Privacy Policy

VebiSoft — Vebi Fejzuli

Ernst-Heinkel-Straße 14, 71404 Korb, Deutschland

Email: info@bistrogo.de / info@vebisoft.com

Phone: +49 176 32223663

This privacy policy applies to the website at the domain bistrogo.de and all associated subdomains (in particular owner.bistrogo.de), as well as to the processing carried out as part of the BistroGo software. It does not apply to external sites we link to.

Our website and our web applications are hosted by Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA). Vercel processes personal data on our behalf based on a data processing agreement (Art. 28 GDPR). The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in secure and performant delivery).

Note on third-country transfer: Data may be processed in the USA. The transfer is based on the EU Standard Contractual Clauses and the EU-US Data Privacy Framework.

When you access our website, your browser automatically transmits information to our server. This includes:

• IP address (anonymised)
• Date and time of the request
• Page accessed / URL
• Browser type and version
• Operating system and referrer URL

We process this data to ensure smooth operation and to defend against attacks. The legal basis is Art. 6 (1) (f) GDPR.

Retention period: maximum 14 days, after which the data is automatically deleted.

We use Vercel Web Analytics for statistical analysis of page views. Vercel Analytics operates cookie-free and does not store personal data. Only anonymised aggregates (page views, device class, country) are collected. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in statistical analysis).

More information is available in Vercel's privacy policy: vercel.com/legal/privacy-policy

We use your browser's local storage to remember your selected language (key: "bistrogo-lang"). This information does not leave your device and is not transmitted to us. The legal basis is Art. 6 (1) (f) GDPR.

You can delete this storage at any time via your browser settings.

If you contact us by email, phone or WhatsApp, the data you provide (name, contact details, message) will be stored to process your enquiry. The legal basis is Art. 6 (1) (b) or (f) GDPR. The data is deleted as soon as the enquiry has been finally processed, at the latest after 24 months, unless statutory retention obligations apply.

On our website we offer the option to contact us via a wa.me link using WhatsApp. The service is provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of Meta Platforms Ireland Limited. When you use the WhatsApp link you are forwarded to WhatsApp; there, Meta processes connection and message data on its own responsibility. Once you message us, the contents of your message, your mobile number and your profile information are made available to us in order to process your enquiry.

Legal basis for our processing of WhatsApp messages is Art. 6 (1) (b) GDPR (pre-contractual or contractual communication) and/or Art. 6 (1) (f) GDPR (legitimate interest in a low-barrier communication channel). A transfer to third countries (in particular the USA) cannot be ruled out. Details on Meta's data processing are available at https://www.whatsapp.com/legal/privacy-policy-eea.

If you do not wish to use this channel, please contact us by email or phone instead.

BistroGo is a POS and operations system for hospitality. It consists of a local Master software running on the restaurant's PC, mobile apps (Waiter, KDS) on the local network, and optional cloud components (license activation, owner dashboard at owner.bistrogo.de, QR ordering, encrypted cloud backup). Where personal data is processed in the cloud, this is done on behalf of the respective restaurant operator (Art. 28 GDPR).

Categories of data processed

• Restaurant master data (restaurant ID / slug, name, address, country, tax profile)
• Owner login and activation data (slug, password hash, hardware fingerprint, license status)
• Configuration data (menu, categories, modifiers, printer/station mapping, floor plan, reservations)
• Staff data (employee name, role, PIN hash, working hours, tips, shift reports)
• Order and receipt data (table, items, quantity, price, payment method, tip, timestamps)
• QR guest data (anonymous session ID, order, optional desired time / note)
• Cloud backup data (menu, staff, tables, stations, printers, configurations, orders and payments of the current business day)
• Owner dashboard access (login time, hardware ID, IP address, reports retrieved)

Purpose of the processing is the provision of the ordered POS system, licensing, the backup / "Move to New PC" restore scenario, synchronisation between devices, and analysis of the restaurant's operations in the owner dashboard.

Legal basis vis-à-vis the restaurant operator as our customer: Art. 6 (1) (b) GDPR (performance of the contract). Vis-à-vis the customer's own guests / staff, the restaurant operator is the controller; we act as a processor under Art. 28 GDPR.

Retention: data is stored for as long as the contract with the restaurant operator is in place. Cloud backups are retained until contract termination and deleted within 90 days thereafter, unless statutory retention obligations (e.g. § 147 AO) apply.

For guests ordering by QR: no account or real-name data is collected. The QR session ID is randomly generated and bound to a specific table; it is automatically invalidated after inactivity (default: 20 minutes).

Where we process personal data within the BistroGo products on behalf of our business customers (restaurant operators) — in particular in the owner dashboard, in the cloud backup, in the QR ordering flow, and in license administration — we enter into a separate data processing agreement (DPA / AVV) pursuant to Art. 28 GDPR upon request. Business customers can request the DPA at any time via info@bistrogo.de.

You have the right at any time to:

• Receive information about your stored data (Art. 15 GDPR)
• Request correction of inaccurate data (Art. 16 GDPR)
• Request deletion of your data (Art. 17 GDPR)
• Request restriction of processing (Art. 18 GDPR)
• Request data portability (Art. 20 GDPR)
• Object to processing (Art. 21 GDPR)

To exercise your rights, an informal email to info@bistrogo.de is sufficient.

Notwithstanding other legal remedies, you have the right to lodge a complaint with a data protection supervisory authority. The competent authority for our location in Baden-Württemberg is:

Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Königstraße 10a, 70173 Stuttgart
www.baden-wuerttemberg.datenschutz.de

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to reflect changes in our services. The current version applies to your next visit.