Data protection declaration of Chefslist GmbH (short version)
The data provided by Chefslist GmbH, Fürstenbergstr. 156, 60322 Frankfurt am Main (hereinafter only: "Chefslist") (hereinafter only: "App") makes it easier for wholesalers and their customers to order food and restaurant supplies. In addition, Chefslist also operates a website at https://www.chefslist.de/.
The Chefslist data protection declaration follows the so-called "layered approach". This means that we inform you in our short version transparently about essential points that are related to the processing of personal data (hereinafter also referred to as “data”) when you visit our website or use our app. Detailed information on data processing can be found in the long version of the data protection declaration.
Chefslist processes personal data primarily for the purpose of making the app and its functionalities available to you. According to Art. 6 Paragraph 1 lit. b) GDPR, the legal basis is the user relationship, which is established by registering your user account.
We also use collected data to evaluate and improve our services. This enables us to continuously optimize our products and our customer support and to improve your user experience. The legal basis in this respect is our legitimate interest in accordance with Art. 6 Paragraph 1 lit. f) GDPR.
We generally store your data to process the user relationship and for as long as your user account exists. In addition, we only store your data as long as we have a legitimate interest in an evaluation. We will then delete your data, unless further processing of the data is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
You can object to the further processing of your personal data insofar as we carry out the processing on the basis of a legitimate interest. To do this, please send us an email with your justified objection to email@example.com. In order to successfully assert the objection, it is necessary that there are reasons for your objection that speak against the data processing and arise from your particular situation. In the event of a successful objection, we will delete your personal data immediately, unless one of the above reasons entitles or obliges us to further processing.
You are also entitled to request information about your personal data processed by us, to have incorrect data corrected or to have your processing restricted. You can also complain to a supervisory authority or request that your data be ported.
Data protection declaration of Chefslist GmbH (long version)
The data protection declaration of Chefslist GmbH, Fürstenbergstr. 156, 60322 Frankfurt am Main (hereinafter referred to as “Chefslist”) is based on the terms used by the European legislator for directives and regulations when the General Data Protection Regulation (GDPR) was issued.
01. Name and address of the person responsible for processing
The person responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:
60322 Frankfurt am Main
Tel.: 069 – 850 90 393
Perfect Data Protection (OT) UG (limited liability)
Managing Directors: Mathias Dehe, Nina Rümmele
60327 Frankfurt am Main
02. Collection and storage of personal data and the type and purpose of their use
a) When visiting the Chefslist website
When you visit our website https://chefslist.de/, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:
- IP address of the requesting computer,
- date and time of access,
- name and URL of the retrieved file,
- Website from which access is made (referrer URL),
- Browser used and, if applicable, the operating system of your computer and the name of your access provider.
The data mentioned are processed by us for the following purposes:
- Ensuring a smooth connection establishment of the website,
- Ensuring comfortable use of our website,
- Evaluation of system security and stability as well
- for other administrative purposes.
b) When using our contact form
We offer you a contact form on our website if you have any questions about Chefslist or would like to get in touch with us.
To use the contact form, you must provide your name and an e-mail address. This way we know who sent the request and can process the request. You can also provide additional information voluntarily.
The data processing for the purpose of establishing contact takes place for the execution of the contract in the case of pre-contractual inquiries, Article 6 Paragraph 1 Letter b) GDPR and otherwise on the basis of our legitimate interest in accordance with Article 6 Paragraph 1 Clause 1 Letter f) GDPR. Our legitimate interest follows from the purposes listed above. We automatically delete the data collected by us in the course of processing your request after your request has been dealt with.
We use Freshdesk and Freshsales to process customer inquiries. These are tools for managing contact requests and communication.
The service provider is Freshworks, Inc., 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, USA. Further information on data protection is available at https://www.freshworks.com/privacy/.
c) When using the Chefslist App
When you use our app, your device automatically transmits certain information to the app server. The following information is recorded and stored until it is automatically deleted:
- IP address of the end device,
- Time of interaction or retrieval of information. We process the aforementioned data for the following purposes:
We process the aforementioned data for the following purposes:
- Ensuring the usability of our app,
- Evaluation of system security and stability as well
- for other administrative purposes.
The legal basis for data processing is Art. 6 Para. 1 sentence 1 lit. f) GDPR. Our legitimate interest in the aforementioned data processing results from the previously listed purposes for data collection. We do not use the collected data to draw conclusions about your person.
d) When registering a user account
aa) User data
If you want to use our app, you also need to register a user account. Registration is via a form. It is necessary to provide your name and e-mail address. This enables us to create a user account for you and also assign the user account created to you. After successful registration, you can voluntarily enter further information in your user account.
The data is processed in accordance with Art. 6 (1) sentence 1 lit. b) GDPR to process the user relationship between you and Chefslist.
If you want to delete your account, please send an email to the following address: firstname.lastname@example.org. We will process your request promptly.
bb) Usage data
If you process an order via our app, we store the data provided by the contracting parties as well as the communicated order data such as article numbers, order quantities, article prices, order date, delivery date.
If you communicate, upload or enter personal data of yourself or third parties when using Chefslist, this may constitute a data processing operation that falls under the scope of the GDPR. This may result in a data protection responsibility on your part according to Art. 4 No. 7 DSGVO.
We store usage data in order to operate our app, offer our services and enable our users to communicate securely and to continuously improve our services. We generally do not view, check or rate chat histories.
The legal basis for processing the usage data is Art. 6 Paragraph 1 S. 1 lit. b) GDPR, insofar as the storage is necessary for the implementation of the user relationship.
If your user account is deleted, we also delete all usage data. Your chat messages can still be seen by other users involved in the chat. However, we will delete the name of your user account from the chat history. Your messages will then be listed under "deleted user".
There is an exception to the aforementioned principles if we process the usage data because this is necessary for reasons of public interest or to assert, exercise or defend legal claims. Or because the processing is necessary to ensure technical availability (e.g. bug fixing) or to enable criminal prosecution (bullying, abuse).
03. Sharing of Data
Your personal data will not be transmitted to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:
- you have given your express consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a) GDPR,
- the transfer according to Art. 6 Paragraph 1 S. 1 lit. f) DSGVO is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-transfer of your data,
- if we are legally obliged to pass it on according to Article 6 Paragraph 1 Clause 1 Letter c) GDPR, as well as
- this is legally permissible and required for the processing of contractual relationships with you in accordance with Article 6 Paragraph 1 Sentence 1 Letter b) GDPR.
In doing so, we rely on your consent in accordance with Article 6 (1) sentence 1 lit. a) GDPR.
If you want to prevent our website from setting cookies, you can make a corresponding setting in your web browser. If you deactivate the setting of cookies, the functionality of our website may be restricted.
05. Analysis and Third Party Tools
We use the third-party tools listed below on our website. These tools are used on the basis of Article 6 (1) sentence 1 lit. a) GDPR.
We use the Google Analytics tool (with anonymization function) on our website.
Google Analytics is a web analysis service. Web analysis is the collection, collection and evaluation of data on the behavior of visitors to websites and is mainly used to optimize a website and for the cost-benefit analysis of internet advertising. The operating company of the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
Chefslist uses the addition "_gat._anonymizeIp" for the web analysis via GoogleAnalytics. With this addition, the IP address of the Internet connection of the data subject is shortened and anonymized by Google if our website is accessed from a member state of the European Union or from another state party to the Agreement on the European Economic Area.
Google Analytics sets a cookie on the end device you are using (see section 4). By setting the cookie, Google is able to carry out an analysis, for example by storing the access time, the location from which my access came and the frequency of visits to our website. Each time you visit our website, this data is transmitted to Google.
Further information and Google's applicable data protection regulations can be found at https://policies.google.com/privacy?hl=en and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link https://www.google.com/intl/de_de/analytics/.
The MongoDB Atlas database solution is also used to evaluate user behavior. The service provider is MongoDB Inc., 1633 Broadway, 38th Floor New York, NY 10019. For more information on data protection at MongoDB, visit: https://www.mongodb.com/legal/privacy-policy.
Google Fonts and Google Cloud services (“Google Drive”) are also used on our website. These web fonts are integrated by calling a server, usually a Google server in the USA. This transmits to the server which of our Internet pages you have visited. The IP address of the browser of the end device of the visitor to this website is also stored by Google. You can find more information in the Google Fonts data protection notice, which you can access here: https://policies.google.com/privacy?hl=en.
06. Data subject rights
You have the right to request information about your personal data processed by us, Art. 15 GDPR. In particular, you can obtain information about the purposes of the processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the Existence of a right of appeal, the origin of your data, if they were not collected from us, and the existence of automated decision-making including profiling and, if necessary, meaningful information about their details.
In accordance with Art. 16 GDPR, you can immediately request the correction of correct or completion of your personal data stored by us.
In addition, pursuant to Art. 17 GDPR, request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is.
As well as according to Art. 18 GDPR to request the restriction of the processing of your personal data if
- the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted, or
- we no longer need the data for the purposes of processing and you need the data to assert, exercise or defend legal claims, or
- You have lodged an objection to the processing, as long as it has not yet been determined whether the legitimate reasons on our part or on your part prevail.
You also have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible, Art. 20 DSGVO.
You have the right to revoke your consent to the processing of personal data at any time with effect for the future.
You can also complain to a supervisory authority in accordance with Art.77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.
07. Right to object
If you would like to exercise your right of objection under Art. 21 GDPR, please contact: email@example.com
You have the right to object to specific data processing if we process your personal data on the basis of a legitimate interest in accordance with Article 6 Paragraph 1 Sentence 1 lit. f) GDPR exist that speak against the data processing and result from your particular situation. If you object to the sending of direct advertising, it is not necessary to give reasons.
In the event of a successful objection, we will delete your data immediately, unless one of the above reasons entitles or obliges us to further processing.
08. Data security
When you visit our website, the transmission of data between your end device and our servers is encrypted. To do this, we use standard transport encryption based on the TLS standard.
Your user account is secured by a password.
We also use appropriate technical and organizational measures (TOM) to protect your data from unauthorized access, loss or manipulation.
09. Updating and changing the data protection declaration
This data protection declaration is currently valid and has the status: January 2022. Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at https://www.chefslist.de/data-protection.
can do it