on another note - hier ist die deepL übersetzte Version der Privacy Policy für www.valooba.com
1. GENERAL
By operating our website with the URL www.valooba.com (hereinafter referred to as "website"), we process personal data. These are treated confidentially by us and processed in accordance with the applicable laws - in particular the German Data Protection Regulation (DSGVO), the German Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG). With these data protection provisions, we want to inform you about what personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. In addition, we will explain to you what rights you have to protect and enforce your data privacy.
We would like to point out that these data protection provisions apply solely to this website www.valooba.com. With regard to the use of Valooba by our customers (restaurateurs) in their catering establishments in the context of order and payment processing and the associated processing of personal data of guests, we refer to the respective privacy policies of our customers, which they have stored on their order landing page. In this regard, our company only acts as an IT service provider and order processor.
2. DEFINITIONS
Our data protection provisions contain technical terms that are in the DSGVO and the BDSG. For your better understanding, we would like to explain these terms in simple terms in advance:
2.1 Personal data
"Personal data" is any information relating to an identified or identifiable individual (Art. 4 No. 1 DSGVO). Information of an identified person can be, for example, the name or the e-mail address. However, personal data is also data for which the identity is not immediately apparent, but can be determined by combining one's own information or that of others and thus finding out who it is. A person can be identified, for example, by providing your address or bank details, your date of birth or user name, your IP addresses and/or location data. Relevant here is all information that in any way allows a conclusion to be drawn about a person.
2.2 Processing
Under a "processing" understands Art. 4 No. 2 DSGVO any operation in connection with personal data. This applies in particular to the collection, recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or other form of making available, alignment or combination, restriction, erasure or destruction of personal data.
II. responsible person and data protection officer
3. RESPONSIBLE
The person responsible for data processing is:
Company: Hamburg Access Technologies HAT GmbH ("we").
Legal representative: Heiko Fuchs and Axel Strehlitz (Managing Directors).
Address: Zimmerpforte 3, 20099 Hamburg
Telephone: 040 / 2383050 - 0
E-mail: info@valooba.com
4. DATA PROTECTION OFFICER
We have appointed an external data protection officer for our company. You can reach him under:
Name: Arne Platzbecker
Address: HABEWI GmbH & Co. KG, Palmaille 96, 22767 Hamburg, Germany
Phone: 040/ 46008966
Fax: 040/ 46008977
E-mail: datenschutz@habewi.de
III. processing framework
5. PROCESSING FRAMEWORK: WEBSITE
Within the framework of the website, we process the personal data of you listed in detail below in section IV. We only process data from you that you actively provide on the website (e.g. by filling out forms) or that you automatically provide when using our offer.
Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we as the client are authorized to issue instructions to our contractors. To operate our website, we use an external service provider for hosting. We host our website with the external provider DigitalOcean, LLC (address: 101 6th Ave, NYC, 10013 USA) in the data center location Frankfurt, Germany. If further external service providers are used for individual processing operations listed in section IV, they will be named there.
As a matter of principle, we do not transfer data to third countries and do not plan to do so. We will provide information on exceptions to this principle in the processing operations described below. Any data transfer to third countries will then take place on the basis of the so-called EU standard contractual clauses.
IV. The processing in detail
6. PROVISION OF THE WEBSITE AND SERVER LOG FILES
6.1 Description of the processing
Each time you access the website, we automatically collect information that your browser transmits to our server. This is the following data:
- IP address
- browser software used, as well as its version and language
- operating system
- the website from which visitors came to the website (so-called referrer)
- the subpages accessed on the website
- the date and time the website was accessed
- the country and place from which a user visited the website
These are also stored in the so-called log files of our system. The temporary storage of your IP address by the system is necessary in order to deliver our website to a user's terminal device. For this purpose, the user's IP address must remain stored for the duration of the session. However, your IP address is not stored in the log files.
6.2 Purpose
The processing is carried out to enable the website to be called up and to ensure its stability and security. In addition, the processing serves the statistical evaluation and improvement of our online offer.
6.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose named in section 6.2.
6.4 Storage period
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. Deletion of the log files takes place after 7 days.
7. ADMIN AREA FOR RESTAURATEURS
7.1 Description of the processing
We provide our customers, who use Valooba in their gastronomic businesses for a more efficient order and payment processing, for shift planning and/or tip management, with an administration area on our website upon conclusion of the contract. The access data will be transmitted separately to the management of our customer. No personal data of guests will be processed in this administration area. In the context of the order and payment processing, only the ticket number generated with the order, the table number (if available), the ordered goods, and the payment status of the order are displayed to our customer's management via the admin area. The management of our customers can also create the employees of their catering business in the system for shift planning and tip management with first name, last name and operating times. We provide the Va-looba services within the framework of order processing as defined in Art. 28 DSGVO, in which we (contractors) act for our customers (clients) in accordance with instructions.
7.2 Purpose
The processing is carried out in order to be able to provide our customers with an administration area for the Valooba Services.
7.3 Legal basis
The processing is carried out on the basis of the Valooba user contract (Art. 6 para. 1 lit. b DSGVO). If we obtain consent as part of the separate registration of employees, the processing is based on this consent in accordance with Art. 6 para. 1 lit. a DSGVO. Your consent is voluntary.
7.4 Storage period and revocation of consent
As a rule, we process your personal data in connection with your Valooba admin area until the termination of your Valooba user contract, if we have asked you for consent in the course of registration, until your consent is revoked. You can revoke your consent at any time with effect for the future. A simple declaration is sufficient for this (by post to Hamburg Access Technologies HAT GmbH, Zimmerpforte 3, 20099 Hamburg or by e-mail to info@valooba.com). The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. In the event of a revocation, your personal data will be deleted from the Valooba admin area of our customer. Furthermore, as a logged-in user, you can edit and remove your own details and information at any time.
7.5 Recipients
Since the provision of the admin area is carried out within the framework of an order processing and within the framework of the Valooba user contract, the customer has access to the data concerning his gastronomic business. With different role rights, the customer's counter employees also have access to the data required to process orders.
8. COOKIES
8.1 Description of the processing
Our website uses cookies. Cookies are small text files that are stored on the user's terminal device when visiting a website. Cookies contain information that enables the recognition of a terminal device and possibly certain functions of a website. We distinguish between our own cookies and external, so-called third-party cookies. So-called "session cookies" and "persistent cookies" are used on our site. "Session cookies" are automatically deleted when you end your Internet session and close the browser. Persistent cookies remain stored on your terminal device for a longer period of time. We only use cookies that are technically necessary for the operation of our site. If cookies are technically necessary for the operation of our site, this does not require your consent.
All other cookies that are not technically necessary are only set after you have actively consented to the use of cookies via our consent tool. We use the [...] service to obtain and document consent. The Consent Tool itself stores your selection in a cookie on your end device. This means that you do not need to make a decision about cookies again on a subsequent visit to our website.
You can find out which cookies are used on our website for which purpose, how long they are stored on your end device and which consents you may have already declared in the settings of the [...] Consent tool and in the following overview:
8.2 Purpose
We use cookies to make our website more user-friendly and to offer the functions described in section 8.1.
8.3 Legal basis
With regard to technically required cookies, as well as the use of the Consent Tool, the processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSG-VO in conjunction with § 25 para. 2 TTDSG). Our legitimate interest lies in the purpose named in section 8.2. For the processing of all other cookies - i.e. cookies that are not technically necessary - the legal basis is consent (Art. 6 Para. 1 lit. a DSGVO in conjunction with § 25 Para. 1 TTDSG). Such consent is voluntary.
8.4 Storage period, revocation of consent
Cookies are automatically deleted at the end of a session or at the end of the specified storage period. Since cookies are stored on your terminal device, you as the user have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transfer of cookies. Cookies that have already been stored can be deleted. This can also be done automatically. If cookies are deactivated, deleted or restricted for our website, it may be that individual functions of our website cannot be used or can only be used to a limited extent. You can revoke any consent you may have given for the use of cookies at any time in the settings of the Consent Tool with effect for the future.
8.5 Recipients
When third-party cookies are used, data may be transmitted to the corresponding providers of these third-party services. In this case, data may also be transmitted to third countries outside the European Union or the European Economic Area. We provide information about the recipients of data, as well as a third country transmission in the settings of the Consent Tool or in the corresponding passage for the third-party service in these data protection provisions.
9. CONTACT FORM AND CONTACT BY E-MAIL
9.1 Description of processing
We have provided a contact form on our website for contacting us. In this form, you are asked to enter your e-mail address, your name and a message to us. When you click the "Send" button, the data will be transmitted to us using SSL encryption (see section 13.). The contact form can only be transmitted if you confirm that you have taken note of these data protection provisions by clicking on the corresponding checkbox. You can also contact us via the e-mail addresses provided on the website. In this case, the personal data transmitted with the e-mail will be processed by us.
9.2 Purpose
By providing a contact form on our website, we want to offer you a convenient way to contact us. The data transmitted with and in the contact form or your e-mail will be used exclusively for the purpose of processing and responding to your request.
9.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose named in section 9.2. If the e-mail contact is aimed at the conclusion or fulfillment of a contract, the data processing is carried out for the fulfillment of the contract (Art. 6 para. 1 lit. b DSGVO).
9.4 Storage period
We delete the data as soon as they are no longer required to achieve the purpose for which they were collected. This is usually the case when the respective communication with you has ended. The communication is terminated when it can be inferred from the circumstances that your concern has been conclusively clarified. If legal retention periods prevent deletion, the data will be deleted immediately after expiry of the legal retention period.
10. SOCIAL NETWORKS
10.1 Description of processing
Our website does not use any so-called social media plugins. The Facebook, Instagram and YouTube logos displayed on our website are merely linked to the corresponding profiles of our company on the social networks. A data transfer to the social networks does not take place with the integration of the logos. If you click on one of the logos, you will only be redirected to the external website of the respective social network.
However, our profiles within the social networks do constitute data processing. If you are logged in to the respective social network when you visit such a profile, this information will be assigned to your user account there. If you interact with our profile, e.g. comment, "share" or "like" a post, this information will also be stored in your user account. As a rule, your interactions with our profile can also be viewed by us.
On the social networks Facebook and Instagram, we have the possibility to receive statistical data about the use of our Facebook page or our Instagram profile via the so-called "Insights" function. These statistics are provided by Facebook and Instagram respectively. The "Insights" function cannot be disabled. We cannot decide to turn this feature on or off. It is available to all Facebook Fan Page operators and all Instagram business account operators, regardless of whether you use the Insights feature or not.
We are provided with the following data via Facebook Insights for a selectable period of time in anonymized form with regard to fans, subscribers, people reached and people interacting: Total page views, "likes" including origin, page activity, post interactions, reach, post reach (divided into organic, viral and paid interactions), comments, shared content, replies as well as demographic evaluations, i.e. country of origin, gender and age. In the Insights statistics, it is not possible for us to identify subscribers and fans of our site and to view their profiles.
Furthermore, Instagram Insights provides us with anonymized data about the development and reach of our Instagram profiles, as well as the posts, stories and videos we post there. We also receive statistical information about the place of origin, gender and age of the subscribers of our Instagram profile in the Instagram Insights.
The social networks with which you communicate store your data using pseudonyms as usage profiles and use them for advertising purposes and market research. For example, you may be shown advertisements within the social network and on other third-party websites that match your presumed interests. For this purpose, cookies are usually used, which the social network stores on your terminal device. You have a right of objection to the creation of these user profiles, which you must exercise by contacting the social networks directly.
10.2 Purpose
We maintain profiles on the aforementioned social networks for the purpose of public relations and corporate communication with customers and interested parties. We use the "Insights" function of Facebook and Insta-gram to evaluate the reach of our posts on the social network and to make them more appealing to our visitors in the future.
10.3 Legal basis
The legal basis for data processing in the context of our profiles on social networks is the protection of our overriding legitimate interests (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose named in section 10.2. If you are asked for consent by the respective operator of a social network, the legal basis is Art. 6 (1) a DSGVO. The data processing with regard to our presences on Facebook, and Instagram otherwise takes place on the basis of a joint responsibility pursuant to Art. 26 DSGVO.
10.4 Recipients and transmission to third countries
The respective social networks are operated by the companies listed below. Further information on data protection with regard to our profile on the social networks can be found in the linked data protection provisions.
- Facebook: Meta Platforms, Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA or Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Privacy Policy: www.facebook.com/policy.php; www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other#applications as well as www.facebook.com/about/privacy/your-info#everyoneinfo.
- Instagram: Meta Platforms, Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA or Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; privacy policy: help.instagram.com/155833707900388/.
- YouTube: YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy of YouTube/Google: www.google.com/policies/privacy/partners/?hl=de.
The social networks also process your personal data in the USA.
11. GOOGLE ANALYTICS
11.1 Description of processing
Our website uses "Google Analytics", a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). Google Analytics uses cookies (see section 8.), which allow an analysis of your use of our offer. The information generated by the cookies is usually transferred to a Google server in the USA and stored there. However, we use Google Analytics exclusively with IP anonymization. This means that your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analy-tics will not be merged with other data from Google. The statistics generated by Google Analytics record in particular how many users visit our website, from which country or location the access takes place, which sub-pages are called up and via which links or search terms visitors reach our website. The user conditions of Google Analytics can be found at www.google.com/analytics/terms/de.html. An overview of data protection at Google Analytics is available at www.google.com/intl/de/analytics/learn/privacy.html. Google's privacy policy can be viewed at www.google.de/intl/de/policies/privacy.
11.2 Purpose
The processing takes place in order to be able to evaluate the use of our website. The information thus obtained is used to improve our online presence and to design it in line with requirements.
11.3 Legal basis
The processing takes place on the basis of consent pursuant to Art. 6 para. 1 lit. a DSGVO. This is obtained by us via the Consent Tool (see section 8.1). Such consent is voluntary.
11.4 Storage period and right of objection, revocation of consent
We have explained the storage period and your control and setting options for cookies in section 8.4. You can revoke your consent with regard to Google Analytics at any time in the settings of the consent tool with effect for the future. Alternatively, you can object to data processing by Google Analytics at any time by downloading and installing the browser add-on offered by Google at tools.google.com/dlpage/gaoptout?hl=en. The analysis data processed and stored with Google Analytics will be automatically deleted by us after 14 months.
11.5 Recipients and transmission to third countries
According to the German data protection supervisory authorities (Data Protection Conference), Google Analytics is jointly responsible for data processing on our behalf. Against this background, we have also concluded the "Google Measurement Controller-Controller Data Protection Terms" with Google. Google also processes your personal data in the USA.
12. FONT SUBSTITUTION
When displaying our website, the standard fonts of your terminal device are replaced by fonts. This is done to make the text on our website more readable and aesthetically pleasing. When replacing fonts, we have opted for a privacy-friendly solution. We do not use external services such as Google Fonts or Adobe Fonts. Instead, we store the fonts to be replaced locally on our server. This has the advantage that when you call up our website, no request is made by your browser to external font replacement services and thus no data, in particular your IP address in connection with the address of our website, is transmitted to third parties.
*V. Security Measures *
13. security measures
To protect your personal data from unauthorized access, we have provided our website with an SSL or TLS certificate. SSL stands for "Secure Sockets Layer" and TLS for "Transport Layer Security" and encrypts the communication of data between a website and the user's terminal device. You can recognize active SSL or TLS encryption by a small lock logo displayed on the far left of the browser's address bar.
**VI. your rights
14. data subject rights
With regard to the data processing by our company described above, you are entitled to the following data subject rights:
14.1 Information (Art. 15 DSGVO).
You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, they have a right to information about this personal data and to the information listed in detail in Art. 15 DSGVO under the conditions specified in Art. 15 DSGVO.
14.2 Correction (Art. 16 DSGVO).
You have the right to demand that we correct any inaccurate personal data concerning you and, if necessary, complete any incomplete personal data without undue delay.
14.3 Deletion (Art. 17 DSGVO).
You have the right to demand that we delete personal data concerning you without undue delay, provided that one of the reasons listed in detail in Art. 17 DSGVO applies, e.g. if your data is no longer required for the purposes we pursue.
14.4 Restriction of data processing (Art. 18 DSGVO).
You have the right to request that we restrict processing if one of the conditions listed in Art. 18 DSGVO applies, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that allows us to verify the accuracy of your data.
14.5 Data portability (Art. 20 DSGVO).
You have the right, under the conditions set out in Art. 20 DSGVO, to request that the data relating to you be handed over in a structured, common and machine-readable format.
14.6 Withdrawal of consent (Art. 7 (3) DSGVO)
You have the right to revoke your consent at any time in the case of processing based on consent. The revocation applies from the time it is asserted. In other words, it is effective for the future. Therefore, the revocation of consent does not render the processing retroactively unlawful.
14.7 Complaint (Art. 77 GDPR)
If you believe that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You can assert this right at a supervisory authority in the EU member state of your place of residence, your place of work or the place of the alleged infringement.
14.8 Prohibition of automated decisions/profiling (Art. 22 GDPR).
Decisions which have legal effects concerning you or which significantly affect you must not be based solely on automated processing of personal data - including profiling. We inform you that we do not use automated decision-making including profiling with regard to your personal data.
14.9 Right to object (Art. 21 DSGVO).
If we process your personal data on the basis of Art. 6 (1) f DSGVO (for the protection of overriding legitimate interests), you have the right to object to this under the conditions listed in Art. 21 DSGVO. However, this only applies insofar as there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defense of legal claims. In any case - also regardless of a particular situation - you have the right to object at any time to the processing of your personal data for direct marketing.
Status: April 2023