DATA PROTECTION

1. DEFINITIONS

2. GENERAL

3. FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA?

  • TECHNICAL OPERATION AND FUNCTIONALITY OF THE WEBSITE AND APP
  • CUSTOMER SERVICE (Location information, personal data)
  • PAYMENT PROCESSING
  • MARKETING
  • COMPLICATION OF ADMINISTRATIVE AND STATISTICAL DATA
  • COOKIES/ANALYSIS TOOLS
  • LEGAL BASES FOR THE PROCESSING OF PERSONAL DATA
  • NO OBLIGATION TO PROVIDE PERSONAL DATA

4. DISCLOSURE OF YOUR DATA BY US/ TRANSFER TO THIRD COUNTRIES

5. YOUR RIGHTS 

6. AUTOMATED DECISION-MAKING IN INDIVIDUALL CASES INCLUDING PROFILING

7. DATA STORAGE/DELETION

8. SECURITY 

9. CHANGES TO THIS PRIVACY POLICY

10. CONTACT INFORMATION 

11. INFORMATION ABOUT YOUR RIGHT TO OBJECT ACCORDING TO ARTICLE 21 DS-GVO

12. INSTRUCTION NEWSLETTER REGISTRATION

dean&david – PRIVACY POLICY  

dean&david Franchise GmbH, Lochhamer Schlag 21, 82166 Gräfelfing (hereinafter referred to as “dean&david” or “we”) and all dean&david franchisees (“dean&david FN”) are committed to protecting the privacy of their visitors and users. The following privacy policy describes what data dean&david processes and how we use that data to provide even greater value to our users and visitors when using our customer apps for mobile device users, via a web application on a website (e.g. deananddavid.de and deananddavid.ch) or via an app on a “self-ordering kiosk” (the “Apps”) and our on-demand services (collectively, the “Services”). Please read the following carefully so that you are aware of our Privacy Policy.
Please note that dean&david uses MENU Technologies AG (“MENU”) as a data processor and that MENU will also process your personal data on our behalf as set out in this Privacy Policy. When we refer to dean&david in this privacy policy, the processing by MENU is always included.
You expressly consent to this Privacy Policy and the processing of personal data by dean&david and/or third parties mentioned in this Privacy Policy. dean&david reserves the right to amend this Privacy Policy.
If you have any questions about this privacy policy, please contact us atmarketing@deananddavid.com

1. DEFINITIONS

“User” refers to a person who uses the Apps and/or has signed up and registered with dean&david to use or potentially use the Service.  

“Participating Restaurant” refers to dean&david FN. They are solely responsible for the catering and restaurant services. 

2. GENERAL

As a matter of policy, we use your personal information only for the purpose for which it was provided to us. dean&david never knowingly collects personal information from children under the age of 18. The Apps are intended for use by adults 18 years of age and older only. If you believe that your under 18 child has used the Apps and therefore provided us with personal information, please contact us at marketing@deananddavid.com. We will then endeavor to delete the App account and the relevant personal data. The company responsible for the personal data processed is dean&david Franchise GmbH, Lochhamer Schlag 21, 82166 Gräfelfing, Germany. dean&david, Participating Restaurants and other companies (in particular MENU) may be involved in the processing of data related to activities via the Apps and/or in connection with the services described in the Privacy Policy. dean&david, the Participating Restaurants and the other companies, if any, act for the purposes indicated in this Privacy Policy and comply with applicable data protection laws. We collect and process personal data in diverse ways. Personal data is voluntarily provided by the user while creating and/or modifying the user profile, interacting with, or using the apps and/or services and through email communication with support or other staff. For users of the Apps and/or Services in particular, this includes, but is not limited to, the following information: Name, email address, password (encrypted), restaurant orders, user agent when logging in, IP address, credit card information (not stored by dean&david or MENU; see paragraph 3.4 below), comments on orders, business email address, persons served, occasion, signature. The data of the rushing restaurants include the name, address, e-mail address, home and/or delivery address, password (encrypted), telephone number, VAT, currency, tip, contact person, bank details, employees, points collected and/or redeemed, if applicable, type of reward for redeeming points. If you place an order via an App on a “self-ordering kiosk” without having registered or logged in, the orders placed will be processed by us and the Participating Restaurant, whereby only the data visible in the process will be processed (including order, payment details and, if applicable, location). The receipts are stored on our servers or the servers of MENU. The payment information is processed and managed by the payment processor (currently SIX Payment Services AG). The payment process is authorized by the payment processor and confirmed back to us. When orders are placed at a “self-order kiosk” with a login, no more data is processed – as far as personal data is processed – than when an order is placed via the other apps.  

Specifically, your order triggers a process in the Participating Restaurant which informs the Participating Restaurant, dean&david and its service provider MENU accordingly about your personal data, e.g., your contact details, such as name, telephone number, home and/or delivery address (for orders for delivery) and your order. When your order is ready for collection at the counter, you will be notified either via a push message (for orders placed via the mobile app) or via SMS message (for orders placed via the web app). If the restaurant you are visiting uses guest localization, your table number or your location will also be detected by transmitters or antennas placed in the participating restaurant. To receive Push Messages, you must have Push Messages enabled on your smartphone and to enable the detection of your location, you must have Bluetooth enabled on your smartphone and give the application permission to detect your location. For orders placed via the self-order kiosk, the Puck will show you when your order is ready for collection at the counter. Your location can also be determined by means of the Puck, which is issued to you at the self-ordering kiosk or at the counter. In the case of orders for delivery, your data will be processed for the purpose of conducting this delivery to the home or delivery address you have provided.  

dean&david as franchisor is the platform operator of the application and obtains your personal data, such as orders, name, telephone number, home and/or delivery address, email address, and may use it for marketing purposes. The dean&david franchisees operate the dean&david Platform in their restaurants and can view your order and payment data for their respective restaurants. MENU, as the technology provider, provides the dean&david application platform and can view your personal data. MENU provides dean&david with functions within the application platform that enable dean&david to communicate with you in a personalized manner and to provide you with relevant information at the appropriate time.  

In those cases where you provide us with data relating to other persons to the extent permitted by law (such as when issuing a receipt or as a Participating Restaurant personal data of employees), you hereby confirm that the personal data concerned and the further processing by us in accordance with this Privacy Policy comply with the applicable data protection laws. For example, you must inform the data subject and obtain their consent to the processing of their personal data for the purposes described in this Privacy Policy.  

Your personal data will be processed by MENU and stored by an external provider. Currently, it is Amazon Web Services (AWS)…. 

3. FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?

3.1 TECHNICAL OPERATION AND FUNCTIONALITY OF THE WEBSITE AND APP 

When you visit our website, for example to use our web app, our web administrators may process your personal data, including technical data such as your IP address, the web pages you visit, the internet browsers you use, the web pages you visit before and after and the duration of the visit/session, so that we can ensure the proper functioning of our website. In addition, the browser may in certain cases request your current location to optimize your user experience. Thanks to this technical data, our web administrators can manage the website, for example by solving technical problems or improving access to certain areas of the website. In this way, we ensure that you (continue to) find information provided on the website quickly and easily. When you visit our website, for example to use our web app, the privacy notice for our website www.deananddavid.de also applies.
When you use our mobile app or web app, we also process your personal data, including technical data such as your IP address and device type. We use this data to provide the services, ensure the functions of the app, solve technical problems, provide you with the correct and most up-to-date version of the app and further improve the functioning of the app. Insofar as the DS-GVO is applicable, the legal basis for the technical operation and functionality of the website and the app is Art. 6 (1) lit. f DS-GVO and Art. 6 (1) lit. b DS-GVO.  

3.2 CUSTOMER SERVICE  
When you register as a user, we collect your name, email address, phone number, password, IP address and device type, as well as your credit card number and card expiry date (see above).
We use your personal and contact information to provide the Services, for communication purposes in relation to your orders, to promote offers and for announcements related to the Services, such as when our Services are temporarily unavailable due to maintenance. We use your personal and registration information to create and manage your dean&david account. We reserve the right to deactivate your account if we suspect that you are using our app to commit fraudulent or unlawful acts or if you violate our terms of use.
As far as the DS-GVO is applicable, the legal basis for customer service is Art. 6 (1) lit. f DS-GVO and Art. 6 (1) lit. b DS-GVO. 

LOCATION INFORMATION

We collect and process location information, for example, in Participating Restaurants or when you place an order via the Apps, if you have given us your prior consent to do so. We use the relevant data to inform the relevant Participating Restaurant where the relevant order was placed so that the service staff can process the order accordingly.
As far as the DS-GVO is applicable, the legal basis for the processing of the location information is Art. 6 (1) lit. b DS-GVO.  

PERSONAL DATA  

When you place an order through the App, we will process (and forward to the Participating Restaurant) your first and/or last name, your order, and your telephone number so that the service staff can process your order accordingly and notify you when an order is ready for collection. If one of our restaurants serves the orders to the table thanks to a guest location, the table number or your location will also be determined so that the service staff can serve your order to your table accordingly. To the extent that you have placed an order for delivery, your home and/or delivery address will also be processed to provide the delivery. If you collect points with your order, we will credit these to the points account we hold for you. If you redeem points when placing a (reward) order, we will also record this redemption in the points account we hold for you.
As far as the DS-GVO is applicable, the legal basis for the processing of the above-mentioned order data is Art. 6 (1) lit. b DS-GVO.  

3.4 PAYMENT PROCESSING 

When you register as a user, your credit card information will be forwarded by MENU to a PCI-compliant payment processor (currently SIX Payment Services AG, Hardturmstrasse 201, CH-8021 Zurich) and processed by them to process payments for orders placed by you through the Apps. dean&david, dean&david FN and MENU may forward the credit card data to other PCI-compliant payment processors later. dean&david, dean&david FN and MENU do not collect credit card data themselves.
As far as the DS-GVO is applicable, the legal basis for payment processing is Art. 6 para. 1 lit. b DS-GVO.  

3.5 MARKETING  

dean&david and dean&david FN may use your contact details to send you general information about news at dean&david. You can unsubscribe from these notifications at any time.  

As far as the DS-GVO is applicable, the legal basis for processing for marketing purposes is Art. 6 (1) lit. f DS-GVO (balancing of interests, based on the legitimate interest of the controller to promote its services).  

3.6 COMPILATION OF ADMINISTRATIVE AND STATISTICAL DATA 

dean&david and MENU use your personal information in anonymized and aggregated form to monitor exactly which features of the service are used most, to analyze usage patterns and to determine where to offer or focus their service. They may provide this information to third parties for industry analysis and statistical purposes.  

3.7 COOKIES/ANALYSIS TOOLS 

dean&david uses cookies. Cookies are small text files that a website places on your computer or mobile device when you first visit a page or website. The cookies help us to recognize your device the next time you visit the website. Cookies have distinct functions. For example, they allow us to recall your settings and interests. Cookies can help us to analyze how well our website is working or to adapt our content to provide you with the information that is relevant to you. Only the session ID is stored and transmitted in the cookies.
As far as the DS-GVO is applicable, the legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f DS-GVO.
In most browsers, you can specify in the settings that they no longer accept cookies or that you are notified when you receive a cookie. In most browsers, you will find information on changes to your browser settings under the menu item “Help”. If you decide to deactivate and/or delete cookies in the future, you must consider that some dean&david functions will then no longer be available to you.
In addition, we use analytics tools (currently google Analytics) to collect information about the use of the website. These collect data such as how often users visit the website, which pages you view each time and which pages were viewed by the user before visiting the website. We only use the information we receive from the analytics tools to improve the website. The analysis tools only record the IP address assigned to you on the day of the website visit, but not your name or other personal data. However, if IP anonymization is activated on this website, your IP address will be truncated beforehand by the analysis tools within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a server of the analysis tools in the USA and shortened there. We do not combine the information collected with the help of the analysis tools with other personal data. Although the analytics tools place a permanent cookie on your web browser to identify you as an individual user the next time you visit the website, no one other than the analytics tools can use this cookie. The use and disclosure of information collected by the Analytics Tools about your visits to the Site are subject to the restrictions set forth in the Analytics Tools’ Terms of Use and the Analytics Tools’ Privacy Policy. By deactivating the cookies in your browser, you can prevent the analysis tool from recognizing you when you visit this website again.
As far as the DS-GVO is applicable, the legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f DS-GVO.  

3.8 LEGAL BASES FOR THE PROCESSING OF PERSONAL DATA 

As far as the DS-GVO is applicable, the following applies:
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.  

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.  

As far as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) c DSGVO serves as the legal basis.  

If vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) DSGVO serves as the legal basis.  

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.  

3.9 NO OBLIGATION TO PROVIDE PERSONAL DATA  

You are under no obligation to provide your personal data. However, without your personal data, we will not be able to provide our specific services to you through the Apps, or we will only be able to provide them in part. 

4. DISCLOSURE OF YOUR DATA BY US/TRANSFER TO THIRD COUNTRIES

We may use various third parties and external companies to facilitate or provide the Services for us, process payments, provide customer support, provide location information to Participating Restaurants, provide website-related services (including but not limited to maintenance services, database management, web analytics and website feature enhancement) or to assist us in analyzing the use of our Services. These third parties have access to your personal data and process it to perform the above tasks for us. This is MENU, which operates the app and services for us.
For this purpose, your personal data will be transferred to and processed in countries other than Switzerland, including countries (such as the USA) that do not have data protection laws comparable to Switzerland. You hereby consent to the transfer and processing of your personal data to such country/ies, to the USA. We transfer personal data to bodies in countries outside the European Union (so-called third countries) as far as  

– it is required by law (e.g., reporting obligations under tax law),  

– you have given your consent,  

– this is legitimized by the legitimate interest in terms of data protection law and there are no higher interests of the person concerned that are worthy of protection, or  

– it is necessary for the provision of our services to you.  

These are in particular:  

– PCI-compliant payment processors for payment processing  

– Hosting providers, for hosting data and applications.  

– Helpdesk/support.  

– Business intelligence providers  

– Communication service providers.  

– Business applications for e-mail communication.  

To protect your personal data, we or MENU have agreed the EU standard contractual clauses with the recipients of your data abroad.
dean&david discloses your personal data to the extent required by law or necessary for the establishment, exercise and defense of legal claims and legal proceedings and, in case of emergency, data relating to security.
In addition, we transmit your personal data via the POS system to the respective Participating Restaurant where you wish to place an order. 

5. YOUR RIGHTS

As a user, you have a right to information relating to your personal account. This includes information you have provided to us in relation to orders placed via the app. You may enforce the rights available to you under applicable data protection laws, including the right to request the correction or deletion of your personal data at any time or to object to the processing of your personal data, by emailing us at marketing@deananddavid.comor contact us at the address given in section 10. 

As far as the Swiss Data Protection Act is applicable, you are entitled to the rights set out therein. As far as the GDPR is applicable, the following applies: Pursuant to Article 15 DS-GVO, every data subject has a right of access. Pursuant to Article 16 of the GDPR, the data subject may request rectification of inaccurate personal data. Pursuant to Article 17 of the GDPR, the data subject has the right to erasure and, pursuant to Article 18, the right to restriction of processing. Likewise, the data subject may object to the processing of personal data concerning him or her under the conditions laid down in Article 21 of the GDPR. According to Article 20 of the GDPR, the data subject has the right to data portability. Regarding the right to information and the right to deletion, Sections 34 and 35 of the BDSG also apply in Germany. To assert these rights, you can contact the following office:marketing@deananddavid.com 

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing conducted on the basis of the consent until the revocation.
Furthermore, in accordance with Article 77 DS-GVO in conjunction with Section 19 BDSG, you have the right to lodge a complaint with the competent data protection supervisory authority:
State Office for Data Protection Supervision, P.O. Box 606, 91511 Ansbach, Promenade 27 (Castle), 91522 Ansbach, Tel.: 0981 53 – 1300, Fax: 0981 53 – 5300, E-Mail:poststelle@lda.bayern.de 

dean&david reserves the right, in the event of unfounded or excessive requests, to charge reasonable processing fees for providing relevant information.
Through your dean&david account, you can also change your personal data and withdraw the consent you have given. 

6. AUTOMATED DECISION-MAKING IN INDIVIDUAL CASES INCLUDING PROFILING

As far as the DS-GVO is applicable, the following applies: In connection with the provision of our services, you will not be subject to any decision based on automated processing pursuant to Article 22 DS-GVO. If we use such procedures in individual cases, you will be informed of this and of your related rights within the framework of the legal requirements.
Your data is partly processed automatically to evaluate certain personal aspects (profiling). Your ordering behavior is analyzed for the purpose of advertising products. 

7. DATA STORAGE/DELETION

Personal data is stored until the purpose for which you provided it to us has been fulfilled. Legal obligations may extend the storage of data up to 10 years.

8. SECURITY 

dean&david has put in place appropriate technical and organizational security measures against the loss or unlawful processing of your personal data. To this end, your personal data is stored securely in our database or MENU’s database, we use industry standard commercially reasonable security measures such as firewalls and SSL (Secure Socket Layers), and we also physically secure the locations where the data is stored.
However, as effective as our security measures are, no security system is infallible. We cannot guarantee the security of our database or provide any assurance that information you provide will not be intercepted in transit to us over the Internet. Any transmission of your information to dean&david is always at your own risk. We recommend that you do not disclose your password to anyone. 

9. CHANGES TO THIS PRIVACY POLICY

We may update this privacy policy to reflect changes in our information and data processing practices. In the event of material changes, we will notify you by email and via a notice on our website before the relevant change comes into effect. By continuing to use the Website and/or App and/or the Services, you acknowledge and agree to the updated Privacy Policy. We recommend that you visit this page regularly to find out about the latest changes to our data protection measures.  

10. CONTACT INFORMATION 

dean&david Franchise GmbH 
Represented by the Managing Director David Baumgartner
Lochhamer Schlag 21 
82166 Gräfelfing 
Germany  

Telefon: +49 89 26 20 59 410 
E-Mail:info@deananddavid.com

11. INFORMATION ABOUT YOUR RIGHT TO OBJECT ACCORDING TO ARTICLE 21 DS-GVO 

11.1 INDIVIDUAL RIGHT OF OBJECTION  

Insofar as the DS-GVO is applicable, the following applies: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) (data processing in the public interest) or (f) (data processing on the basis of a balance of interests); this also applies to profiling based on these provisions.
If you object, we will no longer process your personal data. This only applies if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or if the processing serves the purpose of asserting, exercising, or defending legal claims.  

11.2 RECIPIENT OF AN OBJECTION 

The objection can be made informally with the subject “Objection”, stating your name, address and date of birth, and should be addressed to:marketing@deananddavid.com 

12. INSTRUCTION NEWSLETTER REGISTRATION

If you register for our newsletter, you agree that we store and process the personal data collected for the purpose of sending the newsletter. The data will not be used for any other purpose. We will not pass on the data to third parties. A visit to the newsletter page is also stored by our system for statistical purposes.
Personal data is stored until the purpose for which you provided it to us has been fulfilled. Legal obligations may extend the storage of data up to 10 years.
You may at any time request the deletion, correction, restriction of processing or complete blocking of your personal data, if legally possible. Upon request, we will provide you with information free of charge about all personal data that has been stored by us. We will then make this available to you in a standard file format for the purpose of transfer.
The legal basis for data processing results from Art. 6 – EU-DSGVO.