Privacy Statement

We are delighted that you have chosen to visit our website. In the following, we would like to inform you about what happens to your data in accordance with Art. 13 EU General Data Protection Regulation (GDPR).

Adapting data protection settings

Controller

The responsible person for the presented data processing is the body mentioned in the imprint.

Version: September 2023

Usage data

When you visit our websites, so-called usage data for statistical purposes are analysed temporarily as a log on our web server, in order to improve the quality of our websites. This data set consists of

  • the name and address of the requested content,
  • the data and time of the request,
  • the amount of data transferred,
  • the access status (content transferred, content not found),
  • the description of the web browser and operating system used,
  • the referral link that states from which page you landed on our page,
  • the IP address of the requesting computer, which is redacted in such a way that it can no longer be assigned to a person.
The mentioned protocol data are evaluated anonymously.

Anonymous visitor measurement

On our websites, we perform an anonymous traffic analysis. For this, the log data of the server as well as the redacted IP addresses are evaluated. Conclusions in relation to your person are not possible.

Data security

In order to protect your data as comprehensively as possible from unwanted access, we put in place technical and organisational measures. We use an encryption process on our websites. Your data are transferred from your computer to our server and vice versa, via the internet by mean of TLS encryption. Usually you will recognise this by the lock icon in the status bar of your browser, and an address line starting with https://.

Required cookies

We use cookies on our websites which are required for using our websites.

Cookies are small text files that are stored on your end device and which can be read. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored longer than the individual session.

We do not use these required cookies for analysis, tracking or advertising purposes.

Some of these cookies merely contain information about specific settings and cannot be traced to persons. They may also be necessary to allow for user guidance, safety and implementation of the site.

The legal basis for our use of cookies is Article 6 (1) (1) (f) GDPR.

You can set your browser in such a way that you are informed about the placement of cookies. This makes the use of cookies transparent. In addition, you can delete cookies at any time, via the relevant browser setting and prevent the placement of cookies. Please note, that as a result, our websites might not be displayed and some functions might not be available.

Google Analytics

For the needs-based design of our websites, we additionally use the web analysis tool "Google Analytics". Google Analytics creates user profiles based on pseudonyms. For this, permanent cookies are stored on your end device and read by us. This allows us to recognise returning visitors, and to count these as such.

Within the framework of Google Analytics, Google Ireland Limited and Google LLC. (USA) support us as our order processors in accordance with Art. 28 GDPR. Therefore, the data processing may also take place outside of the EU or the European Economic Area. With regard to Google LLC, due to the processing in the USA, no adequate level of data protection can be assumed. There is the risk, that authorities can access the data for security and surveillance purposes, without you being informed about this, nor do you have legal recourse against this. Please take note of this when you decide to consent to our use of Google Analytics.

The data processing is performed based on your consent acc. to Article 6 (1) (1) (a) GDPR, if you have given us your consent via our banner. The transfer to a third country is based on Art. 49 (1) (a) GDPR.

You may revoke your consent at any time. To do this, please follow this link and tick the relevant settings via our banner.

Adapting data protection settings

Embedded videos

We embed videos in our websites, which are not stored on our servers. In order that visiting our websites with embedded videos does not automatically lead to third party content being downloaded, we only show locally stored preview images of the videos in the first step. Third parties do not receive any information through this.

Third party content is only downloaded after clicking on the preview image. Hereby, the third party service provider receives the information that you have accessed our site, as well as related technically required usage data. Furthermore, the third party is then able to implement tracking technology. We have no influence on the further data processing by third parties. By clicking on the preview image, you consent to the downloading of third party content.

The embedding takes place on the basis of your consent according to Art. 6 (1) (1) (a) GDPR, insofar as you have given your consent by clicking on the preview image. Please note that the embedding of numerous videos can lead to your data being processed outside of the EU or the EEA. In some countries, there is the risk that authorities can access the data for security and surveillance purposes without you being informed about this or having legal recourse against this. Insofar as we use providers in insecure third countries and you consent, the transfer to an insecure third country is based on Art. 49 Abs. (1) (a) GDPR.

Provider Adequate level of data protection Revocation of consent
YouTube / Google (USA) No data protection level according to GDPR. The transfer is based on Art. 49 (1) (a) GDPR. If you click on a preview image, the third party content is immediately downloaded. If you do not wish for such downloading on other sites, stop clicking on the preview image.
Vimeo (USA) No adequate level of data protection. The transfer is based on Art. 49 (1) (a) GDPR. If you click on a preview image, the third party content is immediately downloaded. If you do not wish for such downloading on other sites, stop clicking on the preview image.

Adapting data protection settings

Consulting / Test Account

You have the option to contact us with regard to a trial screen or to apply for a test account. To make use of this, we require the information marked as mandatory fields first.

The legal basis for this data is Article 6 (1) (1) (f) GDPR, to answer your request.

Your data will only be processed to respond to your inquiry. For this purpose, we may also forward it to a certified dealer (partner) who can best process your inquiry, for example due to regional affiliation or technical expertise. We delete your data if it is no longer required and there are no legal retention obligations to the contrary.

With regard to the processing according to Article 6 (1) (1) (f) GDPR, you have the right of objection at any time. For this, please contact the email address stated in the imprint.

Online appointment booking

We are using the calendly tool to arrange appointments on a trial basis. Various types of data are collected and processed for this purpose, in particular

  • first name and surname
  • company/customer number
  • e-mail address
  • other e-mail addresses
  • telephone number

Further fields can be filled in optionally.

There is an order processing contract with calendly, beyond that the data will not be passed on to third parties.

Newsletter subscription and sending

If you subscribe to our company's newsletter, the data in the respective input mask will be transmitted to the controller. Subscription to our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary to ensure that no one can register with other people's email addresses. When registering for the newsletter, the user's IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to third parties. An exception is made if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. Subscription to the newsletter can be terminated by the data subject at any time. Consent to the storage of personal data can also be revoked at any time. There is a corresponding link for this purpose in every newsletter. The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a) GDPR if the user has given consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.

Use of rapidmail

Description and purpose: We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. Among other things, rapidmail is used to organize and analyse the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter is stored on rapidmail's servers in Germany. If you do not wish to be analyzed by rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. For the purpose of analysis, the emails sent with rapidmail contain a so-called tracking pixel, which connects to the rapidmail servers when the email is opened. In this way, it can be determined whether a newsletter message has been opened. We can also use rapidmail to determine whether and which links in the newsletter message have been clicked on. Optionally, links in the email can be set as tracking links with which your clicks can be counted.

Legal basis: The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.

Recipient: The recipient of the data is rapidmail GmbH.

Transfer to third countries: The data will not be transferred to third countries.

Duration: The data stored by us as part of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the servers of rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

Revocation option: You have the option of revoking your consent to data processing at any time with effect for the future. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

Further data protection information: For more information, please refer to rapidmail's data security information at: https://www.rapidmail.de/datensicherheit. For more information on the analysis functions of rapidmail, please refer to the following link: https://www.rapidmail.de/wissen-und-hilfe

 

Event invitations

We use Google Forms to invite and manage events.

Standard contractual clauses with Google are in place, and beyond that, data is not shared with third parties.

Deletion of your data: Your data is passed on to Google Ireland Ltd. based in Ireland (Google) as an IT service provider, which supports us in data processing within the framework of order processing strictly bound by instructions. This provides Google with the information that you have accessed our site or our form, as well as the usage data technically required in this context. However, we have no influence on further data processing by Google. As a matter of principle, we only process your data for as long as it is required for the purposes for which it was collected. Therefore, your data will be deleted after 2 years at the latest, unless the processing or storage of your data is necessary for the assertion, exercise or defense of legal claims. In the case of statutory retention obligations, deletion will only be considered after the expiry of the respective retention obligation.

Access-protected area

If you want to make use of our access-protected area, you first need to register.

Here, we only ask for information that is necessary for a registration. The legal basis is Article 6 (1) (1) (b) GDPR or Article (6) (1) (f) GDPR, with the interest of providing you with the services and information of the access-restricted area.

If we ask for information beyond this scope, this will be marked as voluntary and is based on your consent according to Article 6 (1) (1) (a) GDPR.

If you would like to permanently log out of the access-restricted area, please use the log-out function that is available in the area.

Webinars

We use the GoToWebinar tool for conducting webinars. For the use of this, various types of data are collected or processed, in particular:

  • information about your person (e.g. first name, surname, email address, profile picture),
  • meeting metadata (e.g. date, time and duration of the communication, webinar name, participant IP address),
  • devices/hardware data (e.g. IP addresses, MAC addresses, Client version),
  • text, audio and video data (e.g. chats, video, audio and presentation recordings),
  • connection data (e.g. phone numbers, country names, start and end times, IP addresses).


In the following, we would like to provide you with more information about the scope of the data processing.
When registering for a webinar, you need to provide your name and, if necessary, your email address. As a participant, you can take part in webinars directly from a browser, without having to install an app.

In addition, the tool collects user data which is necessary for the provision as well as the technical and operational support and improvement of the provided services. This includes in particular technical data about your devices, your network and your internet connection, such as e.g. IP address, MAC address, other device IDs (UDID), type of device, type of operating system and version, client version, camera type, microphone or loudspeaker, type of connection).

Voluntary information and functions

You can provide more information about yourself, but you don't have to. You are also free to use the chat, question or survey function during the webinar. You can also turn your camera on and off and mute your microphone.

If you make use of the chat, questions or survey function, the text you enter is processed in order to display it in the webinar and, if necessary, to log it. If you turn on your camera or microphone, the data of the microphone of your end device as well as the data of any video camera of your end device will be processed for the duration of the meeting. At the start of the webinar, your camera image and your microphone are turned off by default.

Please note, that all information that you or others upload, provide or create during a webinar will be processed, for at least the duration of the meeting. This includes in particular chat/instant messages, files, whiteboards and other information, which are shared during the use of the service.

Other functions

If required for the purpose of logging, the results of a webinar, chat contents can be logged. However, this only applies to "public" chats and messages sent straight to the hosts. The contents of private chats are not logged.

If we want to record a webinar, we will communicate this to you in advance - and if necessary - ask for your consent. If a recording is taking place, the system will inform the webinar participants about this, both through video and audio.

For more information about the processing of your data when using the tools, a detailed list of the data collected and processed in this case, as well as the relevant data protection information can be found at: https://www.logmein.com/legal/privacy.

If you participate in a webinar as an external participant, the processing of your data will take place in accordance with Article 6 (1) (b) GDPR, insofar your webinar participation is required for the fulfilment of a contract concluded with you (in particular, to offer training and advanced training courses). The same applies, when the carrying out of the webinar is necessary for the fulfilment of pre-contractual measures that take place on your request.

Transmission of your data

As a matter of principle, we do not transfer your data to third parties. Data is only passed on if it is intended for transfer as described above, if you have expressly consented to the transfer in advance, or if we are obliged or entitled to do so by law.

LogMeIn, Inc. supports us in the processing of your data as an external service provider and order processor within the meaning Article 28 GDPR. As the order processors, they are bound by strict instructions when using your data and work on the basis of a separate order management process contract. Therefore, the data processing can also take place outside of the EU or the European Economic Area. An adequate level of data protection in accordance with Article 45 (1) GDPR can be assumed through the use of EU standard contractual clauses and additional measures taken.

On request, we will gladly provide you with a copy of the EU standard contractual clauses as well as further information on the additional measures taken.

Deletion of your data

We only process your data for the time they are required to fulfil the purposes for which they were collected. Therefore, your data will be deleted after 2 years at the latest, unless the processing or deletion of your data is required for the assertion, exertion or defence of legal claims. In case of statutory retention obligations, deletion is only considered once the relevant retention period has passed.

Podcast

Disclaimer

The podcasts "gastronovi Masterminds - Virtual Round Table for Restaurateurs" recorded and made available by gastronovi serve a purely informative purpose. gastronovi does not offer or undertake to provide financial, economic, legal, accounting, tax or other advice through or on the basis of the podcasts.

The information, statements, comments, views and opinions in Podcasts are of a general nature and are not intended to be considered advice by gastronovi. Listeners to the podcasts are not considered customers of gastronovi. The information, statements, comments, views and opinions expressed in podcasts do not constitute an offer to buy or sell products and should not be construed as such.

The information, statements, comments, views and opinions expressed or provided in podcasts are not necessarily those of gastronovi and may not be current. gastronovi makes no representation or warranty as to the accuracy or completeness of the information, statements, comments, views or opinions contained in the podcasts. Liability (including in respect of direct, indirect or consequential loss or damage of any kind) is expressly disclaimed. gastronovi assumes no obligation to update, amend, change or correct any information, statements, comments, views or opinions contained in this podcast.

No part of the podcasts may be reproduced, transmitted, published, copied or duplicated in any form without the prior written consent of gastronovi.

Conditions of participation

Participants in podcasts agree that parts of them may be published, distributed and shared separately via channels specified by gastronovi in addition to the actual publication. Furthermore, podcasts in transcribed form may also be used and published in writing in whole or in part in any appropriate format, including the verbatim quotation of the participant(s). In addition, parts of the podcast, comments and insights as well as verbatim quotes may serve as the basis for further content in written and audio form for marketing and sales purposes.

gastronovi Office

gastronovi Office is a cloud-based complete solution for the catering trade. When you login to the front or back office as a user, all the subsequent data are captured and stored on our servers.

Usage of local storage in browser

To adjust the front or back office to your individual requirements and wishes, we use the local storage in your browser. By doing this, data is stored in your browser cache. Even if you close the browser, the data remain, unless you clear the browser's cache.

Using this technology, we offer you the following functions:

  • User registration
  • Local user profile
  • Personalisation of gastronovi Office
  • Local condition of the application
  • Local settings of the application

Some of the data are additionally stored in the front office for provision in offline mode, in case you have no internet connection:

  • All processes which would otherwise be sent to the server. After synchronisation with the server, all data are immediately deleted.

gastronovi GmbH does not evaluate the data. They remain on the users' computer and are not transmitted to gastronovi GmbH.

Usage data

To ensure the security and reliability of the system, only the following data are stored:

Usage data Reason Retention period
IP address Used for the automatic detection of potentially dangerous access. In addition, this is evaluated for the forensic analysis, in case of an attack. 1 year
Time of access Used for the automatic detection of potentially dangerous access. In addition, this is evaluated for the forensic analysis, in case of an attack. 1 year
UserAgent The UserAgent is sent to the server by your browser when you visit gastronovi Office. In accordance with RFC-2616, it contains the following data: Browser name, browser version, comment (operating system, hardware, web-renderer).
The information is manually evaluated, in order to adapt gastronovi Office to the browsers and operating systems. In addition, the collection serves the determination of hardware, which might need to be discontinued when using new technologies.
1 year
URL The accessed URL is stored. The data are evaluated by live Monitoring, in order to detect potential attacks on the system. The data are stored to maintain the system's safety and for conducting forensic analyses in case of an attack. 1 year

Status page for gastronovi Office

At status.gastronovi.com you can see in real time the status of gastronovi Office as well as its other system. If you subscribe to the updates, the following data will be collected from your:

  • E-mail address or
  • phone numbers

The data is collected in order to notify you in case of malfunction or failure. You can also unsubscribe by SMS or the unsubscribe link by mail.

For display purposes, we use the content of the third-party provider Atlassian. Pty Ltd (Australia). The embedding is based on Art. 6 para. 1 p. 1 lit. f DSGVO and in the interest of making our site as appealing and informative as possible. In order to maintain an appropriate level of data protection, we have concluded the EU standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c DSGVO.

Your rights as the data subject

For the processing of your personal data, you, as the data subject, are provided with certain rights by the GDPR:

Right of access (Article 15 GDPR)

You have the right to obtain confirmation as to whether or not personal data concerning yourself are being processed; if this is the case, you have the right to access the personal data, and the information listed in detail in Article 15 GDPR.

Right to rectification (Article 16 GDPR)

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning yourself, and if necessary, the right to have the incomplete data completed.

Right to erasure (Article 17 GDPR)

You have the right to obtain the erasure of personal data concerning yourself without undue delay where one of the grounds listed in Article 17 GDPR applies.

Right to restriction of processing (Article 18 GDPR)

You have the right to obtain the restriction of processing where one of the conditions listed in Article 18 GDPR applies, e.g. if you have objected to the processing, pending verification by the controller.

Right to data portability (Article 20 GDPR)

In certain cases, which are listed in Article 20 GDPR in detail, you have the right to receive the personal data concerning yourself in a structured, commonly used and machine-readable format and the right to transmit those data to a third party.

Right of withdrawal (Article 7 GDPR)

If your data is processed based on your consent, according to Article 7 (3) GDPR, you have the right to withdraw your consent for use of your personal data at any time. Please note that the withdrawal applies to the future. Processing that took place before the withdrawal is not affected.

Right to object (Article 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself that is based on Article 6 (1) (1) (f) GDPR (data processing for the purposes of legitimate interests) or based on Article 6 (1) (1) (e) GDPR (data processing for the performance of a task carried out in the public interest or in the exercise of an official authority). We will no longer process the personal data unless for proven, compelling, legitimate grounds for processing which override your interests, rights and freedoms or for the establishment, exercise of defence of legal claims.

Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority, if you consider the processing of personal data relating to you infringes the GDPR. The right to lodge a complaint with a supervisory authority applies in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

Assertion of your rights

Unless described otherwise, please contact the email address stated in the imprint to assert your data subject rights.

Information on the Whistleblower Protection Act

When an internal or external whistleblower reports an irregular act in the company, this is referred to as "whistleblowing". This confidential report can concern information and well-founded suspicions about actual or potential violations that have either already been committed or are very likely to occur. A whistleblowing system therefore offers the opportunity to uncover potential breaches.

"The EU Whistleblower Directive (Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019 on the protection of persons who report breaches of Union law) aims to protect persons who report breaches. It also protects persons who are the subject of a report or disclosure and other persons affected by a report or disclosure. For Germany, the requirements are defined in the HinSchG. This results in a legal obligation to introduce a whistleblower procedure (so-called "internal reporting office").

If you suspect violations of the law, unethical behavior or breaches of our Code of Conduct, the whistleblower reporting office/portal is at your disposal. Our employees, customers, suppliers and business partners can use this to report suspected or actual violations.

Such violations include, for example

  • Fraud, theft, embezzlement
  • Bribery/corruption
  • Offenses relating to the Supplier Due Diligence Act or Supply Chain Act
  • Violations of antitrust law
  • Violation of data protection or IT security guidelines
  • Product safety
  • Violations of environmental protection regulations
  • Conflicts of interest
  • Sexual harassment, discrimination, violations of personal integrity


The safest way to submit a report is to open the following address in the browser of your private computer: https://www.whistle-blow.org/transgourmet. This portal guarantees independent and anonymous processing of the reported incidents.

The whistleblower can also contact hinweisgeber@gastronovi.com or call +49 421 408942-607.

Incoming reports are processed according to a standardized and fair process. All information received is treated in strict confidence, and reports can be submitted anonymously if desired, whereby anonymity is also guaranteed in the further course of the process.

After your report, you will receive notification of receipt and acknowledgement of the report within 7 days. You can rest assured that the information will be handled discreetly and confidentially. You will be informed of the information from the investigation process and corresponding follow-up measures no later than 3 months after your report.

The Whistleblower Protection Act includes protection against disadvantages resulting from the submission of a report. The whistleblower therefore does not have to fear any negative consequences. If violations of German law are reported, the law protects the whistleblower from any negative consequences such as dismissal, demotion, promotion freeze, job relocation, damage to reputation, salary cuts, etc. In addition, the whistleblower is not liable for any damage caused by the discovery of the breach.

Protecting the identity of the whistleblower is the top priority of the Whistleblower Protection Act. This is guaranteed by the option of confidential reporting. The identity of the whistleblower will only be disclosed with their consent. An exception is made in the case of judicial or official investigations. In this case, the whistleblower is informed before their identity is disclosed.

In addition, the whistleblower is assured of free and comprehensive advice and support options. Among other things, this includes remedies and proceedings against reprisals.

In addition, the burden of proof is reversed to protect the whistleblower. This means that if the whistleblower is discriminated against, the employer must prove that this occurred independently of the whistleblowing.

The person affected is also protected by the Whistleblower Protection Act. The rights of the accused are protected, such as the right to an effective legal remedy or to a fair trial. In addition, the presumption of innocence is preserved and the rights of the defense are guaranteed, which include the right to be heard and to inspect their file.

A false accusation in the context of a report or disclosure can have far-reaching consequences for the person concerned. The consequences may not be entirely reversible.

However, excessive demands should not be placed on whistleblowers with regard to verifying the accuracy of the information. For this reason, the whistleblower is also protected in cases where the information turns out to be incorrect, but the whistleblower could have assumed that the information was correct at the time of reporting.

However, there is no protection for whistleblowers in cases of deliberate or grossly negligent disclosure of incorrect information. In such cases, the malicious whistleblower is even obliged to compensate for the damage (Section 38 HinSchG-E).

Contact details of the data protection officer

Please feel free to contact our external data protection officer for information on the topic of data protection at:

datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen, Germany
Web: www.datenschutz-nord-gruppe.de
Email: office@datenschutz-nord.de

When contacting our data protection officer, please also state the responsible department, as listed in the imprint.