Last update: 22 January 2018
vanilla bean data protection guidelines
It is our commitment to raise awareness of the vegan and sustainable offerings of all restaurants and to offer users of our related website, app and services the best possible experience. For this purpose, we collect information about restaurants and users. These guidelines explain how we collect information and how it is used and shared.
We—the Grünzeug GmbH, Franz-Mayer-Straße 1, 93053 Regensburg, Germany, operator of the vegan restaurant service vanilla bean—are of the conviction that data protection is important for a free, democratic society. We thus make every effort to make our data protection practices transparent and to give you control over your data with regard to the collection and use of this data by vanilla bean. Please read these guidelines carefully before using our website or our app. Your privacy is very important to us. For this reason, we have taken measures to ensure that personal information or data that we receive from you is processed and used in compliance with law.
What personal data does vanilla bean collect?
What is personal data?
Personal data means any information relating to an identified or identifiable natural person . Some examples are name, address, email address, profile picture, telephone number, certain types of server protocols from the browser, IP address, your Facebook name and your Facebook-ID.
Personal data that you share with us
We save all information that you actively share with us. To be able to offer some services from the website and the app, we must collect certain personal information.
Personal data that is collected includes but is not limited to your name, your email address, your user name for Facebook, your location (if you share it), your Facebook-ID and (anonymised) your user behaviour with regard to the use of vanilla bean and browser information. We will only process the Facebook username and the Facebook-ID if you register to our site via Facebook-Connect (further information regarding the data processing when using Facebook-ID is provided below).
If you share your location, we may collect it. We will use your location data to inform you about vegan restaurants near your location. We also use the location services of the corresponding operating systems; this can be changed or disabled by you in the settings of your system at any time.
The personal data that you provide will also be used by us to enable you to create a user account and a profile, with which you can interact with other users by means of our services. Your vanilla bean account is linked with your email address or—if you chose to register via Facebook-Connect—with your Facebook account.
We will process personal data to the extent it is permitted under statutory data protection laws, in particular in accordance with Art. 6 para. 1 lit.) b) or c) and f) of the General Data Protection Regulation (“GDPR”). To the extent vanilla bean wishes to process personal data which would not be justified solely under to those aforementioned provisions, vanilla bean will obtain the necessary data subject consent in accordance with Art. 6 para. 1 lit.) a) in conjunction with Art. 7 GDPR.
We will not store your personal data longer than necessary to provide you with the services offered in our App or on our Website. To the extent the data has to be stored longer to fulfil legal retention obligations (e.g. obligations on companies to retain business records), the data will be stored until the end of the respective retention obligation. Such data will be restricted so that they can not be processed for any other purposes.
vanilla bean offers you the possibility to register for our service via Facebook-Connect. In such case you will not be required to additionally register via our service. For the registration, you will be directed to a Facebook page, where you can log in with your Facebook account details. Thus, your Facebook-profile and our service will be connected. As a result of the connection, we automatically receive the following information from Facebook Inc.:
- Your E-Mail address
When using Facebook-Connect for registration purposes, this data is necessary for the conclusion of the contract relationship between us and you, so that we are able to identify you and provide the related services.
Automatically collected information
When you use vanilla bean, information is automatically produced, which is read and logged by our server protocols from your browser or your mobile platform, including your location (if shared), the type of browser, operating information, mobile provider, cookie information (more on this point below in information about cookies) and the website you requested. If not described differently in these data protection guidelines or agreed in a separate data protection agreement, vanilla bean will only use personal data in an anonymised form.
How will my information be shared?
We will not rent or sell your personal information to anyone! Any transmission of data to third parties will only occur in an anonymised form, such that no individualisation is possible, or when it is legally allowed, or your consent to transmission has been obtained.
We may provide your information to outsourcing providers to provide goods and services, to provide technical support, provide training, or perform other functions in support of our conduct of our business.
If we sell or otherwise transfer (or investigate the potential sale or other transfer of) all or a part of our business, we may transfer to, or share with, the actual or potential buyer or other transferee, the personal information associated with the potentially or actually transferred business. During any due diligence process with a potential buyer, We will impose obligations of confidentiality and restrictions on the use of information. Such transfer would be for the purpose of facilitating due diligence and/or allowing the buyer or other transferee to operate the business.
We may share your information if required by law enforcement, government agencies, courts, or others where we believe that its cooperation with information requests is required by law.
Determining and sharing locations
vanilla bean works best when your location is activated. As soon as you open/use our app on your cell phone or go to our website and, either in the app or on the website, agree to have your location recorded, we use the location information from your mobile device or browser (such as longitude and latitude), to adapt vanilla bean to the current location (this means that we use your location data to show you a list of places to eat near your location). This information regarding your location will not be shared with other vanilla bean users or third parties.
Sharing your location
Your location will not be shared on the app. When you write a restaurant review, “like” something, or interact with a location in another way, users may be able to extrapolate that you have visited this location. Evaluations have a time stamp, and other users will be able to extrapolate from this that you were at this location at that time, although evaluations can also be created when you are not at the location for which you are leaving an evaluation.
Features of the services
vanilla bean contains multiple functions with which you can share information with others. Please consider that with some functions of the service, you are making personal data available, and that this data is then available to the broader community or may be published on our website, which can be indexed by the search engines of third parties. Among these functions are restaurant reviews, adding photos, and adding menu photos.
After registration with vanilla bean, we will occasionally make information about our services available. Additionally, it will also be possible for non-registered users, to create restaurant recommendations via the App or the Website, which will subsequently be reviewed by vanilla bean and displayed in vanilla bean’s discretion. At the end of this process, users have the option to enter their e-mail address which will be used by vanilla bean for marketing purposes if the user has consented to such use.
We will only provide you with marketing material if we have your explicit permission.
In every case: if you do not wish to receive emails from us, you can simply unsubscribe (withdrawing the related permission) by clicking the “unsubscribe” button provided under every email.
What is the situation with cookies and similar technologies?
Definition of Cookies and tracking pixels
We use technologies like cookies and tracking pixels on our website, in our emails, as well as in our app to make a range of products and services available to you. A cookie is a small text file that transfers a website or an app to your hard drive or your internet browser to track the usage of the website or app. Cookies are used to give visitors access to various functions. Through the information contained in a cookie, the way that you use the website can be observed. A tracking pixel is a small graphic in HTML emails or on websites that enables log file recording and log file analysis, which is used for statistical evaluations.
Strictly necessary cookies.
These are cookies that are required for the operation of our site. They include, for example, cookies that enable you to log into secure areas of our site or make use of e-billing services.
These are used to recognise you when you return to our site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
These cookies record your visit to our site, the pages you have visited and the links you have followed. This information will be used by us and third parties to make our site and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose but only if you consent to such sharing.
Many web browsers and mobile operating systems have a “do not track” setting. That said, there is no widely-accepted standard (through the World Wide Web Consortium or otherwise) governing what should happen when a user selects “do not track” in his or her browser. If and when an industry consensus is reached about how to treat a “do not track” setting, we will determine whether to follow that consensus approach. In the meantime, enabling “do not track” in your browser or on your device will not change what information is exchanged with your computer, or how that information is used.
Use of Google Analytics
Use of Firebase
Is my personal data safe?
The personal data of your vanilla bean account is password protected for the protection of your data and for security reasons. You must prevent unauthorised access to your account and your personal data by appropriately choosing and protecting your password and by limiting access to your computer and browser, by logging out when you wish to leave your account and other such measures.
Grünzeug has taken corresponding technological and organisational measures to ensure the security of your data (for example, SSL encryption and OAuth1 access controls).
The service may contain links to other websites. We are not responsible for the data protection guidelines and/or practices of other websites and do not take responsibility for the contents of these sites. When linking to another website, you should read the data protection guidelines of the linked website. These data protection guidelines only regulate the handling of data that was collected on this service.
How can I delete my account?
If you wish to delete your account, you can send us an email at firstname.lastname@example.org. When you cancel your account, your profile, including your user input (such as photos and likes but evaluations) will be deleted from the servers and the website of vanilla bean. Due to the way in which we maintain vanilla bean, it may be that deletion does not occur immediately, and copies of your profile information and posts may remain on our backup media for as long as ninety (90) days. In addition, your evaluations will be anonymised.
How will data be deleted from my account?
You can delete/change individual contents or information that you have posted with your account or on your profile, or have such contents removed by us by writing to us under email@example.com. In the process, we ask that you name the content that you wish to have deleted as clearly and precisely as possible. Even after data is removed from your account or profile, copies of this data may still be visible in other places, to the extent that this data was shared with others or copied or saved by other users. Removed and deleted data can remain in the backup file for up to ninety (90) days before it is fully removed from our servers.
Will these data protection guidelines be altered?
vanilla bean may alter these data protection guidelines from time to time. If we change the way in which we use personal data, then we will inform you of this with the publication of new data protection guidelines and, to the extent necessary, we will arrange this new usage of personal data with you.
Right to access your personal data
You may request a copy of the personal data that we have saved and used about you, and identification of the origin and any receivers of this, as well as the purpose of any data processing that we have performed. For further information, please contact us by email under firstname.lastname@example.org. You may be asked to provide proof of your identity (for example, a copy of an identity card), before you receive an answer, so that your identity can be checked.
Right to rectification and erasure of personal data
You have the right to rectify your personal data, to limit its use or to request its deletion by us at any time.
Right to object
You have the right to object to the processing of your personal data for marketing purposes at any time. In case your personal data is processed in circumstances where a balance of interest is to be taken into account in accordance with Art. 6 para .1 lit. f) GDPR, you also have a right to object to this processing (this objection will be handled in accordance with applicable data protection laws, taking into account our and your respective interests and rights).
You may also send your objection via e-mail to email@example.com
Right to data portability
You have the right to receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us, where the processing is based on consent pursuant to lit.) a) of Article 6 para. 1 or lit. a) of Article 9 para. 2 or on a contract pursuant to lit. b) of Article 6 para. 1.
You have the right to have the personal data transmitted directly from us to another data controller, where technically feasible.
Our contact details, as data controller for all purposes described above, are as follows:
You may also contact us using the following e-mail address: firstname.lastname@example.org
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with the supervisory data protection authority, if you consider that the processing of your personal data infringes applicable data protection laws.
Note for Users Outside the European Union (EU) / European Economic Area (EEA)
Your California Privacy Rights: California privacy law requires us to provide California residents with specific disclosures about our privacy practices, including telling you about the information we share with other third parties for their marketing purposes. You may request this information by contacting us using the contact information above.