Privacy Policy
Declaration of Information Obligation
The protection of your personal data is particularly important to us. We process your data exclusively based on the legal regulations (GDPR, TKG 2003). In this privacy policy, we inform you about the most important aspects of data processing within our website.
Data Protection Officer
Our Data Protection Officer is available to answer questions regarding the processing of your personal data.
Name: Philipp MayerhoferEmail: dpo@meetandeat.at
Cookies
Our website uses so-called cookies. These are small text files that are stored on your device using the browser. They do not cause any harm.
We use only essential cookies, which are necessary to make our services user-friendly. These cookies store your login session and support technical functions, such as the transition to our new domain. They are not tracking or analytics cookies.
Some cookies remain stored on your device until you delete them. They enable us to recognize your browser during your next visit and maintain your session.
If you do not want this, you can configure your browser to inform you about the setting of cookies, allowing you to allow cookies on a case-by-case basis.
If cookies are disabled, the functionality of our website, especially the login system, may be limited.
Access Data
We, the website operator or site provider, collect data on access to the site based on our legitimate interest (see Art. 6 para. 1 lit. f GDPR) and store these as "server log files" on the website's server. The following data is logged:
- Visited website
- Time at the time of access
- Amount of data sent in bytes
- Source/referrer from which you accessed the page
- Used browser
- Used operating system
- Used IP address
The server log files are stored for a maximum of two months and then deleted. The storage of the data is for security reasons, for example, to clarify misuse cases. If data must be retained for evidence, it is exempt from deletion until the incident is finally resolved.
Processing of Personal Data
The website operator collects, uses, and transfers your personal data only if it is legally permitted or you consent to the data collection.
Personal data refers to all information that is used to identify you and can be traced back to you—such as your name, email address, and telephone number.
Data Sharing with Processors
Your data will not be shared with third parties unless it is necessary to fulfill our contract with you (e.g., for payment processing), or we are legally obligated to do so. In any case, your data will only be shared with processors that meet our strict data protection standards.
The third-party processors we work with include:
- Payment service providers for handling payments.
- IT service providers for hosting and operating our website.
- Cloud service providers for data storage.
- Software developers and development companies for maintaining and improving our systems.
These processors handle personal data solely on our behalf and in accordance with our instructions. Data transfers to recipients outside the EU or EEA will only occur if appropriate safeguards are in place according to Art. 46 GDPR.
What Data We Process
- Name
- Username or email address
- Password
- Language
- Date, time, and IP address of current and previous logins
- Number of logins
- Date and time the account was created and last updated
- Company
- Company number (for corporate groups)
- Department
- Employee number
- Initials
- Chip number
- Cash register ID (if a cash register is available)
- Orders
How and Why We Process Data
We process personal data only with the explicit permission of the relevant users and in compliance with applicable data protection regulations. The processing of personal data is based on our legitimate interest or to fulfill our contractually agreed services, including:
- Access control
- Management (entry, editing, cancellation) of orders
- Delivery
- Billing
- Evaluation for quality improvement
- Language display
- Security – protection against attacks
- Email notifications to inform you of events or remind you of tasks (opt-in)
Legal Basis for Processing
The processing of your personal data is carried out either based on your consent (Art. 6 para. 1 lit. a GDPR), to fulfill a contract (Art. 6 para. 1 lit. b GDPR), or based on our legitimate interest (Art. 6 para. 1 lit. f GDPR).
Data Retention
We store personal data only for as long as is necessary to fulfill our contractual or legal obligations. For example:
- Contact data is deleted six months after processing the inquiry.
- Order data is stored for 7 years as required by law.
- User data used for invoices and accounting is stored according to tax retention requirements.
After the respective retention period has expired, the data is routinely deleted, provided it is no longer required for fulfilling the contract or other legitimate purposes.
Email Notifications
We offer optional email notifications to inform you of events or remind you of tasks. You can unsubscribe from email notifications at any time through your profile settings.
Where We Process Data
Data processing activities are, at least in part, carried out outside the EU or EEA. The appropriate level of data protection is guaranteed by one of the following:
- An adequacy decision by the European Commission under Art. 45 GDPR.
- A specific case exception under Art. 49 para. 1 GDPR.
- Binding corporate rules under Art. 47 in conjunction with Art. 46 para. 2 lit. b GDPR.
- Standard contractual clauses under Art. 46 para. 2 lit. c and d GDPR.
- Approved codes of conduct under Art. 46 para. 2 lit. e in conjunction with Art. 40 GDPR.
- An approved certification mechanism under Art. 46 para. 2 lit. f in conjunction with Art. 42 GDPR.
- Contractual clauses approved by the data protection authority under Art. 46 para. 3 lit. a GDPR.
- An exception for a specific case under Art. 49 para. 1 subparagraph 2 GDPR.
Your Rights
You are entitled to the rights of access, rectification, erasure, restriction, data portability, withdrawal, and objection. If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any way, you can lodge a complaint with the supervisory authority.
In Austria, this is the Data Protection Authority: www.dsb.gv.at
Contact Details
If you have any questions, you can reach us here
Last updated: September 2024