M

Due to the compulsory closure of restaurants and hotels, we would like to support the industry. Therefore, from now on, we also offer our services for collection and delivery. In addition, we provide restaurateurs with digital guest registration so that querying the contact information of guests is easily outsourced to us.

Privacy Policy

  1. Here you can find our information for you about data protection in our web application.

So that you know how and why your data is used, it is important that you read this privacy policy and any other information on data protection and fair data processing that we provide to you in connection with the collection or processing of your personal data on specific occasions.

The terms used refer to the definitions according to Art. 4 of the EU Data Protection Basic Regulation (DS-GVO).

 

  1. We, who operate and manage this web application

 

The person responsible for processing your personal data is

Horeca Digital System GmbH

Thomasiusstr. 21

D- 04109 Leipzig

e-mail:                         datenschutz@so-use.de

Managing Director:       Ben Kamran Wollscheid, Thomas Niermann

If you have any questions regarding data protection, please use these contact options.

 

  1. Summary
    1. When you visit our pages, your IP address is saved. This happens in a shortened form, we create statistics from it.
    2. In order to operate our website we also have to process data.
    3. To process your order/purchase, we need your address, contact details and payment information.
    4. To continuously improve SO’USE for you, we rely on the support of an analysis service.
    5. We work with a number of service providers who may receive your information for specific purposes.

 

  1. Server log files

The provider of the site automatically collects and stores information in so-called server log files, which your browser automatically transmits to us and is available to us. These are:

            -Browser type and version

-the operating system used

-Referrer URL

-Hostname of the accessing computer

-time of the server request

-IP address

The basis for data processing is Art. 6 Par. 1 lit. b, f DS-GVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures, as well as due to our legitimate interest in the operation of our online store.

  1. Orders
    1. “Order on site”

In order to forward your order to the appropriate restaurateurs, we collect and process your e-mail address. This information is mandatory for order processing. You also have the possibility to add a comment and notes to your order. We use the data you provide us with in accordance with article 6 paragraph 1 letter b DS-GVO for contract processing. As a rule, we store your data for commercial and tax law reasons for up to 10 years and for any warranty claims for up to 2 years. You can find out more below.

    1. “Have it delivered” and “For collection”

You are also welcome to have your order delivered or to pick it up on site. In order to be able to forward your delivery or pickup request to the appropriate restaurateurs, we collect and process your name, address, e-mail address and telephone number (optional). Here you also have the possibility to add comments and hints to your order. Required fields are marked as such, because in these cases we need the data for the processing of the contract and cannot process the order without the data. We use the data you provide us with in accordance with article 6 paragraph 1 letter b DS-GVO for contract processing. As a rule, we store your data for commercial and tax law reasons for up to 10 years and for any warranty claims for up to 2 years. You can find out more below.

    1. Payments
  1. Paypal

You can use PayPal to pay your purchase. In this case we send PayPal your purchase related data, i.e. total amount of the order and information about the restaurateur. The data transfer is based on art. 6 paragraph 1 lit. b DS-GVO.

Information about data processing by PayPal can be found here:

PayPal (Europe) S.à.r.l. et Cie., S.C.A., 22-24 Boulevard Royal, L- 2449 Luxembourg

Information on data protection

We also use the above information (except account/credit card information) for statistical analysis of our website. We have a legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f DS-GVO in the analysis of our services for further development. Financial information is stored exclusively by PayPal. We have no access to it.

  1. Stripe

You can also pay by credit card, Apple Pay or Google Pay. For this we use the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. Your credit card data will not be stored by us, but will be processed directly by Stripe and the providers entrusted with the payment processing (Apple and Google), without our knowledge at any time. Stripe processes at least the following information according to its own information:

With regard to all transactions:

  • Date of the transaction,
  • Monetary amount of the transaction.
  • Status of the transaction (accepted/rejected)

When paying by credit card:

  • Credit card origin (only the last four digits are visible to us and stored at Stripe)
  • The IP address from which the order was placed to identify fraudulent activity
  • Card expiration date (month and year)
  • Country of origin of the credit card
  • Type of credit card (credit or debit)
  • Name of the credit card company (Visa, American Express, Mastercard..)

Processing by us is carried out in accordance with Art. 6 Para. 1 lit. b DS-GVO for order processing. Stripe will also use your data for identity and credit checks. However, the conditions of Stripe apply. You can read the current data protection information about Stripe and additional information here: https://stripe.com/de/privacy. We also use the transaction data (except account/credit card information) for statistical analysis of our web application. We have a legitimate interest according to Art. 6 para. 1 p. 1 lit. f DS-GVO in the analysis of our services for further development. Financial information is stored exclusively by Stripe, Apple and Google. We have no access to this information.

Apple Pay – Service Provider: Apple Inc, Infinite Loop, Cupertino, CA 95014, USA; Web site: https://www.apple.com/de/apple-pay/; Privacy policy: https://www.apple.com/legal/privacy/de-ww/.

Google Pay – Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://pay.google.com/intl/de_de/about/; Privacy Policy: https://policies.google.com/privacy.

  1. Communication
    1. contact

If you have any questions or remarks, please feel free to contact us by phone or mail. Your data such as e-mail address, telephone number and the content of your request will be stored for the purpose of processing your inquiry and in case of follow-up questions. Except in the case that the questions and requests can only be answered with the involvement of the restaurateurs, we will not pass them on without your consent, unless we are legally obliged to do so.

The processing of the communicated data is carried out on the basis of Art. 6 para. 1 letters b and f DS-GVO. Our legitimate interest follows from the answer to your inquiry.

    1. Advertising

We would like to inform you in the future (assuming you have found and bought something with us) about what’s new with us and in connection with your last order through SO’USE – that is, advertising. For this purpose, we use your contact information such as e-mail address and name. The legal basis for this processing is article 6 paragraph 1 letter f DS-GVO. We have a legitimate interest in using your data for advertising purposes once you have placed an order with us.

Revocation

You can object to the processing of your personal data for direct marketing purposes at any time free of charge. For further details, please see the information about your rights below.

 

 

  1. Cookies, third-party tools and services
    1. Cookies

We partly use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and cookies are only allowed in individual cases, you can exclude the acceptance of cookies for certain cases or in general and you can activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

    1. “Nice to see you again”

We use our own cookies for user recognition to find out whether you have used SO’USE before. With the help of the cookies, we want to measure the success of SO’USE and improve SO’USE as much as possible with the knowledge gained.

The stored cookies generate a user ID for you which enables us to recognize you. What has just been said is also our legitimate interest in its use, so the legal basis for this processing is Art. 6 para. 1 li. f DS-GVO. We do not share this information with third parties.

    1. Web Fonts

We use fonts (typefaces), which we host on our own servers, for a uniform and visually appealing presentation of the textual content on our website.

To be able to play the fonts to you, we have to process your IP address.

The legal basis for data processing on the basis of the fonts is Art. 6 para. 1 letter f DS-GVO. Our legitimate interest lies in the pursued purposes described above, i.e. uniform and attractive presentation and faster loading times.

    1. Rollbar

For error analysis on our website and to be able to correct errors quickly, we rely on the service of “Rollbar”, Rollbar, Inc., 51 Federal Street, Suite 401, San Francisco, USA.

The following information for error detection and analysis is also processed by Rollbar:

            -Browser type, installed browser plugins

-IP address, other unique device identifiers

            -Screen and window resolution

-Set language in browser

-date and time of access and time zone

-Referrer URL

– Detected error or bug

We have a legitimate interest in these data processing operations in accordance with Art. 6 Para. 1 letter f DS-GVO, namely as described, the interest in error detection and analysis.

Rollbar can transfer your data to servers worldwide. This also affects locations in countries without an adequate level of data protection. For data transfer e.g. to the USA, Rollbar has been certified under the EU-US Privacy Shield. Other countries are connected via standard data protection clauses.

We have concluded an order processing contract with Rollbar in accordance with Art. 28 DS-GO.

You can find more information on data protection at Rollbar at: https://docs.rollbar.com/docs/privacy-policy.

    1. Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, (“Google”). We have concluded a contract with Google for order processing in accordance with Art. 28 DS-GVO. We use Google Analytics to “improve” our offer, i.e. to be able to see what you and others particularly like about us, our website, our campaigns and our products, to make it even more pleasant for you to store with us. For this you have given us your consent according to Art. 6 para. 1 lit. a DS-GVO.

Unfortunately, this does not work without setting cookies by Google Analytics to process and transmit personal data from you to Google, for example:

-User-Agent of the browser

-IP address of the port

            -Screen and window resolution

-Set language in browser

-Time zone

-Installed Browser Plugins

Google may transfer your data to servers worldwide. This also affects locations in countries without an adequate level of data protection. For data transfer to the USA, for example, Google has had itself certified under the EU-US Privacy Shield.

Google can track you across devices and sites using cookies and create a (pseudonymized) profile of you using an advertising ID with information about you from other sources.

Google Analytics is used exclusively by means of IP anonymization. All processed personal data is deleted or completely anonymized after 14 months.

You can find more information on data protection at Google at: https://policies.google.com/privacy.

Possibility to object to the use of data by Google can be found here: Opt-Out-Plugin: http://tools.google.com/dlpage/gaoptout?hl=de, settings for the representation of advertising insertions under: https://adssettings.google.com/authenticated.

By the way, you can revoke your consent to us at any time with effect for the future. Just send a mail to: Contact us.

    1. Google Tag Manager

We use on our website the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, (“Google”).

This application is used to manage JavaScript tags and HTML tags, which are used to implement tracking and analysis tools in particular. The data processing serves the purpose of designing and optimizing our website according to your needs.

The Google Tag Manager itself does not store any. However, it does enable the triggering of further tags that can collect and process personal data.

We base the use of the Google Tag Manager on Art. 6 para. 1 lit. f DS-GVO, because we have a legitimate interest in the management of our tracking and analysis tools.

Google may transfer your data to servers worldwide. This also affects locations in countries without an adequate level of data protection. For data transfer to the USA, for example, Google has had itself certified under the EU-US Privacy Shield.

For more information on terms of use and privacy policy, please visit https://www.google.com/intl/de/tagmanager/use-policy.html.

  1. Receiver

In essence, we share your information with the restaurateurs and with the payment providers. This is done as described above, mainly to process your order. Unless otherwise specified in the individual sections, we will share your data internally with the responsible employees and, if necessary, with other recipients such as authorities, tax consultants, lawyers, web hosts and other third parties typically involved in the processing of data in the course of normal business operations. This data may also be forwarded to third parties if it is necessary to pursue our claims or if there is a legal obligation to do so.

A transfer to third parties for independent use will not take place without your explicit consent and always follows the requirement of legality. All service providers are integrated in accordance with the requirements of the DS-GVO.

  1. Delete

Your personal data will only be stored for as long as it is necessary for the purposes for which it was collected, including compliance with statutory accounting or reporting requirements.

We are required by law to retain basic information about our customers (including contact, identity and transaction data, business letters) for tax and commercial law reasons for a period of six years after termination of the business relationship or ten years after the end of the current tax year in which the invoice was issued (§ 257 HGB, § 147 AO, etc.).

In individual cases, separate deletion periods apply, which we have then highlighted in the respective sections.

Under certain circumstances you can request the deletion of your personal data: for more information, see Request deletion.

  1. Your rights

In certain cases you have the following rights with regard to your personal data:

Right to information (Art. 15 DS-GVO) about your personal data which we process. Based on this right, you can obtain a copy of your personal data stored with us and check whether we are processing this data lawfully.

Right to correction (Art. 16 DS-GVO) of your personal data stored with us. On the basis of this right, you can have incomplete or incorrect data stored with us corrected, even though we may have to check the correctness of the new data you provide.

Right to deletion (Art. 17 DS-GVO) of your personal data. On the basis of this right, you can demand that we delete or remove personal data if there is no valid reason for further processing. You can also ask us to delete or remove your personal data if you have successfully exercised your right to object to the processing (see below), if we have processed your data unlawfully or if we are obliged to delete it in accordance with local legislation. It may not always be possible to comply with your request for deletion for legal reasons, but you will be informed of this at the time of your request.

Right to limit the processing (Art. 18 DS-GVO) of your personal data. On the basis of this right, you can ask us to suspend the processing of your personal data in the following cases: (a) if you want us to verify the accuracy of this data; (b) if the use of the data by us is unlawful, but you object to its deletion; (c) if you want us to keep the data for longer than is necessary for us because you need it to establish, exercise or defend a legal claim; or (d) if you have objected to the use of your data by us, but we must verify whether there are overriding legitimate reasons for its use.

Right of transferability (Art. 20 DS-GVO) of your personal data to you or a third party. If you so wish, we will provide you or a third party designated by you with a copy of your personal data in a structured, common, machine-readable format. However, this right applies only to automated data that you originally agreed to use or that was used to fulfill a contract with you.

Right to object to the processing (Art. 21 DS-GVO) of your personal data. This right exists if we invoke a legitimate interest (or that of a third party) and your particular situation leads you to object to the processing for this reason, since you consider your fundamental rights and freedoms to be impaired. You also have the right to object if your personal data are processed for the purpose of direct marketing. In some cases, we may demonstrate compelling reasons for processing that are worthy of protection and that outweigh your rights and freedoms.

Right not to be subjected to automated decision-making (Art. 22 DS-GVO) (including profiling) if this would significantly affect you. Since we do not engage in such activities, this right is in practice not relevant to your use of the website.

right to revoke your consent at any time (Art. 7 para. 3 DS-GVO) if we need your consent to process your personal data. However, this has no effect on the lawfulness of the processing prior to the revocation of consent. If you revoke your consent, we may no longer be able to provide you with certain products, content or services. However, we will inform you of this at the time of revocation.

Right to complain to a supervisory authority. The supervisory authority responsible for us is the

Saxon data protection commissioner

Mr. Andreas Schurig

Devrientstraße 5

01067 Dresden.

  1. Changes to this Privacy Policy

This privacy policy may be updated or otherwise changed at any time. We will notify you of any changes to our privacy policy by posting the amended version on the website.

This version was last changed on the date given below. Older versions can be requested from us.

Last changed on: 28.05.2020

 

Contact: datenschutz@so-use.de

This privacy policy is presented to you with the kind support of Patronus- Privacy