Privacy Policy
Data protection is a matter of trust, and your trust is important to us. We respect your privacy and your personal sphere. The responsible and lawful treatment of personal data is of extreme importance to Tastier.
1. What is it about?
This Privacy Policy (“PP”) refers to the personal data and personally identifiable information (collectively “personal data”) that Tastier Ltd (“Tastier” or “we”) collects, uses and processes (collectively “processes” or “processing”) when goods and services (collectively “Services”) provided by Tastier are used directly or indirectly (collectively “usage” respectively “user”). In this PP, we often refer to users as “you”.
The Services may include, for example, websites, applications for mobile devices, e-mails, other components of the Tastier IT-System (“Tastier System”), presence on external platforms (e.g. social media).
Direct and indirect use
In the case of direct use, Tastier normally appears visible to the user as the (co-)provider of the Service. Indirect use occurs when Tastier receives data from third parties (companies or individuals with which Tastier is not affiliated; in the case of companies, hereinafter referred to as “Third-Party Companies”) by entering the data into a computer system integrated with the Tastier System or by manually entering or importing data into the Tastier System.
Definitions
In this PP, we use terms and abbreviations that are defined by the PP itself – often with brackets and quotation marks: (“term”) – or terms from the relevant laws. We do not want to repeat the laws here, or only to the extent necessary, so we recommend reading the relevant laws for a better understanding of this PP. The relevant laws are listed non-exhaustively in the “legal basis” section. We are always happy to answer any questions you may have.
Legal basis
Tastier is subject to the Swiss Federal Act on Data Protection (FADP) and the corresponding ordinances. In addition, under certain circumstances, Tastier must comply with the European Data Protection Regulation GDPR (EU/2016/679).
In substance, Tastier is subject only to Swiss law and, as far as possible, the application of international treaties, conventions and laws of any kind is excluded.
Validity
By using our Services, you accept this PP.
Tastier reserves the right to modify this PP. By continuing to use the Services after a change, you agree to be bound by the then current PP. We recommend you to visit this page regularly to keep up to date with any changes. In the event of major changes, we usually try to proactively inform you if we have contact details from you that allow efficient communication (e.g. your e-mail address).
2. Who is responsible for data processing? Who can you contact?
Tastier Ltd
Aemtlerstrasse 16
8003 Zurich
Switzerland
+41 76 784 44 68
Data Protection Officer (global)
We inform all relevant supervisory authorities that Michael Zoller – see above for contact details – is the Data Protection Officer.
EU Data Protection Representative
Ingo Zoller
Kurpfalzstraße 7
68542 Heddesheim
Germany
If possible, please contact the above-mentioned Data Protection Officer with any questions.
List of processing activities
Tastier and the EU Data Protection Representative declare this PP to be a list of their respective processing activities.
3. Which data are processed?
When you use the Services of Tastier, personal data are processed. Personal data are data by which you can be personally identified. These can be:
- Data that you share with us, e.g. by filling out forms, registering means of payments, giving Tastier access to third party data (e.g. social logins), sending e-mails, sending physical documents, scanning QR codes, uploading images, navigating or interacting with our Services, e.g. ordering items, paying for items, clicking on links, entering data into a data processing system that is integrated with the Tastier System, or from which data are imported into the Tastier System
- Data that are automatically collected when you use our Services, e.g. internet browser, device information, IP address, time
The data can be divided into the following categories:
- Master and contact data (e.g. name, address, telephone number, e-mail address, associated company)
- Content data (e.g. texts, images, videos, payment methods)
- Usage data (e.g. visited websites, links, logins, orders, payments, tips, time)
- Metadata (e.g. device information, IP address)
In very simplified and somewhat abbreviated terms, we process data that you explicitly provide us with, as well as data that are usually collected by companies with web-based services and digital customer traffic.
4. Whose data are processed?
Of the persons who directly or indirectly use Tastier’s Services (“users”).
Indirect use
If you provide us with information about other individuals to the extent permitted by law (e.g. for the purpose of issuing an invoice, or if your employees use a system integrated with or from which the information is imported into the Tastier System), you confirm that you are doing so in accordance with all applicable data protection laws and that you have informed the individuals concerned and obtained their consent to the processing of their personal data for the purposes described in this PP.
Minors
Tastier never consciously processes personal data of minors under the age of 13 and, provided that consent is required in accordance with art. 6 para. 1 lit. a GDPR (see also: 5. For what purpose are data processed?) and the Service is solely provided in digital form, of persons under the age of 16. If you believe that your child has used the Services of Tastier and has therefore provided us with personal data, but has not reached the appropriate age or lacks the necessary judgement required for these purposes, please send us full parental consent or request deletion of the data in question (see also: 10. What rights do you have over your data?).
5. For what purpose are data processed?
- Sale and provision of our Services (art. 6 para. 1 sentence 1 lit. b GDPR; possibly in connection with art. 6 para. 1 sentence 1 lit. c GDPR, if this applies to our customers (hereinafter referred to as “Contract Partners” – Contract Partners are e.g. companies that provide Tastier’s Services to their end users); art. 6 para. 1 sentence 1 lit. f GDPR)
- Improvement and further development of our Services (art. 6 para. 1 sentence 1 lit. f GDPR)
- Supporting Contract Partners and users and communicating with them (art. 6 para. 1 sentence 1 lit. f GDPR)
- Safeguarding the security and economic interests of our Contract Partners, our users and Tastier (art. 6 para. 1 sentence 1 lit. b GDPR, art. 6 para. 1 sentence 1 lit. f GDPR)
- Marketing and advertising – only if you have given your consent (art. 6 para. 1 sentence 1 lit. a GDPR) or with regard to Tastier Services that are similar to the Services in which you are interested, which you use or have used (art. 6 para. 1 sentence 1 lit. f GDPR)
The articles in brackets state the applicable legal basis.
There is no automated decision-making, including profiling.
6. Who, other than Tastier, receives the data?
In principle, Tastier does not disclose any personal data to other companies or persons, except:
- These carry out administrative tasks in a service provider relationship, without decision-making power on the use of the data (“Data Processor”).
- To some “Joint Controllers”. Joint Controllers are Third-Party Companies that receive personal data from Tastier and use it in principle for their own purposes. These may include the following:
- Individual Contract Partners who have signed that they will handle the data carefully, only use it for the agreed purposes and adhere to Tastier’s PP. Contract Partners only receive data from users who have used Tastier’s Services in or in connection with a location of the Contract Partner, unless you have explicitly agreed otherwise.
- “Analytics Providers”. Analytics providers process data about the use of a website. They set their own cookies for this purpose (see below) and process the data in accordance with their own privacy policy. The privacy policy can be viewed at the respective provider and you can raise your data protection rights concerning the provider with the data protection officer or representative of the respective provider. We do not currently use any analytics providers on go.tastier.ch.
- When you register or log in with social login, the provider of the social login (“Social Login Provider”) learns that you use Tastier and when you register, log in and log out. Tastier does not share any other data with the Social Login Provider and does not create any posts on the relevant social media. Social login providers set their own cookies (see below) and process data according to their own privacy policy. The privacy policy can be viewed at the respective provider and you can raise your data protection rights concerning the provider with the data protection officer or representative of the respective provider.
- If you contact us with commercial intentions (e.g. as a representative of a company interested in our Services) your data may be entered into our CRM system and the interactions with you may be recorded in this system. The data are stored until they are no longer considered relevant by us, e.g. because your company no longer exists, because you have left the company or because Tastier no longer offers services in your sector. In addition, the privacy policy of the respective provider applies.
- Tastier acts as a Data Processor in relation to Third-Party Companies. In this case, Tastier may transfer the data received to the Third-Party Company and process them in accordance with the privacy policy of the latter.
- Laws, regulatory requirements or legal proceedings require so.
Data Processors can be, for example:
- Hosting providers (Tastier System, e-mail, SMS)
- Payment service providers
- External programmers
Joint Controllers may be, for example:
- Contract Partners
- Analytics Providers such as Google
- Social Login Providers such as Facebook, Google, LinkedIn
- CRM providers
7. When will the data be deleted?
Most data are deleted after a short period of time, unless there are reasons to the contrary respectively the following exceptions:
- Legal requirements (e.g. payment data must be retained for accounting and billing purposes)
- Registered users (you have permanently registered via “Register”, “Permanent registration” or similar): In principle, data will only be deleted upon request. Visits recorded within the scope of visitor registration are usually deleted after 14 days.
- In the event of suspected or actual misuse or violation of our Terms of Use for Users or GTC for Contract Partners or in the event of suspected or actual illegal activities, or as a prevention against such: Tastier may immediately delete data at any time without prior notice and without stating reasons, in particular access data and means of payment.
- The data have been rendered anonymous (e.g. for statistical, research and study purposes).
- The data continue to serve a purpose according to: 5. For what purpose are data processed?
In principle, Tastier has no obligation to retain data vis-à-vis you. In order to protect your interests and/or those of Tastier, Tastier may, subject to legal retention obligations, delete data in individual cases or at a broad level at any time at its own discretion. Furthermore, technical errors can lead to complete or partial data loss. Always save important data locally as well.
8. What about the use of specific Tastier Services?
The statements contained in this PP generally apply to all Tastier Services. The following can be specified for individual Tastier Services:
Visitor registration (you have registered temporarily via “Enter data”, “one-time / short-term use” or similar)
- Purpose and disclosure:
- Personal details and visit data (“Tastier Data”) are used for disclosure to the Contract Partner, who can view and download the data, for purposes defined by the Contract Partner (“Purpose of Use”). The Purpose of Use is not contractually regulated with Tastier.
- By signing a data transfer agreement with Tastier, the Contract Partner has undertaken to inform you of the Purpose of Use, to make copies of the Tastier Data only for the Purpose of Use and to delete these completely at the latest on expiry of the communicated retention period, calculated from the time of data collection by Tastier, or if the Purpose of Use no longer applies. Processing for other purposes is not permitted.
- Deletion: As a rule, all Tastier Data will be completely deleted by Tastier after 14 days. Exceptions may exist if Tastier uses technical means to protect itself against a total loss of all data (“Backup”). In addition, exceptions may exist for personal data if you make use of additional other Services provided by Tastier, but visit data will also be deleted in this case.
Order & Pay
Purpose and disclosure:
- Sensitive payment data is not processed by Tastier (for credit cards according to Payment Card Industry Data Security Standard “PCI-DSS”).
- If you use Tastier without permanent registration, your means of payment data will be deleted by Tastier after 4 hours. Means of payment data used for payments or payment attempts are stored by Tastier in abbreviated form to enable processes such as complaints and refunds.
- The Contract Partner receives usage data (e.g. orders, payments, tips, time). These are not personal, i.e. your contact data (e.g. name, address, telephone number, e-mail address) are not passed on or are shortened to the essentials (e.g. first name, initial of surname). In individual cases, it is possible for a defined group of users of the Contract Partner to call up payment method data (e.g. payment provider, last 4 digits of the card number, expiry date, issuing country) in relation to your usage data. As a rule, these do not allow any conclusion to be drawn about personal data (e.g. cardholder). Tastier may pass on further data to the Contract Partner if there is suspicion of misuse or if this is deemed necessary to protect the security and economic interests of our Contract Partners, our users and Tastier.
9. Do data get transferred abroad?
The short answer is yes, it is possible. As a technology company, we use many services of companies abroad – see the list of Data Processors and Joint Controllers above. From a data protection point of view, a distinction must be made between:
- EU countries: most of our data are stored in EU countries. The EU currently has roughly equivalent data protection laws to Switzerland.
- USA: few Data Processors and Joint Controllers have their data centres in the USA. The USA does not have data protection laws equivalent to those of the EU or Switzerland.
In principle, we have concluded agreements with all Data Processors that guarantee data protection to the usual extent.
10. What rights do you have related to your data?
You have the right to request at any time free of charge:
- Information
- Rectification
- Deletion
- Limitation of processing
- Transfer to another provider
- Revocation of consent to data processing, if you have given such. To unsubscribe from the newsletter, simply click on the unsubscribe link contained in every Tastier newsletter
- Complaint to a competent supervisory authority
To do so, please contact the e-mail address mentioned in this PP. Tastier may charge a maximum fee of 350 CHF, excluding VAT, from the second request of information.
11. How does Tastier protect my data?
Taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of users, Tastier and our Data Processors shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including, where necessary, the following:
- the pseudonymisation and encryption of personal data and the encryption of communication between the different components of the Tastier System;
- the endeavour to ensure the confidentiality, integrity, availability and resilience of the Tastier System as much as possible in perpetuity;
- The ability to quickly restore personal data and access to it via Backup in the event of a physical or technical incident;
- the review, assessment and evaluation of the effectiveness of the technical and organisational measures to ensure the security of the processing.
12. Cookies
Tastier uses cookies. Cookies are small text files that are temporarily or permanently stored in your device or browser (e.g. Chrome, Safari, Firefox) when you visit a website. Cookies can be set by Tastier itself or by Third-Party Companies whose services Tastier uses. The main purpose of the cookies is the correct and efficient provision of services. The use of technically unnecessary cookies (e.g. to perform analytics) on Tastier’s website requires your consent. You can prevent the storage and / or reading of cookies in whole or in part by not giving Tastier appropriate consent and / or by making appropriate settings in your browser, including, for example, blocking cookies in general, deleting cookies or using private / incognito mode. However, we would like to point out that Tastier may not function properly or at all if these measures are applied.
13. Google Analytics
Tastier uses Google Analytics, a web analytics service provided by Google LLC, on tastier.ch (the main site, but not on subdomains such as go.tastier.ch). The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses cookies that enable an analysis of your use of our website. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.
We use the function ‘anonymizeIP’ (so-called IP masking): Due to the activation of IP anonymisation on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your (pseudonymous) use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns.