1. general information
Thank you for your interest in resmio. The protection of your personal data is important to us.
In the following, you will find information on the handling of your personal data, which is processed through the use of our online offer https://www.resmio.com and websites, functions and content linked to it. Personal data is any data with which you can be personally identified.
The processing is carried out in accordance with the legal regulations on data protection, in accordance with the regulations of the General Data Protection Regulation (“DS-GVO”) and the Federal Data Protection Act (“BDSG”).
1.1 Contact details of the responsible person
This data protection information applies to data processing by:
- resmio GmbH
- Katzwanger Straße 150
- 90461 Nuremberg / Germany
- + 49 911 3749230
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.2 Contact details of the data protection officer
- PROLIANCE GmbH / www.datenschutzexperte.de
- Data protection officer
- Leopoldstr. 21
- 80802 Munich / Germany
1.3 Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g., if a transfer of data to third parties, such as payment service providers, according to Art. 6 para. 1 lit. b DSGVO is necessary for the performance of the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called “order processing agreement”, this is done on the basis of Art. 28 DSGVO.
1.4 Transfer to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or do so in the context of using third-party services or disclosing, or transferring data to, third parties, this will only be done if it is done in order to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests.
Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special requirements of Art. 44 et seq. DSGVO process. I.e. the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
2. Information on the processing of personal data
2.1 Data collection when you visit our website
When you merely call up our website, i.e. when you do not register or otherwise transmit information to us, we only process data that your browser transmits to our server (“server log files”). This information is stored temporarily in a log file. When you access our website, we collect the following data without your intervention in order to display the website to you:
- Our visited website
- The date and time at the time of access
- Source or reference from which you arrived at the website (“referrer URL”)
- Access status (file transferred, file not found, etc.)
- Web browser and operating system used
- IP address of the requesting computer, anonymized if necessary
- Transmitted amount of data
We collect the listed data to ensure a smooth connection setup of the website and to enable a comfortable use of our website by the users. In addition, the log file is used to evaluate system security and stability and for administrative purposes.
The legal basis for the temporary storage of the data or the log files is Art. 6 para. 1 lit. f DSGVO.
Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person. For reasons of technical security, in particular to defend against attempted attacks on our web server, we may store this data for a short period of time. After seven days at the latest, the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user. There is no evaluation of this data except for statistical purposes in anonymous form. A combination of this data with data from other data sources is not made.
(1) Type of data processed
- Inventory data (e.g., names, addresses).
- Contact data (e.g., email, phone numbers).
- Content data (e.g., text inputs, photographs, videos).
- Use data (e.g., web pages visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
(2) Category of data subjects
Visitors and users of the online offer (Hereafter, we also refer to the data subjects collectively as “users”).
(3) Purpose of the processing
- Providing the online offer, its functions and content.
- Responding to contact requests and communication with users.
- Security measures.
- reach measurement/marketing
(4) Duration of storage of personal data
We store your data as long as it is needed for the respective processing purpose. Please note that numerous retention periods require that data (must) continue to be stored. This relates in particular to retention obligations under commercial or tax law (e.g. Commercial Code, Fiscal Code, etc.).
If there are no further retention obligations, the data is routinely deleted after the purpose has been achieved. In addition, we may retain data if you have given us your permission to do so or if legal disputes arise and we use evidence under statutory limitation periods, which can be up to thirty years; the regular limitation period is three years.
2.2 Transfer of Data
There is no transfer of your personal data to third parties for purposes other than those listed below. Within our company, we ensure that only those persons receive your data who need them to fulfill contractual and legal obligations.
In certain cases, IT service providers support us in fulfilling our tasks. With all service providers, the necessary data protection contract has been concluded.
We will only disclose your personal data to third parties if:
- You have given your express consent in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO,
- the disclosure under Art. 6 para 1 p. 1 lit. f DSGVO is necessary for the assertion, exercise or defense of legal claims and there is no reason to believe that you have an overriding legitimate interest in the non-disclosure of your data,
- in the event that a legal obligation exists for the disclosure pursuant to Art. 6 para. 1 p. 1 lit. c DSGVO, as well as
this is legally permissible and required pursuant to Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you.
2.3 Data collection in the application process
We process applicant data only as part of the application process in accordance with the legal requirements. Applicant data is processed in order to fulfill our (pre-)contractual obligations within the scope of the application procedure in accordance with Art. 6 para. 1 lit. b, lit. f. DSGVO, § 26 BDSG.
The application procedure requires that applicants provide us with applicant data. The necessary applicant data are marked, if we offer an online form, and result from the job descriptions. Required are the personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, resume and the certificates. In addition, applicants may voluntarily provide us with additional information.
As far as special categories of personal data in the sense of Art. 9 para. 1 DSGVO are voluntarily communicated in the context of the application procedure, their processing is additionally carried out according to Art. 9 para. 2 lit. b DSGVO (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 (1) DSGVO are requested from applicants as part of the application process, their processing is additionally carried out in accordance with Art. 9 (2) lit. a DSGVO (e.g. health data, if this is necessary for the exercise of the profession).
If provided, applicants can submit their applications to us using an online form on our website. The data is transmitted to us encrypted in accordance with the state of the art. Also, applicants can submit their applications to us via e-mail.
Note that e-mails are not sent encrypted and applicants themselves must ensure encryption. We are not responsible for the transmission path of the application between the sender and the reception on our server.
The data sent by the applicants via email is not encrypted.
The data provided by the applicants, will be transmitted to our recruitment clients at the request of the applicants. Our customers are themselves responsible for the careful processing of data within the framework of the DSGVO and liable for violations.
The deletion of the applicant data takes place, subject to a justified revocation of the applicants, e.g. in the case of an explicit declaration to be contacted for further potential positions (via e-mail, via telephone) after the expiry of a period of six months, so that we can answer any follow-up questions about the application and satisfy our obligations to provide evidence under the Equal Treatment Act.
Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called session cookies, which are automatically deleted after closing the browser. Other cookies remain stored on your terminal device until you delete them or the storage period expires. These cookies allow us to recognize your browser on your next visit.
In some cases, cookies are used to simplify website processes by storing settings (e.g. providing options that have already been selected). Insofar as individual cookies implemented by us also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO either for the performance of the contract or in accordance with Art. 6 para. 1 lit. f DSGVO to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
These cookies allow us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined time in each case.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, as well as activate the automatic deletion of cookies when closing the browser. The cookie settings can be managed under the following links for the respective browsers.
- Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
- Chrome: https://support.google.com/chrome/answer/95647?hl=de&co=GENIE.Platform=Desktop
- Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
- Opera: https://help.opera.com/de/latest/web-preferences/
You can also individually manage the cookies of many companies and features that are used for advertising. To do so, use the appropriate user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.
Most browsers also offer a so-called “do-not-track” feature, which allows you to indicate that you do not want to be “tracked” by websites. When this feature is enabled, the respective browser tells ad networks, websites, and applications that you do not want to be tracked for the purpose of behavioral advertising and the like.
For information and instructions on how to edit this feature, depending on your browser provider, please see the links below:
- Google Chrome: https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=en
- Mozilla Firefox: https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen
- Internet Explorer: https://support.microsoft.com/de-de/help/17288/windows-internet-explorer-11-use-do-not-track
- Opera: https://help.opera.com/en/opera36/be-safe-and-private/#notrack
- Safari: https://support.apple.com/de-de/guide/safari/sfri40732/mac
Please note that if you disable cookies, the functionality of this website may be limited.
4. contact form
When contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form is evident from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f DSGVO.
If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO. Your data will be deleted after final processing of your request. This is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
5. Analysis tools
5.1 Tracking tools
The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 p. 1 lit. f DSGVO. With the tracking measures used, we want to ensure a needs-based design and continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate in the sense of the aforementioned provision.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
(1) Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of resmio GmbH, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in abbreviated form, making it impossible to relate them to a specific person. As far as the data collected about you a personal reference comes, this is excluded immediately and the personal data is deleted immediately.
We use Google Analytics to analyze and regularly improve the use of our website. Through the statistics obtained, we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f DS-GVO.
(2) Google Adwords
We use “Google Ads” (formerly Google AdWords) on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.
Google Ads enables us to draw attention to our attractive offers with the help of advertising media on external websites. This allows us to determine how successful individual advertising measures are. These advertising media are delivered by Google via so-called “AdServers”. For this purpose, we use so-called AdServer cookies, which can be used to measure certain parameters for measuring success, such as display of the ads or clicks by users. If you access our website via a Google ad, Google Ads will store a cookie on your PC. These cookies usually lose their validity after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). These cookies allow Google to recognize your web browser.
If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked across Ads customers’ websites. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising tools; in particular, we cannot identify users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. According to our knowledge, Google receives the information that you have called up the relevant part of our website or clicked on an ad from us. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google, or have not logged in, there is a possibility that Google learns your IP address and stores it.
We use Google Ads for marketing and optimization purposes, in particular to display ads that are relevant and interesting to you, to improve campaign performance reports and to achieve a fair calculation of advertising costs. This is also our legitimate interest in the processing of the above data by the third-party provider. The legal basis is Art. 6 para. 1 p. 1 lit. f) DSGVO.
You can prevent the installation of cookies by deleting existing cookies and disabling a storage of cookies in the settings of your web browser. We point out that in this case you may not be able to use all features of our website in full. Preventing the storage of cookies is also possible by setting your web browser to block cookies from the domain “www.googleadservices.com” (https://www.google.de/settings/ads). Please note that this setting will be deleted when you delete your cookies. In addition, you can disable interest-based ads via the link http://optout.aboutads.info. Please note that this setting will also be deleted when you delete your cookies.
Information from the third-party provider: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland. For more information on data use by Google, on setting and objection options, and on data protection, please refer to the following Google web pages:
Google website statistics: https://services.google.com/sitestats/de.html
(3) Google Maps
On our website we use Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Maps is a web service for displaying interactive (land) maps to visually display geographical information. Via the use of this service, our location is displayed to you and a possible approach is facilitated.
When you call up those sub-pages in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers and stored there; this may also involve transmission to the servers of Google LLC. in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.
The collection, storage and evaluation are carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of Google’s legitimate interest in the insertion of personalized advertising, market research and / or the needs-based design of Google websites. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
(4) Facebook Pixel, Custom Audiences and Facebook Conversion
Within our online offer, the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes.
Facebook is certified under the Privacy Shield agreement, thereby providing a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). With the help of the Facebook pixel, it is possible for Facebook, on the one hand, to determine the visitors to our online offer as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Facebook (so-called “Custom Audiences”).
With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. With the help of the Facebook pixel, we can further track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).
The processing of data by Facebook takes place within the framework of Facebook’s data use policy. Accordingly, general notes on the display of Facebook ads, in Facebook’s data use policy: https://www.facebook.com/policy.php.
For specific information and details about the Facebook Pixel and how it works, visit Facebook’s help section: https://www.facebook.com/business/help/651294705016616.
You can opt-out or directly prevent the collection by the Facebook pixel and use of your data to display Facebook ads by disabling Facebook tracking here. To adjust which types of ads are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there regarding the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are done in a platform-independent manner, meaning that they are applied to all devices, such as desktop computers or mobile devices.
(5) Use of GetResponse for web analytics and email marketing
resmio uses GetResponse to send newsletters with marketing content. The provider is GetResponse Sp. z o.o., with registered office in Gdansk, Poland, ul. Arkonska 6, A3, 80-387 Gdansk, website: https://www.getresponse.de (hereinafter “GetResponse”).
GetResponse is a service that can be used, among other things, to organize and analyze the sending of newsletters. The data entered for the purpose of receiving the newsletter is stored on the servers of GetResponse. Registration for the marketing newsletter takes place via the forms embedded on this website. Alternatively, enrollment is possible when registering to use our online reservation system. In both cases, the user must give explicit consent for data processing. Our newsletters sent with GetResponse allow us to analyze the behavior of newsletter recipients.
Hereby, among other things, it can be analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be determined whether a predefined action (e.g. purchase of a product, sharing of information on social media, unsubscribes) has taken place after clicking on the links in the newsletter. Furthermore, we can also record when a newsletter message was opened. This enables us to deliver newsletter mailings when the respective newsletter recipient is likely to be most active. The time zone of the newsletter recipient can also be taken into account in this regard.
GetResponse also gives us the ability to divide newsletter recipients into groups based on their interest. In this way, we can provide our newsletter recipients with content that is as interest-based as possible. For more information about GetResonse features, please visit: https://www.getresponse.de/email-marketing/funktionen/e-mail-marketing.
We have entered into an order processing agreement with GetResponse, in which we require GetResponse to protect our customers’ data and not to disclose it to third parties.
6. Business-Related Processing
In addition, we process
- Contract data (e.g., subject matter of the contract, term, customer category).
- Payment data (eg, bank details, payment history) of our customers, prospects and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
6.1 Provision of contractual services
We process the data of our contractual partners and interested parties as well as other clients, customers, clients, clients or contractual partners (uniformly referred to as “contractual partners”) in accordance with Art. 6 para. 1 lit. b. DSGVO, in order to provide you with our contractual or pre-contractual services. The data processed in this context, the nature, scope and purpose and the necessity of their processing, are determined by the underlying contractual relationship.
The processed data includes the master data of our contractual partners (e.g., names and addresses), contact data (e.g., e-mail addresses and telephone numbers) as well as contractual data (e.g., services used, contract contents, contractual communication, names of contact persons) and payment data (e.g., bank details, payment history).
We do not process special categories of personal data as a matter of principle, unless these are components of a commissioned or contractual processing.
We process data that are necessary for the justification and fulfillment of the contractual services and point out the necessity of their disclosure, unless this is not evident to the contractual partners. Disclosure to external persons or companies is made only if it is necessary in the context of a contract. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client and the legal requirements.
In the context of the use of our online services, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the interests of users in the protection against misuse and other unauthorized use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims pursuant to Art. 6 para. 1 lit. f. DSGVO or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c. DSGVO.
The deletion of the data takes place when the data is no longer required for the fulfillment of contractual or legal duties of care as well as for dealing with any warranty and comparable obligations, whereby the necessity of the retention of the data is reviewed every three years; otherwise, the legal retention obligations apply.
(1) Creation of a user profile:
You have the option to register for certain services provided on our website and thus create a user profile. As part of the registration and setup process, we collect and use the following personal data:
- Name of the account holder
- Mobile phone number of the account holder
- Email address
- Restaurant name
- Street and house number (restaurant location)
- City (restaurant location)
- Phone number (restaurant location)
Your user account gives you the opportunity to use other parts of our website and log in for the offers you have purchased. The legal basis for data processing is, in the case of consent, Art. 6 para. 1 lit. a DSGVO or Art. 6 para. 1 lit. b DSGVO, provided that the processing is necessary for the provision of the requested services (performance of the contract).
Your data will be deleted as soon as the user account on our website is deleted and insofar as no legal retention obligations exist. A change and / or deletion of their user account, including the data provided by you, you can usually make directly in your user account after logging in or by sending a message to the responsible person mentioned in the introduction.
We use the service Coralogix for general logging of our application. The provider is Coralogix Ltd, 680 Folsom St., San Francisco CA, 94107. The following personal data may be included in the logs: IP address, name, email address, phone number, address and other personal data of restaurant owners and guests. For this purpose, we have concluded a DSGVO-compliant addendum to the data processing agreement (“Data Processing Agreement”) with Coralogix. In it, Coralogix Ltd. undertakes to protect our customers’ data and not to pass it on to third parties.
(3) Facebook Connect
We offer you the possibility to register for our service with Facebook Connect. Thus, an additional registration is not necessary. To register, you will be redirected to the Facebook page, where you can log in with your usage data. This links your Facebook profile and our service. Through the link, we automatically receive data from your profile from Facebook Inc. The following information is transmitted to us:
Your public profile (everything that third parties can also easily see and learn about when you call up your Facebook profile), as well as your e-mail address. Of this data, we use only your email address.
(4) Logging in with Google
We offer you the option to log in to our service using your Google account. An additional registration is then not required. To register, you will be redirected to the Google Inc. page, where you can log in with your usage data. This links your Google profile and our service. Through the link, we automatically receive data from your profile from Google Inc. The following information is transmitted to us:
Your public profile (everything that third parties can also easily see and find out when you call up your Google profile), as well as your e-mail address. Of this data, we use only your email address.
(5) Sign in with Apple
We offer you the option to register and log in with us using your Apple account. An additional registration is then not required. To register, you use your Apple ID and your password stored with Apple. In the course of such registration, Apple, represented by Apple Inc, Infinite Loop, Cupertino, CA 95014, USA, processes data about you.
resmio stores the information that you have registered via the so-called “Sign in with Apple”. The following information is transmitted to us: Your public profile (everything that third parties can also easily see and learn about when you call up your Apple profile), as well as your email address. Of this data, we use only your email address.
If you would like to receive the newsletter offered on the website with regular information about our offers and products, we require your e-mail address as mandatory information.
For sending the newsletter, we use the so-called double opt-in procedure. This means that we will only send you our newsletter by e-mail if you have expressly confirmed that you consent to the sending of newsletters. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, want to receive newsletters in the future. With the confirmation, you give us your consent pursuant to Art. 6 para. 1 lit. a DSGVO that we may use your personal data for the purpose of the desired newsletter dispatch.
When registering for the newsletter, we store, in addition to the e-mail address required for sending, the IP address through which you registered for the newsletter, as well as the date and time of registration and confirmation. The purpose of this procedure is to be able to prove their registration and, if necessary, to clarify a possible misuse of your personal data.
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. They can cancel the revocation by clicking, on the link provided in each newsletter email or by email to the responsible person designated above. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to the continued use of the collected data or the continued processing is otherwise permitted by law.
If you send us your personal data via contact form (e.g. by contact form, e-mail, telephone or via in-app chat), your information will be stored for the purpose of processing the contact request and its handling.
We will not pass this data on to third parties under any circumstances. The legal basis for this is Art. 6 para. 1 p. 1 lit. b) DSGVO.
6.5 Third-party providers
We currently use the services of the following providers:
(1) CRM system from Odoo
We use the CRM system of the provider Odoo, Chausseé de Namur 40, 1367 Ramillies, Belgium, to collect and manage contractual data of our customers. The legal foundation for this purpose lies in Art. 6. para. 1 lit. f. DSGVO (GDPR).
In doing so, we collect the following personal data:
Personal master data (e.g. first name and last name of the interested party / customer).
Communication data (business telephone number / e-mail address)
Business-related conversations such as chat logs, emails).
Contract master data (contractual relationship, product or contractual interest)
Customer history (e.g. professional position of contact person, nationality)
Contract billing data (account holder’s last name, first name and address, signature)
Planning and control data (information data from third parties, e.g. credit agencies or from public directories).
The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services that we use for the purpose of operating our online offerings.
We, or our hosting provider, process the following services.
We, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer.
In the following, we provide specific information about the service providers used:
(2.1) Web hosting resmio.com / website
This website is operated on server systems of Hetzner Online GmbH, Industriestrasse 25, 91710 Gunzenhausen. Hetzner’s data centers are located in data center parks in Nuremberg and Falkenstein. In addition, Hetzner operates a data center in Helsinki, Finland.
Hetzner Online is certified according to DIN ISO/IEC 27001. The certificate demonstrates adequate security management, data security, confidentiality of information and availability of IT systems. For the purpose of providing and delivering the website, connection data is processed. For the mere purpose of delivery and provision of the website, the data is not stored beyond the call.
The legal basis for the data processing is the legitimate interest (absolute technical necessity for the provision and delivery of the service “website” explicitly requested by them through your call) in accordance with Art. 6 para. 1 lit. f DSGVO.
(2.2) Web hosting app.resmio.com / application
The app.resmio.com site is hosted using the “Heroku” service provided by hosting provider Salesforce.com, Inc. (The Landmark @ One Market, Suite 300, San Francisco, California 94105, USA). In order to ensure the smooth operation of our reservation and management solution and to optimize the user experience for users, we process content data, usage data, meta data and communication data of interested parties and visitors to these pages on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO.
(2.3) Amazon Web Services Hosting
Our website uses services provided by Amazon Web Services (AWS) Inc, located at 410 Terry Avenue North Seattle WA 98109, USA. AWS supports our website by cloud-based delivery of website content. In the process, information such as your (anonymized) IP and visit duration may also be transmitted. We have concluded a DSGVO-compliant Data Processing Addendum with AWS for this purpose. The personal data is transferred to the USA under the EU-US Privacy Shield based on the European Commission’s adequacy decision.
For more information on this and AWS privacy practices, please click here: https://aws.amazon.com/de/compliance/eu-data-protection/.
We use CloudAMQP from the provider 84codes AB, Sveavägen 98, 11350 Stockholm, Sweden. Through CloudAMQP, we are able to transfer and temporarily store certain pending processes in the reservation and yield management system, some of which are computationally intensive, in a kind of “data queue” at CloudAMQP. Examples include background processes such as sending newsletters, sending automated feedback mailings and email notifications, and importing customer data by the user. Any waiting times for the user are reduced to a minimum through the use of CloudAMQP. In this context, we have a legitimate interest (Art. 6 para. 1 sentence 1 lit. f DSGVO).
We have concluded a so-called “Data Processing Agreement” with the provider 84codes AB, which obliges the provider to protect the data of our users, to process it on our behalf in accordance with their data protection provisions and, in particular, not to pass it on to third parties.
We use DigitalOcean (Digital Ocean LLC, 101 Avenue of the Americas, 10th Floor, New York, NY 10013) as a cloud hosting service provider for Sentry, a software error logging system. Depending on the nature of the problem, logged error messages may contain personal data in addition to technical information. Corresponding data could be transmitted to DigitalOcean as a result.
We have concluded a so-called “data processing agreement” with DigitalOcean LLC.
For more information on data security, please see https://www.digitalocean.com/security/gdpr/.
To reduce the load on the database for maintaining our services related to our software, we sub-store the so-called “cache” (buffer memory). For this purpose, we use the Redis hosting solution of the provider OpenRedis, controlled and operated by the company Amakawa Pte. Ltd. (Reg. No. 201226194W), located at 16 Raffles Quay #33-03 Hong Leong Building, Singapore, 048581. Our legitimate interest (Art. 6 para. 1 sentence 1 lit. f DSGVO) in using a hosting service for our database is to optimize the provision of our services.
Further information on data security can be found here: https://openredis.com/privacy.
For sending SMS we use Vonage. The provider is Vonage B.V. , Prins Bernhardplein 200, 1097 JB Amsterdam, The Netherlands.
The service includes notifications about incoming reservations, which are sent to the resmio user via SMS. Against this background, specific reservation data (name of the customer), the phone number of the customer and user as well as other data necessary for sending the SMS are transmitted to the service.
The transfer takes place in accordance with Art. 6 para. 1 lit. b DSGVO and only insofar as this is necessary for sending the message. We have concluded a “Data Processing Agreement” with Vonage B.V. (formerly: Nexmo Pte Ltd.), in which we oblige Vonage to protect our customers’ data and not to pass it on to third parties.
(4) Intercom (live chat)
To communicate via chat or to answer your support requests, we use Intercom, a service provided by Intercom, Inc, 98 Battery Street, Suite 402, San Francisco, CA 94111 USA (hereinafter “Intercom”). For this purpose, we transmit your name, e-mail address and IP address to Intercom’s servers. The legal basis for this is Art. 6 para. 1 p. 1 lit. b) DSGVO. This data is stored by Intercom until we delete it.
For detailed information on data protection at Intercom, please visit https://www.intercom.com/legal/privacy.
We use the services of SendGrid for sending e-mails. The provider is SendGrid, Inc, 1801 California Street, Suite 500, Denver, CO 80202, USA.
SendGrid is a service that can be used, among other things, to organize and analyze the sending of e-mails and newsletters. If you provide data such as an e-mail address, these are stored on SendGrid’s servers in the USA.
With the help of SendGrid, we can analyze the sending of e-mails. Thus, it can be determined whether a message was opened and which links, if any, were clicked. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). They are used exclusively for the statistical analysis of messages. The results of these analyses can be used to better identify problems with delivery.
Pusher is a websocket technology by MessageBird UK Limited (formerly Pusher Ltd), 160 Old Street, EC1V 9BW London , which serves resmio for real-time exchange between backend and various frontends (WebApp / iPad App). The data transmitted via Pusher may include the following personal data: Email address, name, address, phone number, IP address.
We use GitHub for bug and issue management. For this purpose, personal data is collected for bug description in the form of tickets.
To better understand and optimize user behavior in the apps, we use Firebase. Here, user data is transmitted anonymously to Firebase.
In addition, other functions of Firebase are also used, which enable a better user experience or an evaluation of error causes in the apps as well as push notifications. Firebase is a subsidiary of Google.
We use Productboard to manage feature requests and requirements from customers. For this purpose, personal data is collected for the description of requirements in the form of tickets. The legal basis for this is Art. 6 para. 1 p. 1 lit. b) DSGVO. Service provider is ProductBoard, Inc, Attn: Legal Department, 392 Staten Ave, Oakland, CA 94610 USA.
We use the Sentry service (Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA) to improve the technical stability of our service by monitoring system stability and detecting code errors. Personal information may be collected as part of the code errors.
(11) Crashlytics (Fabric)
To better troubleshoot technical issues related to our resmio Tables iPad app, we use Fabric. This is an analytics service provided by Google, Inc. Fabric collects technical information about each device (such as operating system and model) and gives us immediate insight into which versions of our app are being used.
We use Zapier, a service provided by Zapier Inc, 548 Market St #62411, San Francisco, California 94104, USA, to integrate various databases and tools.
The following personal information may be shared: Email address, name, address, phone number, IP address. For more information about Zapier’s privacy practices, please visit: https://zapier.com/privacy/
(13) Aircall (VoIP service)
For the handling of service requests via our hotline as well as for communication by telephone, resmio uses the service Aircall, 42, Rue du Faubourg Poissonnière, 75010, Paris, France. The legal basis for this is Art. 6 para. 1 p. 1 lit. b) DSGVO. Aircall meets the minimum requirements for processing data in compliance with the law and is subject to the European Data Protection Directives. Please also see Aircall’s privacy notice: https://aircall.io/privacy/.
(14) Gmail for email communication
The G-Mail service is used to receive and respond to emails for support purposes. The provider is Google LLC. of 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Google is certified under the US-EU data protection agreement “Privacy Shield” and thus undertakes to comply with EU data protection requirements. Furthermore, we have concluded a “Data Processing Agreement” with Google. This is a contract in which Google undertakes to protect the data of our users, to process it on our behalf in accordance with their data protection provisions and, in particular, not to pass it on to third parties.
7. Social Media Links
We currently use the following social media plug-ins: Facebook, Instagram, Twitter, Xing, LinkedIn, YouTube, Pinterest.
We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in via the marking on the box above its initial letter or logo. We open up the possibility for you to communicate directly with the provider of the plug-in via the button. Only if you click on the marked box and thereby activate it, the plug-in provider receives the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned in section 2.1 of this declaration is transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection.
Thus, by activating the plug-in, personal data is transmitted from you to the respective plug-in provider and stored there (in the case of US providers in the USA). Since the plug-in provider collects the data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the grayed-out box.
We have no influence on the plug-in provider.
We have no control over the data collected and data processing operations, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.
The plug-in provider stores the data collected about you as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Via the plug-ins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 p. 1 lit. f DS-GVO.
The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be directly assigned to your account existing with the plug-in provider. If you click the activated button and link to the page, for example, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this allows you to avoid an assignment to your profile with the plug-in provider.
For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the privacy statements of these providers, which are communicated below. There you will also receive further information about your rights in this regard and setting options for protecting your privacy.
Addresses of the respective plug-in providers and URL with their privacy notices:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; additional information on data collection: http://www.facebook. com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
e) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
8. integration of youtube videos
By clicking on the play button of a Youtube video embedded on our websites, you consent to the one-time data processing for playing the corresponding video. The legal basis is Art. 6 para. 1 sentence 1 lit. a) DSGVO.
You can revoke your consent at any time. To terminate the data processing by YouTube, please contact Google directly. For more information, please see https://www.google.de/intl/de/policies/privacy.
9. Analysis and market research
In order to operate our business economically, to be able to identify market trends, customer and user preferences, we analyze the data we have on business transactions, contracts, inquiries, etc.. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f. DSGVO, whereby the data subjects include customers, interested parties, business partners, visitors and users of the online offer.
The analyses are carried out for the purpose of business evaluations, marketing and market research. In doing so, we may take into account the profiles of registered users with details of, for example, their purchase transactions. The analyses serve us to increase the user-friendliness, the optimization of our offer and the business management. The analyses are processed exclusively by resmio and are not disclosed externally, unless they are anonymous analyses with aggregated values.
If these analyses or profiles are personal, they will be deleted or anonymized upon user termination, otherwise two years after termination. Otherwise, the overall business analyses and general trend determinations are created anonymously whenever possible.
10. Payment providers
On our website we offer, among other things, payment via PayPal. Provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).
If you select payment via PayPal, the payment data you entered will be transmitted to PayPal.
The transmission of your data to PayPal is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time.
A revocation does not affect the validity of past data processing operations.
If you pay by credit card, your credit card data will not be stored by us, but will be passed on in encrypted form to the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland and processed by Stripe. Stripe processes the following information in this process:
In terms of all transactions:
- Date of the transaction,
- Money amount of the transaction.
- Status of the transaction (accepted/rejected)
When paying by credit card:
- Credit card origin (only the last four digits are visible to us and stored by Stripe),
- The IP address through which the order was placed to identify fraudulent transactions
- The expiration date of the card (month and year)
- Country of origin of the credit card
- Type of credit card (credit or debit)
- Name of the credit card company (Visa, American Express, Mastercard…)
For payment via SEPA:
- Name and first name of the account holder
You can access the most current privacy information about Stripe and supplemental information on this website: https://stripe.com/de/privacy. We also use the above data for statistical analysis of our website. The processing is carried out in accordance with Art. 6 para. 1 p. 1 letter b DSGVO for the performance of a contract with you or for legitimate interests in accordance with Art. 6 para. 1 p. 1 letter f DSGVO. The data will only be processed as long as it is necessary for the aforementioned purposes. The financial information is stored exclusively at Stripe. We have no access to this.
If you choose a payment method of the payment service provider Adyen (e.g. SEPA direct debit), payment processing is carried out via the payment service provider Adyen, Simon Carmiggeltstraat 6 – 50, 1011 DJ Amsterdam, Netherlands, to whom we pass on your information provided during the ordering process together with information about your order (name, address, IBAN, BIC, invoice amount, currency and transaction number) in accordance with Art. 6 (1) lit. b DSGVO. The transfer of your data is solely for the purpose of payment processing with the payment service provider Adyen and only to the extent necessary for this purpose.
On our website, we also offer payment with Bambora. The provider of this payment service is BAMBORA Group, Vasagatan 16, 111 20 Stockholm, Sweden (hereinafter referred to as “Bambora”).
When you select payment via Bambora, the payment data you enter will be transmitted to Bambora.
The transmission of your data to Bambora is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of past data processing operations.
11. Duration of the storage of personal data
The duration of the storage of personal data is measured by the relevant statutory retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. Insofar as data is required for the fulfillment or initiation of a contract or there is a legitimate interest on our part in the continued storage, the data will be deleted if they are no longer required for these purposes or you have exercised your right of revocation or objection.
12. data subject rights
Data protection law grants you comprehensive data subject rights vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below. You have the right:
- According to Art. 15 DSGVO, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable. meaningful information about the logic involved and the scope and the intended effects of such processing, as well as their right to be informed about what guarantees exist in accordance with Art. 46 DSGVO when their data are transferred to third countries;
- according to Art. 16 DSGVO to demand without delay the correction of inaccurate and/or completion of your personal data stored by us;
- in accordance with Art. 17 DSGVO to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
- According to Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected on grounds of your particular situation in accordance with Art. 21 DSGVO, as long as it is not yet clear whether our legitimate reasons prevail;
- assert the right to rectification, erasure or restriction of processing against the controller pursuant to Art. 19 DSGVO and the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning them have been disclosed, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about this recipient;
- According to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller, insofar as this is technically feasible;
- According to Art. 7 (3) DSGVO, to revoke your consent once given at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing can be based on a legal basis for processing without consent. By the revocation of consent on the lawfulness of the consent to the revocation of processing carried out not affected;
- Under Article 77 of the GDPR, if you consider that the processing of personal data concerning you infringes the GDPR, without prejudice to any other administrative or judicial remedy, the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement.
13. right of objection
If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right to object at any time pursuant to Art. 21 DSGVO, with effect for the future, to the processing of your personal data, provided that there are grounds for doing so that arise from your particular situation. If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to further processing if we can demonstrate compelling legitimate grounds for the processing which override your interests, fundamental rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.
If your personal data is processed by us for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing. You can exercise the objection as described above. If you exercise your right to object, we will stop processing the data concerned for direct marketing purposes.
Please send the objection to firstname.lastname@example.org.
14. Data Security
This website uses for security reasons and to protect the transmission of personal data and other confidential content (eg: Requests to the responsible person a SSL or TLS encryption. You can recognize an encrypted connection by the string https:// and the lock symbol in your browser line.
We also use appropriate technical and organizational security measures to protect your data against loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in accordance with technological developments.
15. Links to other providers
Our website also contains – clearly recognizable – links to the Internet presences of other companies. Insofar as links to websites of other providers are present, we have no influence on their content. Therefore, no guarantee and liability can be assumed for these contents. For the content of these pages is always the respective provider or operator of the pages responsible.
The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal contents were not recognizable at the time of linking. However, a permanent control of the contents of the linked pages is not reasonable without concrete evidence of a violation of the law. If we become aware of any infringements, such links will be removed immediately.
The current data protection statement can be accessed and printed out by you at any time on the website at https://www.resmio.com/datenschutzerklaerung/ (in german).