Privacy policy

Valid from 01.01.2026

With this privacy policy, we, Gastrosof GmbH, inform you which personal data we collect in connection with our activities, including on our website www.gastrosof.ch. We collect and process personal data. In particular, we inform you about the purpose, method, and location of our data processing. We also inform you about the rights of individuals whose data we process. We do not sell personal data to third parties.

1. Data Controller

If you have any questions about data protection, please send us an email or contact our organization directly. You can reach us at gdpr@gastrosof.ch

The responsible entity within the meaning of data protection laws, in particular the Ordinance to the Federal Act on Data Protection (VDSG), is:

Gastrosof GmbH
Mäderenweg 15
8154 Oberglatt
Switzerland

2. Definitions and Legal Bases

2.1 Terms

Personendaten sind alle Angaben, die sich auf eine bestimmte oder bestimmbare Person beziehen. Eine betroffene Person ist eine Person, über die Personendaten bearbeitet werden.
«Bearbeiten» umfasst jeden Umgang mit Personendaten, unabhängig von den angewandten Mitteln und Verfahren, insbesondere das Aufbewahren, Bekanntgeben, Beschaffen, Erheben, Löschen, Speichern, Verändern, Vernichten und Verwenden von Personendaten.

2.2 Legal basis

We take the protection of our users’ personal data as well as our duty to inform them seriously and strictly comply with the legal requirements of data protection regulations, in accordance with:

Article 13 of the Swiss Federal Constitution (FC)

Swiss Federal Act on Data Protection (FADP)

Ordinance to the Federal Act on Data Protection (VDSG)

EU General Data Protection Regulation (GDPR)

Whether and to what extent these laws apply depends, however, on the individual case.

2.3 Legal Basis Matrix

3. Type, scope, duration of storage and purpose

3.1 General Information

We use the personal data we collect primarily to conclude and perform our contracts with our customers and business partners, in particular within the scope of the company’s purpose, as well as in connection with the purchase of products and services from our suppliers and subcontractors, and to comply with our legal obligations in Switzerland and abroad.

Such personal data may, in particular, fall into the categories of master and contact data, browser and device data, content data, metadata or peripheral data and usage data, location data, sales data, as well as contract and payment data.

We process personal data for as long as is necessary for the respective purpose or purposes, or as required by law. Personal data whose processing is no longer necessary will be anonymized or deleted.

We may have personal data processed by third parties. We may process personal data jointly with third parties or transfer it to third parties. Such third parties are, in particular, specialized service providers whose services we use. We ensure data protection also with such third parties.

We process personal data only with the consent of the data subject, unless processing is permitted on other legal grounds. Processing without consent may be permitted, for example, to perform a contract with the data subject and to take corresponding pre-contractual measures, to safeguard our overriding legitimate interests, because the processing is apparent from the circumstances, or after prior information has been provided.

Where permitted, we also obtain certain data from publicly accessible sources (e.g., debt enforcement registers, land registers, commercial registers, the press, the internet) or receive such data from other companies, authorities, and other third parties.

In addition, we process personal data about you and other persons—where permitted and where we consider it appropriate—for the following purposes, in which we (and sometimes also third parties) have a legitimate interest corresponding to the purpose:

Offering and further development of our products, services and websites, apps and other platforms on which we are present;

Communication with third parties and handling their inquiries (e.g., job applications, media inquiries);

Reviewing and optimizing procedures for needs analysis for the purpose of direct customer outreach, as well as collecting personal data from publicly accessible sources for customer acquisition purposes;

Advertising and marketing (including the organization of events), provided you have not objected to the use of your data (if we send you advertising as an existing customer, you may object at any time; we will then place you on a suppression list to prevent further advertising mailings);

Market and opinion research; media monitoring;

Assertion of legal claims and defense in connection with legal disputes and regulatory proceedings;

Ensuring the operation of our business, in particular our IT systems, our websites, apps, and other platforms;

In this context, we process in particular information that a data subject voluntarily provides to us when making contact—for example by postal mail, email, instant messaging, contact form, social media, or telephone—or when registering for a user account.

We may store such information, for example, in an address book or using comparable tools. If we receive data about other persons, the persons transmitting such data are obliged to ensure data protection vis-à-vis those persons and to ensure the accuracy of such personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities, provided and to the extent that such processing is permitted by law.

3.2 Provision of the website and creation of log files

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data, which make it possible to assign them to a user, are collected in this process:

Type and version of the browser used
User’s operating system
User’s Internet service provider
User’s IP address
Date and time of access
Websites from which the user’s system accesses our website
Websites that are accessed by the user’s system via our website

The data are also stored in our system’s log files. These data are not stored together with other personal data of the user.

The storage of the IP address by the system is necessary in order to deliver the website to the user’s device; for this purpose, the user’s IP address must be stored for the duration of the session. In addition, the data are stored in log files to ensure the functionality of the website. The data are used to optimize the website and to ensure the security of our information technology systems. These purposes also constitute our legitimate interest in processing the data. The legal basis is therefore Art. 6(1)(f) GDPR.

The data are deleted as soon as they are no longer necessary for achieving the purpose for which they were collected. In the case of data collected to provide the website, this is the case when the respective session has ended. In the case of log files, the data are stored in rotating log files, with older entries being automatically deleted. The storage period therefore depends on the circumstances and cannot be precisely limited in time. As a general rule, it can be assumed that the data are deleted after no later than one year; however, longer storage may be possible.

The collection of data for the provision of the website and the storage of the data in log files are strictly necessary for the operation of the website. Consequently, the user has no right to object.

3.3 Recipient categories

We share personal data, if necessary, with the following categories of recipients:

IT-Hosting & Cloud-Provider
Payment service provider
Analytics and tracking services
Marketing and newsletter platforms
Consulting firms and auditors
Authorities and courts, insofar as legally required

3.4 Storage durations

Contract-related data → 10 years after contract end
Marketing opt-in → until revoked
Server log files → 12 months
App crash logs → 30 days
Dashboard audit logs → 6 months

3.5 Automated individual decisions / Profiling

We do not make decisions that are based solely on automated processing and have legal effect on data subjects (Art. 21 revDSG).

4. Communication channels

4.1 Social Media

We are present on social media platforms and other online platforms in order to communicate with interested persons and to provide information about our activities and services. This is apparent to you in each case (typically via corresponding icons). We have configured these elements so that they are deactivated by default. If you activate them (by clicking on them), the operators of the respective social networks may record that you are on our website and where, and may use this information for their own purposes. In connection with such platforms, personal data may also be processed outside Switzerland.

The respective terms and conditions (GTC), terms of use, data protection declarations, and other provisions of the individual operators of such platforms also apply. These provisions inform in particular about the rights of data subjects directly vis-à-vis the respective platform, including, for example, the right of access.

The terms and conditions of the respective social media platform apply.
Facebook: Meta Platforms Ireland Limited, Irland, Privacy policy
Instagram: Meta Platforms Ireland Limited, Irland, Privacy policy
LinkedIn: LinkedIn Ireland Unlimited Company, USA / Irland, Privacy policy
Tiktok: TikTok Information Technologies UK Limited, Privacy policy
X: X Corp, USA, Privacy policy

4.2 Contact form and email contact

A contact form is available on our website which can be used for electronic contact. If a user makes use of this option, the data entered in the input form are transmitted to us and stored. These data include:

First name and last name
Address (street, postal code, city, country)
Email address
Telephone number
Individual message

As part of the submission process, your consent is obtained for the processing of the data and reference is made to this privacy policy.

Alternatively, contact can be made via the provided email address. In this case, the personal data transmitted with the email are stored.

The processing of the personal data from the input form serves solely to handle the contact request. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data. Any other personal data processed during the submission process are used to prevent misuse of the contact form and to ensure the security of our information technology systems. Depending on the circumstances, data processing is based on the user’s consent, the implementation of pre-contractual measures, the performance of a contract, and/or the safeguarding of our legitimate interests. The legal basis for data processing is therefore Art. 6(1)(a), (b) and/or (f) GDPR.

The data are deleted as soon as they are no longer necessary for achieving the purpose for which they were collected. For the personal data from the contact form input and those transmitted by email, this is the case when the respective conversation with the user has ended. A conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The user has the option at any time to withdraw their consent to the processing of personal data. If the user contacts us by email, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of the contact will be deleted in this case, unless storage is required to comply with contractual or legal obligations.

As a rule, you may object at any time to receiving notifications and communications such as newsletters. By lodging such an objection, you may also object to the statistical recording of usage for performance and reach measurement. Mandatory notifications and communications in connection with our activities and services remain reserved.

5. Personal data abroad

We generally process personal data in Switzerland. However, we may also disclose or transfer personal data to other countries, in particular in order to process them or have them processed there.

Wir können Personendaten in alle Staaten und Territorien bekanntgeben, sofern das dortige Recht nach Einschätzung des Eidgenössischen Datenschutz- und Öffentlichkeitsbeauftragten (EDÖB) oder gemäss Beschluss des Bundesrates einen angemessenen Datenschutz gewährleistet.

We may disclose personal data to states whose laws do not ensure an adequate level of data protection, provided that appropriate data protection is ensured for other reasons, for example through corresponding contractual arrangements, on the basis of standard data protection clauses, or with other suitable safeguards. By way of exception, we may transfer personal data to states without adequate or appropriate data protection if the specific data protection requirements are met, for example the explicit consent of the data subjects or a direct connection with the conclusion or performance of a contract.

Unless an adequacy decision exists, transfers are made on the basis of the EU Standard Contractual Clauses (SCCs) 2021/914

6. Rights of data subjects

Data subjects whose personal data we process have the rights granted under Swiss data protection law (DSG) and, where applicable, also under the GDPR. These include the right of access as well as the right to rectification, erasure, or restriction of the personal data processed.

Betroffene Personen, über die wir Personendaten bearbeiten, verfügen über ein Beschwerderecht bei einer zuständigen Aufsichtsbehörde. Aufsichtsbehörde für den Datenschutz in der Schweiz ist der Eidgenössische Datenschutz- und Öffentlichkeitsbeauftragte (EDÖB).

Please note, however, that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are permitted to rely on this), or require the data for the assertion of claims. If any costs are incurred for you, we will inform you in advance.

The exercise of such rights generally requires that you clearly prove your identity (e.g., by providing a copy of an identification document where your identity is otherwise not clear or cannot be verified). To assert your rights, you may contact us at the address specified in Section 1.

Right to data disclosure

You have the right to request that your personal data be provided in a commonly used electronic format (CSV, JSON) and to have it transferred to another controller.

7. Data security

We implement appropriate technical and organizational measures to ensure a level of data security appropriate to the respective risk. However, we cannot guarantee absolute data security.

Access to our website is secured by transport encryption (SSL/TLS, in particular using Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a padlock symbol in the address bar.

Our digital communications—like all digital communications in general—are subject to mass surveillance without cause or suspicion, as well as other forms of surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence over the corresponding processing of personal data by intelligence services, law enforcement agencies, and other security authorities.

8. Use of the website

8.1 Cookies

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is accessed again.

Technically necessary cookies:

The user data collected through technically necessary cookies are not used to create user profiles. The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these functions, it is necessary that the browser is recognized even after a page change.

Other cookies:

In addition, we use cookies on our website that enable an analysis of users’ browsing behavior. This results from the use of Google services (see below).

Duration of storage, right to object and removal options:

Cookies are stored on the user’s device. As a user, you therefore have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, some functions of the website may no longer be fully available.
Regarding cookies that are not technically necessary, we also refer to the explanations below.

Use and analysis

Cookies enable us to carry out certain analyses of our websites, in particular to determine usage frequency or the number of users of the pages, or to analyze patterns of website usage.

Cookies are used in particular to make our websites, content, and offerings more user-friendly. By using cookies, options you have selected or decisions you have made can be stored as settings to make your visit to our website more convenient. We may also use cookies to recognize you on subsequent visits.

Cookies generally remain stored beyond the end of a browser session and can be retrieved again when you revisit the website. If you do not wish this, you can configure your internet browser to refuse the acceptance of cookies or to delete cookies when the browser is closed. However, this may result in you not being able to use all functions of our websites to their full extent.

For cookies used for performance and reach measurement or for advertising purposes, a general objection (“opt-out”) is available for many services via **AdChoices** (Digital Advertising Alliance of Canada), the **Network Advertising Initiative (NAI)**, **YourAdChoices** (Digital Advertising Alliance), or **Your Online Choices** (European Interactive Digital Advertising Alliance, EDAA).

8.2 Counting pixels

We may use tracking pixels on our websites. Tracking pixels are also known as web beacons. Tracking pixels—including those from third parties whose services we use—are small, usually invisible images that are automatically retrieved when our websites are visited. Using tracking pixels, the following information may be collected: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, specific subpages of our websites accessed including the amount of data transferred, and the website last accessed in the same browser window (referrer).

8.3 Meta-Pixels and Target Group Creation (Custom Audiences)

Mit Hilfe des Meta-Pixels (oder vergleichbarer Funktionen, zur Übermittlung von Event-Daten oder Kontaktinformationen mittels von Schnittstellen in Apps) ist es dem Unternehmen Meta zum einen möglich, die Besucher unseres Onlineangebotes als Zielgruppe für die Darstellung von Anzeigen (sogenannte "Meta-Ads") zu bestimmen. Dementsprechend setzen wir das Meta-Pixel ein, um die durch uns geschalteten Meta-Ads nur solchen Nutzern auf Plattformen von Meta und innerhalb der Dienste der mit Meta kooperierenden Partner (so genanntes "Audience Network" https://www.facebook.com/audiencenetwork/ ) anzuzeigen, die auch ein Interesse an unserem Onlineangebot gezeigt haben oder die bestimmte Merkmale (z.B. Interesse an bestimmten Themen oder Produkten, die anhand der besuchten Webseiten ersichtlich werden) aufweisen, die wir an Meta übermitteln (sogenannte "Custom Audiences“). Mit Hilfe des Meta-Pixels möchten wir auch sicherstellen, dass unsere Meta-Ads dem potenziellen Interesse der Nutzer entsprechen und nicht belästigend wirken. Mit Hilfe des Meta-Pixels können wir ferner die Wirksamkeit der Meta-Ads für statistische und Marktforschungszwecke nachvollziehen, indem wir sehen, ob Nutzer nach dem Klick auf eine Meta-Ad auf unsere Webseite weitergeleitet wurden (sogenannte "Konversionsmessung“).

Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
Website: https://www.facebook.com;
Datenschutzerklärung: https://www.facebook.com/about/privacy

8.4 LinkedIn Pixel

A LinkedIn Pixel is an HTML code that is loaded when a user visits a website. When a user visits our online offering, the pixel is triggered and tracks the user’s behavior and conversions (possible purposes include measuring campaign performance, optimizing ad delivery, and building custom and similar audiences).

Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) (GDPR);
Website: https://www.linkedin.com; 
Datenschutzerklärung: https://www.linkedin.com/legal/privacy-policy

8.5 TikTok Pixel

A TikTok Pixel is an HTML code that is loaded when a user visits a website. When a user visits our online offering, the pixel is triggered and tracks the user’s behavior and conversions (possible purposes include measuring campaign performance, optimizing ad delivery, and building custom and similar audiences).

Service providers: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR);
Website: https://ads.tiktok.com/help/article?aid=6669727593823993861. 
Datenschutzerklärung: https://www.tiktok.com/de/privacy-policy.

9. Third-party services

We use services from specialized third parties in order to carry out our activities and operations on a permanent, user-friendly, secure, and reliable basis. Such services allow us, among other things, to integrate functions and content into our websites. In the course of such integration, the services used necessarily collect users’ Internet Protocol (IP) addresses at least temporarily for technical reasons. For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data in connection with our activities and operations in aggregated, anonymized, or pseudonymized form. This may include, for example, performance or usage data in order to be able to provide the respective service.

In particular, we use:
Dienste von Google: Anbieterinnen: Google LLC (USA) / Google Ireland Limited (Irland) für Nutzerinnen und Nutzer im Europäischen Wirtschaftsraum (EWR) und in der Schweiz; Allgemeine Angaben zum Datenschutz: «Grundsätze zu Datenschutz und Sicherheit», Privacy policy, «Google ist der Einhaltung der anwendbaren Datenschutzgesetze verpflichtet», «Leitfaden zum Datenschutz in Google-Produkten », «Wie wir Daten von Websites oder Apps verwenden, auf bzw. in denen unsere Dienste genutzt werden» (Angaben von Google), «Von Google verwendete Cookie-Arten und sonstige Technologien », «Personalisierte Werbung» (Aktivierung / Deaktivierung / Einstellungen)

Dienste von Microsoft:
Anbieterinnen: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Irland) für Nutzerinnen und Nutzer im Europäischen Wirtschaftsraum (EWR), in Grossbritannien und in der Schweiz; Allgemeine Angaben zum Datenschutz: «Datenschutz bei Microsoft,/a>», «Datenschutz (Trust Center)», Privacy policy

Dienste von HubSpot:
Providers: HubSpot Ireland Limited (Ireland) / HubSpot, Inc. (USA); data hosting in the HubSpot data center in the European Union (Germany); general
Angaben zum Datenschutz: «HubSpot Privacy Policy», «Data Processing Agreement», «Product
Privacy» & «Security».

9.1 Digital Infrastructure

We use services from specialized third parties to access the necessary digital infrastructure related to our activities and operations. This includes, for example, hosting and storage services from selected providers.

Wir nutzen: Hosting; Anbieterin: hosttech GmbH, Privacy policy

9.2 Map material

We use third-party services to embed maps into our websites. In particular, we use: Google Maps, including the Google Maps Platform: map service; provider: Google (USA); Google Maps-specific information: “How Google uses location information.”

9.3 Digital advertisements on third-party websites

Google Ads: Onlinewerbeplattform von Google, für Webanzeigen. Bedingungen für Google Werbeprodukte zur Auftragsdatenverarbeitung.

9.4 Digital advertising on social media platforms

Facebook: Schaltung von Werbeanzeigen innerhalb der Facebook Plattform und Auswertung der Anzeigenergebnisse; Dienstanbieter: Meta Platforms Irland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland; Rechtsgrundlagen: Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Datenschutzerklärung: https://www.facebook.com/about/privacy; Grundlage Drittlandübermittlung: EU-US Data Privacy Framework (DPF)

Instagram: Schaltung von Werbeanzeigen innerhalb der Plattform Instagram und Auswertung der Anzeigenergebnisse; Dienstanbieter: Meta Platforms Irland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland; Rechtsgrundlagen: Einwilligung (Art. 6 Abs. 1 S. 1 lit. a) DSGVO); Datenschutzerklärung: https://instagram.com/about/legal/privacy; Grundlage Drittlandübermittlung: EU-US Data Privacy Framework (DPF)

Tiktok: Schaltung von Werbeanzeigen innerhalb der Plattform Tiktok und Auswertung der Anzeigenergebnisse; Dienstanbieter: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irland und TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Rechtsgrundlagen: Einwilligung (Art. 6 Abs. 1 S. 1 lit. a) DSGVO); Datenschutzerklärung: https://www.tiktok.com/de/privacy-policy.

LinkedIn: Schaltung von Werbeanzeigen innerhalb der Plattform Tiktok und Auswertung der Anzeigenergebnisse; Dienstanbieter: LinkedIn Irland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Irland; Rechtsgrundlagen: Einwilligung (Art. 6 Abs. 1 S. 1 lit. a) (DSGVO); 
Datenschutzerklärung: https://www.linkedin.com/legal/privacy-policy

9.5 Web optimization

Our website uses the free JavaScript library “jQuery” to display various elements. This library is provided by Google via Google Hosted Libraries. When a page is accessed, the user’s browser establishes a connection to Google’s servers. As a result, Google becomes aware that the data subject has visited our website.
The use of Google Hosted Libraries is in the interest of an appealing presentation and short loading times for our online offerings. In addition, we ensure that a patched version of jQuery is always integrated, which increases security. This constitutes our legitimate interest within the meaning of Art. 6(1)(f) GDPR.
Weitere Informationen zu Google Hosted Libraries finden Sie unter https://developers.google.com/speed/libraries/ und in der Datenschutzerklärung von Google unter https://www.google.com/policies/privacy/.

10. Performance and reach measurement

Notifications and communications may contain web links or tracking pixels that record whether an individual message has been opened and which web links were clicked. Such web links and tracking pixels may also record the use of notifications and communications on a personal basis. We require this statistical recording of usage for performance and reach measurement in order to send notifications and communications effectively and in a user-friendly manner, tailored to the needs and reading habits of recipients, and in a permanent, secure, and reliable way.

We use services and tools to determine how our online offering is used. In this context, we can, for example, measure the success and reach of our activities and operations as well as the impact of third-party links to our website. We may also test and compare how different versions of our online offering or parts of it are used (the “A/B testing” method). Based on the results of performance and reach measurement, we can in particular remedy errors, strengthen popular content, or make improvements to our online offering.

When using services and tools for performance and reach measurement, the Internet Protocol (IP) addresses of individual users must be stored. IP addresses are generally shortened (“IP masking”) in order to follow the principle of data minimization through corresponding pseudonymization and thereby enhance the protection of users’ data.

When using services and programs for measuring success and reach, cookies may be used and user profiles may be created. User profiles include, for example, the pages visited or content viewed on our websites, information about the size of the screen or browser window, and the – at least approximate – location.
User profiles are generally created exclusively using pseudonyms. We do not use user profiles to identify individual users. Individual third-party services where users are registered may, at most, associate the use of our online services with the user account or user profile on the respective service. In particular, we use:
Google Analytics: Erfolgs- und Reichweitenmessung; Anbieterin: Google (USA); Google Analytics-spezifische Angaben: Messung auch über verschiedene Browser und Geräte hinweg (Cross-Device-Tracking) sowie mit pseudonymisierten Internet Protocol (IP)-Adressen, die nur ausnahmsweise vollständig an Google in den USA übertragen werden, «Datenschutz», «Browser Add-on zur Deaktivierung von Google Analytics».
Google Tag Manager: Einbindung und Verwaltung von sonstigen Diensten für die Erfolgs- und Reichweitenmessung sowie weiteren Diensten von Google als auch von Dritten; Anbieterin: Google (USA); Google Tag Manager-spezifische Angaben: «Mit Google Tag Manager erfasste Daten»; weitere Angaben zum Datenschutz finden sich bei den einzelnen eingebundenen und verwalteten Diensten.
Lokker Studio: Tool zur Datenvisualisierung anhand Dashboards zur Zusammenführung der für uns relevanten Plattformen Google Analytics, Google Ads, YouTube zusammenführt. Nutzungsbedingungen Lokker Studio.

11. Appendix – Mobile App – B2C

Device and location data are only processed with your consent in order to display restaurants near you.
Push notifications require opt-in; deactivation is possible at any time in the system settings.
Crash and usage logs are collected via Firebase Crashlytics; storage period: 30 days.
In-app tracking (analytics) only takes place after consent has been given in the consent banner.
App data is encrypted and stored on servers in Switzerland.

12. Appendix – Dashboard – B2B

User accounts & roles: We store login email, hash password, authorization role; deletion 90 days after contract end.
Audit logs: Record timestamp, action, user ID; deleted after 6 months.
Order processing: Gastrosof processes guest data exclusively as a data processor in accordance with Art. 9 revDSG; the separate data processing agreement applies.
SLA monitoring data: System metrics (CPU, RAM) maximum 12 months.

13. Final Provisions

We may amend and supplement this privacy policy at any time. We will inform you of such amendments and supplements in an appropriate manner, in particular by publishing the current version of the privacy policy on our website. www.gastrosof.ch

Gastrosof GmbH

Help & Support

Subscribe to our newsletter

© Copyright 2026 Gastrosof GmbH. All rights reserved.