Terms of Use: https://fabric.io/terms
(11) Zapiery
We use Zapier, a service provided by Zapier Inc, 548 Market St #62411, San Francisco, California 94104, USA, to integrate various databases and tools.
The following personal information may be shared: Email address, name, address, phone number, IP address.
For more information about Zapier’s privacy practices, please visit: https://zapier.com/privacy/
(12) Aircall (VoIP service)
To handle service requests via our support hotline and for communication by phone, resmio uses the cloud telephone system of the company “Aircall”, located at 42, Rue du Faubourg Poissonnière, 75010, Paris, France. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b) GDPR.
Aircall fulfills the minimum requirements for legally compliant data processing and is subject to the European data protection directives.
The data transmitted via Aircall may contain the following personal data name, phone number, IP address.
We have concluded a “Data Processing Agreement” (DPA) with Aircall on the data protection-compliant use of your data. This is a contract in which Aircall undertakes to protect the data of our users, to process it on our behalf in accordance with their data protection regulations and, in particular, not to pass it on to third parties.
You can view the DPA provided by Aircall and the privacy policy here: https://aircall.io/privacy/
(13) Gmail for email communication
The G-Mail service is used to receive and respond to emails for support purposes. The provider is Google LLC. of 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Google is certified under the US-EU data protection agreement “Privacy Shield” and thus undertakes to comply with EU data protection requirements. Furthermore, we have concluded a “Data Processing Agreement” with Google. This is a contract in which Google undertakes to protect the data of our users, to process it on our behalf in accordance with their data protection provisions and, in particular, not to pass it on to third parties.
The privacy policy of Google LLC can be found at https://policies.google.com/privacy?hl=en
(14) Smartlook
We use Smartlook to analyze user behavior and optimize our web application, app.resmio.com. The provider is Smartlook.com, s.r.o., Šumavská 524/31, 602 00 Brno, Czech Republic.
The legal basis for data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. a GDPR.
With Smartlook, only your mouse and scroll movements and clicks are recorded anonymously on this page. Smartlook uses this information to create so-called heat maps, which can be used to determine which areas of our web application users prefer to look at and use. Furthermore, we can determine how long you stayed on a page and when you left it.
We can also determine at which point you aborted your entries in a contact form (so-called conversion funnels). This function serves to improve the website operator’s web offerings.
You can opt out of Smartlook’s data collection via the dedicated website or by removing the browser cookies.
The data collected is stored for a period of 30 days and then deleted by Smartlook.
For more information about Smartlook and the data that can be collected, please see the following link: https://help.smartlook.com/docs/privacy-policy
7. Social Media Links
We currently use the following social media plugins: Facebook, Instagram, X (formerly Twitter), Xing, LinkedIn, YouTube, Pinterest.
We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plugins. You can recognize the provider of the plug-in via the marking on the box above its initial letter or logo. We open up the possibility for you to communicate directly with the provider of the plug-in via the button. Only if you click on the marked box and thereby activate it, the plug-in provider receives the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned in section 2.1 of this declaration is transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection.
Thus, by activating the plug-in, personal data is transmitted from you to the respective plug-in provider and stored there (in the case of US providers in the USA). Since the plug-in provider collects the data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the grayed-out box.
We have no influence on the plug-in provider.
We have no control over the data collected and data processing operations, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.
The plug-in provider stores the data collected about you as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (as well for users who are not logged in) for the display of tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Via the plugins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plugins is Art. 6 para. 1 p. 1 lit. f GDPR.
The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be directly assigned to your account existing with the plug-in provider. If you click the activated button and link to the page, for example, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this allows you to avoid an assignment to your profile with the plug-in provider.
For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the privacy statements of these providers, which are communicated below. There, you will also receive further information about your rights in this regard and setting options for protecting your privacy.
Addresses of the respective plug-in providers and URL with their privacy notices:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; additional information on data collection: http://www.facebook. com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
b) Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) Privacy Policy: http://instagram.com/about/legal/privacy/. Configuration of advertising and cookie settings can be made through the Network Advertising Initiative at http://www.networkadvertising.org/managing/opt_out.asp, the Digital Advertising Alliance at http://www.aboutads.info/ or the European Digital Advertising Alliance at http://youronlinechoices.eu/.
c) X (formerly Twitter) (Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland), Privacy Policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization
d) Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany), Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung, Opt-Out: https://nats.xing.com/optout.html?popup=1&locale=en_DE
e) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
f) Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA), Privacy Policy: https://about.pinterest.com/de/privacy-policy, Opt-Out: Please use the “Do Not Track” feature of your browser.
g) Google/YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated,
8. Embedding of YouTube videos
We embed videos of the platform “YouTube” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA on our websites.
When playing the video, Youtube sets cookies to collect information about user behavior. These are used, for example, to improve the user-friendliness of the YouTube offer and to prevent misuse. If you have a Google account and are logged in to it, the videos you watch are assigned to your Google account.
The data processing by Google is governed by any contractual relationship that may exist between you and Google or the privacy policy of Google, which you can access athttps://policies.google.com/privacy?hl=en&gl=en. There you will also receive information about the right of withdrawal against the processing to which you are entitled by law.
A contract has been concluded with Google in accordance with the EU standard contractual clauses to ensure an adequate level of data protection when transferring personal data to third countries.
By clicking on the play button of a YouTube video embedded on our websites, you consent to the one-time data processing for playing the corresponding video. The legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR.
You can revoke your consent at any time. To terminate the data processing by YouTube, please contact Google directly. For more information, please see https://policies.google.com/privacy?hl=en&gl=en.
9. Analysis and market research
To operate our business economically, to be able to identify market trends, customer and user preferences, we analyze the data we have on business transactions, contracts, inquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata based on Art. 6 para. 1 lit. f. GDPR whereby the data subjects include customers, interested parties, business partners, visitors and users of the online offer.
The analyses are carried out for the purpose of business evaluations, marketing and market research. In doing so, we may consider the profiles of registered users with details of, for example, their purchase transactions. The analyses serve us to increase the user-friendliness, the optimization of our offer and the business management. The analyses are processed exclusively by resmio and are not disclosed externally, unless they are anonymous analyses with aggregated values.
If these analyses or profiles are personal, they will be deleted or anonymized upon user termination, otherwise two years after termination. Otherwise, the overall business analyses and general trend determinations are created anonymously whenever possible.
10. Payment providers
10.1 PayPal
We enable guests of our customers (generally restaurant operators) to process payments via the payment service provider PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). Payments can be collected via resmio for reservations, online orders or ticket purchases, for example.
This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f GDPR). In this context, we pass on the following data to PayPal insofar as it is necessary for the fulfillment of the contract (Art. 6 para. 1 lit. b. GDPR):
- First name
- surname
- IP address
- e-mail address
- any other data required for payment processing.
The processing of the data specified in this section is neither legally nor contractually required. We cannot process a payment via PayPal without the transmission of your personal data.
PayPal carries out a credit check for various services such as payment by direct debit to ensure your willingness and ability to pay. This corresponds to PayPal’s legitimate interest (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the execution of the contract (pursuant to Art. 6 para. 1 lit. b GDPR). For this purpose, your data (name, address and date of birth, bank account details) will be passed on to credit agencies. We have no influence on this process and only receive the result whether the payment has been made or rejected or whether a review is pending.
Further information on objection and removal options vis-à-vis PayPal can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
10.2 Stripe
If you pay by credit card, your credit card data will not be stored by us, but will be passed on in encrypted form to the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland and processed by Stripe.
Stripe processes the following information in this process:
In terms of all transactions:
-
- Date of the transaction,
- Money amount of the transaction.
- Status of the transaction (accepted/rejected)
When paying by credit card:
-
- Credit card origin (only the last four digits are visible to us and stored by Stripe),
- The IP address through which the order was placed to identify fraudulent transactions
-
- The expiration date of the card (month and year)
- Country of origin of the credit card
- Type of credit card (credit or debit)
- Name of the credit card company (Visa, American Express, Mastercard…)
For payment via SEPA:
-
- IBAN
- Name and first name of the account holder
You can access the most current privacy information about Stripe and supplemental information on this website: https://stripe.com/de/privacy. We also use the above data for statistical analysis of our website. The processing is carried out in accordance with Art. 6 para. 1 p. 1 letter b GDPR for the performance of a contract with you or for legitimate interests in accordance with Art. 6 para. 1 p. 1 letter f GDPR. The data will only be processed as long as it is necessary for the aforementioned purposes. The financial information is stored exclusively at Stripe. We have no access to this.
10.3 Ayden
We use Adyen to process payments via resmio. If you decide, for instance, on a fee-based plan with resmio or book an add-on / service and opt for a payment method from the payment service provider Adyen (e.g. SEPA direct debit), payment processing will be handled by the Dutch service Adyen B.V., Simon Carmiggeltstraat 6 – 50 DJ Amsterdam, the Netherlands.
We will pass on to Adyen the information you provide during the ordering process together with the details of your order (name, address, IBAN, BIC, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR.
Your data will only be passed on for the purpose of payment processing with Adyen and only to the extent that it is necessary for this purpose.
You can find Ayden’s privacy policy with further details at: https://www.adyen.com/privacy-policy
10.4 Worldline (formerly Bambora)
We allow guests of our customers (generally restaurant operators) to process payments via Worldline PayPal (formerly Bambora). The provider is Worldline S.A., Tour Voltaire, 1 Place des Degrés, CS 81162, 92059 Paris, France.
To accept payments via Worldline, resmio customers need to link an existing business account with Worldline to their resmio account. Thereafter, customers’ guests are able, for example, to pay any expenses for reservations, online orders or ticket purchases via Worldline.
Your data is transmitted based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract).
You have the option of withdrawing your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations in the past.
11. Duration of the storage of personal data
The duration of the storage of personal data is measured by the relevant statutory retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. Insofar as data is required for the fulfillment or initiation of a contract or there is a legitimate interest on our part in the continued storage, the data will be deleted if they are no longer required for these purposes, or you have exercised your right of revocation or objection.
12. Your rights as data subject
Data protection law grants you comprehensive data subject rights towards the controller regarding the processing of your personal data, about which we inform you below.
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved. the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing and the right to be informed of the safeguards pursuant to Art. 46 GDPR relating to the transfer of your data to third countries;
- pursuant to Art. 16 GDPR, to demand the rectification of inaccurate personal data concerning you and/or the completion of your personal data stored by us without undue delay
- in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims
- in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it, and we no longer need the data, but you need it to assert, exercise or defend legal claims, or you have lodged an objection in accordance with Art. 21 GDPR for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;
- assert the right to rectification, erasure or restriction of processing against the controller pursuant to Art. 19 GDPR and the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about this recipient;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller, where technically feasible
- in accordance with Art. 7 para. 3 GDPR, to withdraw your consent at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
- pursuant to Art. 77 GDPR, if you believe that the processing of personal data concerning you infringes the GDPR, without prejudice to any other administrative or judicial remedy, the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
13. Right to object
If your personal data is processed by us based on legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR, you have the right to object at any time pursuant to Art. 21 GDPR, with effect for the future, to the processing of your personal data, provided that there are grounds for doing so that arise from your particular situation.
If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to further processing if we can demonstrate compelling legitimate grounds for the processing which override your interests, fundamental rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.
If your personal data is processed by us for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing. You can exercise the objection as described above. If you exercise your right to object, we will stop processing the data concerned for direct marketing purposes.
Please send the objection to support@resmio.com.
14. Data Security
This website uses for security reasons and to protect the transmission of personal data and other confidential content (eg: Requests to the responsible person a SSL or TLS encryption. You can recognize an encrypted connection by the string https:// and the lock symbol in your browser line. We also use appropriate technical and organizational security measures to protect your data against loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in accordance with technological developments.
15. Links to other providers
Our website also contains – clearly recognizable – links to the Internet presences of other companies. Insofar as links to websites of other providers are present, we have no influence on their content. Therefore, no guarantee and liability can be assumed for these contents. For the content of these pages is always the respective provider or operator of the pages responsible.
The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal contents were not recognizable at the time of linking. However, a permanent control of the contents of the linked pages is not reasonable without concrete evidence of a violation of the law. If we become aware of any infringements, such links will be removed immediately.
16. Validity of and modifications to this privacy policy
This privacy policy is currently valid and has the status October 2024.
Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy.
The current data protection statement can be accessed and printed out by you at any time on the website at https://www.resmio.com/datenschutzerklaerung/ (in German).
***