|Table of Contents|
|Data Processing Agreement|
1. Definitions and Interpretations
- "Application" means the cloud-based software program offered by the Provider that provides the Account Holders with unlimited access to their guest data and enables them to increase the occupancy rate of their restaurants, simplify their administrative processes and reduce their internal expenditures.
- "Cloud Hosting Provider" means the professional cloud hosting provider that is engaged by the Provider to store all Data securely and make it accessible to the Account Holder.
- "Data Protection Act" means the Swiss Federal Act on Data Protection (FADP) which aims to protect the privacy and the fundamental rights of natural persons and legal entities when their data is processed.
- "Direct Reservations" means walk-in reservations and reservations by phone that are made by Guests in a Registered Restaurant.
- "GDPR" means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
- "Guests" means the individual guests of the Registered Restaurants.
- "Intellectual Property Rights" means the rights in patents, trademarks, trade secrets, designs, domain names, copyrighted works (including software programs) and databases. Where these rights can be registered, the term Intellectual Property Rights also includes any pending registrations as well as the right to apply for a registration in any jurisdiction.
- "Licensed Technology" means the Intellectual Property Rights of the Provider in the Application and the Services that are licensed to the Account Holder for the purpose of accessing the Application and using the Services.
- "Main Account" means the account that enables the Account Holder to access the Application and to make use of the Services.
- “Parties” means the Provider and the Account Holder.
- "Personal Data" means any information that is related to an identified or identifiable natural person as further described in the GDPR.
- "Protected Content" means all texts, videos, images, logos, data and other content made available to the Account Holder and the Users by the Provider via the Application.
- “Registered Restaurants” means the restaurants that are registered in the Main Account.
- "SaaS" or "Software-as-a-Service" refers to the sales model used by the Provider to provide the Account Holder with access to the Application and to make the Services available.
- “Subscription Fee” means the subscription fee that is payable by the Account Holder to the Provider as further described in Section 8 herein.
- "Support Services" means the services listed in Exhibit A provided by the Provider to enable the Account Holder to exercise the access rights to the Application.
- "Users" means the Account Holder's employees and subcontractors that are given access to the Application through a User Account.
- "User Account" means an account that is created by the Account Holder to enable a User to access the Application.
- "Website" means the website https://www.aleno.me/.
- A reference to a party includes all companies that are affiliated with that party.
2. Provision of the Application
The Provider undertakes to provide the Account Holder with access to the Application against payment of the agreed upon Subscription Fee, to grant the usage rights that are necessary to use the Application and Services and to provide the storage space required for the storage of the Data. If the Provider creates new versions, updates, upgrades, or other new deliveries with regard to the Application, the rights and limitations described below shall also apply to these.
2.1 Access to Application
To access the Application, the Account Holder needs an Internet connection with sufficient bandwidth and quality. The Provider can define additional access requirements at any time. The Main Account will be created by the Provider and subsequently transferred to the Account Holder. To get access to the Application, the Account Holder must accept the transfer of the Main Account and define a personal password. The Account Holder is responsible for the security of the password. If the Account Holder loses or forgets his password, he can reset the password on the login page by entering his registered email address.
The Account Holder accesses the Application via a web interface that is provided via the Internet. This means that the security and integrity of the Data depends largely on the technical integrity of the Account Holder’s computer systems. The Provider assumes no liability for damages in connection with any disclosure or third-party manipulation of Data that is attributable to a compromise of the Account Holder’s computer systems.
The access to the Application is subject to the following limitations:
- The Account Holder is not entitled to access the Application to cause damage to the Application or to impair or limit the availability and accessibility of the Application.
- The Account Holder is not entitled to carry out or have carried out so-called penetration tests to access the Application without authorization in order to check the security of the Application and the Data.
- The Account Holder is not entitled to bypass the technical measures implemented by the Provider that protect the Application against unauthorized access.
Provider hereby grants the Account Holder a limited, non-exclusive, non-transferable, non-assignable and non-sublicensable right to use the Licensed Technology to access the Application and make use of the Services ("License"). The Account Holder acknowledges that this License does not result in any transfer or assignment of Intellectual Property Rights to the Account Holder and that it is subject to the following restrictions to protect the Licensed Technology and the Intellectual Property Rights of the Supplier:
- The Account Holder acknowledges the comprehensive ownership of the Licensed Technology by the Provider and hereby irrevocably agrees not to contest the existence and scope of such rights.
- The Account Holder may use the Licensed Technology only for its own business activities, which includes, in particular, the data-based management of the Registered Restaurants.
- The Account Holder shall not access the source code of the Licensed Technology or modify, decompile, decrypt, extract or otherwise reduce the information contained in the Licensed Technology except as expressly permitted by applicable law.
- The Account Holder shall not disclose, reproduce, distribute or otherwise make available to the public the information contained in the Licensed Technology and shall not use it to promote, conduct or otherwise contribute to fraudulent or illegal activities.
3. Support Services
Subject to the payment of the agreed upon Subscription Fee, the Provider undertakes to provide the Account Holder with the Support Services that are required to access the Application. The Provider will provide the Support Services with appropriate expertise and care.
The Provider is not obliged to provide Support Services with regard to problems that are caused by an improper use of the Application or changes in the Licensed Technology that are made without the Provider's consent
3.3 Availability of Support Services
4. Use of the aleno Restaurant Management System
4.1 Creation of User Accounts
The Account Holder may, at its sole discretion, determine which Users shall have access to the Application and may create personal or shared User Accounts for each User. The Account Holder can define the access rights for each User Account individually. For compliance reasons, the Account Holder is recommended to limit the User’s access to the Data that is actually required for the provision of their services (privacy by design).
4.2 Determination of Capacity
To use the aleno restaurant management system, the Account Holder or authorized Users must manually enter the capacity of each Registered Restaurant by defining the applicable shift schedule and the number of Guests that can be served during each shift. The Provider does not assume any liability for the correctness and appropriateness of the capacity information of the Registered Restaurants that is entered by the Account Holder.
4.3 Acceptance of Online Reservations (aleno Widget)
The aleno widget enables the Account Holder to accept online reservations for the Registered Restaurants and to automatically register these reservations via the Application. The aleno widget consists of a simple software code that can be embedded in any website by the Account Holder. The integration instructions for the software code to use the aleno widget are available in the help center which is integrated in the Application. If the software code for the aleno widget is embedded in the website of a third party, the Account Holder is required to obtain such third party’s consent.
The Account Holder acknowledges that the automatic registration of online reservations via the Application is not possible without embedding the software code. The Account Holder further acknowledges that the software code is subject to copyright protection and may not be modified or used for other purposes without the prior written consent of the Provider.
4.4 Manual Registration of Direct Reservations
The Application enables authorized Users to accept Direct Reservations and manage them via the Application. In contrast to online reservations, Direct Reservations must be registered manually. The Account Holder acknowledges that the functionality of the reservation system depends on the complete manual registration of all Direct Reservations. The Provider assumes no liability for the accuracy and content of Direct Reservations that are registered manually and does not warrant that the manual registration of Direct Reservations will not result in overbooking or multiple bookings.
4.5 Management of Reservations
The Application enables authorized Users to manage registered reservations. The Account Holder acknowledges that reservations are binding, and that its customers rely on the fact that the reservations can actually take place. The Provider does not warrant that reservations can be changed at short notice. If a reservation cannot be kept, the Account Holder is responsible for contacting and informing the respective customer accordingly.
5. Data Processing by the Provider
5.2 Collection of Data by the Provider
5.3 Collection of Data by the Account Holder
To the extent that the collection of Data by the Account Holder or the individual Users falls within the scope of the GDPR, the Account Holder shall be regarded as the data controller, whereas the Provider shall be regarded as a data processor pursuant to the GDPR. This means that the Account Holder and the Provider are legally required to conclude a separate Data Processing Agreement. The Data Processing Agreement of the Provider can be accessed and concluded via this link: https://www.aleno.me/en/policy#dataprocessingagreement.
6. Data Storage and Backup
The Data collected by the Provider and the Account Holder is not stored on the servers of the Provider but directly transferred to and store on the servers of the Cloud Hosting Provider. The database is backed up by the Cloud Hosting Provider automatically and in real time. The server infrastructure of the Cloud Hosting Provider is designed to ensure that the Data is available to the Account Holder and the individual Users at all times and that the productive servers can take over in the event of a failure of the main instance.
To the extent that the data processing activities of the Provider fall within the scope of the GDPR, the Cloud Hosting Provider is considered a sub-processor of the Provider. Accordingly, the Cloud Hosting Provider is mentioned on the list of subcontractors, which is publicly available via the aleno helpdesk. The Provider reserves the right to change the Cloud Hosting Provider without prior notice to the Account Holder and to inform the Account Holder about such change by updating the list of subcontractors.
7. Subscription Fee and Payment
7.1 Subscription Fee
In consideration of the use of the Application and the Services provided by the Provider, the Account Holder undertakes to pay to the Provider the Subscription Fee agreed upon in the Subscription Agreement concluded between the Parties. If the Account Holder registers multiple restaurants in his Main Account, each Registered Restaurant will be accounted for separately. The Provider has the right to suspend individual Registered Restaurant if the Account Holder defaults on the payment of the Subscription Fee associated with them.
The Subscription Fee is exclusive of value-added tax (VAT). If VAT is applicable, it will be added to the Subscription Fee and must be paid separately by the Account Holder. The Provider is not responsible for any tax obligations arising from the use of the Application and the Services as well as the payment of the Subscription Fee by the Account Holder.
7.3 Payment of the Subscription Fee
Unless otherwise agreed upon between the Parties, the Subscription Fee shall be paid on a monthly basis and in Euro (EUR). All payments are made with the credit card that is registered in the Main Account. The Provider has no access to the credit card information of the Account Holder. Alternative payment methods can be agreed upon individually in substantiated cases.
7.4 Default on Payment
The Provider is entitled to suspend access to the Application and the provision of the Services if the Subscription Fee is overdue. The Provider is also entitled to charge the Account Holder interest on the overdue amount at the rate of 5% per year without notice. Interest shall accrue daily until the date on which the Subscription Fee is paid in full and shall be compounded at the end of each calendar month.
7.5 No Right to Offset
The Parties mutually waive their statutory right of offset. The offsetting of the Subscription Fee against any applicable counterclaims of the Account Holder does therefore require the prior written consent of the Provider.
8. Engagement of Subcontractors
The Provider has the right to engage subcontractors to fulfil its obligations or to assign its obligations to one or more third parties at its sole discretion. If subcontractors or third parties are given access to confidential information, the Provider must ensure that they are contractually obliged to comply with any applicable confidentiality obligations. The Provider remains responsible for the provision of the Services and is liable for the damages that are caused by such subcontractors or third parties as if the Provider had acted itself.
9. Intellectual Property Rights in Protected Content
The Provider is entitled to use the logo and the business name of the Account Holder and the logos and names of the Registered Restaurants as a reference. Typically, the Provider uses this information on the Website and in connection with internal and external presentations or events. Additional advertising by the Provider in connection with the business relationship with the Account Holder requires the written consent of the Account Holder.
11. Force Majeure
If an event of force majeure prevents the Provider from fulfilling its obligations, it shall be relieved of these obligations. The Account Holder shall be released from its obligations to the extent and for as long as the Provider is prevented from performing its obligations due to force majeure.
Force majeure is an external, unforeseeable event that cannot be averted or prevented in good time, even by applying reasonably expected care and technically and economically reasonable means. This includes, in particular, natural disasters, terrorist attacks, power failure, failure of telecommunications connections, strikes and lockouts, provided that the lockout is lawful, or legal provisions or measures taken by the government or by courts or authorities (irrespective of their legality).
The Provider must notify the Account Holder immediately and inform the Account Holder of the reasons for the force majeure and its expected duration. The Provider will endeavor to use all technically possible and economically justifiable means to ensure that it is able to resume the performance its obligations as soon as possible.
12. Limited Warranty
The Service Provider warrants that it complies with all applicable legal and regulatory requirements in connection with the provision of the Services in connection with the Application. The Service Provider also warrants that the Licensed Technology and the Protected Content does not contain any worms, Trojan horses, spyware, adware or other malicious software programs.
13. Limitation of Liability
Liability for slight negligence is excluded, as far as legally permissible. For direct damages resulting from a breach of contract, the Parties are liable, as far as legally permissible, only up to the amount of CHF 50'000.00. Liability for indirect damages, consequential damages and loss of profit is excluded, as far as legally permissible. Any contributory negligence of a Party shall be credited to such Party. Unless otherwise expressly stipulated, all claims for damages shall become statute-barred within 5 years.
15.2 No Partnership
15.3 Applicable Law and Jurisdiction
Exhibit A – Service Levels
1. General Information
The purpose of these Service Levels is to describe the agreed upon service quality and to provide information on the availability of the Application and the Support Services.
2. Service Levels for Access to Application
The Provider ensures an availability of the Application of at least 99.9% during the Service Time, measured and invoiced per calendar year ("Reference Period"). The term availability refers to the technical usability of the Application for the Account Holder and the Users.
2.2 Excluded Downtime
Excluded Downtime refers to a period in the Reference Period during which the Application is not accessible without the Provider being responsible and without the availability being considered to be restricted. This includes in particular:
- A failure of the Internet, a public telecommunications network, a local area network or software owned or controlled by the Account Holder;
- A loss of performance resulting from an act or omission of the Account Holder;
- A force majeure event; and
- Planned unavailability (see below).
Depending on the reason for the downtime, it is possible that the Provider may need the cooperation of the Account Holder to solve an availability problem. If the Account Holder does not respond to an attempt of the Provider to contact the Account Holder, the downtime will be suspended until the Provider is able to contact the Account Holder in order to remedy the availability problem.
2.3 Planned Unavailability
In times of planned unavailability, the Provider is entitled to service and maintain the Application and/or the server, to make Data backups or perform other work (maintenance window). The Provider can announce maintenance windows with a one-week lead time.
3. Service Levels for Support Services
3.1 Submission of Support Requests
Upon request of the Account Holder, the Provider offers support services in German and English through its support desk ("Support Requests"). Support Requests are processed continuously (7 x 24 x 365) and should be addressed to the Provider as follows:
Support Request by phone: +41 43 508 24 65
Support Request by email: email@example.com
The Provider shall ensure that its support desk is operational and adequately staffed at all times. The Provider is entitled to outsource the Support Services to third parties at its own discretion without the consent of the Account Holder.
3.2 Categorization of support requests
Support Requests submitted by the Account Holder are categorized as follows based on their urgency:
- Urgent: If the Application is not available (planned unavailability excluded).
- High: If a core function of the Application is significantly impaired.
- Medium: If a core function of the Application is insignificantly impaired or secondary function of the Application is significantly impaired.
- Low: If a secondary function of the Application is insignificantly impaired or if the problem is cosmetic.
The Provider determines the category of a Support Request at its own discretion.
3.3 Response Time
The Provider will make reasonable efforts to respond to Support Requests from the Account Holder in accordance with the following periods and to discuss the procedure for continuing unhindered use of the Application:
- Urgent: 2 hours
- High: 6 hours
- Average: 24 hours
- Low: 7 days
The Provider is not obliged to solve any technical problems in connection with the use of the Application within the response time.
Note on Applicability
If you have reserved a table in a restaurant via the website of one of our customers and would like to know more about the use of your personal data ("Personal Data"), please contact the operator of the restaurant directly.
As a software company specializing in the development of tools for processing Personal Data, data protection is particularly important to us. For this reason, we would like to provide you with detailed information about the types of Personal Data we collect and process in connection with your use of the Application, to whom this Personal Data is transferred and what rights you have in connection with the processing of your Personal Data.
II. General Information on Data Processing
1. Types of Data Processing Activities
2. Configuration of the Application
With regard to the processing of Personal Data that is collected by us for the configuration of the Application (see Section III below), we are considered to be the data controller within the meaning of Art. 4 para. 7 GDPR which determines the purposes and means of the processing of the Personal Data. For enquiries regarding the processing of this Personal Data, you can contact us directly using the following contact information:
- aleno AG, Steinackerweg 18, 8047 Zurich, Switzerland
- Phone number. +41 43 508 24 65
- E-mail address: firstname.lastname@example.org
3. Use of the Application
With regard to the processing of Personal Data that is collected by you in connection with the use of the Application (see Section IV below), you are considered to be the data controller within the meaning of Art. 4 para. 7 GDPR which determines the purposes and means of the processing of the Personal Data. This means that you bear the full responsibility for this Personal Data and must ensure that the processing of Personal Data, including its collection and transfer to us, is lawful and based on a permissible legal basis in accordance with Art. 6 GDPR.
Since we process the Personal Data collected by you on your behalf, we are considered to be a data processor within the meaning of Art. 4 para. 8 GDPR. If the processing of this Personal Data falls within the scope of the GDPR, you are legally required to conclude a data processing agreement with us. This agreement can be accessed via this link and be concluded in an electronic or physical form.
III. Data Processing to Configure the Application
1. Creation of Main Account
To register on our Website and create a Main Account, you will be asked to provide us with the following Personal Data relating to you ("Account Data") via a web form:
- Name of the restaurant or restaurant group
- First and last name
- E-mail address
- Phone number
- Personal password
The collection and processing of the Account Data is carried out with the purpose of identifying you as the unique holder of the Main Account and to ensure that your Personal Data can only be viewed by you. To further enhance your security and the integrity of your Personal Data, we expressly reserve the right to collect additional registration information.
The Account Data submitted to us is stored on the servers of our cloud hosting provider until you decide to delete your Main Account. After deletion of the Main Account, we reserve the right to store the Account Data in a separate location where it will be kept for a maximum of ten (10) additional years. This additional storage of the Account Data is necessary to ensure that we are able to comply with statutory retention obligations.
2. Creation of User Accounts
As the Account Holder, you decide which of your employees and subcontractors ("Users") are to receive access to the Application under your subscription. For this purpose, you can create any number of User Accounts via the Man Account and individually determine which access authorization each User should have. When creating a new User Account, you will be asked to collect and submit the following Personal Data relating to the respective Users ("User Data").
- First and last name (optional)
- Role of the User
- E-mail address
- Access authorization
The collection and processing of the User Data is carried out with the purpose of providing individual Users with their own User Account so that they can access certain functions of the Application and you can track their activities.
The Users transmitted to us is stored on the servers of our cloud hosting provider until you decide to delete the User Account. After deletion of the User Account, we reserve the right to store the User Data in a separate location where it will be kept for a maximum of ten (10) additional years. This additional storage of the Account Data is necessary to ensure that we are able to comply with statutory retention obligations.
Since the collection of the User Data as described above is necessary to provide you with a user-friendly application that adapts to your needs and operational circumstances, its processing is based on Art. 6 para. 1 let. f GDPR. We will not disclose or share the User Data with third parties (excluding sub-processors) without your consent, unless disclosure is necessary to comply with a legal obligation to which we are subject pursuant to Art. 6 para. 1 let. c.
3. Registration of Restaurants
The Application allows you and other authorized Users to register an unlimited number of restaurants and to manage them via the Application. In order to register a new restaurant in the Main account, the registering User is requested to enter the following commercial data of the restaurant ("Commercial Data") and to transmit it to us:
- Name of the restaurant
- Address of the restaurant (optional)
- Number of seats and tables (capacity)
- Number and duration of shifts
- Language and time zone
- Holidays and events
The collection and processing of the Commercia Data is carried out with the purpose of identifying the restaurant as a separate business unit and to create a reservation widget that enables you to accept online reservations via your website. If you register multiple restaurants in the Main Account, you will have access to the Commercial Data of all restaurants. You can transfer a registered restaurant and the corresponding Commercial Data to another account holder by linking it with the other account holder’s Main Account.
The Commercial Data transmitted to us will be stored on the servers of our cloud hosting provider until you decide to delete the restaurant. After deletion of the restaurant, we reserve the right to store the Commercial Data in a separate location where it will be kept for a maximum of ten (10) additional years. This additional storage of the Commercial Data is necessary to ensure that we are able to comply with the statutory retention obligations.
4. Exercising Rights of Data Subjects
With regard to the processing of the Account Data, User Data and Commercial Data, we are considered to be the data controller within the meaning of Art. 4 para. 7 GDPR. If the GDPR is applicable to the processing of these types of Personal Data, you can assert the following rights against us as further defined in Chapter 3 GDPR:
- Right of access by the data subject in accordance with Art. 15 GDPR
- Right to rectification in accordance with Art. 16 GDPR
- Right to erasure in accordance with Art. 17 GDPR
- Right to restriction of processing in accordance with Art. 18 GDPR
- Right to data portability according to Art. 20 GDPR
- Right to object in accordance with Art. 21 GDPR
If you consider that the processing of your Account Data, User Data and Commercial Data infringes the GDPR, you further have the right to lodge a complaint with a supervisory authority.
The rights described in this Section are available not only to you but also to all other data subjects whose Personal Data has been integrated into the Account Data and the User Data and is consequently processed by us. This applies in particular to the Users who have their own User Account.
IV. Data Processing to Use the Application
1. Registration of Guest Data
As soon as you have opened the Main Account and registered one or more restaurants, you and other authorized Users can enter Personal Data relating to the guests of the respective restaurants ("Guest Data"). The Guest Data includes in particular the following Personal Data:
- Personal information to personalize guests, including first name, last name, gender, preferred language, phone number, email address, residential address, customer categories and status (VIP or blacklist).
- Information about previous restaurant visits by guests, including time and date of the visit, length of stay, number of guests, type and location of the table and amount of expenses.
- Information about future restaurant visits by guests, including time and date of reservation, number of guests, type and location of table, comments related to the reservation (allergies and special requests), credit card number (anonymized) and guests' route to the reservation.
- General information about the guests' previous restaurant visits, including total number of visits, total amount spent and total number of no-shows
The collection and processing of the Guest Data via the Application allows you to address individual guests directly and improve your service offering by analyzing their behavior more precisely and to better understand the needs of your guests.
2. Note on Responsibility
The collection and processing of Guest Data happens at your own discretion and risk, regardless of whether the Guest Data is entered manually by an authorized User or, in case of an online reservation, by the guests themselves. We do not assume any liability for the relationship between you and your guests or the way in which the Guest Data is collected and or processed.
As mentioned in Section II.3 above, we process the Guest Data exclusively on your behalf. For this reason, you bear the full responsibility for ensuring that the collection of the Guest Data is based on a permissible legal basis and that guests are informed that their Guest Data will be forwarded to us for processing.
V. Data Security
We have implemented technical and organizational measures to secure the Website and the Application against the loss, destruction, access, modification or distribution of Personal Data by unauthorized persons. However, despite regular checks, a complete protection against all risks is not possible. The Website uses the industry standard SSL (Secure Sockets Layer) for encryption in some places. This ensures the confidentiality of your Personal Data over the Internet.
The protection of your privacy and your personal data ("Personal Data") is important to us. For this reason, we would like to inform you in detail about the types of Personal Data we collect when you use this website, how this Personal Data is used, to whom it is transferred and what rights you have in connection with the processing of your Personal Data.
I. Name and Address of the Controller
Aleno AG operates the website www.aleno.me ("Website") and is considered to be the data controller within the meaning of Art. 4 para. 7 GDPR which determines the purposes and means of the processing of the Personal Data. For enquiries regarding privacy and data protection, you can contact us directly using the following contact information:
- Aleno AG, Steinackerweg 18, 8047 Zurich, Switzerland
Our data protection coordinator can be reached via the following contact details:
- Phone number. +41 43 508 24 65
- E-mail address: email@example.com
II. General information on data processing
We process Personal Data only to the extent necessary to provide you with a functioning website and our content and services. The processing of your Personal Data is regularly only carried out after obtaining your prior consent in accordance with Art. 6 para. 1 lit. a GDPR. An exception is made in cases where it is not possible to obtain your consent, or the processing of Personal Data is permitted by legal regulations even without consent. This includes in particular the provision in Art. 6 para. 1 lit. f GDPR, which permits the processing of Personal Data if this is necessary to protect our legitimate interests.
III. Provision of the Website and Creation of Log Files
Whenever you visit our Website, our system automatically collects data and information from your computer system. The following data is collected:
- The browser type and version you are using
- The operating system you are using
- The Internet service provider you are using
- The IP address used by your system
- Date and time of your access
- Websites from which your system accesses our Website
- Web pages that are called by your system via our Website
The collection and processing of this data is carried out with the purpose of enabling the use of our Website, to guarantee system security and stability in the long term and to enable the optimization of our Internet offer. The temporary storage of your IP address is necessary to enable the Website to be delivered to your system. For this purpose, the IP address must remain stored for the duration of the session. The stored data will be deleted after the end of the session. An evaluation of the data for marketing purposes does not take place in this context.
The collection of data for the provision of the Website is absolutely necessary for the operation of the Website and is therefore necessary for the purposes of protection of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. There is consequently no possibility of objection.
V. Subscription to Newsletter
On our Website there is the possibility to subscribe to a free newsletter. Our newsletter primarily contains information about our products and promotions, such as competitions or discount campaigns, as well as evaluation requests.
When you subscribe to our newsletter, the following Personal Data from the input mask will be transmitted to us:
- Email address
- First and last name
The collection of your email address is required to send the newsletter. The remaining personal data is collected to personalize the newsletter and to prevent misuse of the services or the email address used. The Personal Data you provide is used exclusively for sending the newsletter and is stored for as long as the newsletter subscription is active.
The newsletter can be cancelled at any time. For this purpose, there is a link in every newsletter. Your consent to the processing of your personal data as described herein is automatically revoked in the event of cancellation.
VI. Contact Form and Email Contact
The contact form on our Website can be used to get in touch with us electronically. If you use this function, the following personal data from the input mask will be transmitted to us:
- Email address
- First and last name
- Name of the company you represent
The collection of your email address allows us to contact you and process your contact request. The remaining Personal Data is collected to prevent misuse of the contact form. As an alternative to using the contact form, it is also possible to contact us via the email address "firstname.lastname@example.org". In this case, in addition to your email address, all Personal Data transmitted with the email will be processed and stored by us. The Personal Data transmitted to us will be used exclusively for processing your contact request. The Personal Data will not be transferred to third parties or used to subscribe you to our newsletter.
The Personal Data transmitted to us from the input mask will be deleted as soon as it is no longer required for the purpose of collection. This is the case after a maximum of ten years, unless we are subject to a longer statutory or contractual retention obligation. The deletion of the Personal Data can also happen in an automated fashion.
VII. Collection of Person Data by Third Parties and Transfer to Third Countries
1. Use of Web Analytics Tools
1.1 General Information
- The IP address of the system you are using
- The website from which you have reached our Website (referrer)
- The individual pages you call up
- The time spent on our Website and the individual pages
- Frequency of calling our Website and the individual pages
- The country, region or city from where you access our Website
1.2 Use of Google Analytics
Our Website uses functions of the web analysis service Google Analytics, which is offered by Google Inc. based in the USA ("Google"). We have concluded a data processing agreement with Google and therefore act in compliance with the strict requirements of the GDPR when using Google Analytics.
The Personal Data collected by Google is usually transferred to a Google server in the United States and stored there. We have activated the function "anonymizeIP" on our Website. This means that your IP address is shortened by Google within a member state of the European Union or the European Economic Area before it is transferred to the United States. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and shortened there. According to Google, the transmitted IP address will not be associated with any other personal data.
1.3 Use of Squarespace Metrics
On our Website, we use functions of the web analytics service Squarespace Metrics, which is offered by Squarespace, Inc. based in the USA ("Squarespace"). We have concluded a data processing agreement with Squarespace and therefore act in compliance with the strict requirements of the GDPR when using Squarespace Metrics.
1.4 Use of Hotjar
We use features of the Hotjar web analytics service on our Website, which is provided by Hotjar Ltd, a company incorporated in Malta ("Hotjar Ltd"). We have entered into a contract with Hotjar Ltd for the processing of commissioned data and fully implement the strict requirements of the GDPR when using Hotjar.
Hotjar Ltd. stores the collected Personal Data in a pseudonymous user profile. The information will not be used by Hotjar Ltd or by us to identify individual users and will not be associated with the data of other individual users.
2. Use of Google Tag Manager
3. Personalized Marketing with Facebook Custom Audiences
On our Website, we use the "Custom Audiences" marketing function of Facebook Inc. based in the United Stastes ("Facebook").
To use the Custom Audiences function, we integrated the so-called Facebook pixel into our Website. The Facebook pixel is a piece of code that communicates with Facebook and allows us to optimize our advertising campaigns.
With the help of the Facebook pixel, Facebook is able to determine the visitors of our online offer as a target group for the presentation of advertisements ("Facebook Ads"). Thus, we use the Facebook Pixel to display our Facebook Ads only to those Facebook users who have also shown an interest in our offer or who exhibit certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) which we transmit to Facebook. With the help of the Facebook pixel we also want to ensure that our Facebook Ads correspond to the potential interest of the users and do not appear annoying. With the help of the Facebook pixel, we can also track the effectiveness of our Facebook Ads for statistical purposes by seeing whether users were redirected to our website after clicking on a Facebook Ad ("Conversion").
The Facebook pixel is integrated directly by Facebook when you call up our Websites and can store a cookie on your system, provided that you have agreed to the setting of marketing cookies. If you subsequently log in to Facebook or visit Facebook when logged in, the visit to our online offer will be noted in your Facebook profile. The data collected about you is anonymous to us, so we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook as well as for our own market research and advertising purposes. If we should transmit data to Facebook for comparison purposes, this data is encrypted locally in the browser and only then sent to Facebook via a secure connection. This is done solely for the purpose of comparison with the data encrypted by Facebook.
4. Online Marketing with Hubspot
We use on our Website the inbound marketing tool Hubspot, which is offered by Hubspot Inc., a company based in the United States ("Hubspot Inc"). We have concluded a data processing agreement with Hubspot Inc and therefore act in compliance with the strict requirements of the GDPR when using Hubspot.
Hubspot uses web beacons and cookies to help us analyze how you use this Website. In other words, when you contact us, request a quote, register for an event, or submit another form integrated from Hubspot, your activities on this Website are associated with your cookie, allowing us to analyze your use of the Website (e.g., pages visited, date and time of visits, forms filled out, documents downloaded). In addition, we can send you digital resources (e.g. catalogues) by email which are requested by you. This allows us to better tailor the user experience on our Website and external communications to your needs. The legal basis for the use of Hubspot is to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR.
The personal data collected through the use of HubSpot is stored on servers of HubSpot Inc. in the United States. We may use it to contact visitors to our website and to determine which or our services are of interest to you. You have the option of deactivating or restricting the transmission of cookies by changing the settings in your Internet browser. Cookies already stored can be deleted at any time.
5. Dispatch of Newsletters by Mailchimp
Our newsletter is sent by the newsletter tool Mailchimp, which is offered by the Science Group, LLC based in the USA ("Rocket Science Group"). We have concluded a data processing agreement with Rockets Science Group and therefore act in compliance with the strict requirements of the GDPR when using Mailchimp.
The personal data entered into the input mask when registering for the newsletter (see Section V above) is stored on the servers of the Rocket Science Group in the United States. Rocket Science Group uses this information to send and evaluate the newsletter on our behalf. In addition, Rocket Science Group may use your personal data, according to its own information, to optimize or improve its own services, e.g., to technically optimize the sending and display of the newsletters or to determine from which countries the recipients come. However, the Rocket Science Group does not use your personal to contact you directly and does not transfer your personal data to any third parties.
VIII. Your Rights as a Visitor of this Website
- Right of access by the data subject in accordance with Art. 15 GDPR
- Right to rectification in accordance with Art. 16 GDPR
- Right to erasure in accordance with Art. 17 GDPR
- Right to restriction of processing in accordance with Art. 18 GDPR
- Right to data portability according to Art. 20 GDPR
- Right to object in accordance with Art. 21 GDPR
If you consider that the processing of your Personal Data infringes the GDPR, you further have the right to lodge a complaint with a supervisory authority about the processing of your personal data by us.
IX. Data Security
We have implemented technical and organizational measures to secure our Website against the loss, destruction, access, modification or distribution of Personal Data by unauthorized persons. However, despite regular checks, a complete protection against all risks is not possible. The Website uses the industry standard SSL (Se-cure Sockets Layer) for encryption in some places. This ensures the confidentiality of your Personal Data over the Internet.
Data Processing Agreement aleno
Last Modified: July 2020
The Parties have entered into a contract regarding the Controller’s use of the cloud-based restaurant management software aleno (“Software”) as amended from time to time (“Contract”). Under the Contract, the Processor will provide various types of services to the Controller (“Services”). In order to provide these Services, the Processor is required to process personal data on behalf of the Controller (“Personal Data”). The Personal Data processed under the Contract will consist of the personal data of the Controller’s customers and the individual users who access the Software on behalf of the Controller (“Data Subjects”).
The Parties have agreed to enter into this Data Processing Agreement (“Agreement”) to regulate the processing of Personal Data and ensure compliance with the EU General Data Protection Regulation (“GDPR”) as well as other regulations regarding the processing of Personal Data that are applicable to the Parties (“Data Protection Legislation”).
In this Agreement, except where the context otherwise requires:
- headings and the table of contents do not affect the interpretation of this Agreement;
- unless otherwise stated, any reference to “writing” or “written” includes e-mail as well as any other form or electronic communication;
- any reference to the terms “including” will be construed without limitation;
- any reference to a statute or a statutory provision is a reference to it as amended or re-enacted and includes all subordinate legislation made pursuant to it;
- any reference to an agreement, exhibit or other document is to it as amended or replaced; and
- in the event of any inconsistency between any Exhibit and the main body of this Agreement, the Exhibits will prevail to the extent of the inconsistency.
2. Distribution of Roles
The Controller determines the purposes and means of the processing of the Personal Data by the Processor and therefore qualifies as a controller as defined in Art. 4 (7) GPDR. The Processor processes the Personal Data on behalf of the Controller and therefore qualifies as a processor as defined in Art. 4 (8) GDPR. If the Controller itself acts as processor with regard to the Personal Data, the Controller warrants that the appointment of the Processor has been authorized by the relevant controller.
By entering into this Agreement, the Controller instructs the Processor to process the Personal Data on its behalf. The Processor will only process Personal Data for the purposes set out in the Contract and in this Agreement. The types of Personal Data to be processed by the Processor and the categories of Data Subject are specified in Exhibit A.
The Controller is entitled to delete and/or add additional types of Personal Data, categories of Data Subjects and/or purposes for which the Personal Data is processed by forwarding an updated version of Exhibit A to the Processor. The updated version of Exhibit A shall be deemed incorporated into this Agreement upon the Processor’s receipt.
4. Responsibilities of Processor
Except where expressly permitted by Article 28 (3)(a) GDPR, the Processor shall only process Personal Data in accordance with the written instructions of the Controller. Where the Processor believes that an instruction is in breach of the Data Protection Legislation, the Processor shall notify the Controller without undue delay. The Processor shall be entitled to suspending the performance on such instruction until the Controller confirms or modifies such instruction.
4.2 Transfers Outside of the European Economic Area and Switzerland
The Processor may transfer the Personal Data to countries and recipients outside the European Economic Area and Switzerland, provided that such country or recipient guarantees an adequate level of protection and satisfies the other obligations pursuant to this Agreement or as otherwise provided by the GDPR, such as through the use of model clauses or the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks.
4.3 Technical and Organizational Measures
The Processor shall implement appropriate technical and organizational security measures (“TOMs”) as set forth in Exhibit B to protect the Personal Data against accidental or unlawful destruction, loss or alteration and against unauthorised disclosure, abuse or other processing in violation of the Data Protection Legislation.
The Controller is aware of the TOMs and is responsible for ensuring that they provide an adequate level of protection against the risks of the data to be processed as set forth in Article 32 GDPR. The Processor may update or modify the TOMs, provided that such modifications do not materially decrease the overall security of the Personal Data.
The Processor will grant access to the Personal Data only to employees, contractors and sub-processors who need such access for the scope of their performance and are subject to appropriate confidentiality arrangements (“Authorized Persons”).
The Processor will ensure that the Authorized Persons are prohibited from processing the Personal Data outside the scope of the instructions and that their confidentiality obligation will survive the termination of the Contract and this Agreement.
4.5 Duty to Inform and Assist
The Processor shall assist the Controller in ensuring compliance with the Data Protection Legislation and provide all necessary information to support the Controller in fulfilling its obligations set out in Articles 33 to 36 GDPR.
Where a Data Subject asserts a claim or request for rectification, erasure or access against the Processor, the Processor shall refer the Data Subject to the Controller, provided that a referral to the Controller is possible based on the information provided by the Data Subject. The Processor shall forward the Data Subject’s claim to the Controller without undue delay.
The Processor shall provide full cooperation and assistance in relation to the Controller’s obligation to respond to a claim but shall not be liable in cases where the Controller fails to respond to the Data Subject’s claim in a correct or timely manner.
5. Data Breach Notification
If the Processors becomes aware of a personal data breach as defined by Article 4 of the GDPR (“Data Breach”), the Processor shall notify the Controller without undue delay Such notice shall include, to the extent reasonably available to the Processor, the information required for the Controller to fulfil its obligations under Articles 33 and 34 of the GDPR. The notification shall not be construed as an acknowledgement by the Processor of any fault or liability with respect to the Data Breach. The Controller shall remain responsible for complying with Articles 33 and 34 of the GDPR. However, upon request of the Controller, the Processor shall provide reasonable assistance in accordance with the Data Protection Legislation in notifying the relevant supervisory authorities and/or the Data Subjects.
6. Engagement of Sub-Processors
The Controller hereby authorizes the Processor to subcontract its processing activities under the Contract and this Agreement to other data processors (“Sub-Processors”). Where the Processor sub-contracts its processing activities to a Sub-Processor, it will do so only by way of a written agreement which imposes the same data protection obligations on the Sub-Processor as are imposed on the Processor under this Agreement. If the Sub-Processor fails to fulfil its obligations under such written agreement, the Processor shall remain fully liable to the Controller for the performance of the sub-processor’s obligations.
The list of Sub-Processors that are currently engaged by the Processor is available at https://aleno.zendesk.com/hc/en-us/articles/360010179420 (“List of Sub-Processors”). The List of Sub-Processors may be amended by the Processor from time to time in accordance with this Agreement.
When a new Sub-Processors is engaged, the Processor shall notify the Controller by updating the List of Sub-Contractors. The Controller can subscribe to receive automatic updates to the List of Sub-Processors by clicking on the “Follow” button in the aleno help desk (https://aleno.zendesk.com). The Controller’s continued use of the Services after receiving a notification shall constitute the Controller’s consent to the new Sub-Processors. The Controller may reasonably object to the Processor’s use of a new Sub-Processor by notifying the Processor in writing within seven (7) calendar days of the Processor’s notice. If the Controller objects to any such new Sub-Processor(s), then the Processor may terminate the Agreement upon written notice to the Controller without further liability to the Controller.
7. Responsibilities and Indemnification of Controller
The Controller understands and acknowledges that he is solely responsible for its use of the Services, including the responsibility to make appropriate use of the Services to ensure a level of security appropriate to the risk in respect of the Personal Data, and that the Processor has no obligation to protect Personal Data that the Controller elects to store or transfer outside of the systems of the Processor, including offline or on-premises storage.
The Controller represents and warrants that it will comply with the Data Protection Legislation and that it has valid legal basis for the processing of all Personal Data by the Processor. The Controller shall indemnify, defend, and hold harmless the Processor from and against all costs, expenses, fines, fees (including reasonable attorneys’ fees) arising from all third-party claims arising from or related to any actual or alleged processing of Personal Data by the Processor on behalf of the Controller without a valid legal basis.
8. Compliance Audits
Upon the Controller’s written request, the Processor shall permit the Controller, or any third party mutually agreed upon by the Controller and the Processor, to audit the Processor’s data processing activities to enable the Controller to verify that the Processor and/or sub-processors are in full compliance with their obligations under this Agreement and the Data Protection Legislation.
To request an audit, the Controller must submit a detailed proposed audit plan to the Processor at least six (6) weeks in advance of the proposed audit date. The proposed audit plan must describe the proposed scope, duration, and start date of the audit. The Processor will review the proposed audit plan and provide the Controller with any concerns or questions The Processor will cooperate with the Controller to agree on a final audit plan.
Audits can be conducted at the Processor’s place of business, provided that the auditors conduct the audit during the Processor’s normal business hours and that the auditors take all reasonable measures to prevent unnecessary disruption to the Processor’s operations. The Controller agrees to treat all information acquired during any audits as confidential information of the Processor and to maintain the confidentiality of such information to the same nature and extent that the Controller maintains its own confidential information.
The Controller may not request more than one audit in any twelve (12) calendar month period. Additionally, a supervisory authority may conduct an audit to the extent required by the GDPR. All audits conducted under this Agreement will be at the Controller’s expense. The Controller shall reimburse the Processor for any time expended by the Processor or its Sub-Processors in connection with any audits or inspections under this Section 8 at the Processor’s services rates, which shall be made available to Customer upon request.
The total combined liability of either Party to the other Party arising out of or in connection with this Agreement, whether in contract, tort (including negligence) or any other theory of liability, shall be subject to the same limitations of liability as agreed upon by the Parties in the Contract.
This Agreement shall remain in force as long as the Processor is processing Personal Data on behalf of the Controller in connection with the Contract. Upon request of the Controller, the Processor shall delete or anonymize all Personal Data processed on behalf of the Controller shall confirm the deletion or anonymization of the Personal Data in writing.
No modification of this Agreement and/or any of its components shall be valid and binding unless made in writing. For the purpose of this Section, email shall not be sufficient.
No provision of this Agreement shall create a partnership between the Parties or constitute a Party the agent of the other Party for any purpose. Neither Party shall have the authority to bind, contract in the name of or create a liability for the other Party in any way or for any purpose and neither Party shall hold itself out as having authority to do the same.
The rights and remedies of the Parties under this Agreement exist in addition to any statutory rights or remedies, including the Data Protection Legislation.
12. Governing Law and Jurisdiction
This Agreement shall be governed by and construed in accordance with Swiss law, excluding the Swiss conflict of law rules. The application of the United Nations Convention for Contracts for the International Sales of Goods is hereby expressly excluded.
Any dispute, controversy or claim arising out of or in connection with this Agreement or the breach, termination, existence, legal competence or invalidity thereof, shall be exclusively settled by the courts of Zurich, Switzerland.
Exhibit A – Scope of Processing Activities
1. Nature and Purpose of Processing
The Processor will process Personal Data for the following purpose:
- Processing of customer reservations at Controller’s restaurants
- Monitoring the occupancy rate of Controller’s restaurants
- Analysis of customers and customer behaviour
- Exporting Personal Data via application programming interface (API) by configuring webhooks or connecting the Personal Data with applications provided by third parties such as Zapier and automate.io.
2. Categories of Data Subjects
The Processor will process Personal Data of the following categories of Data Subjects:
- Customers of restaurants that are owned by the Controller (“Customers”)
- Users who can access the Software on behalf of the Controller, such as employees, contractors or independent third parties (“Users”)
3. Types of Personal Data
3.1 Customer Data
The Processor will process the following types of Personal Data of the Customers:
- Personal information of Customers (including first name, last name, gender, preferred language, phone number, email address, home address, company affiliations, anonymous credit card number)
- Information about previous restaurant visits of Customers (including time and date of visit, number of guests, duration of visit, type of table, amount of expenses)
- Information about future restaurants visits of Customers (including time and date of reservation, number of guests, type of table, comments written by Customers, credit card number used for reservation, Customer’s path to reservation)
- General information about restaurant visits of Customers (including overall number of visits, overall amount of expenses, overall number of no-shows)
- Categorization of Customers based on categories created by Controller
3.2 User Data
The Processor will process the following types of Personal Data of the Employees:
- Personal information of Users (including first name, last name, abbreviation, email address and role within the Controller’s ecosystem)
The Processors has the option to create anonymous user profiles in his account. In this case, the Processor will not be processing any Personal Data of the Users.
Exhibit B – Technical and Organizational Measures (TOMs)
Specification of the technical and organizational measures used by the Processor to ensure compliance with the applicable data protection legislation:
Encryption and Transfer of Personal Data (Art. 32 para. 1 a GDPR)
- All transfers of Personal Data between the Processor and the Controller are executed through the secure communication protocol HTTPS which is encrypted using Transport Layer Security (TLS).
- All Personal Data that is transferred to the Processor by the Controller is stored in encrypted form on secure servers hosted by Amazon Web Services and is decrypted on the client side when the Controller accesses the Personal Data. Amazon Web Services uses industry standard AES-256 encryption to secure the Personal Data. All keys are fully managed by Amazon Web Services.
- The Processor can only export Personal Data in anonymized form.
Confidentiality of Personal Data (Art. 32 para. 1 b GDPR)
Physical Access Control
- The physical office building of the Processor can only be accessed by its employees (controlled distribution of keys).
- External persons, including third parties providing services to the Processor, can only enter the physical office building when they are accompanied by employees. In case of absence of all employees, the doors to the office building are locked.
System and Data Access Control
- The access to the Personal Data is protected by passwords and a hash key. For security reasons, all passwords must have a minimum length, use special characters and be changed periodically. The Processor does not store any passwords of the Authorized Persons on its servers.
- Every Authorized Person uses a separate account set up by an administrator to get access to the Personal Data. This enables the Processor to identify all Authorized Persons in the system. The maximum number of failed login-attempts for every account is limited by Google. To prevent access to Personal Data by not authorized persons, all accounts are protected by two factor authentication (2FA).
- All devices that are used by the Authorized Persons are protected by a firewall and have a screen lock with password protection.
Integrity of Personal Data (Art. 32 para. 1 b GDPR)
- All Personal Data transferred to the Processor by the Controller is stored on single tenant dedicated EC2 virtual servers that are provided by Amazon Web Services and created solely for the Processor. These virtual servers are fully isolated and not share logical data storage or processing with other customers.
- The Controller has complete control over the integrity of the Personal Data and can use the rights management system provided by the Processor to define the access rights of its employees. The Processor does not change or delete any Personal Data unless so requested by the Controller or the Data Subjects.
- The Processors is currently building an internal control system that enables the Processor to monitor the activities of the Authorized Persons and track all changes that are made to the Personal Data.
Availability of Personal Data and Resilience of Systems (Art. 32 para. 1 b GDPR)
- The database and application servers on which the Personal Data is stored are running on a cluster with containers and are fully scalable. In case of performance issues, the Processor we will be informed immediately and be able to add more containers to provide a resilience system.
- The data centers of Amazon Web Services are compliant with a number of physical security and information security standards. These standards include an uninterruptible power supply, fire and humidity detectors, virus protection, firewall and a separation of test, development and production systems.
- All Personal Data transferred to the Processor by the Controller can be restored to any point in time with the fully managed backup solution provided by Amazon Web Services that enables the Processor to query continuous backup snapshots.