Privacy statement
Welcome to our website! We attach great importance to protecting your data and maintaining your privacy. We therefore inform you below about the collection and use of personal data when using our website.
1. Name and contact details of the person responsible for processing
This data protection information applies to data processing by: Responsible person: Hey Group GmbH, Gormannstraße 14, 10119 Berlin
2. Collection and storage of personal data and the nature and purpose of their use
2.1 When you visit the website
When you visit our website www.heycater.com Information is automatically sent to the server of our website by the browser used on your device — possibly by our hosting provider. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted: - IP address of the requesting computer, - date and time of access, - name and URL of the retrieved file, - website from which access is made (referrer URL), - browser used and, if applicable, the operating system of your computer and the name of your access provider. The above data is processed by us for the following purposes: - Ensuring a smooth connection to the website, - Ensuring convenient use of our website, - evaluating system security and stability and - for other administrative purposes. The legal basis for data processing is Article 6 (1) (f) GDPR. Our legitimate interest results from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about you. In addition, we use cookies and marketing and analysis services when you visit our website. You can find more detailed explanations of this under sections 4, 5 and 6 of this privacy policy.
2.2 When signing up for our newsletter
If you have expressly consented in accordance with Article 6 (1) (a) GDPR, we will use your email address to send you our newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an e-mail address. You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you are welcome to send your request to unsubscribe at any time to hey@heycater.com.
2.3 When using our chat/contact form
If you have any questions, we offer you the opportunity to contact us via a form/chat provided on the website. At a minimum, it is necessary to provide a valid email address so that we know who sent the request and to be able to answer it. Further information can be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Article 6 (1) (a) GDPR on the basis of your voluntary consent. The personal data collected by us for using the contact form/chat will be automatically deleted after the request you have made has been completed.
2.4 When registering
When registering and/or creating a user account, the required mandatory information is provided to users in the input mask. When registering and using a user account, the IP address and time of use are stored. The data entered during registration is used for the purpose of using the offer. After cancellation of registration, the data will be deleted, unless storage is necessary for commercial or tax reasons. The basis for this is in our legitimate interest and results from Art. 6 (1) (f) GDPR
2.5 When using customer support
In the case of user accounts, the required mandatory information is provided to users in the input mask. As part of use, the IP address and time of use are stored. The data entered is used for the purpose of using Support. After the support service has ended, the data will be deleted, unless storage is necessary for commercial or tax reasons. The basis for this is in our legitimate interest and results from Art. 6 (1) (f) GDPR
2.6 When ordering/ordering a service
When ordering or ordering, we need your data to fulfill a contract and to process the contractual relationship. The legal basis for data processing is Art. 6 I lit. b GDPR.
3. Data processing as part of the heykantine! program
Heycater! With its program Heykantine! a modern canteen solution for personalized employee catering. Participating companies enable their employees to order a selection of dishes that vary from day to day. Employees can place their orders via heykantine! Give up the app.
3.1 Registration data
When registering in the app, the following data is processed:
- email address
- password
Using the email address provided, we will first check your eligibility to participate in the heykantine program! by comparing the email address with the authorized email addresses provided by the participating companies. We also process the registration data to create a personal user account and then to enable users to register and securely access the user account. The legal basis for processing registration data is Article 6 (1) (b) GDPR.
3.2 Order data
As part of the ordering process, the following data is processed:
- Billing and delivery address
- orders
- First and last delivery
- email address
- Payment details
- Optional: phone number.
The order data is required to process orders, deliver the orders to the specified address, to provide users with information relevant to the order and to process payments. The legal basis for processing order data is Article 6 (1) (b) GDPR. It is possible to provide the telephone number so that users can be contacted if they have any questions in connection with their order and provide you with information about their order. The legal basis for processing is our legitimate interest in accordance with Article 6 (1) (f) GDPR to ensure a smooth ordering process.
3.3 Payment service providers
In order to process payments, we use the services of Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland (“Stripe”). Stripe is an external payment service provider whose services we use to provide services as part of heykantine! Program to receive and process payments made to us. Stripe also uses JavaScript and cookies for this purpose. In doing so, we do not store any personally identifiable information or financial information such as credit card numbers. Instead, payment details (in particular contact and transaction data such as credit card details or bank details) are transmitted directly to Stripe. Stripe also processes the data to identify and prevent abusive financial transactions, to implement legal requirements in the financial sector, and to analyze, develop and improve its products. This processing of your personal data by Stripe is governed by their privacy policy: https://stripe.com/privacy. The data processed through cookies and other technologies includes in particular communication data (IP address, device identifier, browser version, operating system information). The following cookies are set and read by Stripe for fraud prevention and detection with the respective storage period:
• “__stripe_mid” (1 year);
• “__stripe_sid” (30 minutes);
• “m” (2 years).
The legal basis is Art. 6 para. 1 lit. b GDPR to fulfill payment within the framework of a contract with users, and otherwise Art. 6 para. 1 lit. f GDPR, where the use of an external payment service provider is based on our legitimate interest in being able to offer users an additional payment option with Stripe. We have concluded an order processing agreement with Stripe Payments Europe Ltd. The personal data of users can also be transferred from Stripe Payments Europe Ltd. to Stripe Inc., Corporation Trust Center, 1209 Orange Street, Wilmington, New Castle, DE 19801 in the USA. Stripe Inc. has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR. In addition, with Stripe Inc. Standard contractual clauses (Implementing Decision (EU) 2021/914, Module 2) concluded in accordance with Art. 46 para. 2 lit. c GDPR. For more information, please see Stripe's privacy policy: https://stripe.com/privacy.
3.4. Sharing data
As part of heykantine! Program, we pass on your personal data to third parties if this is legally permitted and is necessary in accordance with Art. 6 para. 1 lit. b GDPR to process contractual relationships with you or to carry out pre-contractual measures taken at your request. We transfer users' personal data to caterers who work as part of the heykantine! Program to work with us so that they can assign orders. In the app, you will find information about the caterers cooperating with us.
3.5 Third party authentication service (OIDC)
To log on to our platform securely and conveniently, we may use an external authentication service based on the OpenID Connect (OIDC) standard (“third-party service”). This service provides an additional identity layer based on the OAuth 2.0 protocol and makes it possible to verify user identities and process basic profile data. As part of the registration, technical and personal data, such as:
- your email address,
- a unique user identifier (ID token),
- as well as information about your browser, device and, if applicable, the IP address, to the third-party service to secure the login process and to enable returns to the platform. The login can be carried out via various OIDC-compliant flows (e.g. redirection to the third-party provider's login page or token transfer via form_post). Depending on the flow used, client-side forwarding or server-side token validation can take place. In addition, an optional Proof Key for Code Exchange (PKCE) can be used to further increase authentication security. Your data is processed on the basis of Art. 6 para. 1 lit. b DSGVO (contract fulfillment as part of user account management) and Art. 6 para. 1 lit. f DSGVO (legitimate interest in secure, standardized and efficient authentication). The third-party service processes your data exclusively as part of order processing in accordance with Art. 28 GDPR. A transfer to third countries only takes place if the requirements of Art. 44 et seq. of the GDPR are met, in particular on the basis of appropriate guarantees such as standard contractual clauses or an adequacy decision. For more information on data processing as part of authentication, please contact hey@heycater.com.
4. Duration for which personal data is stored
The criterion for the duration of storage of personal data is usually the respective legal retention period or the period for which the data is required for legal reasons. After the deadline, the corresponding data is routinely deleted, provided that it is no longer required to fulfill or initiate a contract.
5. Transfer of data
Your personal data will not be transferred to third parties for purposes other than those listed below. We will only share your personal information with third parties if:
- you have given your express consent in accordance with Article 6 (1) (a) GDPR,
- the transfer is necessary in accordance with Article 6 (1) (f) GDPR to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
- in the event that there is a legal obligation to transfer data in accordance with Article 6 (1) (c) GDPR, and
- this is legally permitted and is required in accordance with Article 6 (1) (b) GDPR to process contractual relationships with you.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this is done as part of the use of third-party services or disclosure or transfer of data to third parties, this is only done if it is done to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permits, we process or have the data processed in a third country only if the special requirements of Art. 44 ff. GDPR are met. This means that processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
5.1 Intercom
We use the services of Intercom Inc., 55 2nd Street, 4th Fl., San Francisco, CA 94105 to ensure efficient communication with our customers and visitors and to better understand your use of our services. Since we believe that efficient communication is essential for a good customer experience, we have enabled Intercom by default for all users. We provide Intercom with a limited amount of your information (such as the registration date and some personal information such as your email address) and use Intercom to collect data for analytics purposes when you visit our website or use our product. Intercom analyses your use of our website and/or product on behalf of us and tracks our relationship using cookies and similar technologies so that we can improve our service to you. You can find more information about Intercom's use of cookies at: https://www.intercom.com/terms-and-policies#cookie-policy
We also use Intercom as a medium for communication, either via email or through messages within our product (s). The Intercom messenger apps and apps in Inbox products can also give you access to other third-party apps, such as Stripe. You should consult the privacy notices of these third parties for more information about their use of your personal information. As part of our service agreements, Intercom collects publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social media handles, and physical addresses to improve your user experience.
For more information about Intercom's privacy practices, please visit: https://www.intercom.com/terms-and-policies#privacy Intercom's services are subject to Intercom's terms of use, which can be found at https://www.intercom.com/terms-and-policies#terms be able to find. If you would like to opt out of having this information collected by Intercom or transmitted to Intercom, please contact us.
6. cookies
Our websites use so-called cookies in several places. Cookies are small text files that are stored on your computer and saved by your browser. They serve to make our offering more user-friendly, effective and secure. Cookies do not contain any personal data and do not cause any damage to your device; they do not contain any malware. On the one hand, the use of cookies serves to make the use of our website more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site. In addition, we also use temporary cookies to optimize usability, which are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again. On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These cookies enable us to automatically recognize that you have already visited our site when you visit our site again. These cookies are automatically deleted after a defined period of time. The data processed through cookies is required for the stated purposes to protect our legitimate interests and those of third parties in accordance with Article 6 (1) (f) GDPR. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or that a message always appears before a new cookie is created. However, completely disabling cookies may mean that you cannot use all features of our website.
7. Analysis & marketing tools
7.1 Analysis tools
The tracking measures listed below and used by us are carried out on the basis of Article 6 (1) (f) GDPR. With the tracking measures we use, we want to ensure that our website is designed and continuously optimized. On the other hand, we use tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These interests are regarded as justified within the meaning of the above provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
7.1.1. Google Analytics
For the purpose of designing and continuously optimizing our pages to meet your needs, we use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymized user profiles are created and cookies are used. The information generated by the cookie about your use of this website, such as - browser type/version, - operating system used, - referrer URL (the previously visited page), - host name of the accessing computer (IP address), - time of the server request, is transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and Internet usage for the purposes of market research and the demand-oriented design of these websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of third parties. Under no circumstances will your IP address be combined with other data from Google. The IP addresses are anonymized so that allocation is not possible (IP masking). You can prevent the installation of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/ gaoptout?hl=de). As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie is set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. For more information about data protection in connection with Google Analytics, please see Google Analytics Help (https://support.google.com/analytics/answer/ 6004245? hl=de).
7.1.2. Google Adwords conversion tracking
In order to statistically record the use of our website and to evaluate it for the purpose of optimizing our website for you, we also use Google Conversion Tracking. Google Adwords will set a cookie on your computer if you have reached our website via a Google ad.
These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.
Each Adwords customer receives a different cookie. Cookies can therefore not be traced via the websites of Adwords customers. The information collected using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
If you do not want to participate in the tracking process, you can also refuse the necessary setting of a cookie — for example via a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate conversion tracking cookies by setting your browser to block cookies from the “www.googleadservices.com” domain. Google's privacy policy for conversion tracking can be found here.
7.1.3. Bing conversion tracking
In order to statistically record the use of our website and to evaluate it for the purpose of optimizing our website for you, we also use Bing Conversion Tracking from (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (Bing). This will set a cookie on your computer if you have reached our website via a Bing ad.
These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages on the Bing customer's website and the cookie has not yet expired, Bing and the customer can recognize that the user clicked on the ad and was redirected to that page.
Each Bing customer receives a different cookie. Cookies can therefore not be traced via the websites of Bing customers. The information collected using the conversion cookie is used to generate conversion statistics for Bing customers who have opted for conversion tracking. Bing customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
If you do not want to participate in the tracking process, you can also refuse the necessary setting of a cookie — for example via a browser setting that generally deactivates the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies. Microsoft's privacy policy on conversion tracking can be found here.
7.1.4. Hotjar
For the purpose of designing and continuously optimizing our sites and their economic operation, we use marketing services from Hotjar Ltd, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta, Europe (Hotjar) to evaluate the behavior of website visitors. In particular, anonymized data is collected via cookies (see section 5), which is used for optimization. This data has no personal reference and is not used to produce one. The collected data is automatically deleted after a few days. You can find more detailed information here in Hotjar's privacy policy
7.1.5. segment
We use marketing services from Segment.io, Inc., 100 California Street, Suite 700 (segment) for the purpose of designing and continuously optimizing our pages in line with requirements, in particular the tracking and analysis tools used, and the economic operation of our sites. In particular, anonymized data is collected via cookies (see section 5), which is used for optimization. This data has no personal reference and is not used to produce one. The collected data is automatically deleted after a few days. You can find more detailed information here in segment's privacy policy
7.1.6. Ryte
We use services provided by Ryte GmbH, Paul-Heyse-Str. 27, 80336 Munich, to analyse our shops and websites for the purpose of designing and continuously optimizing our pages as well as for the economic operation of our pages. In particular, anonymized data is collected via cookies (see section 5), which is used for optimization. This data has no personal reference and is not used to produce one. The collected data is automatically deleted after a few days. You can find more detailed information here in Ryte's privacy policy
7.1.7. Mixpanel
For the purpose of designing, continuously optimizing and operating our sites economically, we use services provided by Mixpanel, Inc., 405 Howard St., 2nd Floor, San Francisco, CA 94105 to analyze our shops and websites. In particular, anonymized data is collected via cookies (see section 5), which is used for optimization. This data has no personal reference and is not used to produce one. The collected data is automatically deleted after a few days. You can find more detailed information here in MixPanel's privacy policy.
7.1.8. Leadforensics
We use the marketing services of Leadforensics Ltd, 4 Old Park Lane Mayfair, London W1K 1QW (Leadforencis), website visits are tracked via the active business IP address used to optimize our website. Leadforencis is GDPR compliant here , for more information, see the Leadforencis privacy policy.
7.1.9. Leadfeeder
We use marketing services from Leadfeeder Ltd, 237 Glen Street, Suite #101 · Glens Falls, NY 12801 and website visits are tracked via the active business IP address used to optimize our website. Leadfeeder is GDPR compliant here , for more information, see the Leadfeeder privacy information
7.1.10. Mouseflow
This website uses Mouseflow, a web analysis tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. Data processing serves the purpose of analyzing this website and its visitors. For this purpose, data is collected and stored for marketing and optimization purposes. User profiles can be created from this data under a pseudonym. Cookies may be used for this purpose. The Mouseflow web analysis tool records randomly selected individual visits (only with an anonymized IP address).
This creates a log of mouse movements and clicks with the intention of sampling individual website visits and deriving potential improvements for the website from this. The data collected with Mouseflow will not be used to personally identify the visitor to this website and will not be combined with personal data about the bearer of the pseudonym without the separate consent of the person concerned. Processing is carried out on the basis of Art.
6 (1) f) GDPR based on the legitimate interest in direct customer communication and in designing the website in line with needs. For reasons arising from your particular situation, you have the right to object to this at any time in Art.
6 (1) f DSGVO to object to processing of personal data concerning you. To do this, you can deactivate a recording globally for the browser you are currently using on all websites that use Mouseflow under the following link: here. If you are interested in order data processing, you can complete it online with us directly via RightSignature: here.
7.2 Marketing tools
7.2.1. Facebook Pixels (Facebook Ads)
For the purpose of designing and continuously optimizing our sites and their economic operation, we use (re) marketing services provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). With this function, the provider can target visitors to the website with advertising by placing personalized, interest-based Facebook ads for visitors to the website when they visit the Facebook social network. To carry out the function, the Facebook remarketing tag is implemented on the provider's website. When you visit the website, a direct connection to the Facebook servers is established. This transmits information about the use of the websites visited.
Facebook assigns this information to your personal Facebook user account. You can find more information about the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy in here Facebook's privacy policy.
You can deactivate the functions via your Facebook user account. If you do not want Facebook to associate the collected information directly with your Facebook user account, you can deactivate the “Custom Audiences” remarketing function here. To do this, you must be logged in to Facebook.
Facebook is under the Privacy Shield Agreement certifies and thus offers a guarantee of compliance with European data protection law. The legal basis for processing data and use of (re) marketing services is the legitimate interest in analyzing, optimizing and operating our online offering within the meaning of Article 6 (1) lit. f. GDPR
7.2.2. Xing Ads
For the purpose of designing and continuously optimizing our sites and their economic operation, we also use (re) marketing services provided by XING AG, Dammtorstraße 29-32, 20354 Hamburg (“Xing”). With this function, the provider can target visitors to the website with advertising by placing personalized, interest-based Xing ads for visitors to the website when they visit the Xing network. To carry out the function, the remarketing tag from Xing is implemented on the provider's website.
You can find more information about the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy here in XING's privacy policy.
7.2.3. Linkedin Ads
For the purpose of designing and continuously optimizing our sites and their economic operation, we also use (re) marketing services from LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). With this function, the provider can target visitors to the website with advertising by placing personalized, interest-based LinkedIn ads for visitors to the website when they visit the LinkedIn network. To carry out the function, the LinkedIn remarketing tag is implemented on the provider's website. You can find more information about the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy here in Linkedin's privacy policy.
8. Newsletter delivery tool
8.1 Mailjet
Our newsletters are sent by the shipping service provider Mailjet, a service provided by Mailjet GmbH or Mailjet SAS, 13-13 bis, rue de l'Aubrac, 75012 Paris, France.
Mailjet is a European provider of email marketing and transactional emails. The data entered as part of the newsletter subscription is stored and processed on Mailjet's servers within the European Union.
Mailjet can use the recipients' data in pseudonymized form to technically optimize the sending and presentation of newsletters as well as for statistical purposes. The data of our newsletter recipients is not used to contact us independently or to pass it on to third parties.
The newsletters contain so-called tracking technologies. When the newsletter is opened, information such as browser type, operating system, IP address and time of retrieval are collected. It also records whether and when the newsletter was opened and which links were clicked on. This data is used exclusively for statistical evaluation and optimization of our newsletter communication and is not used to create a personal profile.
The legal basis for processing the data as part of sending the newsletter is your consent in accordance with Article 6 (1) (a) GDPR. The shipping service provider is also used on the basis of our legitimate interest in efficient and secure newsletter delivery in accordance with Art. 6 para. 1 lit. f DSGVO.
For more information about Mailjet's privacy policy, please see Mailjet's privacy policy at: https://www.mailjet.com/de/rechtliches/datenschutzerklaerung/
8.2 Salesforce
Our newsletters are also sent via the shipping service provider salesforce.com, inc., The Landmark @One Market, Suite 300, San Francisco, California 94105 (USA).
The shipping service provider can use the recipients' data in pseudonymous form, i.e. without attribution to a user, to optimize or improve its own services, e.g. to technically optimize the delivery and presentation of newsletters or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write to them themselves or to pass on the data to third parties.
The newsletters contain files that are retrieved from our server or from the shipping service provider's server when the newsletter is opened. This collects information about the browser, the system used, the IP address and the time of retrieval.
It is also determined whether and when the newsletter was opened and which links were followed. This is not about the basic possible attribution of data to a user, but only about the statistical evaluation of a newsletter mailing list.
You can read the shipping service provider's privacy policy here view. Salesforce Inc. is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection standards.
The legal basis for using the service and processing of data is the legitimate interest in the economic operation of our online offering within the meaning of Article 6 (1) (f) GDPR.
9. Support/communication tool
9.1 Zendesk
For the purpose of ensuring and optimizing customer support, we use services from Zendesk, Inc., 1019 Market Street, San Francisco, CA 94103, United States (zendesk). Here, the entered and necessary data is collected for the purpose of support and stored for its duration (see section 2e)). You can find more information about this here in zendesk's privacy policy.
Zendesk is under Privacy Shield Agreement certifies and thus offers a guarantee of compliance with European data protection standards.
The legal basis for using the service and processing of data is the legitimate interest in the economic operation of our online offering within the meaning of Article 6 (1) (f) GDPR.
10.Order processing/invoicing
10.1 Easybill
For order processing (in particular with regard to invoicing), we use the “easybill” service provided by easybill GmbH, Düsselstr. 21, 41564 Kaarst). Your data will only be passed on to the extent that this is actually necessary to process the order. You can find more information about this here in easybill's privacy policy.
The legal basis for using the service and processing the data is the processing of the order within the meaning of Art. 6 para. 1 lit. fb GDPR.
11. Accounting
11.1 Smacc
For financial accounting and bookkeeping purposes, we use the services of SMACC GmbH, Albert-Einstein-Ring 11, 14532 Kleinmachnow (smacc). You can find more information about this here in smacc's privacy policy.
The legal basis for using the service and processing of data is the legitimate interest in the economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR
12. Social media plug-ins
On our website, we use social plug-ins from the (social) networks Facebook, Twitter, Pinterest and LinkedIn in order to make our site better known. The underlying advertising purpose is regarded as a legitimate interest within the meaning of the GDPR. Responsibility for data protection-compliant operations must be guaranteed by their respective providers.
12.1 Facebook
Our pages use plug-ins from the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). When you access websites on our website with such a plugin, a connection to the Facebook servers is established and the plugin is displayed on the website by sending a message to your browser. This transmits to the Facebook server which of our websites you have visited. If you are logged in to Facebook as a member, Facebook assigns this information to your personal Facebook user account. When using the plugin functions (e.g. clicking on the “Like” button, submitting a comment), this information is also assigned to your Facebook account, which you can only prevent by logging out before using the plugin. If you do not want Facebook to associate the data collected via our website with your Facebook account, you must log out of Facebook before visiting our website. Please refer to the purpose and scope of data collection and further processing and use of the data by Facebook as well as your related rights and settings options to protect your privacy here Facebook's privacy policy.
12.2 Twitter
Functions of the Twitter service are integrated into our pages. These functions are offered by Twitter Inc., Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Retweet” function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transferred to Twitter. You can set your privacy settings on Twitter in your account settings at: http://twitter.com/account/settings change. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Twitter. If you do not want Twitter to be able to associate your visit to our pages, please log out of your Twitter user account. You can find more information about this here in Twitter's privacy policy.
12.3 Pinterest
Features of the Pinterest service are integrated on our pages. These functions are offered by Pinterest Inc., 808 Brannan St, San Francisco, CA 94103, USA. By using Pinterest, the websites you visit are linked to your Pinterest account and made known to other users. In the process, data is also transferred to Pinterest. You can set your privacy settings on Pinterest at http://pinterest.com/about/privacy carry out. You can find more information about this here in Pinterest's privacy policy.
12.4 LinkedIn
Plug-ins from the LinkedIn network are used on our pages. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. When you visit the LinkedIn page via our website, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our websites using your IP address. If you click on LinkedIn's “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to associate your visit to our website with you and your user account.
You can find more information about this here in LinkedIn's privacy policy.
13. Integration of third-party services and content
On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Article 6 (1) (f) GDPR), we use content or service offerings from third parties to integrate their content and services.
This always requires that the third-party providers of this content recognize the users' IP addresses, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. In addition, information about visitor traffic on the pages of this website can be evaluated (for cookies, see section 5).
YouTube
Videos from the “YouTube” platform from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, are integrated. Privacy statement: https://policies.google.com/privacy?hl=de
Google Maps
Maps from the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, are integrated. Privacy statement: https://policies.google.com/privacy?hl=de
Google Fonts
Fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, are integrated. Privacy statement: https://policies.google.com/privacy?hl=de
14. Rights of data subjects
You have the right to:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can provide information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of correction, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of their data, unless they have been collected by us, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about request their details;
- in accordance with Article 16 GDPR, to immediately request the correction of incorrect or completed personal data stored by us;
- to request the deletion of your personal data stored by us in accordance with Article 17 GDPR, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- to request the restriction of the processing of your personal data in accordance with Article 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to processing in accordance with Article 21 GDPR;
- in accordance with Article 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible; - in accordance with Article 7 (3) GDPR, to withdraw your consent to us at any time. As a result, we are no longer allowed to continue data processing based on this consent in the future and
- to complain to a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or place of work.
15. Right of objection
If your personal data is processed on the basis of legitimate interests in accordance with Article 6 (1) (f) GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation. If you would like to exercise your right of revocation or objection, simply send an email to hey@heycater.com
16. data security
When you visit our website, we use the common SSL (Secure Socket Layer) procedure in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock icon in the lower status bar of your browser. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are constantly being improved in line with technological developments.
17. Timeliness and amendment of this privacy policy
This privacy policy is currently valid and was last updated in May 2018. As a result of the further development of our website and offers, or as a result of changes in legal or regulatory requirements, it may be necessary to amend this privacy policy. You can access and print out the current privacy policy here at any time.
1. Name and contact details of the person responsible for processing
This data protection information applies to data processing by: Responsible person: Hey Group GmbH, Gormannstraße 14, 10119 Berlin
2. Collection and storage of personal data and the nature and purpose of their use
2.1 When you visit the website
When you visit our website www.heycater.com Information is automatically sent to the server of our website by the browser used on your device — possibly by our hosting provider. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted: - IP address of the requesting computer, - date and time of access, - name and URL of the retrieved file, - website from which access is made (referrer URL), - browser used and, if applicable, the operating system of your computer and the name of your access provider. The above data is processed by us for the following purposes: - Ensuring a smooth connection to the website, - Ensuring convenient use of our website, - evaluating system security and stability and - for other administrative purposes. The legal basis for data processing is Article 6 (1) (f) GDPR. Our legitimate interest results from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about you. In addition, we use cookies and marketing and analysis services when you visit our website. You can find more detailed explanations of this under sections 4, 5 and 6 of this privacy policy.
2.2 When signing up for our newsletter
If you have expressly consented in accordance with Article 6 (1) (a) GDPR, we will use your email address to send you our newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an e-mail address. You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you are welcome to send your request to unsubscribe at any time to hey@heycater.com.
2.3 When using our chat/contact form
If you have any questions, we offer you the opportunity to contact us via a form/chat provided on the website. At a minimum, it is necessary to provide a valid email address so that we know who sent the request and to be able to answer it. Further information can be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Article 6 (1) (a) GDPR on the basis of your voluntary consent. The personal data collected by us for using the contact form/chat will be automatically deleted after the request you have made has been completed.
2.4 When registering
When registering and/or creating a user account, the required mandatory information is provided to users in the input mask. When registering and using a user account, the IP address and time of use are stored. The data entered during registration is used for the purpose of using the offer. After cancellation of registration, the data will be deleted, unless storage is necessary for commercial or tax reasons. The basis for this is in our legitimate interest and results from Art. 6 (1) (f) GDPR
2.5 When using customer support
In the case of user accounts, the required mandatory information is provided to users in the input mask. As part of use, the IP address and time of use are stored. The data entered is used for the purpose of using Support. After the support service has ended, the data will be deleted, unless storage is necessary for commercial or tax reasons. The basis for this is in our legitimate interest and results from Art. 6 (1) (f) GDPR
2.6 When ordering/ordering a service
When ordering or ordering, we need your data to fulfill a contract and to process the contractual relationship. The legal basis for data processing is Art. 6 I lit. b GDPR.
3. Data processing as part of the heykantine! program
Heycater! With its program Heykantine! a modern canteen solution for personalized employee catering. Participating companies enable their employees to order a selection of dishes that vary from day to day. Employees can place their orders via heykantine! Give up the app.
3.1 Registration data
When registering in the app, the following data is processed:
- email address
- password
Using the email address provided, we will first check your eligibility to participate in the heykantine program! by comparing the email address with the authorized email addresses provided by the participating companies. We also process the registration data to create a personal user account and then to enable users to register and securely access the user account. The legal basis for processing registration data is Article 6 (1) (b) GDPR.
3.2 Order data
As part of the ordering process, the following data is processed:
- Billing and delivery address
- orders
- First and last delivery
- email address
- Payment details
- Optional: phone number.
The order data is required to process orders, deliver the orders to the specified address, to provide users with information relevant to the order and to process payments. The legal basis for processing order data is Article 6 (1) (b) GDPR. It is possible to provide the telephone number so that users can be contacted if they have any questions in connection with their order and provide you with information about their order. The legal basis for processing is our legitimate interest in accordance with Article 6 (1) (f) GDPR to ensure a smooth ordering process.
3.3 Payment service providers
In order to process payments, we use the services of Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland (“Stripe”). Stripe is an external payment service provider whose services we use to provide services as part of heykantine! Program to receive and process payments made to us. Stripe also uses JavaScript and cookies for this purpose. In doing so, we do not store any personally identifiable information or financial information such as credit card numbers. Instead, payment details (in particular contact and transaction data such as credit card details or bank details) are transmitted directly to Stripe. Stripe also processes the data to identify and prevent abusive financial transactions, to implement legal requirements in the financial sector, and to analyze, develop and improve its products. This processing of your personal data by Stripe is governed by their privacy policy: https://stripe.com/privacy. The data processed through cookies and other technologies includes in particular communication data (IP address, device identifier, browser version, operating system information). The following cookies are set and read by Stripe for fraud prevention and detection with the respective storage period:
• “__stripe_mid” (1 year);
• “__stripe_sid” (30 minutes);
• “m” (2 years).
The legal basis is Art. 6 para. 1 lit. b GDPR to fulfill payment within the framework of a contract with users, and otherwise Art. 6 para. 1 lit. f GDPR, where the use of an external payment service provider is based on our legitimate interest in being able to offer users an additional payment option with Stripe. We have concluded an order processing agreement with Stripe Payments Europe Ltd. The personal data of users can also be transferred from Stripe Payments Europe Ltd. to Stripe Inc., Corporation Trust Center, 1209 Orange Street, Wilmington, New Castle, DE 19801 in the USA. Stripe Inc. has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR. In addition, with Stripe Inc. Standard contractual clauses (Implementing Decision (EU) 2021/914, Module 2) concluded in accordance with Art. 46 para. 2 lit. c GDPR. For more information, please see Stripe's privacy policy: https://stripe.com/privacy.
3.4. Sharing data
As part of heykantine! Program, we pass on your personal data to third parties if this is legally permitted and is necessary in accordance with Art. 6 para. 1 lit. b GDPR to process contractual relationships with you or to carry out pre-contractual measures taken at your request. We transfer users' personal data to caterers who work as part of the heykantine! Program to work with us so that they can assign orders. In the app, you will find information about the caterers cooperating with us.
3.5 Third party authentication service (OIDC)
To log on to our platform securely and conveniently, we may use an external authentication service based on the OpenID Connect (OIDC) standard (“third-party service”). This service provides an additional identity layer based on the OAuth 2.0 protocol and makes it possible to verify user identities and process basic profile data. As part of the registration, technical and personal data, such as:
- your email address,
- a unique user identifier (ID token),
- as well as information about your browser, device and, if applicable, the IP address, to the third-party service to secure the login process and to enable returns to the platform. The login can be carried out via various OIDC-compliant flows (e.g. redirection to the third-party provider's login page or token transfer via form_post). Depending on the flow used, client-side forwarding or server-side token validation can take place. In addition, an optional Proof Key for Code Exchange (PKCE) can be used to further increase authentication security. Your data is processed on the basis of Art. 6 para. 1 lit. b DSGVO (contract fulfillment as part of user account management) and Art. 6 para. 1 lit. f DSGVO (legitimate interest in secure, standardized and efficient authentication). The third-party service processes your data exclusively as part of order processing in accordance with Art. 28 GDPR. A transfer to third countries only takes place if the requirements of Art. 44 et seq. of the GDPR are met, in particular on the basis of appropriate guarantees such as standard contractual clauses or an adequacy decision. For more information on data processing as part of authentication, please contact hey@heycater.com.
4. Duration for which personal data is stored
The criterion for the duration of storage of personal data is usually the respective legal retention period or the period for which the data is required for legal reasons. After the deadline, the corresponding data is routinely deleted, provided that it is no longer required to fulfill or initiate a contract.
5. Transfer of data
Your personal data will not be transferred to third parties for purposes other than those listed below. We will only share your personal information with third parties if:
- you have given your express consent in accordance with Article 6 (1) (a) GDPR,
- the transfer is necessary in accordance with Article 6 (1) (f) GDPR to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
- in the event that there is a legal obligation to transfer data in accordance with Article 6 (1) (c) GDPR, and
- this is legally permitted and is required in accordance with Article 6 (1) (b) GDPR to process contractual relationships with you.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this is done as part of the use of third-party services or disclosure or transfer of data to third parties, this is only done if it is done to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permits, we process or have the data processed in a third country only if the special requirements of Art. 44 ff. GDPR are met. This means that processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
5.1 Intercom
We use the services of Intercom Inc., 55 2nd Street, 4th Fl., San Francisco, CA 94105 to ensure efficient communication with our customers and visitors and to better understand your use of our services. Since we believe that efficient communication is essential for a good customer experience, we have enabled Intercom by default for all users. We provide Intercom with a limited amount of your information (such as the registration date and some personal information such as your email address) and use Intercom to collect data for analytics purposes when you visit our website or use our product. Intercom analyses your use of our website and/or product on behalf of us and tracks our relationship using cookies and similar technologies so that we can improve our service to you. You can find more information about Intercom's use of cookies at: https://www.intercom.com/terms-and-policies#cookie-policy
We also use Intercom as a medium for communication, either via email or through messages within our product (s). The Intercom messenger apps and apps in Inbox products can also give you access to other third-party apps, such as Stripe. You should consult the privacy notices of these third parties for more information about their use of your personal information. As part of our service agreements, Intercom collects publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social media handles, and physical addresses to improve your user experience.
For more information about Intercom's privacy practices, please visit: https://www.intercom.com/terms-and-policies#privacy Intercom's services are subject to Intercom's terms of use, which can be found at https://www.intercom.com/terms-and-policies#terms be able to find. If you would like to opt out of having this information collected by Intercom or transmitted to Intercom, please contact us.
6. cookies
Our websites use so-called cookies in several places. Cookies are small text files that are stored on your computer and saved by your browser. They serve to make our offering more user-friendly, effective and secure. Cookies do not contain any personal data and do not cause any damage to your device; they do not contain any malware. On the one hand, the use of cookies serves to make the use of our website more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site. In addition, we also use temporary cookies to optimize usability, which are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again. On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These cookies enable us to automatically recognize that you have already visited our site when you visit our site again. These cookies are automatically deleted after a defined period of time. The data processed through cookies is required for the stated purposes to protect our legitimate interests and those of third parties in accordance with Article 6 (1) (f) GDPR. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or that a message always appears before a new cookie is created. However, completely disabling cookies may mean that you cannot use all features of our website.
7. Analysis & marketing tools
7.1 Analysis tools
The tracking measures listed below and used by us are carried out on the basis of Article 6 (1) (f) GDPR. With the tracking measures we use, we want to ensure that our website is designed and continuously optimized. On the other hand, we use tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These interests are regarded as justified within the meaning of the above provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
7.1.1. Google Analytics
For the purpose of designing and continuously optimizing our pages to meet your needs, we use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymized user profiles are created and cookies are used. The information generated by the cookie about your use of this website, such as - browser type/version, - operating system used, - referrer URL (the previously visited page), - host name of the accessing computer (IP address), - time of the server request, is transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and Internet usage for the purposes of market research and the demand-oriented design of these websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of third parties. Under no circumstances will your IP address be combined with other data from Google. The IP addresses are anonymized so that allocation is not possible (IP masking). You can prevent the installation of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/ gaoptout?hl=de). As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie is set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. For more information about data protection in connection with Google Analytics, please see Google Analytics Help (https://support.google.com/analytics/answer/ 6004245? hl=de).
7.1.2. Google Adwords conversion tracking
In order to statistically record the use of our website and to evaluate it for the purpose of optimizing our website for you, we also use Google Conversion Tracking. Google Adwords will set a cookie on your computer if you have reached our website via a Google ad.
These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.
Each Adwords customer receives a different cookie. Cookies can therefore not be traced via the websites of Adwords customers. The information collected using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
If you do not want to participate in the tracking process, you can also refuse the necessary setting of a cookie — for example via a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate conversion tracking cookies by setting your browser to block cookies from the “www.googleadservices.com” domain. Google's privacy policy for conversion tracking can be found here.
7.1.3. Bing conversion tracking
In order to statistically record the use of our website and to evaluate it for the purpose of optimizing our website for you, we also use Bing Conversion Tracking from (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (Bing). This will set a cookie on your computer if you have reached our website via a Bing ad.
These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages on the Bing customer's website and the cookie has not yet expired, Bing and the customer can recognize that the user clicked on the ad and was redirected to that page.
Each Bing customer receives a different cookie. Cookies can therefore not be traced via the websites of Bing customers. The information collected using the conversion cookie is used to generate conversion statistics for Bing customers who have opted for conversion tracking. Bing customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
If you do not want to participate in the tracking process, you can also refuse the necessary setting of a cookie — for example via a browser setting that generally deactivates the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies. Microsoft's privacy policy on conversion tracking can be found here.
7.1.4. Hotjar
For the purpose of designing and continuously optimizing our sites and their economic operation, we use marketing services from Hotjar Ltd, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta, Europe (Hotjar) to evaluate the behavior of website visitors. In particular, anonymized data is collected via cookies (see section 5), which is used for optimization. This data has no personal reference and is not used to produce one. The collected data is automatically deleted after a few days. You can find more detailed information here in Hotjar's privacy policy
7.1.5. segment
We use marketing services from Segment.io, Inc., 100 California Street, Suite 700 (segment) for the purpose of designing and continuously optimizing our pages in line with requirements, in particular the tracking and analysis tools used, and the economic operation of our sites. In particular, anonymized data is collected via cookies (see section 5), which is used for optimization. This data has no personal reference and is not used to produce one. The collected data is automatically deleted after a few days. You can find more detailed information here in segment's privacy policy
7.1.6. Ryte
We use services provided by Ryte GmbH, Paul-Heyse-Str. 27, 80336 Munich, to analyse our shops and websites for the purpose of designing and continuously optimizing our pages as well as for the economic operation of our pages. In particular, anonymized data is collected via cookies (see section 5), which is used for optimization. This data has no personal reference and is not used to produce one. The collected data is automatically deleted after a few days. You can find more detailed information here in Ryte's privacy policy
7.1.7. Mixpanel
For the purpose of designing, continuously optimizing and operating our sites economically, we use services provided by Mixpanel, Inc., 405 Howard St., 2nd Floor, San Francisco, CA 94105 to analyze our shops and websites. In particular, anonymized data is collected via cookies (see section 5), which is used for optimization. This data has no personal reference and is not used to produce one. The collected data is automatically deleted after a few days. You can find more detailed information here in MixPanel's privacy policy.
7.1.8. Leadforensics
We use the marketing services of Leadforensics Ltd, 4 Old Park Lane Mayfair, London W1K 1QW (Leadforencis), website visits are tracked via the active business IP address used to optimize our website. Leadforencis is GDPR compliant here , for more information, see the Leadforencis privacy policy.
7.1.9. Leadfeeder
We use marketing services from Leadfeeder Ltd, 237 Glen Street, Suite #101 · Glens Falls, NY 12801 and website visits are tracked via the active business IP address used to optimize our website. Leadfeeder is GDPR compliant here , for more information, see the Leadfeeder privacy information
7.1.10. Mouseflow
This website uses Mouseflow, a web analysis tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. Data processing serves the purpose of analyzing this website and its visitors. For this purpose, data is collected and stored for marketing and optimization purposes. User profiles can be created from this data under a pseudonym. Cookies may be used for this purpose. The Mouseflow web analysis tool records randomly selected individual visits (only with an anonymized IP address).
This creates a log of mouse movements and clicks with the intention of sampling individual website visits and deriving potential improvements for the website from this. The data collected with Mouseflow will not be used to personally identify the visitor to this website and will not be combined with personal data about the bearer of the pseudonym without the separate consent of the person concerned. Processing is carried out on the basis of Art.
6 (1) f) GDPR based on the legitimate interest in direct customer communication and in designing the website in line with needs. For reasons arising from your particular situation, you have the right to object to this at any time in Art.
6 (1) f DSGVO to object to processing of personal data concerning you. To do this, you can deactivate a recording globally for the browser you are currently using on all websites that use Mouseflow under the following link: here. If you are interested in order data processing, you can complete it online with us directly via RightSignature: here.
7.2 Marketing tools
7.2.1. Facebook Pixels (Facebook Ads)
For the purpose of designing and continuously optimizing our sites and their economic operation, we use (re) marketing services provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). With this function, the provider can target visitors to the website with advertising by placing personalized, interest-based Facebook ads for visitors to the website when they visit the Facebook social network. To carry out the function, the Facebook remarketing tag is implemented on the provider's website. When you visit the website, a direct connection to the Facebook servers is established. This transmits information about the use of the websites visited.
Facebook assigns this information to your personal Facebook user account. You can find more information about the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy in here Facebook's privacy policy.
You can deactivate the functions via your Facebook user account. If you do not want Facebook to associate the collected information directly with your Facebook user account, you can deactivate the “Custom Audiences” remarketing function here. To do this, you must be logged in to Facebook.
Facebook is under the Privacy Shield Agreement certifies and thus offers a guarantee of compliance with European data protection law. The legal basis for processing data and use of (re) marketing services is the legitimate interest in analyzing, optimizing and operating our online offering within the meaning of Article 6 (1) lit. f. GDPR
7.2.2. Xing Ads
For the purpose of designing and continuously optimizing our sites and their economic operation, we also use (re) marketing services provided by XING AG, Dammtorstraße 29-32, 20354 Hamburg (“Xing”). With this function, the provider can target visitors to the website with advertising by placing personalized, interest-based Xing ads for visitors to the website when they visit the Xing network. To carry out the function, the remarketing tag from Xing is implemented on the provider's website.
You can find more information about the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy here in XING's privacy policy.
7.2.3. Linkedin Ads
For the purpose of designing and continuously optimizing our sites and their economic operation, we also use (re) marketing services from LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). With this function, the provider can target visitors to the website with advertising by placing personalized, interest-based LinkedIn ads for visitors to the website when they visit the LinkedIn network. To carry out the function, the LinkedIn remarketing tag is implemented on the provider's website. You can find more information about the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy here in Linkedin's privacy policy.
8. Newsletter delivery tool
8.1 Mailjet
Our newsletters are sent by the shipping service provider Mailjet, a service provided by Mailjet GmbH or Mailjet SAS, 13-13 bis, rue de l'Aubrac, 75012 Paris, France.
Mailjet is a European provider of email marketing and transactional emails. The data entered as part of the newsletter subscription is stored and processed on Mailjet's servers within the European Union.
Mailjet can use the recipients' data in pseudonymized form to technically optimize the sending and presentation of newsletters as well as for statistical purposes. The data of our newsletter recipients is not used to contact us independently or to pass it on to third parties.
The newsletters contain so-called tracking technologies. When the newsletter is opened, information such as browser type, operating system, IP address and time of retrieval are collected. It also records whether and when the newsletter was opened and which links were clicked on. This data is used exclusively for statistical evaluation and optimization of our newsletter communication and is not used to create a personal profile.
The legal basis for processing the data as part of sending the newsletter is your consent in accordance with Article 6 (1) (a) GDPR. The shipping service provider is also used on the basis of our legitimate interest in efficient and secure newsletter delivery in accordance with Art. 6 para. 1 lit. f DSGVO.
For more information about Mailjet's privacy policy, please see Mailjet's privacy policy at: https://www.mailjet.com/de/rechtliches/datenschutzerklaerung/
8.2 Salesforce
Our newsletters are also sent via the shipping service provider salesforce.com, inc., The Landmark @One Market, Suite 300, San Francisco, California 94105 (USA).
The shipping service provider can use the recipients' data in pseudonymous form, i.e. without attribution to a user, to optimize or improve its own services, e.g. to technically optimize the delivery and presentation of newsletters or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write to them themselves or to pass on the data to third parties.
The newsletters contain files that are retrieved from our server or from the shipping service provider's server when the newsletter is opened. This collects information about the browser, the system used, the IP address and the time of retrieval.
It is also determined whether and when the newsletter was opened and which links were followed. This is not about the basic possible attribution of data to a user, but only about the statistical evaluation of a newsletter mailing list.
You can read the shipping service provider's privacy policy here view. Salesforce Inc. is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection standards.
The legal basis for using the service and processing of data is the legitimate interest in the economic operation of our online offering within the meaning of Article 6 (1) (f) GDPR.
9. Support/communication tool
9.1 Zendesk
For the purpose of ensuring and optimizing customer support, we use services from Zendesk, Inc., 1019 Market Street, San Francisco, CA 94103, United States (zendesk). Here, the entered and necessary data is collected for the purpose of support and stored for its duration (see section 2e)). You can find more information about this here in zendesk's privacy policy.
Zendesk is under Privacy Shield Agreement certifies and thus offers a guarantee of compliance with European data protection standards.
The legal basis for using the service and processing of data is the legitimate interest in the economic operation of our online offering within the meaning of Article 6 (1) (f) GDPR.
10.Order processing/invoicing
10.1 Easybill
For order processing (in particular with regard to invoicing), we use the “easybill” service provided by easybill GmbH, Düsselstr. 21, 41564 Kaarst). Your data will only be passed on to the extent that this is actually necessary to process the order. You can find more information about this here in easybill's privacy policy.
The legal basis for using the service and processing the data is the processing of the order within the meaning of Art. 6 para. 1 lit. fb GDPR.
11. Accounting
11.1 Smacc
For financial accounting and bookkeeping purposes, we use the services of SMACC GmbH, Albert-Einstein-Ring 11, 14532 Kleinmachnow (smacc). You can find more information about this here in smacc's privacy policy.
The legal basis for using the service and processing of data is the legitimate interest in the economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR
12. Social media plug-ins
On our website, we use social plug-ins from the (social) networks Facebook, Twitter, Pinterest and LinkedIn in order to make our site better known. The underlying advertising purpose is regarded as a legitimate interest within the meaning of the GDPR. Responsibility for data protection-compliant operations must be guaranteed by their respective providers.
12.1 Facebook
Our pages use plug-ins from the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). When you access websites on our website with such a plugin, a connection to the Facebook servers is established and the plugin is displayed on the website by sending a message to your browser. This transmits to the Facebook server which of our websites you have visited. If you are logged in to Facebook as a member, Facebook assigns this information to your personal Facebook user account. When using the plugin functions (e.g. clicking on the “Like” button, submitting a comment), this information is also assigned to your Facebook account, which you can only prevent by logging out before using the plugin. If you do not want Facebook to associate the data collected via our website with your Facebook account, you must log out of Facebook before visiting our website. Please refer to the purpose and scope of data collection and further processing and use of the data by Facebook as well as your related rights and settings options to protect your privacy here Facebook's privacy policy.
12.2 Twitter
Functions of the Twitter service are integrated into our pages. These functions are offered by Twitter Inc., Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Retweet” function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transferred to Twitter. You can set your privacy settings on Twitter in your account settings at: http://twitter.com/account/settings change. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Twitter. If you do not want Twitter to be able to associate your visit to our pages, please log out of your Twitter user account. You can find more information about this here in Twitter's privacy policy.
12.3 Pinterest
Features of the Pinterest service are integrated on our pages. These functions are offered by Pinterest Inc., 808 Brannan St, San Francisco, CA 94103, USA. By using Pinterest, the websites you visit are linked to your Pinterest account and made known to other users. In the process, data is also transferred to Pinterest. You can set your privacy settings on Pinterest at http://pinterest.com/about/privacy carry out. You can find more information about this here in Pinterest's privacy policy.
12.4 LinkedIn
Plug-ins from the LinkedIn network are used on our pages. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. When you visit the LinkedIn page via our website, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our websites using your IP address. If you click on LinkedIn's “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to associate your visit to our website with you and your user account.
You can find more information about this here in LinkedIn's privacy policy.
13. Integration of third-party services and content
On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Article 6 (1) (f) GDPR), we use content or service offerings from third parties to integrate their content and services.
This always requires that the third-party providers of this content recognize the users' IP addresses, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. In addition, information about visitor traffic on the pages of this website can be evaluated (for cookies, see section 5).
YouTube
Videos from the “YouTube” platform from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, are integrated. Privacy statement: https://policies.google.com/privacy?hl=de
Google Maps
Maps from the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, are integrated. Privacy statement: https://policies.google.com/privacy?hl=de
Google Fonts
Fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, are integrated. Privacy statement: https://policies.google.com/privacy?hl=de
14. Rights of data subjects
You have the right to:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can provide information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of correction, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of their data, unless they have been collected by us, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about request their details;
- in accordance with Article 16 GDPR, to immediately request the correction of incorrect or completed personal data stored by us;
- to request the deletion of your personal data stored by us in accordance with Article 17 GDPR, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- to request the restriction of the processing of your personal data in accordance with Article 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to processing in accordance with Article 21 GDPR;
- in accordance with Article 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible; - in accordance with Article 7 (3) GDPR, to withdraw your consent to us at any time. As a result, we are no longer allowed to continue data processing based on this consent in the future and
- to complain to a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or place of work.
15. Right of objection
If your personal data is processed on the basis of legitimate interests in accordance with Article 6 (1) (f) GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation. If you would like to exercise your right of revocation or objection, simply send an email to hey@heycater.com
16. data security
When you visit our website, we use the common SSL (Secure Socket Layer) procedure in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock icon in the lower status bar of your browser. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are constantly being improved in line with technological developments.
17. Timeliness and amendment of this privacy policy
This privacy policy is currently valid and was last updated in May 2018. As a result of the further development of our website and offers, or as a result of changes in legal or regulatory requirements, it may be necessary to amend this privacy policy. You can access and print out the current privacy policy here at any time.
.png)
.png)
.png)
