1. General Information.
1.1 Controller within the meaning of the GDPR of this website is Hospitality Digital GmbH, Metro-Straße 1, 40235 Düsseldorf (“DISH“, “we“ or “us“).
1.2 If you have any questions regarding the protection of personal data, you may contact our Data Protection Officer using the following contact details: Hospitality Digital GmbH, Data Protection Officer, Metro-Straße 1, 40235 Düsseldorf, email: firstname.lastname@example.org.
2. Automated Processing of Personal Data when Accessing our Website.
2.1 When you access and use our website via the terminal device you use when you access the website (this may be your computer, your mobile phone or a comparable internet-enabled terminal device), we process personal data automatically. This includes
• the IP address currently used by your terminal device,
• date and time when the website was accessed,
• the browser type and the operating system of your terminal device;
• the initial website from which you accessed our website and
• the sub-pages visited on our website.
3.1 To enable the website to function properly, we use technically necessary Cookies, for example to store language settings and log-in information. The legal basis for the processing of technically necessary Cookies is Article 6 para. 1 sentence 1 letter a) GDPR. The functionality of our website is a legitimate interest.
3.2 We use analysis Cookies that allow us to track your use of our website, e.g. which third-party website you came from, which sub-pages of our website you visit and which links you clicked on and how often. The data collected about you in this way is pseudonymised by us through technical precautions. After pseudonymization, direct assignment of the data to the User is no longer possible. The data will not be stored together with other personal data. The use of analysis Cookies serves to improve our website and the content offered there. By accepting our "Cookie banner", you consent to the processing of your personal data through analysis Cookies. These personal data are processed on the basis of Article 6 para. 1 sentence 1 letter a) GDPR. We use the following analysis Cookies:
3.3 For advertising purposes we use advertising Cookies of third parties. These Cookies enable us to tailor advertisements displayed in your browser to your interests on the basis of your browsing behavior.
- We use Google AdWords with Google Conversion Tracking. This is a service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043,USA;"Google"). Google AdWords is used to display DISH pages on Google in the advertising space area. When you access our website via a Google ad, Google Adwords places a cookie on your device ("Conversion Cookie"). This cookie expires after 30 days. It will not be used for personal identification. If the cookie has not expired when you visit certain pages, we and Google can see that someone clicked on the ad and was directed to our site. Each AdWords customer receives a different cookie. As a result, cookies cannot be traced through the websites of AdWords customers. The information collected by the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were directed to a page with a conversion tracking tag. However, we will not receive any information that personally identifies you. If you do not wish to participate in the tracking process, you can decline to set a required cookie - for example, with a browser setting that generally disables the automatic setting of cookies. You can also deactivate cookies by setting your browser to block cookies from the "googleadservices.com" domain.
The data collected about you through advertising Cookies is pseudonymised by us through technical precautions. After pseudonymization, direct assignment of the data to the User is no longer possible. By accepting our "Cookie banner", you consent to the processing of your personal data through advertising Cookies. These personal data are processed on the basis of Article 6 para. 1 sentence 1 letter a) GDPR.
4. Registration for the DISH Platform and User Account; Use of Digital Tools.
4.1 Accessing the DISH website (not DISH App) is initially possible without a User Account.
4.3 Registration requires the completion of an input mask. It is obligatory to provide the following information:
- Your mobile number and a self-chosenpassword;
• Your professional role in the company (e.g. owner, cook, waiter).
4.4 After filling in the input mask and clicking on the "Sign Up" button, your IP address and the time of registration will be saved. The provision of the following information in the next step is optional:
- First and lastname;
• email address;
• Name of your restaurant;
• METRO-/MAKRO ID (see Section 4.13);
• VAT number.
4.5 After clicking on the "Sign Up" button, you will receive a sms from us to the mobile number you have provided. The sms will contain a code. To confirm the registration, you have to confirm the registration by entering this code in the registration form. Your IP address and the time of registration confirmation will then be saved.
4.6 The User Account has a self-administration option. You can therefore change the data you entered during registration at any time in the "Profile" section.
4.7 By default, your user profile is visible to other DISH users. You may therefore be found by other users via the search function of the DISH platform if they search for publicly accessible profile information. Other users can also see which events you have registered for via the DISH Platform. The self-administration option of the user account allows you to determine at any time whether and to what extent your user profile should continue to be visible to other users of the DISH Platform. The decision as to which information you wish to make accessible to other users on your profile page is therefore entirely up to you. You can set your profile page to "Private" at any time so that other users cannot find you in the search or receive any other information.
4.8 You may publish articles in forums on the DISH Platform. These articles can be viewed by all Users. Furthermore, there is the possibility to publish articles in groups that are only accessible to a certain circle of Users. In this case, your article is only visible to these Users.
4.9 If you have created a User Account and use the DISH Platform, we will also process and store the following data in connection with your User Account:
- Information on which Digital Tools of which Providers you use and which Goods and Services you haveacquired;
• Information on the events you have registered for and in which events you took part.
4.10 We also process your data in order to send you contract-relevant information by sms, e-mail or by post (Notifications) When using the DISH App the application will separately ask for permissions for use of IOS: contacts, photos and camera; Android: contacts, camera, storage and SMS – phone state.
4.13 You can enter your METRO/MAKRO customer card number on the DISH Platform if you are a METRO/MAKRO customer. If you provide us with this customer card number, we will send the information as to whether you are using a specific Digital Tool to the METRO/MAKRO company with which you are a customer. An overview of the METRO/MAKRO companies is available on request. The METRO/MAKRO company will use this information to assist you in using the Digital Tool at your request and to improve your customer experience and customer service. The METRO/MAKRO company does not receive any further data from us. The data will not be transmitted to METRO/MAKRO companies for which you are not a customer. Information on how your METRO/MAKRO company processes personal data is contained in the data protection information of the respective company. In this respect, your personal data will be transferred on the basis of Article 6 para. 1 sentence 1 letter a) GDPR.
4.14 If you have registered on the DISH Platform but are not a METRO-/MAKRO customer, you can inform us that you are interested in becoming a METRO-/MAKRO customer. In this case, we will forward your personal data requested in the corresponding input mask to the METRO-/MAKRO company in your country of residence. Your METRO-/MAKRO company will then contact you by phone to discuss the further process with you. In this respect, your personal data will be transferred on the basis of Article 6 para. 1 sentence 1 letter a) GDPR.
4.15 You may use your DISH login data (mobile number and password) to log in for Digital Tools you use (Single-Sign-On), although Single-Sign-On is not available for all Digital Tools. With Single-Sign-On, it is no longer necessary to select separate login data for each individual Digital Tool. The Provider of a Digital Tool only receives from DISH the data required to provide the Single-Sign-On. DISH does not receive any further information from the Provider as to how you use the Digital Tool. Also, the Provider will not receive any information from DISH on how you use DISH.
4.16 When you visit the DISH platform as a registered User and your login is active, we communicate your internally assigned User ID to certain Providers. These Providers can then display personalized notices on the DISH Platform through so-called inline frames or advertising containers. These personalized notices can contain information about Digital Tools that you are already using or can draw your attention to Digital Tools that might be of interest to you. Some of the recommendations are based on your previous use of the DISH Platform.
4.18 The processing of data in connection with your User Account serves the performance of the User Contract between you and DISH. The legal basis is Article 6 para. 1 sentence 1 letter. b) GDPR. We also use this data to analyze your usage behavior. This enables us to determine which Digital Tools or events are of particular interest to you. The analysis of your usage behaviour can lead to you receiving personalised advertising messages from us if you have given your consent or if this is permitted under the legal requirements (see the following section 5 of this data protection declaration). This serves to improve our services. In this respect, the legal basis is Article 6 para. 1 sentence 1 letter f) GDPR.
5. Newsletter and E-Mail/PushMarketing.
5.1 Once you have successfully registered on DISH, we will inform you regularly by email, via push notifications (DISH App) and/or SMS about current offers, products and promotions in accordance with the prerequisites of Article 7 Paragraph 3 of the German Unfair Competition Act. This marketing communication can also contain offers, products and promotions which have been made available to us by our marketing partners from the digitalization and catering industries. However, your email address, cell phone number or other personal data will not be transferred on to our marketing partners in this context. The personal data collected within the framework of the registration will only be used for the purpose of sending newsletters / push notifications to your email address and cell phone number /SMS and will only then be processed when you have given your consent to this data processing. Processing will be executed on the basis of Article 6 Paragraph 1 S. 1 Lit. a) GDPR.
5.2 You may object to your cell phone number and email address being utilized for the purposes set out in 5.1. at any time by using the respective unsubscribe function provided. There will not be any other costs for the revocation apart from the transmission costs according to the basic tariffs.
5.3 Links in our e-mails contain tracking information that enables us to determine which links were of particular interest to you and when you clicked on them. The following data is stored via the tracking link: e-mail address, newsletter, link, date and time of opening. This serves our legitimate interest in improving our advertising. The processing of your personal data for these purposes is based on Article 6 para. 1 sentence 1 letter f) GDPR.
5.4 Where personal data are processed for the purposes of direct marketing, you have the right to object to such processing, including profiling to the extent that it is related to such direct marketing, whether with regard to initial or further processing, at any time and free of charge.
5.5 If you do not wish to receive any more marketing communications as described in this section from us, you can deactivate this service at any time. Regarding e-mails, please see Section 5.4 on how to deactivate this service. If you do not want to receive push notifications via the DISH App anymore, you may reactive this in the general settings of the DISH App. If you do not want to receive SMS notifications anymore, please write an e-mail to email@example.com.
You can contact us through various channels:
6.1 You can use the contact form on our website to contact us for a request. The personal data you enter in the contact form (your first and last name, your e-mail address and details of the nature of your request are required) will only be processed for the purpose of responding to your enquiry and only if you have clicked on the "Send" button. Your IP address and the time of sending your request will also be stored. Processing is carried out on the basis of Article 6 para. 1 sentence 1 letter a) GDPR.
6.2 You can also contact us by telephone or e-mail. In this respect, too, only the personal data required to respond to your enquiry will be processed. Processing is carried out on the basis of Article 6 para. 1 sentence 1 letter a) GDPR.
6.3 You can object to the storage of your data at any time, for example by e-mail to firstname.lastname@example.org.In this case, however, further processing of your request is not possible. Furthermore, the revocation has no effect on the legality of the processing of your data until then.
7. Social Media.
7.1 We use social plugins from the following social networks:
- Facebook; Instagram (operated by: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA and Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland);
• Twitter (operator: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA);
• Youtube (operated by: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
7.2 To protect your personal data, we use the so-called "two-click solution", which ensures that the data transfer via the social plugins to the corresponding operator of the social network only takes place after you have activated the social plugin beforehand. Social plugins are initially disabled and do not connect to social networking sites without activation. If you activate one of these plugins, you agree that your personal data described in this section will be transferred to the social network. In this case, the transfer of personal data is based on Article 6 paragraph 1 sentence 1 letter a) GDPR.
7.3 If you activate the deactivated social plugins by default, a connection to the servers of the social network is established. Each social plugin then transfers data to the respective social network. We have no influence on the amount of data that the respective social network collects with the help of the social plugin. As far as we know, social networks receive information about which of our websites you have visited currently and earlier. With each activated social plugin, a Cookie with a unique identifier is set each time the respective website is accessed. In this way, the social network can create a profile of your usage behavior. It cannot be ruled out that such a profile can be assigned to you, even if you log on to the social network for the first time at a later time.
7.4 If you are already logged into a social network when you visit our websites, the operator of this social network can assign the visit to your personal account as soon as you activate the social plug-ins. When using social plugin functions (e.g. "Like" button, comment or "Tweets"), the information is transmitted directly from your browser to the corresponding social network and stored there. The same applies to calling up a website of a social network by clicking on the corresponding icon button.
7.5 If you are not a member of a social network, social networks may obtain and store your IP address and information about the browser and operating system you are using even after you activate the social plug-ins. The scope and purpose of the collection, processing and use of data by social networks as well as information on rights and setting options for the protection of your privacy can be found in the data protection information of the respective social network.
7.6 Our website also contains simple links to Facebook, YouTube and Twitter. In this case a data transfer to the mentioned social networks only takes place if the corresponding icon button (e.g. the "f" of Facebook or the bird symbol of Twitter) is clicked. Clicking on such a button opens a page of the corresponding social network in a popup window.
8.1 Payments can be made by advance payment, credit card (Visa, MasterCard, American Express), Maestro, instant bank transfer, direct debit and PayPal. If a Provider offers services on the DISH Platform for a fee and the payment is not made directly via the Provider but via DISH, the following applies to the payment process: DISH has commissioned different payment service providers, based on availability and country, to process payments between Users and Providers. The payment service providers accept the User’s payments using the various payment methods on behalf of the Provider on their own account with a credit institution and pay the funds to the Provider. The payment methods provided include, but are not limited to, payment in advance, PayPal, and credit card. DISH reserves the right to use additional payment service providers at any time.
The following payment service providers are currently used for payment processing on the DISH platform:
- Lemon Way, a French SAS (simplified joint-stock company) with its registered office at 8 rue du Sentier, 75002 Paris, France, registered with the Paris Companies Register under number 500 486 915
- PayU, MIH PayU B.V. ( PayU ) with its registered office at Symphony Offices, Gustav Mahlerplein 5, 1082 MS Amsterdam, The Netherlands, registered with the Dutch Companies Register under number 52117839
- Iyzico, a PayU subsidiary, iyzi Ödeme ve Elektronik Para Hizmetleri A.Ş. with its registered office at Burhaniye Mah. Atilla Sokak 7, Üsküdar Istanbul, Turkey registered under tax number 483 034 31 57
- Braintree, PayPAL (Europe) S.á.r.l. (limited liability company) et Cie, S.C.A., with its registered office at 22-24 Boulevard Royal, L-2449 Luxembourg, registered with the Luxembourg Companies Register under number R.C.S. Luxembourg B 118 349,
- Stripe, Stripe Payments Europe, Limited, with its registered office at North Wall Quay 1, 662880 Dublin, Ireland, registered with the Irish Companies Register under number 513174
The Payment Service Provider accepts the payments of the Users for the Provider on a dedicated account at a credit institution and pays out the funds from the sale of Digital Tools, Goods or Services to the Provider.
8.2 The data that you enter for the purpose of payment in the checkout process will be processed in the context of payment processing and, if necessary, passed on to third parties, in particular the Payment Service Providers. This processing is carried out legally on the basis of Article 6 para 1 sentence 1 letter a), b) and f) GDPR. The privacy notices of the Payment Service Providers contain further information.
8.4 When paying by credit card, you must enter your credit card number, the expiry date and, if applicable, the CVC number of your credit card in the corresponding input fields of the input window provided. This is a plug-in of the respective Payment Service Provider. DISH has no access to this data. The data will also be forwarded to your credit card company as part of the payment process. The processing of payment data is necessary for the processing of payments on our website. It serves the performance of the contract with the User. The legal basis for data processing is Article 6 para 1 sentence 1 letter b) GDPR.
8.5 In the case of payment by direct debit or instant bank transfer, the data that you provide during the transfer process at your account-holding bank will be processed.
8.6 The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. With regard to data collected for the performance of a contract, this is the case when the data is no longer required for the execution of the contract. Even after termination of the contract, it may be necessary to store the User's personal data in order to comply with contractual or statutory obligations, such as those arising, for example, from the limitation periods for warranty claims or from tax law obligations to retain data.
9. Transfer of Personal Data to Third Parties.
9.2 To process personal data, we use service Providers with whom we have concluded an agreement for order processing in accordance with the legal requirements of Article 28 GDPR, provided that they act as processors. Such service Providers support us, for example, in sending e-mails or in the technical operation and hosting of the website. These service Providers can be based both inside and outside the European Union or the European Economic Area. Through contractual agreements with the service Providers, we ensure that these personal data are processed in accordance with the requirements of the GDPR, even if the data processing takes place outside the European Union or the European Economic Area in countries where an appropriate level of data protection is otherwise not guaranteed and for which no adequacy decision of the European Commission exists. For further information on the existence of a European Commission adequacy decision and appropriate guarantees and to obtain a copy of these guarantees, please contact our Data Protection Officer at email@example.com.
10. Data Security.
We use technical and organisational measures to ensure that User‘s personal data are protected against loss, incorrect changes or unuathorised access by third parties. To ensure secure data transmission, the transmission of data is done exclusively via “Secure Socket Layer (SSL)”.
11. Your Rights.
As a data subject within the meaning of the GDPR, you are entitled to the following rights:
• The right to obtain information on data processing and a copy of the data processed (right of access, Article 15 GDPR),
• the right to request the rectification of inaccurate data or the completion of incomplete data (right of rectification, Article 16 GDPR),
• the right to request the deletion of personal data and, if the personal data have been published, the information to other data controllers on the request for deletion (right of erasure, Article 17 GDPR),
• the right to request the restriction of data processing (right to restriction of processing, Art. 18 GDPR),
• the right to receive personal data in a structured, commonly used and machine-readable format and to request the transfer of such data to another controller (right to data portability, Article 20 GDPR),
• the right to object to data processing in order to prevent it (right of objection, Article 21 GDPR),
• the right to withdraw your consent at any time in order to prevent the processing of data based on your consent. The withdrawal has no influence on the legality of the processing on the basis of the consent before the withdrawal (right of revocation, Article 7 GDPR) as well as
• the right to object to certain data processing measures (Article 21 GDPR).
You also have the right to lodge a complaint with a supervisory authority if you believe that data processing infringes the GDPR (right of appeal to a supervisory authority, Article 77 GDPR).
12. Additional Privacy for DISH App.
12.1 What data will be transferred to the App Store when you download the App?
When you download the App, the information necessary for this shall be transferred to the respective App Store, i.e. in particular your user name, your email address, the customer details relating to your account, the time of the downloading, any payment information and the individual identifiers of your terminal device. However, we have no influence over this data processing and are not responsible for it. In this respect, only the data protection policy for use of the respective App Store, which you can access there, shall be applicable.
12.2 What data will be gathered by DISH when you download the app?
No personal data shall be gathered by DISH or be transmitted by the respective App Store to DISH merely as a result of downloading of the App from the respective App Store to your smartphone. No data shall be gathered by DISH or transmitted to DISH before the App is first used.
12.3 What data from you will be processed when you use the App?
Regardless of whether you log into the country-specific features of the App with your customer details, certain data will need to be gathered when you use the App so that it is technically possible to provide the App service to you. This concerns the following data or data processing activities:
- the language set on the device
These data are processed for the App language preselection and country selection in the App.
The processing of these data shall take place on the legal basis of Art. 6 (1), sentence 1, letter b GDPR in order to enable you to use the App.
12.4 What data will DISH process on the basis of your consent?
If you have declared your consent hereto by setting the DISH App accordingly or by means of the system settings of your terminal device, the App shall access the following data in order to be able to display individual services of the App (e.g. camera-based scanning of cards) or to optimize these services:
- camera data (for scanning barcodes and adding images to profile pictures, adding establishment graphics)
- images from your terminal device's picture gallery (for adding images to profile pictures, adding establishment graphics)
- phone contacts of your address book (for adding members of your team to your DISH team)
Subject to your consent, we may additionally send you customized messages to the lock screen (push messages). In this respect, we shall use the device ID in order to be able to send the messages.
You shall not be obliged to give your consent. However, we shall not use these data if you do not give your consent. You may then be unable to use all features of our App.
The legal basis of this processing lies in Art. 6 (1), sentence 1, letter a GDPR insofar as you have given us your consent. You may revoke this consent at any time by means of the corresponding settings in the App or in the system settings of your terminal device.
12.5 Are there further purposes of data processing?
Beyond the foregoing, we may, insofar as necessary, also possibly process your data for the following purposes:
- for compliance with statutory obligations and
- for enforcing legal claims and for clearing up and preventing criminal offences.
12.6 To whom will data gathered from you be transmitted?
Beyond the transmission of data to service providers as outlined above, we shall transmit your data to third parties only if such transmission is necessary for legal reasons in order to meet the requirements of judicial or official proceedings or conform to the statutory provisions.
The legal basis of this transmission lies in Art. 6 (1), sentence 1, letter c GDPR for compliance with a legal obligation applicable to us.
12.7 For how long will your data be stored?
Your device ID shall be used only as long as the App is being used. Your country selection shall be stored locally on your terminal device only as long as you have the App installed. The system language retrieved by us for the country preselection shall not be stored. The duration of storage of other data used in the context of the customer account shall be governed by the data protection statement presented to you when you registered as a customer beforehand.
12.8 How can you monitor the use of your data?
You may revoke at any time with effect for the future any consent that you have given us. You can do so by contacting the contacts laid down in this Data Protection Statement or - insofar as your smartphone has this technical capability - by means of direct settings in your terminal device offering such capabilities.