Data Protection Limendo Kassa & Menu
General Information
- This Data Protection Declaration (Privacy Policy) applies to the service—the cash register software KASSA and the ordering software MENU
- Only the German version of these data protection provisions is authoritative. It is possible that translations are not always complete and up-to-date.
Scope of the Data Protection Policy & Cookie Policy
Pursuant to Art. 13 of Regulation (EU) 2016/679 (GDPR) and Measure No. 231 of June 10, 2021, on the use of cookies, we hereby inform visitors to the website about the use of transmitted data and the cookies used by the website. This Data Protection Declaration also complies with Recommendation No. 2/2001 adopted by the working group established pursuant to Article 29 of Directive 95/46/EC.
It refers to the KASSA and MENU services operated by Limendo GmbH, but not to other linked websites or services.
Data Controller
When visiting the website, personal data or other data linkable to the user may be processed, including those collected through the use of cookies. The Data Controller is Limendo GmbH, with its registered office at Enrico-Fermi-Straße 20/B, 39100 Bozen (Bolzano). The Controller can be reached using the following contact details:
Tel.: +39 0471 1800 390
Mail: mail@limendo.com
Purpose and Methods of Processing
BROWSING DATA
The computer systems and software procedures used for the operation of this website collect certain personal data during their normal operation, the transmission of which is implicit in the use of internet communication protocols. This information is not collected to be associated with identified individuals, but by its nature, through processing and linking with data held by third parties, it could enable the identification of users. This data category includes IP addresses or domain names of the computers used by users to connect to the website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), and other parameters related to the operating system and the user's computer environment. This data will only be used to obtain anonymous statistical information about the use of the website and to check its correct functioning, and will be deleted immediately after processing. The data could be used to ascertain responsibility in the event of presumed computer crime detrimental to the website.
COOKIES AND PASSIVE IDENTIFIERS
Cookies are small, usually alphanumeric text files, which are stored in the memory of your browser or your device when visiting a website and can be stored for the duration of the visit or longer. Based on these cookies, a server can recognize you after the initial visit. Measure No. 231 of the Italian Data Protection Authority of June 10, 2021, dictates that technical cookies do not require consent, as they are necessary for the operation of the website. SSL Encryption
To protect the security of your data during transmission, we use encryption procedures (e.g., SSL) corresponding to the current state of the art via HTTPS.
REGISTRATION MENU and KASSA
In our services, you have the option to register by providing certain personal data. The data is entered into an input mask, transmitted to us, and stored. There is no disclosure of this data to third parties in this context. During registration, your name, email address, and the date and time of your registration are collected, among other data. Further information can be added optionally, such as your address, your contact and communication details, and your telephone number. As an end-user (MENU only), you also have the option to inform us of your preferences regarding ingredients you enjoy. You can "deselect" ingredients, and these ingredients will subsequently no longer be displayed to you on our platform until you choose to "display" them again. You also have the option to "rank" ingredients (Ranking from 1 to 10) to be shown the dishes that appeal to you most. You can change or delete this data at any time. As part of the registration process, the user's consent to the processing of the above-mentioned data is obtained. The legal basis for the processing of this data, in the presence of such user consent, is Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time or independently change this data directly. An informal notification via email to us is sufficient to withdraw consent. The withdrawal of consent does not affect the legality of the processing carried out based on the consent until the withdrawal. Please note that user registration is required for the provision of certain content and services of "Menu". If you are registered with us, you can also access content and services that we only offer to registered users. In this case, your registration is necessary for the fulfillment of the contract or for carrying out pre-contractual measures. In this case, the additional legal basis for data processing is Art. 6 para. 1 lit. b) GDPR.
DISCLOSURE OF DATA TO PAYMENT SERVICE PROVIDERS DURING PAYMENT
STRIPE
In the backend of “Menu”, we use the services of the payment provider Stripe, Inc., a company incorporated under the laws of the State of Delaware (USA) with its registered office at 510 Townsend Street, San Francisco, CA 94103, USA (hereinafter “Stripe”), to process our transactions. The restaurant or service businesses conclude their own contract with Stripe for this purpose and register directly with Stripe. If you, as an end user, process transactions via “Menu”, your transaction data—for example, credit card details—will be transmitted to Stripe and processed by that company. Depending on the type of transaction you choose, the data may also be passed on by Stripe to third parties, e.g., when using Apple Pay. DStripe’s privacy policy is available at https://stripe.com/IT/privacy. The legal basis for processing and transferring data to Stripe is Art. 6(1)(b) GDPR, as this is necessary for the performance of a contract in the interest of the data subject. Stripe has implemented compliance measures for international data transfers. These apply to all global activities in which Stripe processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).
PAYPAL
In the backend of “Menu”, we use the services of the payment provider PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg) to process our transactions. The restaurant or service businesses conclude their own contract with PayPal for this purpose and register directly with PayPal. If you, as an end user, process transactions via “Menu”, your transaction data—for example, credit card details—will be transmitted to PayPal and processed by that company. PayPal’s privacy policy is available at https://www.paypal.com/de/webapps/mpp/ua/privacy-full. The legal basis for processing and transferring data to PayPal is Art. 6(1)(b) GDPR, as this is necessary for the performance of a contract in the interest of the data subject.
NEWSLETTER
At certain points, you can register for a newsletter, which you will then receive from the chosen service or gastronomy provider. During newsletter registration, the data entered in the input form is transmitted to us. The processing of your data serves to deliver the newsletter. Subscribers may also be informed by email about circumstances relevant to the service or registration (for example, changes to the newsletter offering or technical conditions). Menu uses the service “MailChimp” by The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (hereinafter “The Rocket Science Group LLC”) to send the newsletter. For this purpose, your personal data is transferred to The Rocket Science Group LLC. Mailchimp has implemented compliance measures for international data transfers. These apply to all global activities in which Mailchimp processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). Further information can be found at: https://mailchimp.com/legal/data-processing-addendum/Your consent is obtained during the newsletter registration process for the processing and forwarding of your data. The legal basis for processing and forwarding the data after newsletter registration is therefore Art. 6(1)(a) GDPR. You can withdraw your consent for the processing or forwarding of your personal data and for their use in sending the newsletter at any time, and you can cancel the newsletter subscription at any time. The withdrawal of consent or cancellation does not affect the legality of processing carried out based on your consent up to the time of withdrawal or cancellation. Mandatory legal provisions—especially retention periods—remain unaffected. Please note that you will no longer receive the newsletter if you withdraw your consent to the processing and/or forwarding of your data. The data collected by us during newsletter registration and sending is deleted as soon as it is no longer required for the purpose for which it was collected. The user’s email address is therefore stored as long as the newsletter subscription is active.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR TO INTERNATIONAL ORGANIZATIONS
Your data is not transferred in any way to third countries outside the EU or to international organizations, nor is it stored on servers located in third countries.
AUTOMATED DECISIONS
The controller does not use any system for automated decision-making regarding your personal data.
RIGHTS OF THE DATA SUBJECT
You have the right at any time to request access to your data from the controller, as well as to request its correction or deletion. You will receive a written response within 30 days, if applicable, also electronically (unless you explicitly request an oral response). You also have the right to request restriction of processing or to object to it. You may also request the portability of your data to another controller. You may also withdraw the consents given on this website at any time. To withdraw one or more of the given consents, simply contact one of the addresses mentioned above. If you believe that your data has been processed unlawfully, you have the right to lodge a complaint with the supervisory authority.
METHODS OF DATA PROCESSING
The processing of personal data is carried out through automated systems and/or manually and lasts only as long as necessary to achieve the stated purposes of data processing, in compliance with applicable legal provisions.
VOLUNTARINESS OF DATA SUBMISSION
Except for navigation data, it is the user’s free choice whether to provide personal data or not. The only consequence of not providing personal data may be that certain website services cannot be provided.
RIGHTS OF THE DATA SUBJECT
The data subject may contact the processor or the controller to assert their rights, as provided in Article 7 of GV No. 196/2003, which is reproduced in full here and supplemented with passages from the EU GDPR.
Article 7 – Right of Access to Personal Data and Other Rights
1. The data subject has the right to obtain confirmation of the existence or non-existence of personal data concerning them, even if not yet registered, and to receive this information in an understandable form. The data subject is entitled to receive the following information:
a) Source of the personal data;
b) Purpose and type of processing;
c) System used for processing using electronic means;
d) Data to identify the owner, controller, and representative according to Art. 5(2);
e) Persons or groups of persons to whom personal data may be disclosed, or who, as designated representatives in the state, controllers, or processors, may become aware of them (this right of access is also enshrined in Art. 15 EU GDPR).
2. The data subject is entitled to receive the following:
a) The update, correction, or, if interested, the completion of the data (this right to rectification is also found in Art. 16 EU GDPR);
b) The deletion, anonymization, or blocking of unlawfully processed data, including data whose retention is unnecessary for the purposes for which it was collected or processed (this right to erasure is also found in Art. 17 EU GDPR);
c) Confirmation that the steps in a) and b) have been communicated to those to whom the data has already been transmitted, including the content thereof, unless this is impossible or d.
3. The data subject has the right to object, in whole or in part: a) to the processing of personal data concerning them for legitimate reasons, even if it serves the purpose of collection; b) to the processing of personal data concerning them for the purpose of sending advertising or direct marketing materials, or for market research or sales communications (right to object also in Art. 21 EU GDPR).
4. You have the right to request from us a restriction of data processing (right to restriction under Art. 18 EU GDPR).
5. You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract, either yourself or a third party, in a commonly used, machine-readable format. If you request the direct transfer of data to another controller, this will be done only to the extent technically feasible (right to data portability under Art. 20 EU GDPR).
RETENTION PERIODS
We store personal data in compliance with GDPR/EU GDPR and adhere to statutory retention periods.
CHANGES TO THE DATA PROTECTION POLICY
Over time, changes to this data protection policy may be necessary; therefore, users are advised to consult it regularly. LIMENDO will inform users with links and notices at appropriate places on the website about the existence of new versions of these provisions, e.g., as a notice on the homepage. Where required by applicable law, LIMENDO will request users’ consent for specific data processing activities.
.svg)