Data protection is a matter of trust, and your trust is important to us. We respect your privacy and your personal sphere. The responsible and lawful treatment of personal data is of extreme importance to Tastier.
1. What is it about?
The services may include, for example, websites, applications for mobile devices, e-mail, other components of the Tastier IT-System (“Tastier system”), presence on external platforms (e.g. social media).
Direct and indirect use
In the case of direct use, Tastier normally appears visible to the user as the (co-)provider of the service. Indirect use occurs when Tastier receives data from third parties (companies or individuals with which Tastier is not affiliated; in the case of companies, hereinafter referred to as “third-party companies”) by entering the data into a computer system integrated with the Tastier system or by manually entering or importing data into the Tastier system.
In this PP, we use terms and abbreviations that are defined by the PP itself – often with brackets and quotation marks: (“term”) – or terms from the relevant laws. We do not want to repeat the laws here, or only to the extent necessary, so we recommend reading the relevant laws for a better understanding of this PP. The relevant laws are listed non-exhaustively in the “legal basis” section. We are always happy to answer any questions you may have.
Tastier is subject to the Swiss Federal Act on Data Protection (FADP) and the corresponding ordinances. In addition, under certain circumstances, Tastier must observe the European Data Protection Regulation GDPR (EU/2016/679).
In substance, Tastier is subject only to Swiss law and, as far as possible, the application of international treaties, conventions and laws of any kind is excluded.
By using our services, you accept this PP.
Tastier reserves the right to modify this PP. By continuing to use the services after a change, you accept the updated PP. We recommend you to visit this page regularly to keep up to date with all new features. In the event of major changes, we usually try to proactively inform you if we have your contact details that allow an efficient communication (e.g. your e-mail address).
2. Who is responsible for data processing? Who can you contact?
+41 76 784 44 68
Data Protection Officer (Global)
We inform all relevant supervisory authorities that Michael Zoller – see above for contact details – is the Data Protection Officer.
EU Data Protection Representative
Brüsseler Ring 113
If possible, please contact the above-mentioned Data Protection Officer with any questions.
List of processing activities
Tastier and the EU Data Protection Representative declare this PP to be a list of their respective processing activities.
3. Which data are processed?
When you use the services of Tastier, personal data are processed. Personal data are data by which you can be personally identified. These can be:
- Data that you share with us, e.g. by filling out forms, collecting payments, giving Tastier access to third party data (e.g. social logins), sending e-mails, sending physical documents, scanning QR codes, uploading images, browsing or interacting with our services, e.g. ordering items, paying for items, clicking on links, entering data into a data processing system that is integrated with the Tastier system, or from which data are imported into the Tastier system.
- Data that are automatically collected when you use our services, e.g. Internet browser, device information, IP address, time.
The data can be divided into the following categories:
- Master and contact data (e.g. name, address, telephone number, e-mail address, associated company)
- Content data (e.g. texts, images, videos, payment methods)
- Usage data (e.g. visited websites, links, logins, orders, payments, tips, time)
- Metadata (e.g. device information, IP address)
In very simplified and somewhat abbreviated terms, we process data that you explicitly provide us with, as well as data that are usually collected by companies with web-based services and digital customer traffic.
4. Whose data are processed?
Of the persons who directly or indirectly use Tastier’s services (“users”).
If you provide us with information about other individuals to the extent permitted by law (e.g. for the purpose of issuing an invoice, or if your employees use a system integrated with or from which the information is imported into the Tastier system), you confirm that you are doing so in accordance with all applicable data protection laws and that you have informed the individuals concerned and obtained their consent to the processing of their personal data for the purposes described in this PP.
Tastier never consciously processes personal data of minors under the age of 13 and, provided that consent is required in accordance with art. 6 para. 1 lit. a GDPR (see also: 5. For what purpose are data processed?) and the service is solely provided in digital form, of persons under the age of 16. If you believe that your child has used the services of Tastier and has therefore provided us with personal data, but has not reached the appropriate age or lacks the necessary judgement required for these purposes, please send us full parental consent or request deletion of the data in question (see also: 10. What rights do you have over your data?).
5. For what purpose are data processed?
- Sale and provision of our services (art. 6 para. 1 lit. b GDPR; possibly in connection with art. 6 para. 1 lit. c GDPR, if this applies to our customers, hereinafter referred to as “partner venues” – partner venues are e.g. companies that provide Tastier’s services to their end users; art. 6 para. 1 lit. f GDPR)
- Improvement and further development of our services (art. 6 para. 1 lit. f GDPR)
- Supporting partner venues and users and communicating with them (art. 6 para. 1 lit. f GDPR)
- Safeguarding the security and economic interests of our partner venues, our users and Tastier (art. 6 para. 1 lit. b GDPR, art. 6 para. 1 lit. f GDPR)
- Marketing and advertising – only if you have given your consent (art. 6 para. 1 lit. a GDPR) or with regard to Tastier services that are similar to the services in which you are interested, which you use or have used (art. 6 para. 1 lit. f GDPR)
The articles in brackets state the applicable legal basis.
There is no automated decision-making, including profiling.
6. Who, other than Tastier, receives the data?
In principle, Tastier does not disclose any personal data to other companies or persons, except:
- These carry out administrative tasks in a service provider relationship, without decision-making power on the use of the data (“data processor”)
- To some “joint controllers”. Joint controllers are third-party companies that receive personal data from Tastier and use it in principle for their own purposes. These may include the following:
- Individual partner venues who have agreed that they will treat the data with care, use it only for the agreed purposes and adhere to Tastier’s PP. Partner venues only receive data from users who have used Tastier’s services in connection with the respective partner venue, unless the user has explicitly agreed otherwise.
- Laws, regulatory requirements or legal proceedings require so.
Processors can be, for example:
- Hosting providers (Tastier system, e-mail, SMS)
- Payment service providers
- External programmers
Joint controllers may be, for example:
- Partner venues
- Analytics providers such as Google
- Social login providers such as Facebook, Google, LinkedIn
- CRM providers
7. When will the data be deleted?
Most data are deleted after a short period of time, unless there are reasons to the contrary respectively the following exceptions:
- Legal requirements (e.g. payment data must be retained for accounting and billing purposes).
- Registered users (you have permanently registered with reference to “registration” or similar): in principle, data will only be deleted on request. If you use Tastier in a partner venue that only uses the Corona contact data collection service, your visits will be deleted after expiry of the statutory retention period.
- In the event of suspected or actual abuse or violation of our terms and conditions or in the event of suspected or actual illicit activities, or as a preventive measure against such activities: Tastier may delete data at any time, in particular access data and means of payment, without prior notice and without stating reasons.
- The data have been rendered anonymous (e.g. for statistical, research and study purposes).
- The data continue to serve a purpose according to: 5. For what purpose are the data processed?
8. What about the use of specific Tastier services?
The statements contained in this PP generally apply to all Tastier services. The following can be specified for individual Tastier services:
Collection of Corona contact data (you have temporarily registered with reference to “Enter contact data” or similar)
- Purpose and transfer:
- The contact data are used to be transferred to health authorities, if these have requested them, from Tastier or from the partner venue concerned on the basis of a suspected Corona infection (“purpose of use”). Tastier will transfer the data to the partner venue or directly to the health authorities. If the data are transferred to the partner venue, the partner venue is obliged to use the data only for the purpose of use and to delete them completely at the latest upon expiry of the legal retention period calculated from the time the data were collected by Tastier.
- After signing a data protection agreement with Tastier, single partner venues may view and download their visitors’ data (“Tastier data”), without the intervention of Tastier, in the event of a request from the health authorities. The partner venue agrees to make copies of Tastier data only for the purpose of use and to delete them completely at the latest on expiry of the legal retention period, calculated from the time the data were collected by Tastier. Processing for other purposes is not permitted. In particular, the processing of Tastier data for advertising purposes, for transfer to third parties (with the exception of contact tracing authorities) and subcontractors is not permitted.
- Contact data will not be used by Tastier for advertising purposes.
- Certain data, such as your first and last name and, if applicable, your e-mail address, can be viewed by the operating staff of the partner venue if you show them your mobile phone with the corresponding screen. In this case, the data will be used to check the success of the registration and, if necessary, to carry out further checks of the data entered.
- Deletion: all data will be completely deleted at the end of the legally prescribed retention period (e.g. Switzerland: 14 days, Germany: 1 month). Exceptions may apply for data requested by health authorities and short-term when Tastier uses technical means to protect itself against the total loss of data (“backup”).
Order & Pay
- Sensitive credit card data are not processed by Tastier (according to the Payment Card Industry Security Standards Council).
- Partner venues do not receive any personal data. In individual cases, the staff of a partner venue may be able to establish a link between the data of the partner venue that Tastier makes available (e.g. invoices, orders, payments) and you as an individual.
9. Do data get transferred abroad?
The short answer is yes, it is possible. As a technology company, we use many services of companies abroad – see the list of processors and joint processors above. From a data protection point of view, a distinction must be made between:
- Other EU countries: most of our data are stored in other EU countries. The EU currently has stricter data protection laws than Switzerland.
- USA: few processors and joint processors have their data centres in the USA. The USA does not have data protection laws equivalent to those of the EU or Switzerland.
In principle, we have concluded agreements with all processors that guarantee data protection to the usual extent.
10. What rights do you have related to your data?
You have the right to request at any time free of charge:
- Limitation of processing
- Transfer to another provider
- Revocation of consent to data processing, if you have given such. To unsubscribe from the newsletter, simply click on the unsubscribe link contained in every Tastier newsletter
- Complaint to a competent supervisory authority
To do so, please contact the e-mail address mentioned in this PP. Tastier may charge a maximum fee of 350 CHF, excluding VAT, from the second request of information.
11. How does Tastier protect my data?
Taking into account the state of the art, the cost of implementation, the type, scope, circumstances and purpose of the processing, as well as the varying probability and gravity of the risk to the rights and freedoms of users, Tastier and our data processers shall take appropriate technical and organisational measures to ensure a level of protection commensurate with the risk. These measures may include, but are not limited to:
- the pseudonymisation and encryption of personal data, the encryption of communication between the different components of the Tastier system;
- the commitment to ensure the confidentiality, integrity, availability and resilience of the Tastier system in the long term, if possible;
- the ability to quickly restore and access personal data through backup in the event of a physical or technical incident;
- the review, verification and evaluation of the effectiveness of technical and organisational measures in regard to the security of processing.
13. Google Analytics
Tastier uses Google Analytics, a web analytics service from Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. In the event of activation of the IP anonymisation service on this website, however, your IP address will be shortened in advance by Google in member states of the European Union or other contracting states to the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.