Skip to content

Privacy Policy Application

 

Note on Applicability

This Privacy Policy is directed at our customers ("Account Owners") who have opened an account on our website www.aleno.me (“Website”) in order to use the restaurant management system aleno ("Application") which is operated by us.

If you have reserved a table in a restaurant via the website of one of our customers and would like to know more about the use of your personal data ("Personal Data"), please contact the operator of the restaurant directly.

 

I. Introduction

As a software company specializing in the development of tools for processing Personal Data, data protection is particularly important to us. For this reason, we would like to provide you with detailed information about the types of Personal Data we collect and process in connection with your use of the Application, to whom this Personal Data is transferred and what rights you have in connection with the processing of your Personal Data.

As an internationally oriented company with headquarters in Switzerland, the Swiss Data Protection Act ("DPA") and the EU General Data Protection Regulation ("GDPR") are of equal importance to us. For this reason, we have aligned this Privacy Policy to the stricter standard of the GDPR.

 

II. General Information on Data Processing

1. Types of Data Processing Activities

We process Personal Data only to the extent necessary to ensure the functionality of the Application and to provide the services described in the Terms of Use. The type of processing and the responsibility depend primarily on whether the Personal Data is collected by us to configure the Application or whether the Personal Data is transferred to us for processing purposes in connection with the use of the Application.

 

2. Configuration of the Application

With regard to the processing of Personal Data that is collected by us for the configuration of the Application (see Section III below), we are considered to be the data controller within the meaning of Art. 4 para. 7 GDPR which determines the purposes and means of the processing of the Personal Data. For enquiries regarding the processing of this Personal Data, you can contact us directly using the following contact information:

  • aleno AG, Technoparkstrasse 1, 8005 Zurich, Switzerland
  • Phone number. +41 43 508 24 65
  • E-mail address: privacy@aleno.me

3. Use of the Application

With regard to the processing of Personal Data that is collected by you in connection with the use of the Application (see Section IV below), you are considered to be the data controller within the meaning of Art. 4 para. 7 GDPR which determines the purposes and means of the processing of the Personal Data. This means that you bear the full responsibility for this Personal Data and must ensure that the processing of Personal Data, including its collection and transfer to us, is lawful and based on a permissible legal basis in accordance with Art. 6 GDPR.

Since we process the Personal Data collected by you on your behalf, we are considered to be a data processor within the meaning of Art. 4 para. 8 GDPR. If the processing of this Personal Data falls within the scope of the GDPR, you are legally required to conclude a data processing agreement with us. This agreement can be accessed via  this link and be concluded in an electronic or physical form.

 

III. Data Processing to Configure the Application

1. Creation of Main Account

To register on our Website and create a Main Account, you will be asked to provide us with the following Personal Data relating to you ("Account Data") via a web form:

  • Name of the restaurant or restaurant group
  • First and last name
  • E-mail address
  • Phone number
  • Personal password

The collection and processing of the Account Data is carried out with the purpose of identifying you as the unique holder of the Main Account and to ensure that your Personal Data can only be viewed by you. To further enhance your security and the integrity of your Personal Data, we expressly reserve the right to collect additional registration information.

The Account Data submitted to us is stored on the servers of our cloud hosting provider until you decide to delete your Main Account. After deletion of the Main Account, we reserve the right to store the Account Data in a separate location where it will be kept for a maximum of ten (10) additional years. This additional storage of the Account Data is necessary to ensure that we are able to comply with statutory retention obligations.

Since the collection of the Account Data as described above is necessary to fulfil our contractual obligations in accordance with the Terms of Use, its processing is based on Art. 6 para. 1 let. b GDPR. We will not disclose or share your Account Data with third parties (excluding sub-processors) without your consent, unless disclosure is necessary to comply with a legal obligation to which we are subject pursuant to Art. 6 para. 1 let. c GDPR.

 

2. Creation of User Accounts

As the Account Holder, you decide which of your employees and subcontractors ("Users") are to receive access to the Application under your subscription. For this purpose, you can create any number of User Accounts via the Man Account and individually determine which access authorization each User should have. When creating a new User Account, you will be asked to collect and submit the following Personal Data relating to the respective Users ("User Data").

  • First and last name (optional)
  • Role of the User
  • E-mail address
  • Access authorization

The collection and processing of the User Data is carried out with the purpose of providing individual Users with their own User Account so that they can access certain functions of the Application and you can track their activities.

The Users transmitted to us is stored on the servers of our cloud hosting provider until you decide to delete the User Account. After deletion of the User Account, we reserve the right to store the User Data in a separate location where it will be kept for a maximum of ten (10) additional years. This additional storage of the Account Data is necessary to ensure that we are able to comply with statutory retention obligations.

Since the collection of the User Data as described above is necessary to provide you with a user-friendly application that adapts to your needs and operational circumstances, its processing is based on Art. 6 para. 1 let. f GDPR. We will not disclose or share the User Data with third parties (excluding sub-processors) without your consent, unless disclosure is necessary to comply with a legal obligation to which we are subject pursuant to Art. 6 para. 1 let. c.

 

3. Registration of Restaurants

The Application allows you and other authorized Users to register an unlimited number of restaurants and to manage them via the Application. In order to register a new restaurant in the Main account, the registering User is requested to enter the following commercial data of the restaurant ("Commercial Data") and to transmit it to us:

  • Name of the restaurant
  • Address of the restaurant (optional)
  • Number of seats and tables (capacity)
  • Number and duration of shifts
  • Language and time zone
  • Holidays and events

The collection and processing of the Commercia Data is carried out with the purpose of identifying the restaurant as a separate business unit and to create a reservation widget that enables you to accept online reservations via your website. If you register multiple restaurants in the Main Account, you will have access to the Commercial Data of all restaurants. You can transfer a registered restaurant and the corresponding Commercial Data to another account holder by linking it with the other account holder’s Main Account.

The Commercial Data transmitted to us will be stored on the servers of our cloud hosting provider until you decide to delete the restaurant. After deletion of the restaurant, we reserve the right to store the Commercial Data in a separate location where it will be kept for a maximum of ten (10) additional years. This additional storage of the Commercial Data is necessary to ensure that we are able to comply with the statutory retention obligations.

Since the collection of the Commercial Data as described above is necessary to fulfil our contractual obligations in accordance with the Terms of Use, its processing is based on Art. 6 para. 1 let. b GDPR. We will not disclose or share the Commercial Data with third parties (excluding sub-processors) without your consent, unless disclosure is necessary to comply with a legal obligation to which we are subject pursuant to Art. 6 para. 1 let. c GDPR.

 

4. Exercising Rights of Data Subjects

With regard to the processing of the Account Data, User Data and Commercial Data, we are considered to be the data controller within the meaning of Art. 4 para. 7 GDPR. If the GDPR is applicable to the processing of these types of Personal Data, you can assert the following rights against us as further defined in Chapter 3 GDPR:

  • Right of access by the data subject in accordance with Art. 15 GDPR
  • Right to rectification in accordance with Art. 16 GDPR
  • Right to erasure in accordance with Art. 17 GDPR
  • Right to restriction of processing in accordance with Art. 18 GDPR
  • Right to data portability according to Art. 20 GDPR
  • Right to object in accordance with Art. 21 GDPR

If you consider that the processing of your Account Data, User Data and Commercial Data infringes the GDPR, you further have the right to lodge a complaint with a supervisory authority.

The rights described in this Section are available not only to you but also to all other data subjects whose Personal Data has been integrated into the Account Data and the User Data and is consequently processed by us. This applies in particular to the Users who have their own User Account.

 

IV. Data Processing to Use the Application

1. Registration of Guest Data

As soon as you have opened the Main Account and registered one or more restaurants, you and other authorized Users can enter Personal Data relating to the guests of the respective restaurants ("Guest Data"). The Guest Data includes in particular the following Personal Data:

  • Personal information to personalize guests, including first name, last name, gender, preferred language, phone number, email address, residential address, customer categories and status (VIP or blacklist).
  • Information about previous restaurant visits by guests, including time and date of the visit, length of stay, number of guests, type and location of the table and amount of expenses.
  • Information about future restaurant visits by guests, including time and date of reservation, number of guests, type and location of table, comments related to the reservation (allergies and special requests), credit card number (anonymized) and guests' route to the reservation.
  • General information about the guests' previous restaurant visits, including total number of visits, total amount spent and total number of no-shows

The collection and processing of the Guest Data via the Application allows you to address individual guests directly and improve your service offering by analyzing their behavior more precisely and to better understand the needs of your guests.

 

2. Note on Responsibility

The collection and processing of Guest Data happens at your own discretion and risk, regardless of whether the Guest Data is entered manually by an authorized User or, in case of an online reservation, by the guests themselves. We do not assume any liability for the relationship between you and your guests or the way in which the Guest Data is collected and or processed.

As mentioned in Section II.3 above, we process the Guest Data exclusively on your behalf. For this reason, you bear the full responsibility for ensuring that the collection of the Guest Data is based on a permissible legal basis and that guests are informed that their Guest Data will be forwarded to us for processing.

 

V. Data Security

We have implemented technical and organizational measures to secure the Website and the Application against the loss, destruction, access, modification or distribution of Personal Data by unauthorized persons. However, despite regular checks, a complete protection against all risks is not possible. The Website uses the industry standard SSL (Secure Sockets Layer) for encryption in some places. This ensures the confidentiality of your Personal Data over the Internet.