Evet, bonVito'yu öğrenmek istiyorum İletişim Formu ya da tekrar arayın +90 444 6664

Veri Koruma Yönetmelikleri

bonVito Data Privacy Policy

I. Name and address of the controller

II. Name and address of the data protection officer

III. General information about data processing
1. Scope of processing personal data
2. Legal basis for processing personal data
3. Data deletion and storage duration

IV. Provision of the website and creation of log files
1. Description and scope of data processing
2. Legal basis for data processing
3. Purpose of data processing
4. Storage duration
5. Objection or removal option

V. Use of cookies
1. Description and scope of data processing
2. Legal basis for data processing
3. Purpose of data processing
4. Storage duration, objection or removal option

VI. Registration by a consumer
1. Description and scope of data processing
2. Legal basis for data processing
3. Purpose of data processing
4. Storage duration
5. Objection or removal option

VII. Table reservation by a consumer
1. Description and scope of data processing
2. Legal basis for data processing
3. Purpose of data processing
4. Storage duration
5. Objection or removal option

VIII. Order by a consumer
1. Description and scope of data processing
2. Legal basis for data processing
3. Purpose of data processing
4. Storage duration
5. Objection or removal option

IX. Newsletter
6. Description and scope of data processing
7. Legal basis for data processing
8. Purpose of data processing
9. Storage duration
10. Objection or removal option

X. Contact or recall form and email contact
1. Description and scope of data processing
2. Legal basis for data processing
3. Purpose of data processing
4. Storage duration
5. Objection or removal option

XI. Web analysis by Google Analytics
1. Scope of processing personal data
2. Legal basis for processing personal data
3. Purpose of data processing
4. Storage duration
5. Objection or removal option

XII. Newsletter dispatch via CleverReach
1. Scope of processing personal data
2. Legal basis for processing personal data
3. Purpose of data processing
4. Storage duration
5. Objection or removal option

XIII. Google marketing and remarketing
1. Scope of processing personal data
2. Legal basis for processing personal data
3. Purpose of data processing
4. Storage duration
5. Objection or removal option

XIV. Facebook social plug-ins
1. Scope of processing personal data
2. Legal basis for processing personal data
3. Purpose of data processing
4. Storage duration
5. Objection or removal option

XV. Google Maps
1. Description and scope of data processing
2. Legal basis for processing personal data
3. Purpose of data processing
4. Storage duration
5. Objection or removal option

XVI. Facebook, Custom Audiences and Facebook Marketing Services
1. Scope of data processing
2. Legal basis for data processing
3. Purpose of data processing
4. Storage duration
5. Objection and removal options

XVII. Provision of the app
1. Description and scope of data processing
2. Legal basis for data processing
3. Purpose of data processing
4. Storage duration
5. Objection or removal option

XVIII. Rights of the data subject
1. Right to information
2. Right to correction
3. Right to restrict processing
4. Right to deletion
5. Right to notification
6. Right to data transferability
7. Right to objection
8. Right to revoking the declaration of consent relating to data privacy
9. Automated decision on a case-by-case basis, including profiling
10. Right to complain to a supervisory authority

XIX. Consent (content texts)
1. Contact form
2. Newsletter
3. Table Reservation
4. Order

 

 

I.     Name and address of the controller

The joint controllers within the meaning of the General Data Protection Regulation (GDPR), other national data protection laws in the member states and other data protection regulations are: 

Vectron Systems AG
Willy-Brandt-Weg 41
48155 Münster,
Germany

Telephone: +49 251 28560
Email: info(at)vectron.de
Website: www.vectron-systems.com 

and

bonVito GmbH
Willy-Brandt-Weg 41
48155 Münster,
Germany

Email: info(at)bonvito.net

 

II.        Name and address of the data protection officer

The controller’s data protection officer is:

Nienhaus Informationssysteme im Rheinland UG
represented by André Nienhaus
Bosmannshof 5
46485 Wesel

Tel: +49 (0) 281 / 206699-09
Email: info(at)n-inf.de
Website: www.n-inf.de 

 

III.      General information about data processing

1.        Scope of processing personal data

We generally only process personal data if this is necessary to provide a functioning website as well as our contents and services. Personal data will only be processed with the user’s consent or in cases where prior consent cannot be obtained for practical reasons and where data processing is permitted by law.

 

2.        Legal basis for processing personal data

If we obtain the consent of the data subject for processing personal data, Article 6 Para. 1 Lit. a EU General Data Protection Regulations (GDPR) serves as the legal basis.

When processing personal data required for the performance of a contract to which the data subject is a party, Article 6 Para. 1 Lit. b serves as the legal basis. This also applies to processing required for executing precontractual measures.

If processing personal data is required to fulfil a legal obligation to which our company is subject, Article 6 Para. 1 Lit. c GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 Para. 1 Lit. f GDPR serves as the legal basis for processing.

 

3.        Data deletion and storage duration

The personal data of the data subject is deleted or blocked as soon as the purpose for storage ceases to exist. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

 

IV.      Provision of the website and creation of log files

1.        Description and scope of data processing

On every visit to our website, our system automatically collects data and information from the computer system of the computer being used.

The following data is collected:

(1)     browser type and version
(2)     the operating system used
(3)     the user’s Internet service provider
(4)     the IP address
(5)     data and time of access
(6)     websites from which the user’s system reaches our website
(7)     websites accessed by the user’s system via our website

The data is also stored in the log files of our system. The IP addresses of the user or other data that enables the assignment of the data to a user are not affected by this. Storage of this data together with other data of the user does not take place.

 

2.        Legal basis for data processing

The legal basis for the temporary storage of the data and log files is Article 6 Para. 1 Lit. f GDPR.

 

3.        Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. The user’s IP address must be stored for the duration of the session for this purpose.

Data is stored in log files to ensure the functionality of the website. The data also helps us to optimise the website and to ensure the security of our information technology systems. An analysis of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing in accordance with Article 6 Para. 1 Lit. f GDPR so lies in these purposes.

 

4.        Storage duration

The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. In the case of data collection for the provision of the website, this is the case when the respective session has ended.

In the case of data being stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the user’s IP address is deleted or distorted so that the assignment of the client is no longer possible.

 

5.        Objection or removal option

The collection of the data for website provision and data storage in log files is necessary for operating the website. As a result, there is no objection option for the user.

 

V.        Use of cookies

1.        Description and scope of data processing

Our website uses “cookies”. Cookies are text files that are stored in the Internet browser or by the Internet browser of the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that enables the unique identification of the browser when the website is visited again.

We use cookies to make our website more user-friendly. Some elements of our website require that the browser can be identified even after a page change. This includes, for example, access data for closed areas of our website that require a login.

We also use cookies on our site which enable an analysis of the user’s surfing behaviour. The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the accessing user as a person. The data will not be stored together with the user’s other personal data.

 

2.        Legal basis for data processing

The legal basis for processing personal data using cookies is Article 6 Para. 1 f. GDPR.

 

3.        Purpose of data processing

The purpose of using of technically necessary cookies is to simplify the use of websites for users. Not all functions can be offered without using cookies.

The data collected by technically necessary cookies is not used to create user profiles. The use of this type of cookies is for the purpose of improving the quality of our website and its content. By doing so, we learn how the website is used and can therefore constantly optimise what we offer.

Our legitimate interest in processing personal data in accordance with Article 6 Para. 1 Lit. f GDPR also lies in these purposes.

 

4.        Storage duration, objection or removal option

Cookies are stored on the user’s computer and transmitted to our site. Therefore, users also have full control over the use of cookies. Users can deactivate or restrict the transmission of cookies by changing the settings in their Internet browser. Cookies that are already stored can be deleted at any time. This can be done automatically. If cookies are deactivated for our website, it is possible that not all functions can be used to their full extent.

The transmission of Flash cookies cannot be prevented via the browser settings but by changing the settings of the Flash Player.

 

VI.      Registration by a consumer

1.        Description and scope of data processing

We provide the option to register on our website or in our web app by entering personal data in an input mask from where it is transferred to us. We then store this data.

The customer registers in the app or on the website to use all of the functions offered by bonVito. The customer enters the data required for this and confirms his registration.

a)         On our website

The following minimum data is collected during the registration process:

(1)     Email address
(2)     Password to be set by the user
(3)     Numerical code 

Optional information

(4)     Title
(5)     First name and surname
(6)     Street, house number, post code and city
(7)     Country
(8)     Language preferences
(9)     Date of birth
(10) Mobile number

The following data will also be stored at the time of sending the message: 

(1)     user’s IP address
(2)     date and time of registration 

Alternatively, users can register with the Facebook or Google login (Single Sign On). The customer can register with bonVito through an integrated social plugin using his existing Facebook or Google account. Personal data is transferred once from Facebook or Google to the website during this process. Users have approved this data on Facebook or Google for this purpose and it usually includes: 

(1)     Salutation
(2)     First name and surname
(3)     Country
(4)     Language preferences

The link between the user account and a unique user ID of the Facebook or Google account is stored. The other data transferred by Facebook or Google is not stored. 

b)        In the app

The following minimum data is collected during the registration process:

(1)     Email address
(2)     Password to be set by the user
(3)     Country
(4)     Language preferences

Optional information

(5)     Title
(6)     First name and surname
(7)     Street, house number, post code and city
(8)     Date of birth
(9)     Mobile number

The following data will also be stored at the time of sending the message:

(1)     user’s IP address
(2)     date and time of registration

During the registration process, the user’s consent is obtained for processing and reference is made to this data privacy policy, which also contains the specific consent text below.

 

2.        Legal basis for data processing

The legal basis for processing data is Article 6 Para. 1 Lit. a GDPR if the user has given consent.

If the registration serves to fulfil a contract of which the user is a contracting party or to implement pre-contractual measures, Article 6 Para. 1 lit. b GDPR serves as an additional legal basis for processing the data.

 

3.        Purpose of data processing

The controllers prepare and maintain customer accounts to provide the customer account functions and the functions as such and to receive targeted advertising and recommendations.

 

4.        Storage duration

The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection.

During the registration process, this is the case for the fulfilment of a contract or implementation of pre-contractual measures when the data is no longer required for the fulfilment of the contract. Personal data of the contractual partner may have to remain stored even after the expiry of the contract in order to meet contractual or legal obligations.

 

5.        Objection or removal option

As a user, you may cancel your registration at any time. You can request for your stored data to be modified at any time.

To do so, you can contact us per email, phone or in writing.

However, if the data is required for the fulfilment of a contract or implementation of pre-contractual measures, it can only be deleted early if no contractual or legal obligations prevent such deletion.

 

VII.    Table reservation by a consumer

1.        Description and scope of data processing

We provide users with the option to reserve a table in a restaurant on our website. The data is entered in an input mask from where it is transferred to us. We then store this data and transfer it to the restaurant where the table is to be reserved.

The customer selects a time for the table reservation and enters the following data on the website:

(1)     Email address
(2)     Title
(3)     First name and surname
(4)     Company, if applicable
(5)     Phone no.
(6)     Mobile number

The following data will also be stored at the time of sending the message:

(7)     user’s IP address
(8)     date and time of registration

During the registration process, the user’s consent is obtained for processing and reference is made to this data privacy policy, which also contains the specific consent text below.

 

2.        Legal basis for data processing

The legal basis for processing data is Article 6 Para. 1 Lit. a GDPR if the user has given consent. 

If the table reservation serves to fulfil a contract of which the user is a contracting party or to implement pre-contractual measures, Article 6 Para. 1 lit. b GDPR serves as an additional legal basis for processing the data. In addition, Article 6 Para. 1 lit. f GDPR forms the legal basis for using the online table reservation.

 

3.        Purpose of data processing

The controllers prepare and maintain customer accounts to provide the customer account functions and the functions as such and to receive targeted advertising and recommendations.

 

4.        Storage duration

The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection.

During the registration process, this is the case for the fulfilment of a contract or implementation of pre-contractual measures when the data is no longer required for the fulfilment of the contract. Personal data of the contractual partner may have to remain stored even after the expiry of the contract in order to meet contractual or legal obligations.

 

5.        Objection or removal option

As a user, you may cancel your registration at any time. You can request for your stored data to be modified at any time.

to do so, you can contact us per email, phone or in writing.

However, if the data is required for the fulfilment of a contract or implementation of pre-contractual measures, it can only be deleted early if no contractual or legal obligations prevent such deletion.

 

VIII.  Order by a consumer

1.        Description and scope of data processing

We provide users with the option to order goods from a restaurant on our website. The data is entered in an input mask from where it is transferred to us. We then store this data and transfer it to the restaurant where the goods are ordered.

The consumer selects a delivery location by clicking on it on the website and leaves a message if he wishes to collect the goods. He then selects the goods that he wishes to order.

He now can enter the following data:

(1)     Salutation
(2)     First name
(3)     Surname
(4)     email address
(5)     Company
(6)     Phone no.
(7)     Mobile number
(8)     Street and house number
(9)     Place
(10) Country
(11) Language preferences
(12) Status report

The following data will also be stored at the time of sending the message:

(13) user’s IP address
(14) date and time of registration

During the registration process, the user’s consent is obtained for processing and reference is made to this data privacy policy, which also contains the specific consent text below.

 

2.        Legal basis for data processing

The legal basis for processing data is Article 6 Para. 1 Lit. a GDPR if the user has given consent. 

If the order serves to fulfil a contract of which the user is a contracting party or to implement pre-contractual measures, Article 6 Para. 1 lit. b GDPR serves as an additional legal basis for processing the data. In addition, Article 6 Para. 1 lit. f GDPR forms the legal basis for using the online ordering option.

 

3.        Purpose of data processing

The purpose is the placement of an order with the restaurant.

 

4.        Storage duration

The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection.

During the ordering process, this is the case for the fulfilment of a contract or implementation of pre-contractual measures when the data is no longer required for the fulfilment of the contract. Personal data of the contractual partner may have to remain stored even after the expiry of the contract in order to meet contractual or legal obligations.

 

5.        Objection or removal option

As a user, you may terminate your order at any time. Users can request for the stored user data to be modified at any time.

to do so, you can contact us per email, phone or in writing.

However, if the data is required for the fulfilment of a contract or implementation of pre-contractual measures, it can only be deleted early if no contractual or legal obligations prevent such deletion.

 

IX.      Newsletter

6.        Description and scope of data processing

On our website there is the option of subscribing to a free newsletter. When registering, at least the following information is transmitted to us from the input screen data:

(1)     Salutation
(2)     Name
(3)     Company
(4)     Post code
(5)     City
(6)     Country
(7)     Phone no.
(8)     email address

The following data will also be stored at the time of sending the message:

(1)     user’s IP address
(2)     date and time of registration

During the registration process, the user’s consent is obtained for processing and reference is made to this data privacy policy, which also contains the specific consent text below.

No data is passed on to third parties in connection with data processing for sending of newsletters. The data is only used for sending the newsletter.

 

7.        Legal basis for data processing

The legal basis for processing personal data after registering for the newsletter is Article 6 Para. 1 lit. a GDPR.

 

8.        Purpose of data processing

Collecting the user’s data is for delivering the newsletter. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

 

9.        Storage duration

The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. The user’s email address will therefore be stored as long as the newsletter subscription is active.

 

10.    Objection or removal option

The newsletter subscription can be cancelled by the user concerned at any time. There is a corresponding link in each newsletter for this purpose.

This also makes it possible to revoke the consent to the storage of personal data collected during the registration process.

 

X.             Contact or recall form and email contact

1.             Description and scope of data processing

There are contact forms on our website that can be used for electronic contact. If a user uses this option, the data entered in the input screen will be transmitted to us and stored. Depending on the selected form, the data includes, at a minimum:

(1)     Name
(2)     post code
(3)     email address
(4)     Phone no.

Optional information

(5)     Title
(6)     First name and surname
(7)     Street, house number, post code and city
(8)     Country
(9)     The Company
(10) Phone number
(11) Manner in which the user became aware of us
(12) Language preferences
(13) Date of birth

The following data will also be stored at the time of sending the message:

(1)     user’s IP address
(2)     date and time of registration

 

During contact, the user’s consent is obtained for processing and reference is made to this data privacy policy, which also contains the specific consent text below. 

Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted by email will be stored.

Data is not passed on to third parties in connection with this. The data is only used for processing the conversation.

 

2.        Legal basis for data processing

The legal basis for processing data is Article 6 Para. 1 Lit. a GDPR if the user has given consent.

The legal basis for processing data transferred as part of sending an email is Article 6 Para. 1 Lit. f. GDPR. If the aim of the email is concluding a contract, the additional legal basis for processing is Article 6 Para. 1 Lit. b GDPR.

 

3.        Purpose of data processing

Processing personal data from the input screen is for processing any contact by us alone. Contact by email also constitutes the necessary legitimate interest in the data processing.

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

 

4.        Storage duration

The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. For personal data from the contact form input screen and that which was sent by email, this is the case when the respective conversation with the user is finished. The conversation is terminated when the circumstances show that it is certain that the matter in question has been conclusively resolved.

The other personal data collected during the sending process will be deleted after a period of seven days at the latest.

 

5.        Objection or removal option

The user has the option of revoking his/her consent to the processing of personal data at any time. If the user contacts us via email, he/she can object to the storage of his/her personal data at any time. In a case such as this, the conversation cannot be continued.

The revocation of consent and the objection to storage is possible verbally, in writing or by email.

All personal data stored in the course of contacting us will be deleted in this case.

 

XI.      Web analysis by Google Analytics

1.        Scope of processing personal data

We use Google Analytics on our website to analyse our users’ surfing behaviour. The software places a cookie on the users’ computer (see above for more information about cookies). The following data is stored if individual pages on our website are visited:

(1)     two bytes of the IP address of the user’s visiting system
(2)     the website visited
(3)     the website from which the user came to the website visited (referrer)
(4)     the subpages that are accessed from the visited website
(5)     the length of stay on the website
(6)     the frequency of visiting the website

Google uses cookies. The information generated by the cookie about your use of the online service by users is normally transmitted to and stored by Google on a server in the USA. Google is certified under the Privacy Shield Agreement and therefore provides a guarantee of compliance with European Data Protection Law. We only use Google Analytics with activated IP anonymisation. This means users’ IP addresses will be truncated beforehand within a member state of the European Union or in other contracting states to the Agreement on the European Economic Area. The IP address transferred by the browser is not associated with any other data held by Google. Users can prevent the storage of cookies by selecting the appropriate settings in their browser software; users can also prevent Google from collecting data generated by the cookie and relating to their use of the online service and from processing this data by downloading and installing the browser plug-in available using the following link. Further information on the use of data for advertising purposes by Google, setting and objection options can be found on Google’s websites: “How Google uses data when you use our partners’ sites or apps”, “How Google uses cookies in advertising”, “Control the information Google uses to show you ads”. Google will use this information on our behalf to analyse the use of our online service by users, to compile reports on the activities within this online service and to provide us with other services associated with the use of this website and the use of the Internet. In doing so, pseudonymous user profiles may be created from the processed data.

 

2.        Legal basis for processing personal data

The legal basis for processing users’ personal data is Article 6 Para. 1 Lit. f GDPR.

 

3.        Purpose of data processing

Processing users’ personal data enables us to analyse our users’ surfing behaviour. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness.

Our legitimate interest in processing data in accordance with Article 6 Para. 1 Lit. f GDPR also lies in these purposes. By anonymising the IP address, users' interest in protecting their personal data is sufficiently taken into account.

 

4.        Storage duration

Sessions and campaigns are terminated after a certain period of time. Sessions are closed after 30 minutes without activity and campaigns after six months as standard. The time limit for campaigns cannot be more than two years. Users will find more information on user conditions and data privacy at https://www.google.com/analytics/terms/de.html or at https://policies.google.com/

 

5.        Objection or removal option

Cookies are stored on the user’s computer and transmitted to our site. Therefore, users also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that are already stored can be deleted at any time. This can be done automatically. If cookies are deactivated for our website, it is possible that not all functions can be used to their full extent.

Users can also prevent Google’s collection and use of data generated by the cookie and related to use of the website (including IP address) by downloading and installing this browser add-on.

Opt-out cookies prevent the future collection of user data when visiting this website. To prevent Universal Analytics from collecting data across different devices, users must carry out the opt-out on all systems used.

 

XII.    Newsletter dispatch via CleverReach

1.        Scope of processing personal data

Our email newsletter is dispatched via the technical service provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede (“CleverReach”) to whom we pass on the data provided by the user when registering for the newsletter. Data entered by the user for the purpose of subscribing to the newsletter (e.g. email address) is stored on CleverReach servers in Germany or Ireland.

CleverReach uses this information to send and statistically evaluate the newsletter on our behalf. For the evaluation, the emails sent contain so-called “web beacons” or “tracking pixels” which represent single-pixel image files stored on our website. This determines whether a newsletter message is opened and which links have been clicked on. It can also be analysed whether a predefined action has been made after clicking on the link in the newsletter with the help of so-called “conversion tracking”. Technical information is also recorded (e.g. time of visit, IP address, browser type and operating system). Data is collected exclusively in pseudonymised form and is not linked to other personal data of the users, direct links to a particular individual are excluded. This data is only used for statistically analysing newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to recipients’ interests.

 

2.        Legal basis for processing personal data

The legal basis for processing users’ personal data is Article 6 Para. 1 Lit. f GDPR.

 

3.        Purpose of data processing

The disclosure of users’ personal data enables us to use an effective, secure and user-friendly newsletter system that can be optimised.

Our legitimate interest in processing data in accordance with Article 6 Para. 1 Lit. f GDPR also lies in these purposes. By anonymising the IP address, users' interest in protecting their personal data is sufficiently taken into account.

 

4.        Storage duration

The IP address is anonymised at an early stage as described above. etracker does not use it for any other purpose, combine it with other data or pass it on to third parties.

 

5.        Objection or removal option

You can object to the aforementioned data processing at any time by cancelling the newsletter subscription.

 

XIII.  Google marketing and remarketing

1.        Scope of processing personal data

We use the marketing and remarketing services (“Google Marketing Services”) by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; ("Google"). Google is certified under the Privacy Shield Agreement and therefore provides a guarantee of compliance with European Data Protection Law. The Google Marketing Services allow us to target ads for and on our site to only present users with ads that potentially match their interests. For example, if a user sees ads for products he has been interested in on other websites, this is referred to as “remarketing”. For these purposes, when our and other websites are accessed (on which Google Marketing Services are active), Google directly runs a code from Google and so-called “(re)marketing tags” (invisible graphics or code, also known as “web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file it is noted which websites the user visits, which contents he/she is interested in and which offers he/she has clicked on; furthermore, it notes technical information about the browser and operating system, referring websites, visiting time as well as further information about the use of the online service. The users’ IP address is also recorded, whereby we, within the framework of Google Analytics, disclose that the IP address is truncated within member states of the European Union or in other contracting states of the European Economic Area Agreement and only completely transmitted to a Google server in the USA and truncated there in exceptional cases. The IP address is not combined with the user’s data within other Google offers. The aforementioned information may also be linked by Google to information from other sources. If the user then visits other websites, ads tailored to his interests can be displayed. Users’ data is processed pseudonymously within the framework of Google Marketing Services. This means that Google does not store and process, for example, the name or email address of the user; it processes the relevant cookie-related data within pseudonymous user profiles. From Google's point of view, this means that the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a Google user has explicitly allowed data to be processed with this pseudonymisation. The information collected about the user by Google Marketing Services is transmitted to Google and stored on Google servers in the USA. One of the Google Marketing Services we use includes the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked via the websites of AdWords customers. The information obtained with the help of cookies serve to create conversion statistics for AdWords customers who have decided on conversion tracking. AdWords customers are informed of the total number of users that have clicked on their advert and were redirected to a page with a conversion tracking tag. They receive no information that could be used to personally identify a user. We can integrate third-party ads based on the Google Marketing Service “DoubleClick”. DoubleClick uses cookies to enable Google and its partner sites to place ads based on users’ visits to this website or other websites on the Internet. We can integrate third-party ads based on the Google Marketing Service “AdSense”. AdSense uses cookies to enable Google and its partner sites to place ads based on users’ visits to this website or other websites on the Internet. We may also use the “Google Optimizer” service. Google Optimizer allows us to understand the effects of various changes to a website (e.g. changes to input fields, design, etc.) within the framework of so-called “A/B testing”. Cookies are stored on users’ devices for these test purposes. In doing so, only pseudonymous user data is processed. Furthermore, we may also use “Google Tag Manager” to integrate and manage Google analysis and marketing services into our website. You will find more information on data use for marketing purposes by Google on the overview page; Google’s data privacy policy can be viewed here.

 

2.        Legal basis for processing personal data

The legal basis for processing users’ personal data is Article 6 Para. 1 Lit. f GDPR.

 

3.        Purpose of data processing

The Google Marketing Services give us the option of targeting ads for and on our site to only present users with ads that potentially match their interests.

Our legitimate interest in processing data in accordance with Article 6 Para. 1 Lit. f GDPR also lies in these purposes.

 

4.        Storage duration

According to its own information, the log data collected by Google is anonymised by deleting part of the IP address and the cookie information after 9 or 18 months. Users will find more information here.

 

5.        Objection or removal option

Cookies are stored on the user’s computer and transmitted to our site. Therefore, users also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that are already stored can be deleted at any time. This can be done automatically. If cookies are deactivated for our website, it is possible that not all functions can be used to their full extent.

If users want to object to Internet-based advertising by Google Marketing Services, they can use Google’s setting and opt-out options.

 

XIV. Facebook social plug-ins

1.        Scope of processing personal data

We use social plug-ins (“plug-ins”) from the social network Facebook, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plug-ins can display interactive elements or content (e.g. videos, graphics or text contributions) and are identified by one of the Facebook logos (white “f” on a blue tile, the term “like”, or a “thumbs up” sign) or are marked with the addition “Facebook social plug-in”. The list and appearance of Facebook social plug-ins can be viewed here. The plug-ins are not activated until you click on the corresponding button. If these are greyed out, the plug-ins are inactive. You have the option of activating the plug-ins once or permanently. Facebook is certified under the Privacy Shield Agreement and therefore provides a guarantee of compliance with European Data Protection Law. When a user views a function of this online service that contains a plug-in, his/her device establishes a direct connection to the Facebook servers. The content of the plug-in is transmitted by Facebook directly to the user’s device and integrated into the website. In doing so, user profiles may be created from the processed data. We have therefore no influence on the scope of the data collected by Facebook using this plug-in and therefore provide users with information in accordance with our level of knowledge. By integrating plug-ins, Facebook receives the information that a user has viewed the corresponding page of the online service. If the user is logged in to Facebook, Facebook can assign the visit to his/her Facebook account. When users interact with the plug-ins, such as pressing the “Like” button or posting a comment, the information is sent directly from your device to Facebook and stored there. If a user is not a Facebook member, it is still possible for Facebook to obtain and store their IP address. According to Facebook, only an anonymised IP address is stored in Germany. The purpose and extent of data collection, further processing and the use of data by Facebook as well as users’ related rights and possibilities to configure the settings to secure their privacy can be seen in the Facebook privacy policies: Facebook’s data privacy information.

 

2.        Legal basis for processing personal data

The legal basis for processing users’ personal data is Article 6 Para. 1 Lit. f GDPR.

 

3.        Purpose of data processing

The Facebook social plug-ins show us visitors’ interests for targeting ads on our site to only present users with ads that potentially match their interests.

Our legitimate interest in processing data in accordance with Article 6 Para. 1 Lit. f GDPR also lies in these purposes.

 

4.        Storage duration

According to its own information, Facebook stores the date and time of the visit, the specific Internet address on which the social plug-in is located, and other technical data, such as the IP address, the browser type and the operating system for a period of 90 days in order to further optimise Facebook services. After the 90 days have elapsed, the data is made anonymous so that it cannot be further linked to users.

 

5.        Objection or removal option

If a user is a Facebook member and does not want Facebook to collect data about him/her via this online service and link it to his/her membership data stored on Facebook, he/she must logout of Facebook before using our online service and delete his/her cookies. More settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings or via the US page or EU page. Settings are platform-independent, meaning they apply to all devices, such as desktop computers or mobile devices.

 

XV.   Google Maps

1.        Description and scope of data processing

On our website, we use Google Maps (API) from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service for displaying interactive maps to visually display geographical information. By using this service, users can, for example, see our location or that of our partners and find their way to us more easily.

Information about the use of our website (such as the IP address) is transmitted to and stored by Google on servers in the USA as soon as the sub-pages into which the Google Maps’ map is integrated are accessed. This happens regardless of whether Google provides a user account through which users are logged in or no user account exists. If users are logged in to Google, their data is assigned directly to their account. If users do not wish to be assigned to their profile on Google, they must logout before activating the button. Google saves the data (even for users who are not logged in) as usage profiles and analyses them.

 

2.        Legal basis for processing personal data

The legal basis for processing users’ personal data is Article 6 Para. 1 Lit. f GDPR.

 

3.        Purpose of data processing

Our purpose is to integrate a dynamic map into our website. Our legitimate interest in processing data in accordance with Article 6 Para. 1 Lit. f GDPR also lies in these purposes.

 

4.        Storage duration

According to its own information, the log data collected by Google is anonymised by deleting part of the IP address and the cookie information after 9 or 18 months. Users will find more information here.

 

5.        Objection or removal option

If users do not agree to their data being transmitted to Google when using Google Maps, they have the option of completely deactivating the Google Maps web service by switching off the JavaScript application in the browser. Google Maps, and therefore also the map display on this website, cannot be used.

 

XVI. Facebook, Custom Audiences and Facebook Marketing Services

1.        Scope of data processing

We use the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc.,1 Hacker Way, Menlo Park, CA 94025, USA or, if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). Facebook is certified under the Privacy Shield Agreement and therefore provides a guarantee of compliance with European Data Protection Law. With the help of the Facebook pixel, Facebook is able to identify visitors to our online service as a target group for displaying ads (so-called “Facebook ads”). The Facebook pixel is integrated directly by Facebook when you visit our website and may store a cookie, meaning a small file, on the user’s device. If users then login to Facebook or visit Facebook when logged in, their visit to our online service is noted in their profile. The data collected about users is anonymous to us; they do not provide us with any information about the identity of the users. However, Facebook stores and processes the data so that a connection to the respective user profile is possible and can be used by Facebook as well as for its own market research and advertising purposes. If we send data to Facebook for comparison purposes, it is encrypted locally on the browser and only then sent to Facebook via a secure https connection. This is done solely with the purpose of creating a comparison with the data that is similarly encrypted by Facebook. Facebook processes the data in accordance with Facebook's data usage policy. Accordingly, there is general information on displaying Facebook ads in Facebook’s data usage policy Facebook. Users will find special information and details about the Facebook pixel and its functions in the Facebook help settings.

 

2.        Legal basis for data processing

The legal basis for processing users’ personal data is Article 6 Para. 1 Lit. f GDPR.

 

3.        Purpose of data processing

We use the Facebook pixel to display the Facebook ads we post only to Facebook users who have shown an interest in our online service or who have certain characteristics (e.g. an interest in certain topics or products that are determined by the websites visited) that we transmit to Facebook (so-called “custom audiences”). We also want to use the Facebook pixel to ensure that our Facebook ads meet the potential interest of users and are not annoying. We also want to use the Facebook pixel to help us understand the effectiveness of Facebook ads for statistical and market research purposes by showing whether users have been redirected to our website after clicking on a Facebook ad (so-called “conversion”).

 

4.        Storage duration

According to its own information, Facebook stores the date and time of the visit, the specific Internet address on which the social plug-in is located, and other technical data, such as the IP address, the browser type and the operating system for a period of 90 days in order to further optimise Facebook services. After the 90 days have elapsed, the data is made anonymous so that it cannot be further linked to you.

 

5.        Objection and removal options

Users can object to collection by the Facebook pixel and use of data to display Facebook ads. To control what types of ads appear within Facebook, users can visit the page set up by Facebook and follow the instructions on user-based advertising settings. Settings are platform-independent, meaning they apply to all devices, such as desktop computers or mobile devices. Users can also object to the use of cookies for measuring reach and for advertising purposes using the deactivation page of the Network Advertising Initiative and additionally the US website or European website.

 

XVII.         Provision of the app

 

1.        Description and scope of data processing

When using our app, our system automatically collects data. The following data is collected:

(1)     browser type and version
(2)     the operating system used
(3)     the user’s Internet service provider
(4)     IP address and port
(5)     data and time of access
(6)     IMEI, UDID, IMSI, MAC address and MSISDN, IDFA, smartphone name, depending on the smartphone
(7)     name of the user
(8)     payment information
(9)     POS system
(10) Websites or app from which the user’s system reaches our website
(11) websites or app accessed by the user’s system via our website 

The data is also stored in the log files of our system. The IP addresses of the user or other data that enables the assignment of the data to a user are not affected by this. Storage of this data together with other data of the user does not take place.

 

2.        Legal basis for data processing

The legal basis for storage of the data is Article 6 Para. 1 Lit. f GDPR.

 

3.        Purpose of data processing

Storage by the system is necessary to enable delivery of the app to the user’s end device. The user’s IP address must be stored for the duration of the session for this purpose.

Data is stored in log files to ensure functionality. The data also helps us to optimise the app and to ensure the security of our information technology systems. An analysis of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing in accordance with Article 6 Para. 1 Lit. f GDPR so lies in these purposes.

 

4.        Storage duration

The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. In the case of data collection for the provision of the app, this is the case when the respective session has ended.

In the case of data being stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the user’s IP address is deleted or distorted so that the assignment of the client is no longer possible.

 

5.        Objection or removal option

The collection of the data for app provision and data storage in log files is necessary for operating the app. As a result, there is no objection option for the user.

 

XVIII.       Rights of the data subject

If users’ personal data is processed, they are the data subject within the meaning of the GDPR and they are entitled to the following rights from the controller, whereby the following list includes all of their rights, not just the rights arising from the use of our services:

 

1.        Right to information

Users can ask the controller to confirm whether personal data concerning you will be processed by us.

If processing has taken place, users can request the following information from the controller:

(1)        the purposes for which personal data is being processed;
(2)        the category of personal data being processed;
(3)        the recipient or categories of recipients to whom the personal data concerning you has been or is still being disclosed;
(4)        the planned storage duration of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
(5)        the existence of a right to have the personal data concerning you corrected or deleted, a right to have processing restricted by the controller or a right to object to this kind of processing;
(6)        the existence of a right to complain to a supervisory authority;
(7)        all available information regarding the origin of the data if the personal data is not collected from the data subject;
(8)        the existence of automated decision-making, including profiling in accordance with Article 22 Para. 1 and 4 GDPR and – at least in these cases – significant information on the logic involved and the scope and intended effects of this kind of processing for the data subject.

Users have the right to request information as to whether the personal data concerning them is transferred to a third country or to an international organisation. In this context, they can request to be informed of the appropriate guarantees according to Article 46 GDPR in connection with the transmission.

 

2.        Right to correction

Users have a right to the correction and/or completion by the controller if the personal data processed concerning them is incorrect or incomplete. The controller must make the correction without delay.

 

3.        Right to restrict processing

Users may request that the processing of personal data concerning them be restricted under the following conditions:

(1)        if users dispute the accuracy of the personal data concerning them for a period of time that enables the controller to verify the accuracy of the personal data;
(2)        processing is unlawful and users refuse the deletion of the personal data and instead request that the use of the personal data be restricted;
(3)        the controller no longer needs the personal data for processing purposes but users need it to assert, exercise or defend legal claims, or
(4)        if users have filed an objection to the processing according to Article 21 Para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh their reasons.

If the processing of personal data concerning users has been restricted, this data may only be processed – aside from being stored – with their consent or for the purpose of asserting, exercising or defending rights or for protecting the rights of another natural or legal person or on grounds of important public interest of the European Union or a member state.

If the processing restriction has been restricted in accordance with the aforementioned conditions, users will be informed by the controller before the restriction is lifted.

 

4.        Right to deletion

a)         Deletion obligation

Users can request that the controller delete the personal data concerning them without delay and the controller is obliged to delete this data without delay if one of the following reasons applies:

(1)        The personal data concerning users is no longer necessary for the purposes for which it was collected or otherwise processed.
(2)        Users revoke their consent on which the processing was based according to Article 6 Para. 1 Lit. a or Article 9 Para. 2 Lit. a GDPR and there is no other legal basis for processing.
(3)        Users file an objection against processing according to Article 21 Para. 1 GDPR and there are no overriding legitimate reasons for processing or they file an objection against processing according to Article 21 Para. 2 GDPR.
(4)        The personal data concerning the users has been unlawfully processed.
(5)        The deletion of personal data concerning the users is necessary to fulfil a legal obligation under EU law or the member state law to which the controller is subject.
(6)        The personal data concerning the users has been collected in relation to information society services offered according to Article 8 Para. 1 GDPR.

b)        Information to third parties

If the controller has made personal data concerning users public and is obliged to delete it according to Article 17 Para. 1 GDPR, it shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those responsible for data processing who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

c)         Exceptions

The right to deletion does not exist if processing is required

(1)        to exercise the right to freedom of expression and information;
(2)        to perform a legal obligation required for processing under EU law or member states’ law to which the controller is subject or to perform a task in the public interest or to exercise public authority that has been given to the controller;
(3)        for reasons of public interest in the field of public health according to Article 9 Para. 2 Lit. h and i and Article 9 Para. 3 GDPR;
(4)        for archiving purposes in the public interest, academic or historical research purposes or for statistical purposes according to Article 89 Para. 1 GDPR, if the right referred to in a) is likely to make it impossible or seriously impair the attainment of the objectives of this processing or
(5)        for asserting, exercising or defending legal claims.

 

5.        Right to notification

If users have exercised their right to have the controller correct, delete or limit processing, it is obliged to inform all recipients to whom the personal data concerning them has been disclosed of this correction or deletion of the data or processing restriction, unless this proves impossible or involves a disproportionate effort.

Users shall also have the right to be informed about these recipients by the controller.

 

6.        Right to data transferability

Users have the right to receive the personal data concerning them that they have provided to the controller in a structured, common and machine-readable format. Furthermore, users have the right to transmit this data to another controller without any obstruction by the controller to whom the personal data was made available provided that

(1)        processing is based on consent according to Article 6 Para. 1 Lit. a GDPR or Article 9 Para. 2 Lit. a GDPR or on a contract according to Article 6 Para. 1 Lit. a GDPR and
(2)        processing is carried out using automated methods.

In exercising this right, users also have the right to affect that the personal data concerning them be transferred directly from one controller to another if this is technically feasible. Freedoms and rights of other people may not be affected because of this.

The right to data transferability does not apply to processing personal data necessary for performing a task in the public interest or in the exercise of public authority assigned to the controller.

 

7.        Right to objection

Users have the right, for reasons arising from your particular situation, to object to the processing of personal data concerning you under Article 6 Para. 1 Lit. e or f GDPR at any time; this also applies to profiling based on these provisions.

The controller no longer processes the personal data concerning users unless it can prove compelling legitimate reasons for the processing, which outweigh their interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning users is processed for direct marketing purposes, users have the right to object to the processing of personal data concerning them for the purpose of this kind of advertising at any time; this also applies to profiling if it is in connection with this kind of direct marketing.

If users object to the processing for direct marketing purposes, the personal data concerning them will no longer be processed for these purposes.

Users have the option of exercising their right of objection using automated procedures in which technical specifications are used, in connection with the use of information society services, notwithstanding Directive 2002/58/EC.

 

8.        Right to revoking the declaration of consent relating to data privacy

Users have the right to revoke their declaration of consent relating to data privacy at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

 

9.        Automated decision on a case-by-case basis, including profiling

Users have the right not to be subject to a decision based exclusively on automated processing, including profiling, that has legal effect against them or significantly impairs them in a similar manner. This does not apply if the decision

is necessary for concluding or fulling a contract between them and the controller,

is admissible due to EU law or the member state law to which the controller is subject and where this law contains appropriate measures to safeguard their rights, freedoms and legitimate interests or

takes place with their explicit consent.

However, these decisions may not be based on special categories of personal data according to Article 9 Para. 1 GDPR unless Article 9 Para. 2 Lit. a or g GDPR applies and appropriate measures have been taken to protect your rights, freedoms and legitimate interests.

In the cases referred to in (1) and (3), the controller shall take reasonable measures to safeguard their rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the controller, to state its own position and to challenge the decision.

 

10.    Right to complain to a supervisory authority

Irrespective of any other administrative or judicial remedy, users have the right to complain to a supervisory authority, in particular in the member state in which they are residing, working or suspected of violation, if they believe that the processing of personal data concerning them is contrary to the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

 

XIX. Consent (content texts)

1.        Contact form

I agree for Vectron and bonVito to process my data entered in the input screen for the purpose of responding to my contact request, whereby processing according to Article 4 No. 2 GDPR means any operation carried out with or without the help of automated procedures or any such set of operations relating to personal data, such as the collection, recording, organisation, classification, storage, adaptation or alteration, selection, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.

2.        Newsletter

I agree for Vectron and bonVito to process my data entered in the input screen for the purpose of sending a newsletter, whereby processing according to Article 4 No. 2 GDPR means any operation carried out with or without the help of automated procedures or any such set of operations relating to personal data, such as the collection, recording, organisation, classification, storage, adaptation or alteration, selection, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.

3.        Table Reservation

I agree for Vectron and bonVito to process my data entered in the input screen for the purpose of reserving a table, whereby processing according to Article 4 No. 2 GDPR means any operation carried out with or without the help of automated procedures or any such set of operations relating to personal data, such as the collection, recording, organisation, classification, storage, adaptation or alteration, selection, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.

I also agree for Vectron and bonVito to transfer my data entered in the input mask to the restaurant where I wish to reserve a table for the purpose of reserving a table.

4.        Order

I agree for Vectron and bonVito to process my data entered in the input screen for the purpose of placing an order, whereby processing according to Article 4 No. 2 GDPR means any operation carried out with or without the help of automated procedures or any such set of operations relating to personal data, such as the collection, recording, organisation, classification, storage, adaptation or alteration, selection, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.

I also agree for Vectron and bonVito to transfer my data entered in the input mask to the restaurant where I wish to order goods for the purpose of completing the order.