Privacy policy
gastronovi GmbH | As of: 24.04.2024
We look forward to your visit to our website. In the following we would like to inform you about the handling of your data in accordance with. Art. 13 of the General Data Protection Regulation (GDPR).
Further data protection topics:
Person responsible
The entity named in the legal notice is responsible for the data processing described below.
Usage data
When you visit our websites, so-called usage data is temporarily evaluated on our web server for statistical purposes as a log in order to improve the quality of our websites. This data set consists of
- the name and address of the requested content,
- the date and time of the query,
- the amount of data transferred,
- the access status (content transferred, content not found),
- the description of the web browser and operating system used,
- the referral link, which indicates from which page you came to ours,
- the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established.
The aforementioned log data is only analyzed anonymously.
The legal basis for the processing of usage data is Art. 6 para. 1 p. 1 lit. f GDPR. The processing is carried out in the legitimate interest of providing the content of the website and ensuring a device- and browser-optimized display.
Data security
We take technical and organizational measures to protect your data from unwanted access as comprehensively as possible. We use an encryption process on our websites. Your data is transmitted from your computer to our server and vice versa via the Internet using TLS encryption. You can usually recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address bar begins with https://.
Required cookies
We use cookies on our websites that are necessary for the use of our websites.
Cookies are small text files that can be stored and read on your end device. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.
We do not use these necessary cookies for analysis, tracking or advertising purposes.
Some of these cookies only contain information on certain settings and are not personally identifiable. They may also be necessary to enable user guidance, security and implementation of the site.
We use these cookies on the basis of our legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f GDPR.
You can set your browser so that it informs you about the placement of cookies. You can also delete them at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that our web pages may then not be displayed in full and some functions may no longer be technically available.
| Provider | Purpose | Storage duration |
|---|---|---|
| Borlabs | Saves the settings of visitors who have selected Borlabs Cookie in the Cookie Box | 1 year |
| gastronovi GmbH | Used to unlock gastronovi content | Session |
Tracking technologies from third-party providers for advertising purposes
We use cross-device tracking technologies so that you can be shown targeted advertising on other websites based on your visit to our websites and we can recognize how effective our advertising measures were.
Data processing is based on your consent, provided that you have given your consent via our banner. Your consent is voluntary and can be revoked at any time.
How does tracking work?
When you visit our websites, it is possible that the third-party providers mentioned below may retrieve recognition features for your browser or your end device (e.g. a so-called browser fingerprint), evaluate your IP address, store or read recognition features on your end device (e.g. cookies) or gain access to individual tracking pixels.
The individual features can be used by third-party providers to recognize your device on other websites. We can commission the relevant third-party providers to place advertisements based on the pages you visit on our website.
What does cross-device tracking mean?
If you log in to the third-party provider with your own user data, the respective recognition features of different browsers and end devices can be linked with each other. If, for example, the third-party provider has created a separate feature for the laptop, desktop PC or smartphone or tablet you are using, these individual features can be assigned to each other as soon as you use a service of the third-party provider with your login data. In this way, the third-party provider can also target our advertising campaigns across different end devices.
Which third-party providers do we use in this context?
Below we list the third-party providers with whom we work for advertising purposes. If the data is processed outside the EU or the EEA (in particular in the USA) in this context, we provide information on the level of data protection in the following table.
| Provider | Adequate level of data protection | Revocation of consent |
|---|---|---|
| For transfers to the USA, an adequate level of data protection is guaranteed due to the provider's certification under the adequacy decision (EU-U.S. Data Privacy Framework). | If you wish to withdraw your consent, please click and make the appropriate setting via our banner. |
Advice / test account (contact form)
You have the option of contacting us via our consultation form or to apply for a test account. To use it, we first need the data marked as mandatory fields from you.
We use this data on the basis of Art. 6 para. 1 p. 1 lit. f GDPR to answer your request.
Your data will only be processed to answer your request. We will delete your data if it is no longer required and there are no legal obligations to retain it.
With regard to processing in accordance with Art. 6 para. 1 p. 1 lit. f GDPR, you have the right to object at any time. Please contact the e-mail address given in the imprint.
Embedded videos
We embed videos on our websites that are not stored on our servers. However, for reasons of data protection, when you access our website, no content from the third-party provider is loaded and the third-party provider does not receive any information.
Only when you give your consent via our banner will content from the third-party provider be loaded. As a result, the third-party provider receives the information that you have accessed our website and the usage data technically required in this context. In addition, the third-party provider is then able to implement tracking technologies. We have no influence on further data processing by the third-party provider. Your consent includes the reloading of content from the third-party provider.
Embedding takes place on the basis of your consent, provided that you have given your consent via our banner. If the data is processed outside the EU or the EEA (in particular in the USA) in this context, we provide information on the level of data protection in the following table.
| Provider | Adequate level of data protection | Revocation of consent |
|---|---|---|
| Google (Youtube) | For transfers to the USA, an adequate level of data protection is guaranteed due to the provider's certification under the adequacy decision (EU-U.S. Data Privacy Framework). | If you wish to revoke your consent, please click and make the appropriate setting via our banner. |
| Vimeo | Processing also possible outside the EU/EEA. No adequate level of data protection. The transmission takes place on the basis of Art. 49 para. 1 lit. a GDPR. | If you wish to revoke your consent, please click and make the appropriate setting via our banner. |
Map services
We embed map services on our websites that are not stored on our servers. However, for reasons of data protection, when you access our website, no content from the third-party provider is loaded and the third-party provider does not receive any information.
Only when you give your consent via our banner will content from the third-party provider be loaded. As a result, the third-party provider receives the information that you have accessed our website and the usage data technically required in this context. We have no influence on further data processing by the third-party provider. Your consent includes the reloading of content from the third-party provider.
Embedding takes place on the basis of your consent, provided that you have given your consent via our banner.
Please note that the embedding of some map services means that your data will be processed outside the EU or the EEA (in particular in the USA). If the data is processed outside the EU or the EEA (in particular in the USA) in this context, we provide information on the level of data protection in the following table.
| Provider | Adequate level of data protection | Revocation of consent |
|---|---|---|
| For transfers to the USA, an adequate level of data protection is guaranteed due to the provider's certification under the adequacy decision (EU-U.S. Data Privacy Framework). | If you wish to withdraw your consent, please click and make the appropriate setting via our banner. | |
| Open Street Map | Processing within the EU/EEA | If you wish to withdraw your consent, please click and make the appropriate setting via our banner. |
Newsletter registration and dispatch
If you subscribe to our company's newsletter, the data in the respective input mask will be transmitted to the controller. Registration for our newsletter takes place in a so-called double opt-in procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can log in with other people's e-mail addresses.
When registering for the newsletter, the user's IP address and the date and time of registration are stored. This serves to prevent misuse of the services or your e-mail address. We use rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany, as the provider for sending newsletters. The data will not be passed on to third parties unless there is a legal obligation to do so.
For the purpose of analysis, the emails sent contain a so-called tracking pixel, which connects to the rapidmail servers when the email is opened. In this way, it can be determined whether a newsletter message has been opened. We can also determine whether and which links in the newsletter message are clicked on. Optionally, links in the e-mail can be set as tracking links with which your clicks can be counted. If you do not wish to be analyzed by rapidmail, you must unsubscribe from the newsletter.
The subscription to the newsletter can be canceled by the data subject at any time. Consent to the storage of personal data can also be revoked at any time. For this purpose, you will find a corresponding link in every newsletter. The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 p. 1 lit. a GDPR. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 para. 3 UWG.
Access-protected area
If you wish to use our access-protected area, prior registration is required.
We only collect the data required for registration and provision of the service. The processing is carried out on the basis of Art. 6 para. 1 p. 1 lit. f GDPR in our legitimate interest in providing you with the services and information of the access-protected area.
If we also collect data marked as voluntary, we will process it on the basis of your consent. You can revoke your consent at any time with effect for the future. Please use the corresponding functions in the access-protected area or contact the e-mail address given in the imprint.
If you would like to permanently unsubscribe from our access-protected area (objection), please use the unsubscribe option in the access-protected area or contact the office named in the legal notice.
Webinars
We use the GoToWebinar tool to conduct webinars. Various types of data are collected and processed for use, in particular
- Personal details (e.g. first and last name, e-mail address, profile picture),
- Meeting metadata (e.g. date, time and duration of the communication, name of the webinar, participant IP address),
- Device/hardware data (e.g. IP addresses, MAC addresses, client version),
- Text, audio and video data (e.g. chat histories, video, audio and presentation recordings),
- Connection data (e.g. phone numbers, country names, start and end times, IP addresses).
In the following, we would like to inform you in more detail about the scope of data processing.
When registering for the webinar, you must enter your name and, if applicable, your e-mail address. As a participant, you can take part in webinars directly via the browser without installing an application.
In addition, the tool collects user data that is required for the provision, technical and operational support and improvement of the services provided. This includes, in particular, technical data about your devices, your network and your internet connection, such as IP address, MAC address, other device IDs (UDID), device type, operating system type and version, client version, camera type, microphone or loudspeaker, type of connection).
Voluntary information and functions
You can provide further information about yourself, but you do not have to. You are also free to use the chat, question or survey functions during the webinar. You can also switch your camera and microphone on and off or mute them yourself.
If you use the chat, question or survey function, the text entries you make will be processed in order to display them in the "webinar" and, if necessary, to log them. If you switch on your camera or microphone, the data from your end device's microphone and any video camera on the end device will be processed for the duration of the meeting. At the start of the webinar, your camera image and microphone are switched off by default.
Please note that any information that you or others upload, provide or create during a webinar will be processed at least for the duration of the meeting. This includes, in particular, chat/instant messages, files, whiteboards and other information shared while using the service.
Other functions
If this is necessary for the purposes of logging the results of a webinar, chat content may be logged. However, this only applies to "public" chats and messages sent directly to the hosts. The content of private chats is not logged.
If we wish to record webinars, we will inform you of this in advance and - if necessary - ask for your consent. If a recording takes place, the participants of the webinar will be informed of this by the system both via video and audio.
Further information on the processing of your data when using the tools, a detailed list of the data collected and processed as well as the corresponding data protection information can be found at https://www.logmeininc.com/de/legal/privacy.
If you participate in a webinar as an external participant, your data will be processed on the basis of Art. 6 para. 1 S. lit. b GDPR, insofar as your participation in the webinar is necessary for the performance of a contract concluded with you (in particular in order to be able to offer training and further education). The same applies if the webinar is necessary for the implementation of pre-contractual measures that are carried out at your request.
Disclosure of your data
We do not transfer your data to third parties. Data will only be passed on if it is specifically intended to be passed on, if you have expressly consented to the transfer in advance or if we are obliged or authorized to do so by law.
LogMeIn, Inc. supports us in the processing of your data. as an external service provider and processor within the meaning of Art. 28 GDPR. As processors, they use your data strictly in accordance with instructions and on the basis of a separately concluded data processing agreement. Data processing may also take place outside the EU or the EEA. An adequate level of data protection acc. Art. 45 para. 1 GDPR can be assumed through the use of EU standard contractual clauses and additional measures taken.
We will be happy to provide you with a copy of the EU standard contractual clauses and further information on the additional measures taken on request.
Deletion of your data
We only process your data for as long as it is required for the purposes for which it was collected. Therefore, your data will be deleted after 2 years, unless the processing or storage of your data is necessary for the assertion, exercise or defense of legal claims. In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.
gastronovi Office
gastronovi Office is a cloud-based complete solution for the gastronomy sector. When you log in to the front or back office as a user, the following data is collected or stored on our servers.
Use of the local memory in the browser
We use local storage in your browser so that you can customize the front or back office to your personal needs and wishes. Data is stored in the cache of your browser. The data is retained even after you close the browser as long as you do not delete the browser cache.
We make the following functions available to you via this technology:
- User login
- Local user profile
- Personalization of gastronovi Office
- Local state of the application
- Local settings of the application
Some of the data is stored in the front office in addition to providing the offline mode if your internet connection is not available:
- All processes that would otherwise be sent directly to the server. The data is deleted immediately after synchronization with the server
No evaluation of the data is carried out by gastronovi GmbH. They remain on the user's computer and are not sent to gastronovi GmbH.
Usage data
The following data is stored to ensure the security and reliability of the system:
| Usage data | Reason | Storage period |
|---|---|---|
| IP address | Used for automated detection of potentially dangerous accesses. It is also evaluated for forensic analysis in the event of an attack. | 1 year |
| Time of access | Used for automated detection of potentially dangerous accesses. It is also evaluated for forensic analysis in the event of an attack. | 1 year |
| UserAgent | The UserAgent is transmitted to the server by your browser when you visit gastronovi Office. According to RFC-2616, it contains the following data:Name of the browserVersion of the browserComment (operating system, hardware, web renderer). The information is evaluated manually in order to adapt gastronovi Office to the browsers and operating systems. In addition, the recording serves to identify hardware that may have to be discontinued when new technologies are used. |
1 year |
| URL | The URL that was called up is saved. The data is evaluated via live monitoring in order to detect possible attacks on the system. The data is stored to ensure system security and to carry out forensic analyses in the event of an attack. | 1 year |
Status page for gastronovi Office
At status.gastronovi.com you can view the status of gastronovi Office and its other systems in real time. If you subscribe to the updates, the following data will be collected from you:
- E-mail address or
- Telephone numbers
The data is collected in order to notify you in the event of a malfunction or outage. You can also unsubscribe via SMS or the unsubscribe link by e-mail.
We also use the content of the third-party provider Atlassian for display purposes. Pty Ltd (Australia). The embedding takes place on the basis of Art. 6 para. 1 p. 1 lit. f GDPR and in the interest of making our website as appealing and informative as possible. To ensure an appropriate level of data protection, we have concluded the EU standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR has been concluded.
Integration of other technical third-party content and functions
We use the technical functions and content of third-party providers listed below to display our websites.
When you access our pages, the content of the third-party provider that provides these functions and content is loaded. As a result, the third-party provider receives the information that you have accessed our website and the usage data technically required in this context.
We have no influence on further data processing by the third-party provider.
Data processing takes place on the basis of your consent, provided that you have previously given your consent via our banner solution.
Please note that the use of third-party content and functions may result in your data being processed outside the EU or the EEA (in particular in the USA). An adequate level of data protection is guaranteed for transfers to the USA on the basis of the adequacy decision (EU-U.S. Data Privacy Framework).
| Provider | Technical function or content | Adequate level of data protection | Revocation of consent |
|---|---|---|---|
| Podigee | Content Delivery Network | Processing within the EU/EEA. | If you wish to withdraw your consent, please click and make the appropriate setting via our banner. |
| Google Tag Manager | For transfers to the USA, an adequate level of data protection is guaranteed due to the provider's certification under the adequacy decision (EU-U.S. Data Privacy Framework). | If you wish to withdraw your consent, please click and make the appropriate setting via our banner. |
Storage duration
Unless we have already informed you in detail about the storage period, we delete personal data when it is no longer required for the aforementioned processing purposes and no legitimate interests or other (legal) reasons for storage prevent deletion.
Further processors
We pass on your data within the framework of order processing in accordance with. In accordance with Art. 28 GDPR, we pass on your personal data to service providers who support us in the operation of our websites and the associated processes. These are hosting service providers, for example. Our service providers are strictly bound by our instructions and are contractually obligated accordingly.
In the following, we will name the processors with whom we work if we have not already done so in the above text of the data protection declaration. If data can be processed outside the EU or the EEA in this context, we will inform you about this in the following table.
| Provider | Purpose | Adequate level of data protection |
|---|---|---|
| Eventbrite | Creating and sending event invitations | For transfers to the USA, an adequate level of data protection is guaranteed due to the provider's certification under the adequacy decision (EU-U.S. Data Privacy Framework). |
| Google Forms | Creating and sending event invitations and surveys | For transfers to the USA, an adequate level of data protection is guaranteed due to the provider's certification under the adequacy decision (EU-U.S. Data Privacy Framework). |
| Calendly | Online appointment booking | Processing only within the EU/EEA |
Your rights as a data subject
When processing your personal data, the GDPR grants you certain rights as a data subject:
Right to information (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.
Right to rectification (Art. 16 GDPR)
You have the right to demand the immediate correction of incorrect personal data concerning you and, if necessary, the completion of incomplete data.
Right to erasure (Art. 17 GDPR)
You have the right to demand that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 GDPR applies.
Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of the examination by the controller.
Right to data portability (Art. 20 GDPR)
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.
Right to withdraw consent (Art. 7 GDPR)
If the processing of data takes place on the basis of your consent, you are entitled under Art. 7 para. 3 GDPR, you have the right to withdraw your consent to the use of your personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.
Right to object (Art. 21 GDPR)
If data is collected on the basis of Art. 6 para. 1 p. 1 lit. f GDPR (data processing to safeguard legitimate interests) or on the basis of Art. 6 para. 1 p. 1 lit. e GDPR (data processing to protect the public interest or in the exercise of official authority), you have the right to object to the processing at any time on grounds relating to your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
You have acc. In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of data relating to you infringes data protection regulations. The right to lodge a complaint can be asserted in particular with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
Assertion of your rights
Unless otherwise described above, please contact the office named in the legal notice to assert your rights as a data subject.
Contact details of the data protection officer
Our external data protection officer will be happy to provide you with information on the subject of data protection using the following contact details:
datenschutz nord GmbH
Konsul-Smidt-Strasse 88
28217 Bremen
Web: https://www.dsn-group.de/
E-mail: office@datenschutz-nord.de
If you contact our data protection officer, please also indicate the responsible body named in the legal notice.
