Data protection declaration of GMS GOURMET GmbH
Protecting your personal data and privacy is very important to us. We process your personal data exclusively within the framework of the provisions of the General Data Protection Regulation (GDPR) and the Data Protection Act (DSG). Below we will inform you about our company and the type, scope and purpose of data collection and use:
Contact details of the responsible entity
GMS GOURMET GmbH
Oberlaaer Straße 298
1230 Vienna
Tel. +43 (0) 50/8760
Our privacy policy explains:
- What information we collect and for what reason;
- How we use this information;
- Your rights as a data subject
We process personal data exclusively on one of the following legal bases:
- Your consent
- On a contractual basis
- Based on legitimate interest
On the website, data is processed exclusively on the basis of the legal provisions (GDPR, data protection regulation (DSG), telecommunications law (TKG 2021)).
You have the right to revoke your consent with effect for the future at any time and free of charge and without giving reasons. To do so, please send an email to dsgvo@gourmet.at or click here.
- Data collection and use
- Contact form
You can send inquiries, suggestions and requests to us using a contact form. In order to contact us, you have to provide us with your data. Furthermore, you have to enter text in the corresponding field.
You acknowledge that the aforementioned data will be processed by us for the purpose of handling or responding to your request. We cannot process your request without this information.
Legal bases:
• Consent according to Art. 6 para. 1 lit. a GDPR
• Contract fulfilment or pre-contractual measure according to Art. 6 para. 1 lit. a GDPR
Storage duration:
Your personal data will be deleted when your data is no longer necessary for the fulfilment of the intended purpose or when you revoke your consent to the storage, and in each case in compliance with the legal retention periods.
- Registration (customer account)
In order for you to order goods from one of our web shops or for us to provide you with our online services, you may have to register. When you register, you have to enter your data. Without this data, we cannot accept or process orders or make our services available to you.
You acknowledge that the aforementioned data will be processed by us for the purpose of fulfilling the contract and/or for the purpose of pre-contractual measures.
Legal bases:
• Consent according to Art. 6 para. 1 lit. a GDPR
• Contract fulfilment or pre-contractual measure according to Art. 6 para. 1 lit. a GDPR
Storage duration:
Your personal data will be deleted when your data is no longer necessary for the fulfilment of the intended purpose or when you revoke your consent to the storage, and in each case in compliance with the legal retention periods.
- Ordering from our online shop (web shop)
We need your data to conclude, carry out and terminate your orders. This includes:
- First name and last name
- Invoice and delivery address
- Email address
- Invoice and payment information
- Telephone number.
Order processing includes, but is not limited to, shipping orders, processing your payment, sending electronic order confirmations and invoices, or supporting customer service.
Legal bases:
• Consent according to Art. 6 para. 1 lit. a GDPR
• Contract fulfilment or pre-contractual measure according to Art. 6 para. 1 lit. a GDPR
Storage duration:
Your personal data will be deleted when your data is no longer required for the fulfilment of the purpose pursued with the storage (e.g. order processing, processing of warranty claims and claims for damages, etc.) and in each case in compliance with the legal retention periods.
- Applications/career portal (Engage tool)
You can use our applicant management tool/our
career portal to apply for a position with our group companies.
The following options are available to you for this purpose:
- You can send your application documents by email
- You can use our online application tool and the online application form
Please note that in this case you will be redirected to the application management tool of the Vivatis Group. The data protection regulations of the Vivatis Group apply, which you must agree to when you submit your application.
We only process the personal data that you provided us with when you submitted your application. In particular, these are: Title, first and last name, street, postcode, city, country, nationality, date of birth, telephone number, email address, CV, cover letter and any other information and documents you provide us with.
Provided you have given your consent, your personal data will also be passed on to other VIVATIS Group companies for the purpose of the effective and group-wide evaluation of possible employment.
Legal bases:
• Consent according to Art. 6 para. 1 lit. a GDPR
• Contract fulfilment or pre-contractual measure according to Art. 6 para. 1 lit. a GDPR
Storage duration:
• 6 months from date of rejection; we may store the data for longer if we have consent for this (up to 18 months).
- Vouchers
We use the data provided in the context of voucher ordering to check and process the order and to send and redeem the voucher. This also includes the logging and processing of data related to the use of the voucher, in particular for the prevention of fraud.
We also store the following data for these purposes:
- Value of the voucher
- Type of voucher
- Voucher number / code
- Payment method if applicable
- Order date or date of issue, if applicable
Legal bases:
- Consent according to Art. 6 para. 1 lit. a GDPR
- Contract fulfilment or pre-contractual measure according to Art. 6 para. 1 lit. b GDPR
Storage duration:
Your personal data will be deleted when your data is no longer necessary for the fulfilment of the intended purpose or when you revoke your consent to the storage, and in each case in compliance with the legal retention periods.
Reservation
You can use a reservation form to make reservations in our catering establishments. For reservations we use the reservation tool of the provider molzait GmbH (https://molzait.com) . Please note the data privacy policy of molzait GmbH, which you will be referred to when making your reservation (https://molzait.com/privacy). The responsible entity for data processing when making a reservation is molzait GmbH.
Server log
When you access our website, the browser on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information will be collected without any action on your part and stored until its automatic deletion:
• IP address of your computer making the request;
• Date and time of access;
• Name and URL of the accessed file;
• Website of origin (referrer URL);
• Browser used and, if applicable, the operating system of your computer and the name of your access provider.
We are currently utilising the option to use this data for purposes such as:
Ensuring a smooth connection establishment of the website;
Ensuring a comfortable usage experience of our website;
Evaluating system security and stability;
Fulfilling administrative purposes. The collected data is never used to identify you personally.
Legal bases:
Our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR
Storage duration:
6 months from date of creation
- The rights of data subjects
You have the right to obtain information about your personal data processed by us, its origin and recipient, its storage period and the purpose of its processing. Upon written request, we will be happy to inform you at any time about your personal data stored by us.
If your data processed by us is inaccurate or incomplete, you may request that it be corrected or completed. We will correct or complete your data immediately. If it is unclear whether the processed personal data is inaccurate, incomplete or processed unlawfully, you may request that the processing of your data be restricted until this issue has been resolved.
You may also request the deletion of unlawfully processed personal data. Please note, however, that this only applies to data that is processed incorrectly, incompletely or unlawfully. You also have the right to object to the processing of your personal data if such data processing is based on the legal basis of our legitimate interest.
If you wish to make use of your rights, we kindly ask you to email us on dsgvo@gourmet.at.
We cannot process data subject requests without first establishing their identity. For this reason, we kindly as you to assist us in establishing your identity and attach a copy of your ID to your request.
If you believe that the processing of your personal data violates data protection regulations or your data protection rights have been violated in another way, you can lodge a complaint with the supervisory authority. In Austria, this is data protection authority at Barichgasse 40-42 in 1030 Vienna.
- Newsletter
You can give us your consent to receive newsletters. Our newsletters inform you about news about our company, seasonal offers, our products, promotions, competitions, etc. For this we need your email address, and in the case of personalised newsletters also your title and your first and last name, which you provide to us when you register for the newsletter.
Legal bases:
- Consent according to Art. 6 para. 1 lit. a GDPR
• Contract fulfilment or pre-contractual measure according to Art. 6 para. 1 lit. a GDPR - Our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR
Storage duration:
Your personal data will be deleted when your data is no longer necessary for the fulfilment of the intended purpose or when you revoke your consent to the storage, and in each case in compliance with the legal retention periods.
You have the right to revoke your consent with effect for the future at any time and free of charge and without giving reasons. Please send an email to dsgvo@gourmet.at or click here (->link). You can also cancel the newsletter subscription at any time by clicking the unsubscribe link in each newsletter/email. If you revoke your consent, your personal data will be routinely blocked or deleted in accordance with the statutory provisions, unless otherwise provided by law.
Double opt-in and logging
The registration for our newsletter requires a so-called double opt-in procedure. This means that once you have signed up, you will receive an email asking you to provide confirmation. The newsletter signing up processes are logged in order to be able to show that the signing up process complies with legal requirements. This includes the storage of the time of registration and the time of confirmation as well as the IP address.
Statistical survey and analyses
As part of the retrieval of the newsletter, technical information is initially collected, such as information about the browser and your system, as well as your IP address and the time of retrieval. This information is collected for the technical improvement of the service based on the technical data or the target groups and their reading behaviour using their retrieval locations (which in turn can be determined using the IP address) or access times. Statistical data collection also means determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, we have any intention of monitoring individual users. Rather, the analyses help us identify the reading habits of our users and to adjust our content to them or to send different content in line with the interests of our users.
Newsletter tracking
Our newsletters contain so-called tracking pixels (web bugs), which allow us to see whether and when an email was opened and which links in the email were clicked on by the personalised recipient. We store this data so that we can tailor our newsletters to the wishes and interests of our subscribers. The data thus collected is used to send personalised newsletters to the respective recipient.
Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). With the revocation of the consent to receive the newsletter, the consent to tracking is also revoked.
- Data transmission/data transfer
- Data transmission
Your personal data will not be transferred to third parties (such as insurance companies, courts, public authorities, banks, tax consultants, auditors, companies within our group of companies, etc.) or to processors (such as IT service providers) for purposes other than those listed below.
We pass on your personal data only in the following cases:
- You have given express consent in accordance with Art. 6 para. 1 lit. a GDPR;
- passing on the data in accordance with Art. 6 para. 1 p. 1 lit. f GDPR is required to protect the interests of the company as well as for the assertion, exercising or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being passed on; • in in the event of there being a legal obligation to pass on the data in accordance with Art. 6 para. 1 lit. c GDPR, and
- this is legally permissible and required in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships.
The data processor processes the data only to fulfil the order and in accordance with our instructions. You can find the list of the order processors of GMS GOURMET GmbH here. ->> link
We also reserve the right to transfer personal data we have about you if we sell or transfer all or part of our business or assets (including in the event of a reorganisation, dissolution or liquidation).
Data transfers
We may also transfer your personal data to countries outside of the country in which the information was originally gathered. These countries may not have the same data protection laws as the country in which you originally provided the personal data.
When we transfer your data to other countries, we protect this data as described in this data protection declaration and such transfers are subject to applicable law. The countries to which we transfer the personal data are located
- within the European Union or
- outside the European Union
When we transfer personal data from the European Union to countries or international organisations outside the European Union, the transfer is made on the following basis:
- an adequacy decision by the European Commission;
- in the absence of such a decision, for other legally permissible grounds such as the existence of a legally binding and enforceable document between authorities or public bodies, binding internal company rules, standard data protection clauses, and approved or certified codes of conduct.
In exceptional cases, a data transfer may also take place based on Art. 49 GDPR:
- Art. 49 para. 1 lit. a GDPR the data subject has given their explicit consent to the proposed data transfer after having been informed of the potential risks to them of such data transfers without the existence of an adequacy decision and without appropriate safeguards;
- Art. 49 para. 1 lit. b GDPR the transfer is necessary for the performance of a contract between the data subject and the responsible entity or for the performance of pre-contractual measures at the request of the data subject;
- Art. 49 para. 1 lit. c GDPR the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject by the responsible entity with another natural or legal person.
- Google tools
- Google AdWords and Google conversion tracking
The website at www.gourmet.at uses the online advertising program Google AdWords and in this connection its Google Ads conversion tracking tool. Google AdWords places a cookie on your computer if you have accessed our website via a Google ad. As a rule, these cookies expire after 30 days and are not designed to identify you personally. If the user visits certain pages of our website and the cookie has not yet expired, then we and Google can see that the user clicked on the ad and was redirected to www.gourmet.at. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (a mark indicating that the user no longer wishes to be addressed) are generally stored as analysis values for this cookie. Every Google AdWords customer receives a different cookie. This means that cookies cannot be tracked via the websites of AdWords customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. These evaluations allow us to identify which of the advertising measures are particularly effective. We do not receive any additional data from the use of the advertising material; in particular, we cannot identify users based on this information. Due to the marketing tool used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: The integration of Google Ads conversion tracking means that Google is notified that you have viewed the web page in question or clicked on one of our ads. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or are not logged in, it is possible that Google will find out and store your IP address.
Users who do not wish to participate in the tracking process can simply disable the Google conversion tracking cookie in the settings of their web browser. These users will then not be included in the conversion tracking statistics.
The storage of conversion cookies is based on your consent in accordance with Art. 6 para. 1 lit. f GDPR. If you would like to learn more about Google’s privacy policy and terms of use, please click the following link: https://policies.google.com/privacy?hl=de.
- Google Analytics Remarketing
The website at www.gourmet.at uses the features of Google Analytics Remarketing in conjunction with the cross-device features of Google AdWords. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This feature allows advertising audiences created with Google Analytics Remarketing to be linked to the cross-device features of Google AdWords. This means that interest-based, personalised advertising messages that are tailored to you based on your previous usage and surfing behaviour on one device (such as your mobile phone) can also be displayed on another of your devices (such as a tablet or PC).
If you have given your consent, Google will link your web and app browsing history to your Google Account for this purpose. In this way, the same personalised advertising messages can be displayed on every device on which you log in with your Google account.
To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target groups for cross-device advertising.
You can permanently object to cross-device remarketing/targeting by disabling personalised advertising in your Google account; to do this, click this link: support.google.com/ads/answer/2662922
The aggregation of the collected data in your Google account is based solely on the consent (Art. 6 para. 1 lit. a GDPR) you give to Google. You can revoke this consent at any time without giving reasons with effect for the future. In the case of data collection processes that are not merged in your Google account (for example because you do not have a Google account or have objected to the merging), the collection of the data is also based your consent in accordance with Art. 6 para. 1 lit. f GDPR. You can revoke this consent at any time without giving reasons with effect for the future.
For further information, go to: https://www.google.com/policies/technologies/ads/.and to: https://support.google.com/google-ads/answer/7664943?hl=de&ref_topic=3122875
Use of Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called cookies, which are text files placed on your computer to help analyse how you use the website. The information generated by the cookie about your use of the website will usually be transmitted to and stored by Google on servers in the USA. If IP anonymisation is activated on this website, however, your IP address will be stored by Google in shortened form within Member States of the European Union or in other states that are contracting parties to the Agreement on the European Economic Area.
Only in exceptional cases is a complete IP address transmitted to a Google server in the USA and abbreviated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, compile reports on website activity and provide the website operator with other services related to website usage and internet activity. Your usage data are not passed on to third parties. The IP address sent by your browser as part of Google Analytics will not be associated by Google with any other data.
You can prevent the installation of cookies by selecting the appropriate settings in your browser; please note, however, that in this case you may not be able to use all the features of this website. You can additionally prevent the collection of data produced by the cookie and associated with your use of the website (including your IP address), its transmission to, and its processing by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
- Google Signals
We would like to inform you that we have activated Google Signals in Google Analytics. This gives us greater insight into the statistics of our website. This particularly applies to visitors to our website. If you have agreed to personalized advertising in your Google account, your visitor data from our website will be collected in Google Analytics and linked to the Google information from your Google account.
Existing Google Analytics functionality will be updated (target groups can be created and shared with linked advertising accounts to place advertisements in cross-device remarketing campaigns, advertising reporting will be expanded, interest and demographic information will be collected, and cross-platform reporting will be possible) to receive aggregated and anonymized data.
Your data can be analysed across devices (cross device tracking). By activating Google Signals, data is collected and linked to your Google account. Multiple website visits by a single visitor can therefore be attributed exclusively to that visitor, even if the visitor interacts with the website using different devices (e.g., smartphone and notebook). This helps us launching cross-device remarketing campaigns and show you our products on other websites. Cross-device reports only contain aggregated data. Individual user data is not disclosed.
By activating Google Signals, further visitor data is collected on our website (e.g., device combinations used, purchasing process analysed on different devices, cross-device marketing services recorded). This gives us better advertising reports from Google.
Information about your interests and demographic characteristics (gender, age) is also collected. This makes it possible to define target groups in Google Analytics and we have the opportunity to adapt our products to the target groups.
You can manage and delete this data in your Google account. Data from Google Signals is stored in our Google Analytics account for a maximum of 14 months. By default, logged in Google user data expires after 26 months.
Further information about Google Signals can be found here: https://support.google.com/analytics
- Friendly Captcha
This website uses Friendly Captcha. This is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. Friendly Captcha is designed to verify whether data entry on this website (such as in a contact form) is done by a human or by an automated program. For more information about Friendly Captcha, see the data protection regulations at the following link: https://friendlycaptcha.com/de/privacy/gdpr/?
- SSL encryption
To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS. You can recognise an encrypted connection by the character string “https://” and the lock symbol in your browser line.
7. Changes or additions
We reserve the right to make changes or additions to the information content at any time and without notice. If parts or individual phrases of this text do not, no longer, or not completely correspond to the current legal situation, the remaining parts of the document remain unaffected in their content and validity.
Last updated: 25/04/2023