Privacy policy

We are delighted that you have visited our website https://www.foodji.com/ or are using our app. When you use our services, your personal data may be processed. Protecting your data is always a top priority for us. This privacy policy explains how we process personal data and what rights you have. This policy applies to all processing of personal data carried out by us, both in the context of providing our services via our website and mobile application (hereinafter also referred to as ‘app’). This privacy policy can be accessed and printed out at any time on our website and in our app.

I. General information

This privacy policy informs you about how your personal data is handled when you use our website and app. In particular, it explains what data we collect, for what purposes and on what legal basis. Personal data (‘data’) is any information relating to an identified or identifiable person. ‘Processing’ of data refers to any operation performed with or without the aid of automated procedures in connection with personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution or other forms of provision, comparison or linking, restriction, erasure or destruction. We treat personal data confidentially and in accordance with the statutory data protection regulations. The legal basis for data protection can be found in particular in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR) as well as in the Federal Data Protection Act (BDSG), the Telemedia Act (TMG) and the Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Telemedia.

II. person in charge

The following is responsible for processing your data:


Foodji GmbH
Auenstr. 5
80469 München
Deutschland
+49 89 552 09 468
E-Mail: hello@foodji.com


The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

III. Contact details of the data protection officer


Our data protection officer is available at any time to answer any questions you may have and to act as your contact person for data protection issues. The contact details of the data protection officer are: PROLIANCE GmbH:
http://www.datenschutzexperte.de
Leopoldstr. 21
80802 München
E-Mail: datenschutzbeauftragter@datenschutzexperte.de

IV. Scope of data processing

We only process your data to the extent necessary for the purpose of providing a functional and user-friendly website and app, as well as for providing our content and services. Failure to provide the data may have legal disadvantages, such as the inability to execute a contract. In the context of data processing, we use various third-party providers in the areas of hosting, online marketing, mailing services and customer/data management (CRM), who each process data on our behalf. We have concluded appropriate data processing agreements with these third-party providers, insofar as the third parties are processors, to ensure that our processors also guarantee an adequate level of data protection (Art. 28 GDPR).

V. data security

We have taken technical and organisational measures to ensure that data protection regulations are observed both by us and by external service providers. For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption.

VI. Processing of personal data

The following overview lists all types of data we process, the purposes for which they are processed, and the legal basis for their processing.

1. Use of the website

If you use our website without otherwise transmitting data to us (e.g. by registering or using the contact form), we temporarily and anonymously collect the data listed below on our web server via server log files:

  • Website from which our website was accessed (so-called referrer URL)
  • Name and URL of the requested website
  • Date and time of access to the website
  • Description of the type, language and version of the web browser used
  • IP address of the requesting device, which is shortened in such a way that it can no longer be linked to an individual
  • Notification of whether access was successful (access status / HTTP status code)
  • Internet service provider of the accessing system
  • Amount of data transferred in each case
  • Operating system used and its interface
  • GMT time zone difference

This processing is technically necessary in order to display our website to you. We also use the data for statistical analyses in order to ensure the operational security and stability of our website.

The legal basis for this processing is Article 6(1)(f) GDPR. The processing of the aforementioned data is necessary for the provision of the website and to ensure the stability and operational security of the website and therefore serves to safeguard a legitimate interest of our company.

We also use the data to fulfil our statutory obligations for reasons of data security. The legal basis for this processing is Article 6(1), sentence 1, point (c) GDPR.

2. Using the app

If you use our app, we process the data listed below:

  • Registration data (name, username, telephone number, email address, usual place of residence)
  • GPS location data
  • Content data voluntarily provided by the user (photos, videos, etc.)
  • Information about purchases voluntarily shared by the user
  • IP address
  • Date and time of access to the app
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request
  • Access status / HTTP status code
  • Amount of data transferred in each case
  • Client from which the request originates, app, version, operating system, environment, language and version of the operating system
  • Your device identifier

The purposes of processing are based on the following legal grounds:

Purpose of processing — Legal basis

  • Statistical analyses for the purpose of optimising our app
  • Ensuring the stability and operational security of the app
    → Article 6(1), sentence 1, point (f) GDPR, based on our legitimate interest in fraud prevention and quality assurance
  • Fulfilment of statutory obligations for reasons of data security
    → Article 6(1), sentence 1, point (c) GDPR
  • Account creation and management
  • Processing of enquiries
  • Use of the app’s functions
  • Order processing / order history; payment data; receivables management; subsidies
    → Article 6(1), sentence 1, point (b) GDPR
  • Voluntary sharing of content data as part of the use of the app, as well as of purchase data for the purpose of usage analysis and the personalisation of offers
    → Article 6(1), sentence 1, point (a) GDPR
  • Identification of the user account for push notifications
  • Deactivation of the app on stolen or lost smartphones and/or end devices
  • Processing and linking of payment information and transactions
    → Article 6(1), sentence 1, point (f) GDPR, based on our legitimate interest in fraud prevention, fraud detection and quality assurance

3. contact

If you write to us, e.g. by sending us an e-mail or contacting us via the contact form, we will store the contact details you provide, such as your name, address, mobile phone number, e-mail address and the information provided in your enquiry. If you contact us within the framework of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the data and information you provide will be processed for the purpose of processing and responding to your contact request on the legal basis of Art. 6 (1) (b) GDPR. If you have consented to the processing for the purpose of responding to your enquiry, the legal basis is Art. 6 (1) (a) GDPR. Otherwise, we process your data to protect our legitimate interests in accordance with Art. 6 (1) (f) GDPR in order to respond appropriately to customer/contact enquiries.

We use Salesforce (Salesforce Inc., Salesforce Tower, 415 Mission St, 3rd Floor, San Francisco, CA 94105, USA), a customer relationship management (CRM) system, to manage and maintain our customer relationships.

In the course of using Salesforce, we process the following categories of personal data:

  • Contact data: e.g. name, address, email address, telephone number
  • Communication data: e.g. email content, notes of conversations
  • Contract data: e.g. contract number, contract content, service data
  • Interaction data: e.g. information on the use of our products or services

We use Salesforce for the purposes of managing our customer relationships and communications, processing enquiries and orders, and, where applicable, analysing and improving our services.

The legal basis for the processing is consent pursuant to Article 6(1), sentence 1, point (a) GDPR, insofar as you have provided us with your data for the purpose of being contacted, as well as for the implementation of pre-contractual measures and the performance of contracts pursuant to Article 6(1), sentence 1, point (b) GDPR.

4. registration

No registration is required to use the app. However, to use the services, in particular to order goods in the app, you must create a customer account (‘user account’) by following the registration instructions in the app. When registering a user account, you must provide a password and certain personal data such as your name, address, email address, mobile phone number and – unless it is a free order (e.g. as part of a promotion with a voucher code) – at least one valid payment method, which we require for the purpose of processing your order. We process our customers' data to enable them to select, purchase or order the selected products, goods and related services, as well as to pay for and deliver or execute them. The mandatory information required for the execution of the contracts is marked separately; further information is voluntary. In this respect, we process inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contact details (e.g. email, telephone numbers); contract data (e.g. subject matter of the contract, term, customer category). Customer data is processed for the fulfilment of contracts made via the app on the legal basis of Art. 6 (1) (b) GDPR.

Social Media Login

For registration and login to a user account, you also have the option of authenticating and registering or logging in using your existing profile with one of the following social networks: Facebook, Google or Apple.

For this purpose, you will find the relevant icons of the respective providers of the social networks supported by our app on the registration or login page. Before a connection to the providers is established, you must expressly agree to the process described below and to the data transfer involved:

By clicking on the relevant icon, a new window will open in which you must log in using your login details for the respective social network. After you have successfully logged in, the social network will inform you which data (name and email address) will be transmitted to us for authentication as part of the registration or login process. If you consent to this data transfer, the fields required by us for registration will be populated with the transmitted data.

The information required by us for registration and login is your email address. Only after you have expressly consented to the use of the transmitted and required data will your data be stored by us and used for the purposes specified in this privacy policy.

In order to carry out the authentication process for registration and login, your IP address will be transmitted to the providers of the respective social network. We have no influence on the purpose and scope of the data collection or on the further processing of the data by the providers of the social networks. For further information, please refer to the privacy notices of the respective provider.

Auth0

We use the external authentication service Auth0 for registration within the app. During registration, the user’s name, email address, profile picture and ID are transmitted to Auth0.

Auth0: Auth0 Inc. (a wholly owned subsidiary of Okta, Inc., 10800 NE 8th Street, Suite 700, Bellevue, WA 98004, USA) and/or the relevant Okta subsidiaries, which process personal data on the basis of a data processing agreement.

Okta UK Limited is registered with the Information Commissioner’s Office (ICO) under registration number ZA286587.

Legal basis for the transfer to a third country (Articles 44 et seq. GDPR): EU–US Data Privacy Framework (DPF).

Privacy policy: https://auth0.com/privacy/
Terms of service: https://auth0.com/de/web-terms

5. Payment and payment service providers

During the ordering process in our online shop, you can choose between payment by credit card or payment by SEPA direct debit.

Payment processing is carried out via the payment service providers Adyen (Adyen N.V., Simon Carmiggeltstraat 6–50, 1011 DJ Amsterdam, Netherlands), Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, Ireland) or Apple Pay (Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland).

In this context, your IP address, information relating to your order such as the invoice amount and customer number, your email address, one or more payment IDs, as well as the credit card or bank account details entered by you, are transmitted to the respective payment service provider for the purpose of processing the payment transaction. The payment service provider may also transfer this information to further third parties insofar as this is necessary for the execution of the payment transaction (e.g. banks or credit card institutions).

The selected payment service provider is solely responsible for the processing of payment data carried out as part of the subsequent payment processing. Data collection and transmission are carried out in encrypted form, and we do not have access to this information. Accordingly, we do not store any payment data; instead, we only receive a reference from the payment service provider for the purpose of payment processing.

The legal basis for this processing is Article 6(1), sentence 1, point (b) GDPR (performance of a contract).

6. subsidy programme

Subsidised programmes (‘subsidised programme’) enable participating customers to purchase goods from the respective food vending machine at reduced prices. Customers who have been authorised by the respective location operator of the food vending machine (e.g. employer) (‘location operator’) by means of a code provided or by validating an email address assigned by the location operator are eligible to participate in such a subsidy programme. Foodji is entitled to pass on the data of all customers participating in a subsidy programme to the location operator. This serves to fulfil the obligations of the location operator and the legal requirements for subsidising employee meals. The data transmitted is used to identify the participating customer and all purchases made through the subsidy programme. Customers participating in the subsidy programme can also opt out of the subsidy programme by contacting Foodji directly. The legal basis for the transfer of data is Art. 6(1)(c) GDPR (fulfilment of a legal obligation) and Art. 6(1)(b) GDPR (performance of a contract/pre-contractual measures).

7. Support Tools

In our app, we use the support tool Intercom (INTERCOM, INC., 552nd St, 4th Floor, San Francisco, CA 94105, USA). Intercom is a communication platform that enables direct interaction with users of the app via chat. If questions arise, this communication channel allows us to provide timely assistance.

If you are registered, certain personal data will be collected and transmitted at regular intervals. In this context, your details (browser type/version, operating system used, server time, first name, last name, telephone number, email address, company name) are collected during registration on the platform and securely transmitted to Intercom using SSL encryption.

Intercom is also used to analyse and evaluate website usage (e.g. usage data). The legal basis for the use of Intercom is our legitimate interest in responding to your enquiry and providing individual support in connection with the use of the website, optimising the usability of our website, and improving our service, pursuant to Article 6(1), sentence 1, point (f) GDPR. If your enquiry is aimed at the conclusion of a contract (e.g. the purchase of goods), the legal basis for the processing of the data provided is also the necessity for the performance of (pre-)contractual measures pursuant to Article 6(1), sentence 1, point (b) GDPR.

Intercom acts as a data processor. Intercom’s privacy policy can be found here: https://www.intercom.com/legal/privacy.
Legal basis for the transfer to a third country (Articles 44 et seq. GDPR): EU–US Data Privacy Framework (DPF) and EU Standard Contractual Clauses.

In addition, we use the tool Front for handling customer enquiries and consolidating our support channels (FrontApp Inc., 525 Brannan St., Suite 300, San Francisco, CA 94107, USA). Front centralises all customer enquiries in a single application and assists us in organising and managing customer requests. We also use Front to collect customer feedback in order to improve our support service.

The legal basis for the use of Front for the above-mentioned purposes is our legitimate interest pursuant to Article 6(1), sentence 1, point (f) GDPR. If your enquiry is aimed at the conclusion of a contract (e.g. the purchase of goods), the legal basis for the processing of the data provided is also the necessity for the performance of (pre-)contractual measures pursuant to Article 6(1), sentence 1, point (b) GDPR.

Front acts as a data processor. Front’s privacy policy can be found here: https://front.com/privacy-policy.
Legal basis for the transfer to a third country (Articles 44 et seq. GDPR):

EU-US Data Privacy Framework (DPF) and EU Standard Contractual Clauses.

8. push notifications

When installing the app on your device, you can decide whether you want to receive push notifications. In order to send push notifications, we collect, store and use various personal data that is necessary to ensure device-specific delivery of push notifications in accordance with the push configuration in the app. The legal basis for the processing of this data is your consent, Art. 6 (1) (a) GDPR. You can deactivate the push notification function at any time by either switching off the push function in the settings of the installed app or by selecting the corresponding app in the settings of your smartphone under ‘Apps’ and configuring the notification function there as desired.

9. Newsletters and direct marketing

With our newsletter, we inform you about our company and our offers. To subscribe to the newsletter, only your email address and your name are required. When you register for the newsletter, your email address is transmitted to us (or our email service provider) and stored there. After registration, you will receive an email to confirm your subscription (“double opt-in”).

In this context, we (or our email service provider) process the following data:

  • Contact data: email address, name
  • Device data: device name, where applicable country code, language, name and version of the operating system
  • Connection data: IP address, email service provider
  • **Date and time of registration and confirmation

Our newsletter is sent on the basis of your prior explicit consent, pursuant to Article 6(1), sentence 1, point (a) GDPR. Where we engage a service provider to send emails, this is done on the basis of our legitimate interests in efficient and secure email delivery. The legal basis in this respect is Article 6(1), sentence 1, point (f) GDPR.

You may withdraw your consent to the processing of your data for the purpose of receiving the newsletter or for the analysis of related data at any time. Withdrawal can be effected via a link included in every newsletter or by sending a separate message to us. Apart from the transmission costs according to the basic tariffs, no further costs will be incurred.

The email address collected when registering a Foodji account via the Foodji app is used by us, in accordance with Section 7(3) of the German Act Against Unfair Competition (UWG), for direct advertising of our own and similar products and services. If you no longer wish to receive direct marketing, you may object to the use of your email address at any time. No costs other than the transmission costs according to the basic tariffs will be incurred. The unsubscribe link can be found at the end of every email. Alternatively, you may send us an email to info@foodji.com.

We also analyse the success or failure of our marketing campaigns by evaluating whether our email messages have been opened and which links have been clicked. This information helps us to improve our communications to you.

Emails are sent on the basis of our legitimate interest in direct marketing pursuant to Article 6(1), sentence 1, point (f) GDPR and Section 7(3) UWG. The analysis of open and click-through rates is carried out on the basis of our legitimate interest in direct marketing and in improving our marketing campaigns pursuant to Article 6(1), sentence 1, point (f) GDPR.

We use Brevo (Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin) as our email delivery service provider. Brevo stores the data on a server in Germany, where it is deleted no later than two years after the end of the contractual relationship. Brevo's privacy policy can be found here. To send emails, we also use HubSpot (Hubspot Inc, 25 First Floor, 2nd Floor Cambridge, MA, USA and Ground Floor, Two Dockland Central Guild Street, Dublin 1, Ireland) as our email delivery service provider. HubSpot also processes data in the USA, among other places. As a guarantee in accordance with Art. 44 ff GDPR, HubSpot has the so-called EU standard contractual clauses and is certified under the EU-US Data Privacy Framework (DPF). HubSpot's privacy policy can be found here.

10. Cookies

We use cookies on our website that are provided either by us or by third parties.

Cookies are small text files that are stored on the device you use and saved by your browser. Cookies are used to make our services more user-friendly, effective and secure. There are different types of cookies that are used for different purposes.

Some cookies ensure that our services function properly or that you are recognised on your device after successful registration (“necessary cookies”). By placing these necessary cookies, we make it easier for you to visit our services and use the features available there.

Other cookies are used to analyse user preferences and thereby improve our services (“extended cookies”). We use these, for example, for tracking purposes (e.g. interest-based and behavioural profiling), remarketing, analysis of visit actions, conversion measurement, reach measurement (e.g. access statistics, recognition of returning visitors), audience creation and cross-device tracking.

We only use non-essential cookies with your consent. When you visit our services for the first time, a pop-up (“cookie banner”) is displayed in which the individual cookies are described in more detail. There you can allow or reject cookies according to your preferences. You can change your settings at any time. Please note that disabling cookies may restrict the functionality of this website.

Depending on your browser settings, the following data may be processed when cookies are used:

  • Usage data: e.g. visited websites, interest in content, access times
  • Metadata / communication data: e.g. device information, IP addresses
  • Location data: data indicating the location of an end user’s device

Where personal data are processed through the use of “necessary cookies”, this is based on Article 6(1), sentence 1, point (f) GDPR, on the basis of our legitimate interests in quality assurance and the technically flawless presentation of the website.

The processing of personal data through the use of so-called “extended cookies” is based on your consent (Article 6(1), sentence 1, point (a) GDPR).

Hier Cookies anpassen

11. Plug-ins and similar techniques

On our website, we use so-called pixel tags (invisible graphics, also known as ‘web beacons’) and other techniques from the third-party providers listed below for marketing purposes and to provide our content. Pixel tags enable information such as visitor traffic on the pages of this website to be evaluated. The pseudonymous information can also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visit time and other information about the use of our online offering, and may be linked to such information from other sources. When using pixel tags, usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) and location data are processed. We process this data for the purpose of displaying fonts, direct marketing (e.g. by email or post), tracking (e.g. interest/behaviour-based profiling, use of cookies), social plugins (integration of content and sharing functionality of the respective social media platform) and interest-based and behaviour-based marketing. The processing of this data is based on your consent; the legal basis is Art. 6(1)(a) GDPR.


LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland;
Website: https://de.linkedin.com/
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Xing or Kununu, New Work SE, Am Strandkai 1, 20457 Hamburg, Germany;
Website: https://www.xing.com
Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung

YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
Website: https://www.youtube.com/
Privacy Policy: https://policies.google.com/privacy
Opt-out: https://adssettings.google.com/authenticated

Instagram, Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA;
Website: https://www.instagram.com
Privacy Policy: https://instagram.com/about/legal/privacy

Facebook, Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland;
Website: https://www.facebook.com
Privacy Policy: https://www.facebook.com/about/privacy
Additional data protection information:
Agreement on joint processing of personal data on Facebook Pages:
https://www.facebook.com/legal/terms/page_controller_addendum
Data protection information for Facebook Pages:
https://www.facebook.com/legal/terms/information_about_page_insights_data

Note: Our website uses social plugins on Facebook which enable interactions with Facebook content. Through these plugins, data may be transmitted to Meta (Facebook), even without active clicking.

On our website, we use the Facebook Pixel provided by Meta Platforms Inc. (Menlo Park, California). This allows us to track the behaviour of users after they have been redirected to our website by clicking on a Facebook advertisement. This enables us to analyse the effectiveness of our Facebook advertisements for statistical purposes and market research. The data collected in this process is anonymous to us, meaning that we cannot draw any conclusions about the identity of individual users.

However, Facebook stores and processes this data, and we would therefore like to inform you accordingly. Facebook may associate the data with your Facebook profile and use it for its own advertising purposes in accordance with Facebook’s data protection policies. In addition, a cookie may be stored on your device to enable this processing.

If you wish to object to the collection of your data by the Facebook Pixel or to its use for Facebook advertising purposes, you may do so here.

The legal basis for the use of this service is Section 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG) and, for the subsequent processing of personal data, Article 6(1)(a) GDPR.

The legal basis for the transfer of data to third countries (Articles 44 et seq. GDPR) is the EU–US Data Privacy Framework (DPF) and the EU Standard Contractual Clauses.

Meta Custom Audience

On our website, we use the “Custom Audiences” product provided by Facebook (Meta Platforms Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA) as part of usage-based online advertising. In this context, a hash value (checksum) is essentially generated from your usage data and transmitted to Facebook for analysis and marketing purposes.

This is carried out either by integrating a Facebook tracking pixel on our website or by providing a customer list containing your name and email address, which you may have provided to us, for example, via a contact form. In this process, data relating to your activities on our website is collected, such as your browsing behaviour and visited sub-pages. This enables Facebook to create a profile of your usage behaviour. In addition, your IP address is stored and used for the targeted delivery of advertising based on geographical criteria.

The legal basis for the use of this service following the setting of a Facebook tracking pixel is Section 25 (1) TTDSG and, for the subsequent processing of personal data, Article 6(1), first sentence, point (a) GDPR. In the case of the provision of customer lists, the legal basis is Article 6(1), first sentence, point (a) GDPR. You may, of course, withdraw your consent at any time with effect for the future.

Please note in this context that Facebook may also use the data provided by us for its own purposes. You have the option here to object to targeting by Facebook.

The legal basis for the transfer of data to third countries (Articles 44 et seq. GDPR) is the EU–US Data Privacy Framework (DPF) and the EU Standard Contractual Clauses.

12. Webhosting & Content Delivery

We use the services of the following service providers in the areas of web hosting and content delivery. The purpose of using these services is to provide our website content securely and efficiently in multiple languages (including, among other things, the provision of interactive forms and external content), to improve the user experience (e.g. by optimising loading speeds), and to host our website.

The following data is processed:

  • IP address and technical access data / log data
  • Usage data and, where applicable, personal data

The processing of this data is based on our legitimate interests; the legal basis is Article 6(1), first sentence, point (f) GDPR.

The legal basis for the transfer of data to third countries (Articles 44 et seq. GDPR) is the EU–US Data Privacy Framework (DPF) and the EU Standard Contractual Clauses.

The following service providers are used:

Amazon CloudFront (Amazon Web Services Inc., 410 Terry Avenue North, Seattle, WA 98109, USA) as a hosting and content delivery service;
Website: https://aws.amazon.com/de/cloudfront/
General Amazon Web Services (AWS) Privacy Policy: https://aws.amazon.com/de/privacy/
Specific data protection information for Amazon CloudFront:
https://docs.aws.amazon.com/de_de/AmazonCloudFront/latest/DeveloperGuide/data-protection-summary.html

Webflow (Webflow Inc., 398 11th St., Floor 2, San Francisco, CA 94103, USA) as a hosting service;
Website: https://webflow.com
Privacy Policy: https://webflow.com/legal/privacy

Heyflow (Heyflow GmbH, Jungfernstieg 49, 20354 Hamburg, Germany);
Website: https://heyflow.com
Privacy Policy: https://heyflow.com/de/datenschutz/

Weglot (Weglot, 7 Cité Paradis, 75010 Paris, France) as a translation service provider;
Website: https://weglot.com
Privacy Policy: https://www.weglot.com/privacy

In addition, we use the Cookiebot service provided by Usercentrics A/S (Havnegade 39, 1058 Copenhagen, Denmark) for the purpose of managing consents for the use of cookies and similar tracking technologies. The official Cookiebot website can be accessed at https://www.cookiebot.com/de/. The provider’s privacy policy is available at the following link: https://www.cookiebot.com/de/privacy-policy/. This policy provides detailed information on the purposes and types of data processing as well as the respective data protection responsibilities.

The processing of this data is carried out on the basis of a legal obligation; the legal basis is Article 6(1), first sentence, point (c) GDPR.

13. Analytical tools and advertising

Google Analytics und Google Ads

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on our websites. In this context, pseudonymised user profiles are created and cookies are used (see above under “Cookies”). The information generated by these cookies about your use of this website — such as browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing device (IP address), and time of the server request — is transmitted to a Google server in the United States and stored there.

This information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website and internet usage for the purposes of market research and demand-oriented design of these websites. This information may also be transferred to third parties where required by law or where such third parties process the data on our behalf. Under no circumstances will your IP address be merged with other data held by Google. IP addresses are anonymised so that they cannot be assigned to a specific individual (IP masking).

For advertising purposes, we additionally use Google Ads, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, Mountain View, CA, USA.

You may prevent the installation of cookies by adjusting the settings of your browser; however, please note that in this case you may not be able to make full use of all the functions of this website. These processing activities are carried out only if you have given your explicit consent in accordance with Article 6(1)(a) GDPR.

You may also prevent the collection of data generated by cookies and relating to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing the browser add-on available at:
http://tools.google.com/dlpage/gaoptout?hl=en

Google’s privacy policy can be found here:
https://policies.google.com/privacy

Further information on the types of processing and data processed is available at:
https://business.safety.google/adsservices/

The data processing terms for Google advertising products and the standard contractual clauses for data transfers to third countries are available at:
https://business.safety.google/adsprocessorterms/

The legal basis for the transfer of data to third countries (Articles 44 et seq. GDPR) is the EU–US Data Privacy Framework (DPF) and the EU Standard Contractual Clauses.

Google Tag Manager

We use Google Tag Manager on our website, a service provided by Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Tag Manager enables us to integrate and manage various codes and services on our website in an organised and simplified manner. Google Tag Manager itself implements the tags or “triggers” the integrated tags.

When a tag is triggered, Google may process information (including personal data) and further process such data. It cannot be ruled out that Google may also transfer this information to a server in a third country. In particular, the following personal data may be processed by Google Tag Manager:

  • Online identifiers (including cookie identifiers)
  • IP address

Further detailed information on Google Tag Manager can be found at:
https://www.google.de/tagmanager/use-policy.html

Additional information is available in Google’s privacy policy at:
https://www.google.com/intl/de/policies/privacy/index.html, in the section “Data we receive based on your use of our services”.

Furthermore, we have concluded a data processing agreement with Google for the use of Google Tag Manager in accordance with Article 28 GDPR. Google processes the data on our behalf in order to trigger the stored tags and to provide the services integrated on our website. Google may transfer this information to third parties where required by law or where such third parties process the data on Google’s behalf.

If you have disabled individual tracking services (e.g. by setting an opt-out cookie), this deactivation will remain effective for all corresponding tracking tags that are integrated via Google Tag Manager.

By using Google Tag Manager, we pursue the purpose of enabling a simplified and clearly structured integration of various services. In addition, the use of Google Tag Manager helps to optimise the loading times of the various services.

The legal basis for the processing of personal data described here is Article 6(1), first sentence, point (f) GDPR. Our required legitimate interest lies in the significant benefits gained from integrating various services via Google Tag Manager. By using Google Tag Manager, we reduce our maintenance effort as well as the loading effort of the website and servers and the associated traffic load. Google also has a legitimate interest in the (personal) data collected in order to improve its own services.

You have the right to object. You have the option to prevent the transmission of all Google Tag Manager tags. To do so, simply click this opt-out link in order to store the Google Tag Manager deactivation cookie in your browser. Please note, however, that deactivation may result in you being unable to use our website, or not being able to use it to its full extent.

The processed information is stored only for as long as necessary for the intended purpose or as required by law. The provision of personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide such data may result in you being unable to use our website, or not being able to use it to its full extent.

The legal basis for the transfer of data to third countries (Articles 44 et seq. GDPR) is the EU–US Data Privacy Framework (DPF) and the EU Standard Contractual Clauses.

HubSpot Analytics

We use the “HubSpot Analytics” service to analyse user behaviour on our website. The service provider is HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA. HubSpot uses cookies to collect information about visitor behaviour and to evaluate the use of our website.

Processing is carried out exclusively on the basis of your consent in accordance with Article 6(1)(a) GDPR.

Further information on data protection at HubSpot can be found at:
https://legal.hubspot.com/de/privacy-policy

HubSpot provides a Data Processing Agreement including EU Standard Contractual Clauses, which is available at:
https://legal.hubspot.com/de/dpa

This ensures that the provider implements appropriate safeguards in accordance with Articles 44 et seq. GDPR for the transfer of data to third countries.

LinkedIn Analytics

On our website, we use LinkedIn Analytics to analyse interactions of visitors via LinkedIn. The service provider is LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

Data processing is carried out on the basis of your consent in accordance with Article 6(1)(a) GDPR.

Further information on data processing by LinkedIn can be found at:
https://de.linkedin.com/legal/privacy-policy

As part of its business services, LinkedIn uses EU Standard Contractual Clauses to ensure an adequate level of data protection for the transfer of data to third countries.

Microsoft Clarity

We use Microsoft Clarity, an analytics tool provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Clarity helps us to better understand user behaviour on our website, for example by recording clicks, scrolling movements, or interactions.

Use of this service is based on your consent in accordance with Article 6(1)(a) GDPR.

Microsoft’s privacy policy can be found at:
https://privacy.microsoft.com/de-de/privacystatement

Microsoft provides a Data Processing Agreement based on the EU Standard Contractual Clauses to ensure compliance with the requirements of Articles 44 et seq. GDPR for data transfers to the United States.

Matomo

We use Matomo, a web analytics service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand (NZBN), on our websites and apps. In this context, pseudonymised user profiles are created and cookies are used (see above under “Cookies”). The information generated by these cookies about your use of this website — such as browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing device (IP address), and time of the server request — is transmitted to an InnoCraft server in Germany and Ireland and stored there.

This information is used to evaluate the use of the website, to compile reports on website activity, and to provide further services related to website and internet usage for the purposes of market research and demand-oriented design of these websites. This information may also be transferred to third parties where required by law or where such third parties process the data on our behalf. IP addresses are anonymised so that they cannot be assigned to a specific individual (IP masking).

You may prevent the installation of cookies by adjusting the settings of your browser; however, please note that in this case you may not be able to make full use of all the functions of this website. These processing activities are carried out only if you have given your explicit consent in accordance with Article 6(1)(a) GDPR.

You may also prevent the collection of data generated by cookies and relating to your use of the website (including your IP address), as well as the processing of this data by Matomo, by removing the tick below (website) or via the settings of the foodji app.

Matomo’s privacy policy can be found here:
https://matomo.org/privacy-policy

Nutzung der SalesViewer®-Technologie

On this website, data is collected and stored for marketing, market research and optimisation purposes using SalesViewer® technology provided by SalesViewer® GmbH, on the basis of the website operator’s legitimate interests in accordance with Article 6(1)(f) GDPR.

For this purpose, a JavaScript-based code is used to collect company-related data and the corresponding usage information. The data collected using this technology is encrypted using a non-reversible one-way function (so-called hashing). The data is immediately pseudonymised and is not used to personally identify visitors to this website.

The data stored within the scope of SalesViewer is deleted as soon as it is no longer required for its intended purpose and provided that no statutory retention obligations prevent deletion.

You may object to the collection and storage of data at any time with effect for the future by clicking the following link:
https://www.salesviewer.com/opt-out

This will prevent data collection by SalesViewer® on this website in the future. An opt-out cookie will be stored on your device for this purpose. If you delete your cookies in this browser, you will need to click this link again.

Hotjar

We use Hotjar (Hotjar Ltd., 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta) to better understand the needs of our users and to optimise the offering and experience on this website. Using Hotjar’s technology, we gain a better understanding of our users’ experiences (e.g. how much time users spend on which pages, which links they click, what they like and dislike, etc.), which helps us align our offering with user feedback.

Hotjar uses cookies and other technologies to collect data about the behaviour of our users and their end devices. In particular, the following data is collected: the IP address of the device (recorded and stored only in anonymised form during your use of the website), screen size, device type (unique device identifiers), information about the browser used, location (country only), and the preferred language for displaying our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

Further information can be found in the “About Hotjar” section on Hotjar’s help pages.

The legal basis for the use of Hotjar is your consent in accordance with Article 6(1), first sentence, point (a) GDPR. You may withdraw your consent at any time by changing your cookie settings via the link in the footer of our website or by following Hotjar’s instructions at the following link:
https://www.hotjar.com/legal/compliance/opt-out

Hotjar’s privacy policy can be found here.

Dealfront

Our website uses the technologies of Dealfront (Liidio Oy as part of the Dealfront Group GmbH, Durlacher Allee 73, D-76131 Karlsruhe, Germany) (“Dealfront”) to analyse visitor behaviour. In this process, the IP address of a visitor is processed. The IP address is used to help us understand which companies (B2B) visit our website. As part of this processing, the IP address is enriched with associated information such as the company name or industry code.

For this purpose, at the beginning of a session the IP address of the website visitor and the corresponding session data are matched against an extensive whitelist of known companies.

To enhance the protection of our visitors’ privacy, we have enabled IP address anonymisation, meaning that only shortened values are stored and processed with Dealfront instead of the actual IP addresses. When this function is enabled, we do not store the actual IP address anywhere in our systems, including in log files. This anonymisation makes it impossible to subsequently establish a connection to external IP address information, thereby preventing the identification of an individual person.

To prevent this processing, website visitors may install and configure appropriate ad blockers or use no-script plugins in their browser. The data is deleted as soon as it is no longer required for the intended purposes. However, statutory retention obligations may result in a longer retention period for the relevant data.

We have concluded a data processing agreement with Dealfront to ensure compliance with the applicable data protection standards.

Dealfront’s privacy policy can be found here.

Bing Ads

We use Bing Ads, a re-marketing activity provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. If you reach our website via a Microsoft Bing Ads advertisement, Microsoft Bing places a cookie on your device. This allows Microsoft Bing and us to recognise that someone has clicked on an advertisement, has been redirected to our website, and has reached a specific target page (conversion page).

However, we only see the total number of users who clicked on a Bing advertisement and were then redirected to the conversion page; we do not receive any personal information that would allow us to identify individual users.

The legal basis for the use of this service is your consent in accordance with Article 6(1), first sentence, point (a) GDPR. If you do not wish Microsoft to use your data as described above, you can generally disable the setting of cookies in your browser settings. Alternatively, you can prevent data collection by Microsoft Bing Ads directly via the following link:
http://choice.microsoft.com/de-DE/opt-out

Further information on data protection and cookies at Microsoft and Bing Ads can be found on Microsoft’s website:
https://privacy.microsoft.com/de-de/privacystatement

The legal basis for the transfer of data to third countries (Articles 44 et seq. GDPR) is the EU–US Data Privacy Framework (DPF) and the EU Standard Contractual Clauses.

Meta Custom Audience

As part of usage-based online advertising, the Custom Audiences product provided by Facebook (Meta Platforms Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA) is also used on the website. In principle, a checksum (hash value) is generated from your usage data, which may be transmitted to Facebook for analysis and marketing purposes.

For this purpose, either a Facebook tracking pixel is integrated on our website or your usage behaviour in our app is recorded using the Facebook SDK (see the section above for a detailed description of these two Facebook services). Alternatively, we may provide Facebook with a customer list containing your email address, which you provided to us during registration.

In this process, information about your activities on the website is collected (e.g. browsing behaviour, visited sub-pages, etc.). This enables Facebook to create a profile of your usage behaviour in our app and on our website. For the geographical targeting of advertisements, your IP address is stored and used.

As a safeguard in accordance with Articles 44 et seq. GDPR, Facebook has entered into the EU Standard Contractual Clauses.

The legal basis for the use of this service following the setting of a Facebook tracking pixel is Section 25 (1) TTDSG and, for the subsequent processing of personal data, Article 6(1)(a) GDPR. In the case of the provision of customer lists, the legal basis is Article 6(1)(a) GDPR. You may, of course, withdraw your consent at any time with effect for the future.

If you no longer agree to us sharing your data with Facebook, you can opt out in our app settings.

Please note in this context that Facebook may also use the data provided by us regarding your usage behaviour and your email address for its own purposes. On this page, you have the option to object to targeting by Facebook. Alternatively, you may contact us directly by email.

Further information on the purpose and scope of data collection and the further processing and use of the data, as well as privacy settings, can be found in Facebook’s privacy policy.

AppSheet

As part of our trade fair lead capture, we use the AppSheet platform (a service provided by Google LLC) to digitally record the personal contact details of trade fair visitors (e.g. name, company, job title, email address, telephone number, conversation notes, and information regarding the visitor’s interest in the discussion).

Service provider:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Purpose:
Digital recording and organisation of trade fair contacts, export of the data to our CRM system (e.g. HubSpot) for follow-up purposes, and subsequent deletion or archiving of the source data.

Legal basis:
Processing is carried out on the basis of your verbally given consent in accordance with Article 6(1)(a) GDPR. Consent is explicitly requested and documented during the trade fair conversation.

Data storage:
The contact data collected by us is stored within our Google Workspace data source (Drive/Sheets), which is located in the EU data region. This ensures that personal data is stored within the European Union.

Transfer to third countries:
AppSheet itself processes certain system and metadata (e.g. app definitions, logs, access tokens) on servers located in the United States (“Global Region”) for the technical provision of the app. For this purpose, the Standard Contractual Clauses implemented by Google in accordance with Articles 44 et seq. GDPR apply, ensuring an adequate level of data protection.

Data retention period:
The recorded contact data is deleted or anonymised after successful export to our CRM system and no later than three months, unless statutory retention obligations require longer storage.

Access control:
Access to the app and the data source is restricted exclusively to authorised employees of our company via their corporate Google accounts.

Withdrawal of consent & data subject rights:
You may withdraw your consent at any time with effect for the future. Further information on your data protection rights (right of access, rectification, erasure, restriction of processing, data portability, and objection) can be found in Section VIII of this privacy policy.

14. applications

If you apply for a position with us, we process the information and personal data you provide for the purpose of carrying out the application process. This data includes your name, email address, postal address and telephone number, age, professional background, qualifications, country of residence, language skills, and any other personal information you provide during your interaction with us. We may also request additional information that assists us in our recruitment process and, if you are offered a position, such as your date of birth and employment-related documents.

Processing may also take place by electronic means. This is particularly the case where an applicant submits application documents to us electronically, for example by email.

We process your personal data in order to fulfil our contractual or pre-contractual obligations (on the legal basis of Article 6(1), first sentence, point (b) GDPR) or, where applicable, for the establishment and performance of an employment relationship with you (Section 26 of the German Federal Data Protection Act (BDSG)). Where you have consented to the processing of your data for the purpose of handling your application, the legal basis is Article 6(1), first sentence, point (a) GDPR.

If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests prevent deletion. Such legitimate interests may include, for example, the obligation to provide evidence in proceedings under the German General Equal Treatment Act (AGG).

15. Social Media

We maintain a presence on the following social media platforms and, in this context, process users’ data in order to communicate with users active on these platforms or to provide information about us:

Please note that user data may be processed within social networks for market research and advertising purposes. For example, usage profiles may be created based on users’ behaviour and the interests derived from it. These usage profiles may in turn be used, for example, to place advertisements within and outside the networks that are presumed to correspond to users’ interests. For these purposes, cookies are generally stored on users’ devices in which users’ usage behaviour and interests are recorded.

Furthermore, data may also be stored in usage profiles across devices, irrespective of the devices used by the users (in particular if users are members of the respective platforms and are logged in to them). For a detailed description of the respective forms of processing and the options to object (opt-out), we refer to the privacy policies and information provided by the operators of the respective social media platforms.

In the case of requests for information and the assertion of data subject rights, we also point out that these can be exercised most effectively with the respective providers. Only the providers have access to users’ data and are able to take appropriate measures and provide information directly. If you nevertheless require assistance, you are welcome to contact us.

VII. Storage and deletion of data

The data processed by us will be deleted in accordance with the statutory provisions as soon as any consents permitting processing are withdrawn or other permissions cease to apply (e.g. where the purpose for processing the data no longer applies or the data is no longer required for that purpose). This means that we store your personal data only for as long as it is necessary for the respective purpose of processing and limit the retention period to the minimum required.

In addition, we store your data only where we are permitted or required to do so due to statutory retention obligations (for example under the German Commercial Code (HGB) or the German Fiscal Code (AO)). Our privacy notice may also contain further information on the retention and deletion of data which takes precedence for the respective processing activities.

VIII. Your rights

You have the following rights:

  • the right of access,
  • the right to rectification or erasure,
  • the right to restriction of processing,
  • the right to data portability,
  • the right to withdraw consent you have given, with effect for the future,
  • the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is carried out on the basis of Article 6(1), first sentence, points (e) or (f) GDPR; this also applies to profiling based on these provisions.

To exercise your rights listed above, you can send an email to: datenschutzbeauftragter@datenschutzexperte.de.

You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.

IX. Data disclosure / Third country transfers

As a general rule, we only disclose your data to third parties if you have given your consent or if another legal basis applies. Where we use third-party tools that process your data outside the EU/EEA, we ensure that the legal requirements of Articles 44 et seq. GDPR for such transfers to third countries are complied with and that your data is processed in the respective third country in accordance with European data protection standards.

For this purpose, we regularly use the EU Standard Contractual Clauses (SCCs), which we conclude with the respective service provider. In addition, in line with the requirements of the Court of Justice of the European Union (CJEU) (“Schrems II”), we carry out a case-by-case risk assessment for each transfer to a third country in order to ensure that your data is processed lawfully in the respective third country and, in particular, that access to your data by public authorities is prevented.

X. Data processing when linked content is accessed

This privacy policy applies solely to data processing on our website and within our app. Our services may contain external links or hyperlinks to websites or services provided by other providers. These are to be distinguished from our own content. Such third-party content neither originates from us nor is it subject to our influence, and we have no control over the content of third-party websites.

If you are redirected to other websites via links, please inform yourself there about how your data is handled in each case.

XI. Automated decision-making/profiling

We do not use automated decision-making or profiling (an automated analysis of your personal circumstances).

XII. Changes to this privacy policy

Due to the further development of our website and offers on it, or due to changes in legal or regulatory requirements, it may be necessary to amend this privacy policy. If you have any questions or suggestions regarding data protection, you can send us an email at any time to datenschutzbeauftragter@datenschutzexperte.de. Status: April 2025