Privacy policy of GASTORO

Last updated:

We know that the handling of your personal data is important to you and we appreciate your trust that we will handle this data responsibly, carefully and in accordance with the law.

This privacy policy describes how clubare IT collects and processes personal data via www.gastoro.com, all associated subdomains, functions, retailer profiles, product pages, ordering processes, communication channels and other GASTORO services.

Please read this privacy policy together with our general terms and conditions, the revocation policy, the cookie information and the respective retailer terms and conditions if a purchase contract is concluded directly with a retailer.

Contents

Responsible party
Scope of application
What personal data does GASTORO collect?
For what purposes does GASTORO process your personal data?
What about cookies and similar technologies?
Does GASTORO share personal data?
How secure is information about me?
What about advertising and tracking?
What information can I see in my account?
What choices do I have?
Are children allowed to use GASTORO?
How long do we store your data?
Information for users in the EU/EEA
What are your rights?
How can you make a complaint?
Contacts, notices and changes

1. responsible person

The controller for the processing of personal data in connection with GASTORO is

clubare IT
(hereinafter “GASTORO”, “we”)

Insofar as products or services are offered on GASTORO by external dealers, suppliers or other sellers, these may also be independently responsible for the processing of personal data as part of their own sales processing. GASTORO processes personal data in particular for the operation of the platform, account management, technical provision, communication, mediation of contracts and support with ordering and payment processes.

2nd area of application

This privacy policy applies to:

  • www.gastoro.com
  • all subdomains
  • the following user groups:
    • Buyers(B2C and B2B)
    • Dealers / Suppliers
    • Visitors

3. legal bases

The processing of personal data takes place in particular on the basis of:

  • Art. 6 para. 1 lit. a GDPR – Consent
  • Art. 6 para. 1 lit. b GDPR – contract fulfillment and pre-contractual measures
  • Art. 6 para. 1 lit. c GDPR – fulfillment of legal obligations
  • Art. 6 para. 1 lit. f GDPR – legitimate interests

In Austria, the Data Protection Act (DSG) and the Telecommunications Act 2021 (TKG 2021) are also particularly relevant. The Austrian Data Protection Authority is the competent data protection supervisory authority and provides information on rights, complaints and legal sources.

4 What personal data does GASTORO collect?

We collect personal data in order to provide our platform, facilitate orders, connect merchants and buyers, support payments and communication and continuously improve our services.

4.1 Information that you actively provide to us

We collect and store information that you transmit to us in connection with GASTORO, in particular if you:

  • create a customer account or merchant account,
  • Search, view or order products,
  • fill out a contact form,
  • subscribe to a newsletter,
  • Send support requests,
  • contact us by e-mail or telephone,
  • publish reviews or other content,
  • Specify company data in the B2B area.

In particular, the following data may be processed:

  • Name / Company
  • Address
  • E-mail address
  • Phone number
  • Password in encrypted form
  • UID number for B2B accounts
  • Order history
  • Delivery and billing address
  • Contact information
  • Contents of messages, forms and requests

4.2 Dealer data

In the case of merchant accounts, the following data in particular may also be processed:

  • Company data
  • Product data
  • Prices
  • Bank or payment data
  • Reviews
  • Communication processes

This data is used in particular to operate the marketplace and to broker contracts.

4.3 Automatically collected information

When you use GASTORO, certain information is processed automatically, for example:

  • IP address
  • Date and time of access
  • Browser type
  • Operating system
  • Referrer
  • Technical access data
  • Server logs
  • Usage and interaction data

5. hosting and infrastructure

5.1 Website hosting

The website is operated by Hetzner Online GmbH in Germany. In particular, IP addresses, server logs and access data may be processed. The legal basis is regularly our legitimate interest in the secure and functional operation of the website in accordance with Art. 6 para. 1 lit. f GDPR.

Where necessary, there is a contract for order processing with the service providers used.

5.2 E-mail hosting

Email communication takes place via Hoststar. Personal data may be processed insofar as this is necessary for communication, support and contract processing.

6. server log files

When you visit our website, technical access data is automatically recorded in server log files. This includes in particular

  • IP address
  • Date and time
  • Browser
  • Operating system
  • Referrer

This processing serves in particular to ensure technical stability, security, error analysis and the prevention of misuse. The storage period is generally a maximum of 14 days, unless longer storage is required for security or evidentiary reasons.

7 User accounts and registration

When you create an account with GASTORO, we process the data requested in the registration process, in particular:

  • Name / Company
  • Address
  • e-mail
  • Phone number
  • Password in encrypted form
  • VAT number for B2B

We use this data in particular for

  • Account management
  • Contract processing
  • Identification
  • Communication with you
  • Security and abuse prevention

8. orders and contract processing

If you order via GASTORO or sell as a retailer, we process the data required for this, in particular

  • Order history
  • Delivery and billing address
  • Contact information
  • Transaction-related data

Insofar as this is necessary for the execution of an order, data will be passed on to the respective retailer. As GASTORO is a marketplace, the respective retailer may be the buyer’s contractual partner.

9. payment provider

We use the following in particular to process payments:

PayPal

The provider is PayPal Europe S.à r.l. et Cie, S.C.A. in Luxembourg. PayPal describes in its privacy policy that in the EEA PayPal Europe is responsible for the personal data collected and processed in connection with its services.

Stripe

The provider is Stripe Payments Europe, Limited or, for certain services within the Stripe structure, Stripe companies in Ireland. Stripe describes in its data protection information that personal data of end customers may be processed for payments if Stripe provides services for business users.

In particular, the following data may be processed:

  • Payment amount
  • Payment status
  • Transaction data

Payment data is generally processed directly by the respective payment provider.

10. newsletter and CRM

GASTORO uses Brevo for newsletters, marketing automation and CRM functions. In particular, the following data may be processed:

  • E-mail address
  • Name
  • Usage behavior, in particular openings and clicks

Processing is carried out for the purposes of sending newsletters, CRM management and marketing automation. The legal basis is generally your consent in accordance with Art. 6 para. 1 lit. a GDPR. As a rule, registration takes place via double opt-in. Brevo provides information on data protection and GDPR-compliant registration processes.

11. cookies and consent management

We use cookies and similar technologies to make the website technically available, to save settings, to analyze usage and to enable marketing functions.

For consent management, we use Real Cookie Banner from devowl.io GmbH in Germany. The provider describes the tool as a consent management solution for obtaining, managing and documenting consent.

In particular, the following can be saved:

  • Cookie consents
  • Preferences and consent status

Cookie categories

Necessary
These cookies are required for the operation of the website, e.g. for login, shopping cart or security functions.

Statistics
This includes in particular analysis functions such as Google Analytics.

Marketing
This includes, in particular, marketing and remarketing technologies such as Meta Pixel.

Non-technically necessary cookies and similar technologies are only set or activated after you have given your consent.

12. analysis and tracking tools

Google Analytics

We may use Google Analytics. The provider is Google Ireland Limited. Google describes Google Analytics in its official documents as a service of Google Ireland Limited; Google also points out that IP addresses collected in the EU are not logged or stored in Analytics and are deleted before being recorded.

It is used to analyze and improve our offer. Data transfer to the USA cannot be ruled out. Google generally explains how data is processed when using Google services and partner services.

Meta Pixel

We may use Meta Pixel. The provider is Meta Platforms Ireland Limited. The purpose lies in particular in conversion tracking and remarketing. Activation only takes place with the corresponding consent.

13. google maps

We can integrate Google Maps to display maps, locations and addresses. The provider is Google Ireland Limited. When loading a map, the IP address and, if applicable, location-related data may be transmitted. Google generally describes the processing of data when using Google services in its privacy policy. Activation only takes place with your consent.

14. communication

We communicate with you in particular via:

  • e-mail
  • Forms
  • Telephone

In particular, the following data may be processed:

  • Name
  • Contact details
  • Contents of messages and requests

The processing serves in particular to answer inquiries, process contracts, provide support and document business communication.

15. data transfer

We do not pass on personal data for sales purposes.

The data may be passed on in particular to:

  • Dealer / Seller
  • Payment provider
  • Shipping service provider
  • IT service provider

Data will only be passed on if this is necessary for contract processing, operation of the platform, security, communication or due to legal obligations.

16. third country transfer

Some services used, in particular by Google, Meta, PayPal or Stripe, may include or not completely exclude the transfer of personal data to countries outside the European Economic Area, in particular to the USA. Google, Stripe and PayPal provide their own information on international data transfers and data protection frameworks.

Where necessary, we base such transfers on appropriate safeguards, in particular standard contractual clauses (SCC) or other mechanisms permitted under data protection law.

17. storage period

We only store personal data for as long as is necessary for the respective purposes or for as long as there are statutory retention obligations.

In particular, the following principles apply:

  • Contract data: generally up to 7 years, insofar as there are retention obligations under tax or company law
  • Marketing data: until you withdraw your consent or unsubscribe
  • Logs: generally for a maximum of 14 days, unless longer storage is required for security or evidentiary reasons

18. data security

We take technical and organizational measures to protect your personal data. These include in particular

  • SSL/TLS encryption
  • Access controls
  • Backups
  • Monitoring
  • Measures to secure systems and communication channels

19 What information can I view in my account?

Depending on the type of account you have, you can view or manage the following information in particular:

  • Master data
  • Addresses
  • Order history
  • Account settings
  • Communication and marketing settings
  • Dealer profile and product information
  • Ratings and other profile data, if applicable

20 What choices do I have?

You can decide for yourself whether to provide certain information. Please note that individual functions of GASTORO may not be usable or may only be usable to a limited extent without certain information.

You can also:

  • Revoke your newsletter consent at any time,
  • Customize your cookie settings via the consent tool,
  • Unsubscribe from marketing communication,
  • change certain account details in your account,
  • contact us at any time with data protection-related questions.

21. may children use GASTORO?

GASTORO is generally aimed at persons of legal age as well as entrepreneurs, restaurants, retailers and other business users. Minors should not use GASTORO without the consent of a parent or guardian.

22. rights of the users

In accordance with the GDPR, you have the following rights in particular:

  • Information
  • Correction
  • Deletion
  • Restriction of processing
  • Data portability
  • Contradiction
  • Revocation of consent given with effect for the future

The Austrian Data Protection Authority provides information on the rights of data subjects and on how to lodge a complaint.

23 Right of appeal

If you believe that the processing of your personal data violates data protection law, you can lodge a complaint with a supervisory authority.

The competent authority in Austria is in particular the:

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Website: www.dsb.gv.at
The data protection authority informs that complaints can be submitted by e-mail, by letter or via an online form.

24 Contacts, notes and changes

If you have any questions about data protection at GASTORO or would like to exercise your rights, please contact us at:

office@gastoro.com

Our business and our platform are constantly evolving. It may therefore be necessary to adapt this privacy policy. The current version published on the website is authoritative in each case.