Thank you for your interest in interest in our services. The protection of your personal data is of great importance to us. Therefore, we ask you to please read the following instructions thoroughly. In these we inform you about what data we (and other responsible partners) store on our website as well as through the use of our services and how this data is used.
Responsible for the data processing is:
Delivery Hero HF Kitchens GmbH
Paul-Lincke-Ufer 39-40, 10999 Berlin, Germany
registered at the Amtsgericht (AG) Charlottenburg under HRB 185836 B
Executive Directors: Robin Steps, Sebastian Klein
VAT Austria: ATU72142905
VAT Germany: DE31145898
We have appointed a data protection officer
Scope of Data Processing
Personal data is information that can be used to determine a person, i.e. information that can be traced back to a person.
The legal basis for data protection can be found in particular in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of persons and repealing Directive 95/46 / EC ("General Data Protection Regulation", GDPR) and, if applicable, in the Federal Data Protection Act (FDPA) and the Telemedia Act (TMA).
In order to offer and provide you with our services, we must also collect, process, store and sometimes even share various personal data. The data is processed by us as the operator of the website or for the provision of our services for the purpose of providing services and the software and hardware delivery also by third parties. For more information you can firstname.lastname@example.org at any time.
You provide your data via the website or when using our services, also via external third parties, if this is necessary for the purposes mentioned. Failure to provide the data may have legal disadvantages for you, such as: the loss of legal positions, such as no error-free website or no response to your request.
Data processing outside the EU
Your personal information will be processed on EU and US servers, as well as in India, ensuring compliance with European privacy standards. For more information see: [Third party providers]
In accordance with the law, you as the person concerned have the right
• To obtain information about your stored data with us, at any time and free of charge
• To rectification, erasure or restriction of processing
• To obtain your data in a structured, common and machine-readable format or (if applicable) to request the transfer to another person responsible (right to data portability)
• To object to the processing of your personal data, for example for the purpose of direct marketing and/ or on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR are processed and as far as there are reasons that arise from your particular situation
• Upon objection with effect for the future, should you have previously consented to provide us with your personal data
You may contact email@example.com at any time to exercise these rights to access, rectification, deletion or limitation of processing, the right to object or the right to data transmission or your opposition.
You or the person concerned by the data processing has a right of appeal to the supervisory authority (for example, Berlin Commissioner for Data Protection and Freedom of Information, e-mail: firstname.lastname@example.org). A list of data protection authorities can be found here:https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.htmlorhttp://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Storage and Deletion of Data
Generally speaking, we only save your personal data for as long as necessary to carry out the contract or the respective purpose and limit the storage period to an absolutely necessary minimum. The data are stored according to legal retention periods (eg for Germany: Commercial Code“Handelsgesetzbuch“ (HGB) or Tax Code“Abgabenordnung“ (AO)). As far as possible, we will inform you about specific storage and deletion periods.
Logfiles und IP-Addresses of website visitors
For Germany: commercial letters, this includes a large part of the correspondence conducted in connection with the initiation and execution of contracts, including e-mails and communication with the customer service, 6 years (§257 Abs. 1 Nr. 2, 3, Abs. 4 HGB Balance sheets and accounting documents 10 years (§257 para. 1, especially No. 4, para. 4 HGB, §238 para. 1 HGB)
For Austria: tax retention period 7 years (beyond that as long as they are of importance for the tax authorities in a pending case) (§132 para. 1 BAO); Company-legal retention obligation 7 years (§§190, 212 UGB)
Criteria for the duration of storage include i.a. the concern of the legitimate interests of the persons, our economic interests (amongst others expenses and costs) for a deletion of the data, pre-settings of the third-party providers used by us.
We have implemented appropriate technical and organisational measures for data security. For the best possible protection of the data our service in the form of the website takes place via a secured SSL connection between your server and the browser, i.e. the data is transmitted encrypted. We use server providers who process the data within the EU for the website or our services.
To protect your data, we take appropriate technical and organisational measures. But please remember that your data is yours, i. e. the less information you reveal, the more control you have.
Contact Form and Contacting Us
If you send us inquiries or contact us via the contact form on our website or via e-mail, your details will be stored in the request, including the data you provided there, in order to process the request and in case of follow-up questions.
E-Mail address, possibly name
all other data as specified in the inquiry
These data are processed only on the basis of your consent (legal basis art. 6 (1) lit. a GDPR) and due to a prospective or existing business relationship with us (legal basis art. 6 (1) lit. b GDPR or TMG).
DATA PROCESSING ON OUR WEBSITES
Visiting the Website
We (or the web space provider) collect data about every visit to our website (so-called server log files). These include:
Name of the retrieved website, referrer URL (the previously visited page), IP address and the requesting provider, date and time of retrieval, amount of data transferred, message about successful retrieval
File, browser type and version, operating system
Additional data when using a mobile device
Country code, language, device name, operating system name and version
We use this data for statistical analysis for the purpose of optimising our website and for the sake of data security in order to ensure the stability and operational safety of the website. If personal data (such as the IP address) are stored, this is done on the basis of Article 6 (1) lit. c. GDPR or Art. 6 (1) lit. f. GDPR due to our legitimate interest in quality assurance.
Newsletter and Information
With our newsletter we inform you about us and our services.
To sign up for the newsletter, all you need is your e-mail address. If you register for the newsletter, your e-mail address will be transmitted to us (or our mail provider) and stored there. After logging in, the user will receive an e-mail to confirm the registration ("double opt-in"). By subscribing to the newsletter the following data will be processed:
E-Mail-Adress, possibly name
Device name, possibly country code, language, name of the operating system and version
IP-Address, mail provider
This storage serves solely as proof in the event that a third party misuses an e-mail address and logs on without the knowledge of the person entitled to receive the newsletter.
The data processing for sending the newsletter takes place on the basis of your consent (legal basis Art. 6 (1) lit. a GDPR).
If you purchase goods or services from us, we will be able to send you information emails for similar goods or services in the future. Data processing takes place on the basis of the business relationship with you (Art. 6 Abs. 1 lit. b., f. GDPR or German Act against Unfair Competition (UWG)). Our legitimate interests of marketing and quality assurance come into play.
REVOCATION/OBJECTION: The user may revoke his consent to the processing of the data for the purpose of sending the newsletter at any time or object to the data processing. The revocation / objection can take place over a link, which is contained in each newsletter, or by separate message to us. You will incur no other than the transmission costs according to the basic rates.
Registration and orders on our websites
When you register on the website and set up a customer account and order services through the website, the following data is collected and stored:
Name, Rechnungsadresse, E-Mailadresse, Telefonnummer, ggf. Passwort
Order and usage data
Delivery address, time of order, possibly preferences and information on the orders
You can manage this data at any time in your customer account.
The data entered during the registration process and all later entered usage and order data are processed via the website or by us for the purposes described in our terms and conditions or for the following purposes:
Details for the purpose of processing
as far as this is necessary for the fulfillment of a contract with us or for the execution of pre-contractual measures
Art. 6 (1) lit. b. GDPR
Use of the website; Execution and processing of orders; Answer of our customer service on your request
With your express consent
Art. 6 (1) lit. a. GDPR
You voluntarily provide your data to us or our customer service without this being necessary for another purpose; You can contact us via e-mail, SMS (or other means of communication), use the contact form on our website or sign up for the newsletter
To fulfill our legal obligations
Art. 6 (1) lit. c. GDPR
Compliance with tax retention periods; Transfer of data to competent authorities
Because of our legitimate interests, such as marketing, legal protection and quality assurance
Art. 6 (1) lit. f. GDPR
Analysis of the number of orders to improve the ordering process; Addressing for direct marketing purposes (such as existing contractual relationships for similar goods and services) or quality assurance; Disclosure of data to law enforcement agencies
You can change or manage your data at any time by sending a message to us (email@example.com).
When processing the orders, we use third-party providers who process your data.
Furthermore, we process your data in the scope mentioned above or for the purposes mentioned in the case that orders are forwarded to us from another platform.
We do not process payment data, but these are processed by external payment service providers. On our platforms, we currently use the payment service providers BSPayone and Paypal.
For further information you can also contact firstname.lastname@example.org.
Our website partly uses so-called cookies. Cookies do not damage your device and do not contain viruses. Cookies are used to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your device and stored by your browser.
Most of the cookies we use are so-called "session cookies". They are automatically deleted after your visit. Session cookies are required to associate successive page views with the users who access our website at the same time. Other cookies remain stored on your device until you delete them. These cookies allow us to recognise your browser on your next visit.
OBJECTION: You can set your browser so that you are informed about the setting of cookies and only allow them in individual cases, or only allow the acceptance of cookies for certain cases or generally exclude and activate the automatic deletion of cookies when closing the browser. You can find many corporate online ad cookies on the US http://www.aboutads.info/choices/ or EU page http://www.youronlinechoices.com/uk/your-ad-choices/ manage. Please note that disabling cookies may limit the functionality of this website.
If personal data is processed when using cookies, this is based on the legal basis Art. 6 (1) lit. f. GDPR due to legitimate interests of the quality assurance of the website.
We use Google Analytics, a web analytics service provided by Google (including Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, Mountain View, CA, USA). Google Analytics uses so-called "cookies", text files that are stored on the device used and that allow an analysis of the use of the website. The information generated by the cookie about the use of the website such as
Browser type / version; used operating system; Referrer URL (the previously visited page); Host name of the accessing computer (IP address); Time of server request when using the website
are usually transmitted to and stored by Google on a server in the United States, however, due to the activation of IP anonymisation on the website, the IP address of Google within member states of the European Union or in other states of the Convention on the European Economic Area is being previously cut. The full IP address is therefore not transmitted to a Google server in the US and shortened there. IP anonymisation is active on the website. On our behalf, Google will use this information to evaluate the use of the website, to compile reports on website activities and to provide us with other services related to the use of the website and the internet.
As far as the IP anonymisation is omitted or personal data is processed, the data processing on the legal basis Art. 6 (1) lit. f. GDPR or TMG, whereby our legitimate interests (or the legitimate interests of third parties commissioned by us) of quality assurance or statistical analysis of user behavior are tracked.
OBJECTION: In addition, you can prevent the collection by Google of the data generated by the cookie and related to your use of the website (including the IP address) as well as the processing of this data by Google by downloading the browser plug-in available under the following link and install: http://tools.google.com/dlpage/gaoptout?hl=en.
We use "pixel" to measure visitor actions as a Facebook offer (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.) By calling this pixel from your browser, Facebook can subsequently determine whether a Facebook ad was successful, i.e. led to a successful online purchase. For this purpose, we receive exclusively statistical data from Facebook without direct reference to a specific person. Like this we can track the effectiveness of Facebook ads for statistical and market research purposes. If personal data are processed, this is based on the legal basis of Art. 6 (1) lit. f. GDPR due to legitimate interests in such data processing for marketing and market research purposes.
More information and Facebook privacy information can be found here: https://www.facebook.com/about/privacy/.
OBJECTION: You can prevent the storage of cookies by setting your browser software accordingly; However, you are cautioned that in this case you may not be able to fully use all features of the website. You can also prevent the collection of data (including the IP address) on Facebook and the processing of this data by following the instructions at the following link: [see instructions e.g. under https://holgerfreier.de/google-analytics-facebook-pixel-opt-out/]. We point out that the use of the website may be restricted. At www.facebook.com/settings?tab=ads you can also make settings for the processing of your data by Facebook, if you have a user account on Facebook.
DISTRIBUTION OF DATA TO THIRD PARTIES, INVOLVING THIRD-PARTY PROVIDERS
In principle, we only pass on your data to third parties if we have agreed to it (or if there is another legal basis) and if we are legally obliged to do so.
For the purposes of data processing listed here, we use third-party providers who process your data both inside and outside the EU. For further information you can also email@example.com.
The following providers may use data processing in other EU countries:
Third Party Provi-der
Data processing within / outside the EU and protective measures taken
Heroku (Salesforce.com, Inc., The Landmark @ One Market, Suite 300, San Francisco, CA 94105, USA)
The data is processed on servers in the EU. Salesforce.com, Inc. is certified under the EU-US Privacy Shield Agreement, thereby ensuring compliance with data protection legislation in the EU. For more information visit:
AWS (Amazon Web Services, Inc., P.O. Box 81226, Seattle, WA, USA)
The data is processed on servers in the EU.
Amazon Web Services, Inc. is certified under the EU-US Privacy Shield Agreement, which guarantees compliance with data protection laws in the EU. For more information visit: https://www.privacyshield.gov
Freshdesk / Freshcaller (Freshdesk Inc., 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, USA)
Processing of service and customer inquiries / customer support
Freshdesk processes the data in the US. In order to comply with a data protection policy that complies with the regulations in the EU, u.a. the Agreement on EU Standard Contractual Clauses (Processors) used.
HonestFood Tech Pvt. Ltd., 9, Ave Rose, Ravi Raj Colony, Dona Paula, Goa 403004, India
The Honest Food Tech Pvt. Ltd. processes data in India. In order to comply with data protection legislation that complies with regulations in the EU, it has concluded an agreement on EU Standard Contractual Clauses (Processors).
Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, Mountain View, CA, USA)
Google Analytics / Google-Mail, GoogleDrive/Cloud
Slack (Slack Technologies Inc., 155 5th Street, 6th Floor, San Francisco, CA 94103, USA)
Slack Inc. processes the data in the United States and is certified under the EU-US Privacy Shield Agreement, thus ensuring compliance with data protection legislation in the EU. For more information visit:
Facebook, Instagram (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland)
Social Media, Facebook Pixel
The US companies of Facebook and Instagram process the data in the US and are each certified in accordance with the EU-US Privacy Shield Agreement, thus ensuring compliance with data protection rules in the EU. For more information visit: https://www.privacyshield.gov
Lever (Lever Inc., 89 Market Street
San Francisco, CA 94103, USA)
Lever Inc. processes the data in the United States and is certified under the EU-US Privacy Shield Agreement, thus ensuring compliance with data protection legislation in the EU. For more information visit: https://www.privacyshield.gov
Cloudflare (Cloudflare Inc., 101 Townsend St
San Francisco, CA 94107, USA)
DNS/Content Delivery Network
Cloudflare Inc. processes the data in the United States and is certified under the EU-US Privacy Shield Agreement, thus ensuring compliance with data protection legislation in the EU. For more information visit: https://www.privacyshield.gov
Mailgun (Mailgun Technologies, Inc., 112 E Pecan St. #1135
San Antonio, TX 78205, USA)
Mailgun Technologies, Inc. processes the data in the United States and is certified under the EU-US Privacy Shield Agreement, thus ensuring compliance with data protection legislation in the EU. For more information visit:https://www.privacyshield.gov
MongoDB Atlas (MongoDB, Inc., 1633 Broadway
New York, NY 10019, USA)
MongoDB, Inc. processes the data in the United States and is certified under the EU-US Privacy Shield Agreement, thereby ensuring compliance with data protection laws in the EU. For more information visit:https://www.privacyshield.gov
mLab (ObjectLabs Corporation, 660 York St, Ste 101
San Francisco, CA 94110, USA)
ObjectLabs Corporation processes the data in the United States and is certified under the EU-US Privacy Shield Agreement, thus ensuring compliance with data protection legislation in the EU. For more information visit: https://www.privacyshield.gov: https://www.privacyshield.gov
Rapid7 (Rapid7, Inc., 100 Summer Street
Boston, MA 02110, USA)
Rapid7, Inc. processes the data in the United States and is certified under the EU-US Privacy Shield Agreement, thus ensuring compliance with data protection legislation in the EU. For more information visit: https://www.privacyshield.gov
Furthermore, the following third-party vendors we use spread data within the EU:
Third Party Provider
Ebbinghoff 10, 48624 Schöppingen
Software for processing orders
ONLINECITY.IO ApS CVR, Buchwaldsgade 50, 5000 Odense C / Danneskiold-Samsøes Allé41, 1434 København K, Dänemark
Datev eG, Paumgartnerstr. 6-14, 90429 Nürnberg
Taxmaro GmbH Steuerberatungsgesellschaft, Am Campus 1-11, 18182 Rostock
Our cooperation partners
Execution of orders; Manufacture and delivery
For further information you can also contact firstname.lastname@example.org.
Ordering platforms associated with us
Forwarding orders to us
For further information you can also contact email@example.com.
PROCESSING OF DATA ON OUR SOCIAL MEDIA PAGES:
We run social media pages on the following social media / networks ("social media"):
• Facebook: facebook.com or Facebook Mobile Application as service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA bzw. Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, see also data protection policy: https://de-de.facebook.com/policy.php, Objection: https://www.facebook.com/ads/preferences bzw. https://www.facebook.com/settings;
• Instagram: instagram.com or Instagram Mobile Application as a service of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, see also data protection policy: https://help.instagram.com/519522125107875; Objection: https://help.instagram.com/contact/1845713985721890.
When you visit one of our social media pages, data will be processed by us as well as by the above providers.
The respective provider of social media takes over the data protection obligations to you as a user, such as the information for data processing and is the contact person for your rights. This follows from the fact that the respective provider has immediate access to the relevant information about the social media page and the processing of your data. You are also welcome to contact us if this should become necessary and we will then forward the request to the provider if necessary.
When using Facebook and Instagram, data can also be processed outside the EU. The US companies of Facebook and Instagram process the data in the US and are each certified in accordance with the EU-US Privacy Shield Agreement, thus ensuring compliance with data protection rules in the EU. For more information visit: https://www.privacyshield.gov
With our social media pages, we can communicate with you and provide interesting information. In doing so, we may receive further data from you with your comments, shared pictures, messages and reactions, which we then process for answering or communicating with you. If you use the social media on multiple devices, a cross-device analysis of the data can take place.
Data processing is carried out with your consent or for the purpose of answering your request (Article 6 (1) lit., b. GDPR) or based on legitimate interests in improving the offer, advertising and marketing activities and external representation ( Art. 6 (1) lit. f. GDPR).
Page insights and cookies on Facebook: Facebook and we use the page Insights feature to process statistics from users of our Facebook page (see also the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum). This concerns the processing of so called ‘page insights’, which are being described in further detail at https://www.facebook.com/business/a/page/page-insights.
Via the usage data of the Facebook page, evaluations and statistics are created in the form of the page insights, which support us in improving our marketing activities and our external appearance. We may continue to learn about users and their behaviors that interact with or use our Facebook page to view relevant content and to develop features that may be of interest to them. These site statistics show us, for example, which people of certain target groups interact most with our Facebook page, or which content was visited, shared or criticised on Facebook when and how often. When classifying the people in target groups, demographic data or data about the place where a person is located are also included in order to specifically place advertisements with these persons. If you use Facebook on multiple devices, a cross-device analysis of the data can take place. The data collected in this way are statistically processed and usually anonymous, meaning we can not relate to the individual persons.
You may find further information on these page insights and data processing in the data protection policy of Facebook at https://de-de.facebook.com/policy.php or https://www.facebook.com/business/a/page/page-insights.
Instagram Insights and Cookies when using Instagram:
If you use Instagram and have an account there, Instagram can associate your activities there with your profiles. Instagram and we use the Instagram Insights feature to process statistical data from users of our Instagram pages (see also Facebook, that is connected with the provider of Instagram via legal agreement: https://www.facebook.com/legal/terms/page_controller_addendum).
It concerns the processing of data in the form of so-called 'Instagram Insights'‘, that are being described in further details at: https://help.instagram.com/788388387972460?helpref=faq_content.
The usage data of the Instagram pages generate evaluations and statistics in the form of Instagram Insights, which help us to improve our marketing activities and our external impact. With Instagram Insights, we can learn more about our users and the performance of our content with you as a target audience. To do this, Instagram provides us statistics about specific posts and stories to find out how users interacted with them. When classifying people into target groups, demographic data or data about a person's location are included in order to channel targeted advertising to those people. If you use Instagram on multiple devices, a cross-device analysis of the data can be done. The data collected in this way are statistically evaluated and usually anonymous, meaning we can not relate to your person.
You can continue to get information from the respective providers of social media about your rights and the data processing and make settings:
Facebook: As a user of Facebook, you can always influence how your user behavior is captured when you visit the Facebook page. Therefore you can manage settings for advertisement preferences at https://www.facebook.com/ads/preferences or manage your account settings at https://www.facebook.com/settings. Further Facebook offers the option to get in contact or exercise your rights at https://www.facebook.com/help/contact/2061665240770586 or respectively at https://www.facebook.com/help/contact/308592359910928.
Instagram: As an Instagram user, you can always influence how your user behavior is captured when you visit the Instagram page. Therefore you can manage your settings for advertisement preferences on your Instagram account at https://www.instagram.com/accounts/privacy_and_security/. Further Instagram offers the possibility to get in contact or exercise your rights at https://help.instagram.com/contact/1845713985721890 or respectively athttps://help.instagram.com/519522125107875.
For more information you can always contact us, for example by emailing firstname.lastname@example.org.
Data Protection Policy Delivery Hero HF Kitchens GmbH
Last updated: 16. April 2019