Date [June 2018]
ventopay gmbh with its registered office in Hagenberg and the business address Softwarepark 37, 4232 Hagenberg, registered in the commercial register of the Commercial Court Linz at FN 372161 (“person responsible“) offers a website (“website“) under https://ventopay.com, which allow employees and / or customers (collectively “customers“) to view the menus and nutritional information of food consumed in the restaurant or canteen of the person responsible, retrieve recommended amounts of nutrients (based on their own body parameters), participate in loyalty programs, make payments and retrieve invoices.
1. General information
Responsible for the data processing on the website is ventopay gmbh, Softwarepark 37, 4232 Hagenberg, E-Mail: firstname.lastname@example.org.
The customer has the right to edit, replace and / or change his specified data. The customer has the duty to keep his given data up to date and correct.
2. Collection of data
The following personal data of the customer are processed or can be processed:
- Location data;
- Log data (action on the website);
- IP address;
- Personnel number;
- First and last name.
Optional / Voluntary
- Date of birth;
- E-mail address;
- User name;
The following data are collected on behalf of the person responsible by a data processor. The person responsible does not collect and store this data.
- Credit card number;
- Security code;
- Expiration date of the credit card;
3. Storage duration
The person responsible stores the data only as long as it is necessary for the fulfillment of the contract. The person responsible deletes the entire data of the customer basically after termination of the contractual relationship, but at the latest after expiry of the statutory retention obligations, in particular in accordance with the commercial and tax law accounting regulations.
4. Purpose of the collection and legal basis
The creation of the user account is based on the number that is on the customer’s payment card, on the basis of a code known to the employee or on the basis of a code handed over at the cash register. The number on the payment card or a code known to the employee or a code handed over at the cash register is used at the time of creating the user account as a user name and also as a password.
After successfully creating a user account (= contract conclusion), the customer has the option to change the password and user name at any time voluntarily.
The user name and the password are collected for the purpose of contract execution, specifically, the creation of an individual personal user account and the verification of the identity of the user. The username and password are required for the fulfillment of the contract.
Log data are processed in order to be able to identify or limit technical errors and to fulfill the maintenance obligations. Log data is required to fulfill the contract.
The e-mail address can be entered voluntarily. It serves in particular to be able to send the customer a new password if he has forgotten his existing password.
The collection of the e-mail address is necessary to safeguard the legitimate interests of the person responsible, because otherwise there would be a large number of unusable user accounts that can not be accessed due to a lack of knowledge of the password. In particular, the collection of the e-mail address is also in the interest of the customer, because he cannot access mocca and the user account of his payment card without a password.
The customer’s first and last name as well as the personnel number are required to fulfill the contractual purpose in order to assign a payment card to a certain employee and identify the employee. The first and last name are also required for payment.
The customer can voluntarily upload a user picture. The user image can be removed or modified at any time with immediate effect. This can be done simply by entering and / or deleting the data and then saving it. It does not require the contact with the person responsible.
By indicating that the uploading of the user picture is voluntary and the subsequent voluntary upload, the customer clearly states that he wants to use a user picture. The manual upload of the image constitutes an implied (tacit) consent of the customer. The declaration of consent can be submitted directly to the corresponding input fields. The consent can be revoked at any time by removing the user picture.
mocca offers the customer the opportunity to keep a personal nutrient diary. The customer can voluntarily specify gender, date of birth, height and body weight and mocca calculates the recommended daily, weekly and monthly amounts of nutrients. In addition, mocca stores the food and drinks paid for with the payment card or via mocca and calculates the consumed nutrients for the respective need.
The gender, date of birth, height and body weight of the client are used for the purposes of contract execution, specifically for the individual calculation of the recommended daily, weekly and monthly amounts of nutrients. The indication of the above health data is voluntary and the processing is only permitted with the express consent of the customer. The declaration of consent can be submitted directly to the appropriate input fields. The consent can be withdrawn at any time by removing the check mark.
The location data is collected to show the customer the distance to the participating restaurants and canteens. Location data is collected only with the express consent of the customer. After the user account has been created, the customer has the option of allowing the use of his location data or denying access by means of a pop-up box. The consent can be revoked at any time in the technical settings.
The payment data (credit card data, instant transfer data, Maestro account data) are collected for the purpose of contract execution, specifically for the simple cashless charging of card credit via smartphone, on behalf of ventopay by Wirecard Central Eastern Europe GmbH, FN195599x, (“Wirecard”). The person responsible hands over a transaction ID and the amount due to Wirecard. Wirecard then collects, on behalf of the person responsible, the payment data described above, which are required for payment processing. The payment function is one of the main services of mocca. The collection of payment data on behalf of ventopay by Wirecard is necessary for the fulfillment of the contractual purpose, namely for the execution of payments via mocca.
The data will only be processed by the payment service provider selected by the user.
The person responsible does not collect and store any payment data (credit card number, etc.) of the user. The person responsible or his processor will only be informed by Wirecard Central Eastern Europe GmbH if a payment has been made for a specific transaction ID.
5. Data processor
The technical implementation of the mocca system is carried out by ventopay GmbH, FN 372161 x, Softwarepark 37, 4232 Hagenberg (“ventopay”) as data processor. It is contractually obliged to delete the collected data if they are no longer needed to fulfill the contract and not use the data for their own purposes.
6. Rights of the customer
You can request information about the personal data stored about you at any time. For further information please contact us by e-mail to email@example.com or by mail to ventopay GmbH, Softwarepark 37, 4232 Hagenberg.
You have the right to correct or delete or restrict the processing of your data. In addition, you have a right to object to the processing and a right to receive the personal data relating to you in a structured, common and machine-readable format (right to data portability).
You have the right to lodge a complaint with the Austrian Data Protection Authority, Hohenstaufengasse 3, 1010 Vienna, +43 1 531 15-202525, e-mail: firstname.lastname@example.org, if your data protection rights are violated.
Any questions? We are happy to assist you.
Our qualified staff will be pleased to answer your questions:
We would like to get a picture of the current situation and work out the perfect solution together with you.