Privacy Statement Bistroo.nl
In the context of our services, we process personal data. We value your privacy and handle your personal data confidentially and carefully. Of course, we comply with the General Data Protection Regulation (GDPR) and other privacy regulations.
Online Services
We collect your personal data when you visit our website (https://www.bistroo.nl, our "Website"), create an account on our platform through our Website or the app (our "Platform"), place orders via our Website or the Platform, or otherwise use our Website or Platform. We also collect your personal data when you sign up for an event, subscribe to our newsletter, or communicate with us in other ways. You also leave personal data on the social media channels we use, such as our Twitter, Instagram, or Facebook accounts.
Personal Data
In the context of our services, we may process the following personal data:
- initials, first name, last name
- email address
- phone number
- address, postal code, city
- IBAN
- customer number
- login credentials
- order history
- review history
- content of online communication
- IP address
- browser data
- device data
- duration of the visit to our Website
- click behavior on the Website
- use of the Platform
- allergy data (more on this below)
Purposes and Legal Basis
We process your personal data for the purpose of providing our services. Specifically, we process your personal data for the following purposes:
- creating an account
- placing and processing orders
- posting and processing reviews
- sending newsletters, blog updates, and other information about our services
- organizing events
- evaluating our services
- improving our services
- maintaining contact with you
- responding to questions, comments, or complaints
- analyzing and optimizing our Website and Platform, including through the use of cookies (more on this below)
- marketing, PR, and relationship management
- securing our systems
- complying with laws and regulations
We base the processing of your personal data on Article 6, paragraph 1, letter b (performance of a contract) and Article 6, paragraph 1, letter f of the GDPR (legitimate interests). These interests include providing the best possible service, securing our systems, and informing about our services and events. If we ask for your consent before processing your personal data, we process your personal data based on Article 6, paragraph 1, letter a of the GDPR (consent). You can withdraw your consent at any time, but the data processed up to the withdrawal remains lawfully processed.
Disclosure to Third Parties
In the context of forwarding your orders, we provide certain personal data to the respective restaurant. The restaurant enters into an agreement with you and determines the purpose and means of further processing of your personal data. The restaurant is therefore an independent data controller of the provided personal data.
In the context of our services and the aforementioned purposes, we use third-party services, such as our server space provider, CRM services provider, IT administrator, marketing agency, website administrator, and Google Analytics (more on this below). We may provide your personal data to these third parties when we have obtained your consent or when it is reasonably necessary for the various purposes outlined above. Additionally, we may provide your personal data to other members of the Bistroo.nl group of companies or to a person who acquires our business and/or our assets, or relevant parts thereof.
We only disclose your personal data to authorized authorities if we are obligated to do so based on a legal obligation or a court order.
Allergy Data
If you have given consent, we process data about allergies provided by you and pass this data on to the restaurant where you place an order. Allergy data is special personal data as referred to in Article 9, paragraph 1 of the GDPR. We do not use this data for purposes other than placing and processing orders.
Retention Period
We retain your personal data as long as necessary for the aforementioned purposes, or as required by law and regulations.
Security
We take appropriate technical and organizational security measures to protect your personal data in accordance with applicable legal requirements and guidelines.
Cookies
Cookies are text files stored on your computer or mobile device when you visit our Website. On our Website, we use functional cookies to provide you with an optimal user experience. For example, the Website is adjusted to the format of your screen, and you can navigate through the Website more easily with these cookies. Additionally, we use analytical cookies to analyze the use of our Website and improve it. For this purpose, we use the services of Google Analytics. We have configured Google Analytics to be privacy-friendly. We have entered into a data processing agreement with Google, masked the last digits of your IP address, and do not share the data with Google. The obtained information, including a part of the IP address of your device, is stored by Google in the United States. Google is registered under the EU-US Privacy Shield, meaning they will comply with European privacy regulations. For more information, read Google's privacy policy and the specific privacy policy of Google Analytics.
If you have given consent, we also place the following marketing cookies. The AdWords pixel is used to personalize content and ads based on your use of our Website. This personalized content and ads can be shown on both our Website and websites you visit afterward. For more information, refer to Google's privacy policy. We use Hotjar's cookies to analyze your click behavior on our Website and optimize our Website based on this. For more information, see Hotjar's privacy statement.
For a complete overview of the cookies we place, refer to [this overview].
Social Media
The social media buttons on our Website are included to share pages via social media networks Twitter, Linkedin, Facebook, and Instagram. If you click on these buttons, your personal data is processed by the respective social media network. We have no control over this. We recommend reading the privacy statements of Twitter, LinkedIn, Facebook, and Instagram to understand how these networks handle your personal data.
Your Rights
In the context of our services, you have the right to request access, correction, supplementation, or shielding of your personal data. You can also request the deletion of your personal data, for example, if we process your personal data based on consent and you have withdrawn your consent. Finally, you can object to the processing of your personal data due to special personal circumstances. We aim to respond to your request within a month. You can address your requests, questions, or complaints by email to privacy@bistroo.nl or by mail to: Bistroo.nl, Meerenakkerplein 14, 5652 BJ, Eindhoven.
Complaints about the Processing of Your Personal Data
If you have a complaint about our processing of your personal data, please let us know. If you cannot reach an agreement with us, you have the right to file a complaint with the privacy supervisor, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). You can contact the Dutch Data Protection Authority for this purpose.
Changes to Privacy Statement
We may change this privacy statement. The changes will be published on our Website.
Last modified on 1 januari 2024
Contact Information
Bistroo.nl
info@bistroo.nl
Meerenakkerplein 14
5652 BJ Eindhoven
Chamber of Commerce: 71939091