Privacy Statement

We are delighted that you have chosen to visit our website. In the following, we would like to inform you about what happens to your data in accordance with Art. 13 EU General Data Protection Regulation (GDPR).

Adapting data protection settings

Controller

The responsible person for the presented data processing is the body mentioned in the imprint.

Version: March 2021

Usage data

When you visit our websites, so-called usage data for statistical purposes are analysed temporarily as a log on our web server, in order to improve the quality of our websites. This data set consists of

  • the name and address of the requested content,
  • the data and time of the request,
  • the amount of data transferred,
  • the access status (content transferred, content not found),
  • the description of the web browser and operating system used,
  • the referral link that states from which page you landed on our page,
  • the IP address of the requesting computer, which is redacted in such a way that it can no longer be assigned to a person.
The mentioned protocol data are evaluated anonymously.

Anonymous visitor measurement

On our websites, we perform an anonymous traffic analysis. For this, the log data of the server as well as the redacted IP addresses are evaluated. Conclusions in relation to your person are not possible.

Data security

In order to protect your data as comprehensively as possible from unwanted access, we put in place technical and organisational measures. We use an encryption process on our websites. Your data are transferred from your computer to our server and vice versa, via the internet by mean of TLS encryption. Usually you will recognise this by the lock icon in the status bar of your browser, and an address line starting with https://.

Required cookies

We use cookies on our websites which are required for using our websites.

Cookies are small text files that are stored on your end device and which can be read. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored longer than the individual session.

We do not use these required cookies for analysis, tracking or advertising purposes.

Some of these cookies merely contain information about specific settings and cannot be traced to persons. They may also be necessary to allow for user guidance, safety and implementation of the site.

The legal basis for our use of cookies is Article 6 (1) (1) (f) GDPR.

You can set your browser in such a way that you are informed about the placement of cookies. This makes the use of cookies transparent. In addition, you can delete cookies at any time, via the relevant browser setting and prevent the placement of cookies. Please note, that as a result, our websites might not be displayed and some functions might not be available.

Google Analytics

For the needs-based design of our websites, we additionally use the web analysis tool "Google Analytics". Google Analytics creates user profiles based on pseudonyms. For this, permanent cookies are stored on your end device and read by us. This allows us to recognise returning visitors, and to count these as such.

Within the framework of Google Analytics, Google Ireland Limited and Google LLC. (USA) support us as our order processors in accordance with Art. 28 GDPR. Therefore, the data processing may also take place outside of the EU or the European Economic Area. With regard to Google LLC, due to the processing in the USA, no adequate level of data protection can be assumed. There is the risk, that authorities can access the data for security and surveillance purposes, without you being informed about this, nor do you have legal recourse against this. Please take note of this when you decide to consent to our use of Google Analytics.

The data processing is performed based on your consent acc. to Article 6 (1) (1) (a) GDPR or § 15 (3) (1) TMH (German Telemedia Act), if you have given us your consent via our banner. The transfer to a third country is based on Art. 49 (1) (a) GDPR.

You may revoke your consent at any time. To do this, please follow this link and tick the relevant settings via our banner.

Adapting data protection settings

Embedded videos

We embed videos in our websites, which are not stored on our servers. When accessing our sites that contain embedded videos, the contents of the third party service provider, who provides the video, will load. Hereby, the third party service provider receives the information that you have accessed our site, as well as related technically required usage data.

We have no influence on the further data processing by third parties. However, we have made sure for the embedding of the videos, to activate the expanded data protection mode offered by the third party. The expanded data protection mode ensures that the third party does not place any cookies.

The legal basis for the embedding is Article 6 (1) (1) (f) GDPR, in the interest of designing our website as attractively and informatively as possible.

Adapting data protection settings

Consulting / Test Account

You have the option to contact us with regard to a trial screen or to apply for a test account. To make use of this, we require the information marked as mandatory fields first.

The legal basis for this data is Article 6 (1) (1) (f) GDPR, to answer your request.

Your data are only processed for answering your request. We delete the information, once it is no longer required and if there are no legal retention obligations to the contrary.

With regard to the processing according to Article 6 (1) (1) (f) GDPR, you have the right of objection at any time. For this, please contact the email address stated in the imprint.

Newsletter subscription and sending

Please note, that we require certain information (at least your email address) for a newsletter subscription.

The newsletter will only be sent once you have given us your explicit consent in accordance with Article 6 (1) (1) (a) GDPR. In case of a mobile subscription, you will receive a confirmation email at the e-mail address you specified (double-opt-in). You may revoke your consent at any time. An uncomplicated way to revoke your consent is to use the link for unsubscribing provided in all newsletters.

Within the framework of the newsletter subscription, we also store other data than the aforementioned data, if these are necessary for us to prove that you subscribed to our newsletter. This could entail the storing of the full IP address at the time of subscription or confirmation of the newsletter, as well as a copy of the confirmation email sent by us. The legal basis for relevant data processing is Article 6 (1) (1) (f) GDPR, in the interest of being able to prove the legality of the newsletter subscription.

If you acquired a license, we will subscribe you to our newsletter, which contains information about similar products purchased by you, on the legal basis of § 7 (3) UWG (German Fair Trade Practices Act) or other regulations which implement Article 13 (2) of Regulation 2002/58/EC. In this case, you can object to the sending of the newsletter at any time, without any additional costs (e.g. transfer costs that would exceed the base rates for the means used for the objection), by making use of the relevant link contained in every newsletter email or by contacting us.

The tracking of your reactions to and interactions with our newsletters helps us to provide you with the content that is most helpful to you, and also to analyse and evaluate the effectiveness of our marketing measures. The legal basis for this processing is our legitimate interest in accordance with Article 6 (1) (f) GDPR.

Access-protected area

If you want to make use of our access-protected area, you first need to register.

Here, we only ask for information that is necessary for a registration. The legal basis is Article 6 (1) (1) (b) GDPR or Article (6) (1) (f) GDPR, with the interest of providing you with the services and information of the access-restricted area.

If we ask for information beyond this scope, this will be marked as voluntary and is based on your consent according to Article 6 (1) (1) (a) GDPR.

If you would like to permanently log out of the access-restricted area, please use the log-out function that is available in the area.

Webinars

We use the GoToWebinar tool for conducting webinars. For the use of this, various types of data are collected or processed, in particular:

  • information about your person (e.g. first name, surname, email address, profile picture),
  • meeting metadata (e.g. date, time and duration of the communication, webinar name, participant IP address),
  • devices/hardware data (e.g. IP addresses, MAC addresses, Client version),
  • text, audio and video data (e.g. chats, video, audio and presentation recordings),
  • connection data (e.g. phone numbers, country names, start and end times, IP addresses).

In the following, we would like to provide you with more information about the scope of the data processing.
When registering for a webinar, you need to provide your name and, if necessary, your email address. As a participant, you can take part in webinars directly from a browser, without having to install an app.

In addition, the tool collects user data which is necessary for the provision as well as the technical and operational support and improvement of the provided services. This includes in particular technical data about your devices, your network and your internet connection, such as e.g. IP address, MAC address, other device IDs (UDID), type of device, type of operating system and version, client version, camera type, microphone or loudspeaker, type of connection).

Voluntary information and functions

You can provide more information about yourself, but you don't have to. You are also free to use the chat, question or survey function during the webinar. You can also turn your camera on and off and mute your microphone.

If you make use of the chat, questions or survey function, the text you enter is processed in order to display it in the webinar and, if necessary, to log it. If you turn on your camera or microphone, the data of the microphone of your end device as well as the data of any video camera of your end device will be processed for the duration of the meeting. At the start of the webinar, your camera image and your microphone are turned off by default.

Please note, that all information that you or others upload, provide or create during a webinar will be processed, for at least the duration of the meeting. This includes in particular chat/instant messages, files, whiteboards and other information, which are shared during the use of the service.

Other functions

If required for the purpose of logging, the results of a webinar, chat contents can be logged. However, this only applies to "public" chats and messages sent straight to the hosts. The contents of private chats are not logged.

If we want to record a webinar, we will communicate this to you in advance - and if necessary - ask for your consent. If a recording is taking place, the system will inform the webinar participants about this, both through video and audio.

For more information about the processing of your data when using the tools, a detailed list of the data collected and processed in this case, as well as the relevant data protection information can be found at: https://www.logmein.com/legal/privacy.

If you participate in a webinar as an external participant, the processing of your data will take place in accordance with Article 6 (1) (b) GDPR, insofar your webinar participation is required for the fulfilment of a contract concluded with you (in particular, to offer training and advanced training courses). The same applies, when the carrying out of the webinar is necessary for the fulfilment of pre-contractual measures that take place on your request.

Transmission of your data

We generally do not share your data with third parties. Data is only shared if the data is intended for sharing, you gave us prior consent to disclose your data, or if we are obliged or entitled to do so due to statutory regulations.

LogMeIn, Inc. supports us in the processing of your data as an external service provider and order processor within the meaning Article 28 GDPR. As the order processors, they are bound by strict instructions when using your data and work on the basis of a separate order management process contract. Therefore, the data processing can also take place outside of the EU or the European Economic Area. An adequate level of data protection in accordance with Article 45 (1) GDPR can be assumed through the use of EU standard contractual clauses and additional measures taken.

On request, we will gladly provide you with a copy of the EU standard contractual clauses as well as further information on the additional measures taken.

Deletion of your data

We only process your data for the time they are required to fulfil the purposes for which they were collected. Therefore, your data will be deleted after 2 years at the latest, unless the processing or deletion of your data is required for the assertion, exertion or defence of legal claims. In case of statutory retention obligations, deletion is only considered once the relevant retention period has passed.

gastronovi Office

Gastronovi Office is a cloud-based complete solution for the catering trade. When you login to the front or back office as a user, all the subsequent data are captured and stored on our servers.

Usage of local storage in browser

To adjust the front or back office to your individual requirements and wishes, we use the local storage in your browser. By doing this, data is stored in your browser cache. Even if you close the browser, the data remain, unless you clear the browser's cache.

Using this technology, we offer you the following functions:

  • User registration
  • Local user profile
  • Personalisation of Gastronovi Office
  • Local condition of the application
  • Local settings of the application
Some of the data are additionally stored in the front office for provision in offline mode, in case you have no internet connection:

  • All processes which would otherwise be sent to the server. After synchronisation with the server, all data are immediately deleted.
Gastronovi GmbH does not evaluate the data. They remain on the users' computer and are not transmitted to Gastronovi GmbH.

Usage data

To ensure the security and reliability of the system, only the following data are stored:

Usage data Reason Retention period
IP address Used for the automatic detection of potentially dangerous access. In addition, this is evaluated for the forensic analysis, in case of an attack. 1 year
Time of access Used for the automatic detection of potentially dangerous access. In addition, this is evaluated for the forensic analysis, in case of an attack. 1 year
UserAgent The UserAgent is sent to the server by your browser when you visit Gastronovi Office. In accordance with RFC-2616, it contains the following data: Browser name, browser version, comment (operating system, hardware, web-renderer).
The information is manually evaluated, in order to adapt Gastronovi Office to the browsers and operating systems. In addition, the collection serves the determination of hardware, which might need to be discontinued when using new technologies.
1 year
URL The accessed URL is stored. The data are evaluated by live Monitoring, in order to detect potential attacks on the system. The data are stored to maintain the system's safety and for conducting forensic analyses in case of an attack. 1 year

Your rights as the data subject

For the processing of your personal data, you, as the data subject, are provided with certain rights by the GDPR:

Right of access (Article 15 GDPR)

You have the right to obtain confirmation as to whether or not personal data concerning yourself are being processed; if this is the case, you have the right to access the personal data, and the information listed in detail in Article 15 GDPR.

Right to rectification (Article 16 GDPR)

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning yourself, and if necessary, the right to have the incomplete data completed.

Right to erasure (Article 17 GDPR)

You have the right to obtain the erasure of personal data concerning yourself without undue delay where one of the grounds listed in Article 17 GDPR applies.

Right to restriction of processing (Article 18 GDPR)

You have the right to obtain the restriction of processing where one of the conditions listed in Article 18 GDPR applies, e.g. if you have objected to the processing, pending verification by the controller.

Right to data portability (Article 20 GDPR)

In certain cases, which are listed in Article 20 GDPR in detail, you have the right to receive the personal data concerning yourself in a structured, commonly used and machine-readable format and the right to transmit those data to a third party.

Right of withdrawal (Article 7 GDPR)

If your data is processed based on your consent, according to Article 7 (3) GDPR, you have the right to withdraw your consent for use of your personal data at any time. Please note that the withdrawal applies to the future. Processing that took place before the withdrawal is not affected.

Right to object (Article 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself that is based on Article 6 (1) (1) (f) GDPR (data processing for the purposes of legitimate interests) or based on Article 6 (1) (1) (e) GDPR (data processing for the performance of a task carried out in the public interest or in the exercise of an official authority). We will no longer process the personal data unless for proven, compelling, legitimate grounds for processing which override your interests, rights and freedoms or for the establishment, exercise of defence of legal claims.

Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority, if you consider the processing of personal data relating to you infringes the GDPR. The right to lodge a complaint with a supervisory authority applies in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

Assertion of your rights

Unless described otherwise, please contact the email address stated in the imprint to assert your data subject rights.

Contact details of the data protection officer

Please feel free to contact our external data protection officer for information on the topic of data protection at:

datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen, Germany
Web: www.datenschutz-nord-gruppe.de
Email: office@datenschutz-nord.de

When contacting our data protection officer, please also state the responsible department, as listed in the imprint.