Skip to content Skip to footer
BOOK A DEMO
Gastrosof – Language Switch
DE | EN
BOOK A DEMO
Gastrosof – Language Switch
DE | EN
BOOK A DEMO
Close

Privacy policy

Effective as of 30 October 2024

With this Privacy Policy, we, Gastrosof GmbH, inform you about which personal data we collect and process in connection with our activities, including on our website www.gastrosof.ch . We explain in particular for what purposes, how, and where personal data is processed. We also inform you about the rights of individuals whose data we process. We do not sell personal data to third parties.

1. Data Controller

If you have any questions about data protection, please send us an email or contact our organization directly. You can reach us at contact@gastrosof.ch .

The responsible entity within the meaning of data protection laws, in particular the Ordinance to the Federal Act on Data Protection (VDSG), is:

Gastrosof GmbH (in Gründung)
Mäderenweg 15
8154 Oberglatt
Schweiz

2. Definitions and Legal Bases

Definitions

Personal data means any information relating to an identified or identifiable person. A data subject is a person whose personal data is being processed. “Processing” includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, collection, deletion, saving, modification, destruction, and use of personal data.

Legal Bases

We take the protection of our users’ personal data as well as our duty to inform them seriously and strictly comply with the legal requirements of data protection regulations, in accordance with:

Article 13 of the Swiss Federal Constitution (FC)

Swiss Federal Act on Data Protection (FADP)

Ordinance to the Federal Act on Data Protection (VDSG)

EU General Data Protection Regulation (GDPR)

Whether and to what extent these laws apply depends, however, on the individual case.

3. Type, Scope, Purpose, and Duration of Processing

General purposes

We use the personal data we collect primarily to conclude and perform our contracts with our customers and business partners, in particular within the scope of the company’s purpose, as well as in connection with the purchase of products and services from our suppliers and subcontractors, and to comply with our legal obligations in Switzerland and abroad.

Such personal data may, in particular, fall into the categories of master and contact data, browser and device data, content data, metadata or peripheral data and usage data, location data, sales data, as well as contract and payment data.

We process personal data for as long as is necessary for the respective purpose or purposes, or as required by law. Personal data whose processing is no longer necessary will be anonymized or deleted.

We may have personal data processed by third parties. We may process personal data jointly with third parties or transfer it to third parties. Such third parties are, in particular, specialized service providers whose services we use. We ensure data protection also with such third parties.

We process personal data only with the consent of the data subject, unless processing is permitted on other legal grounds. Processing without consent may be permitted, for example, to perform a contract with the data subject and to take corresponding pre-contractual measures, to safeguard our overriding legitimate interests, because the processing is apparent from the circumstances, or after prior information has been provided.

Where permitted, we also obtain certain data from publicly accessible sources (e.g., debt enforcement registers, land registers, commercial registers, the press, the internet) or receive such data from other companies, authorities, and other third parties.

In addition, we process personal data about you and other persons—where permitted and where we consider it appropriate—for the following purposes, in which we (and sometimes also third parties) have a legitimate interest corresponding to the purpose:

Offering and further development of our products, services and websites, apps and other platforms on which we are present;

Communication with third parties and handling their inquiries (e.g., job applications, media inquiries);

Reviewing and optimizing procedures for needs analysis for the purpose of direct customer outreach, as well as collecting personal data from publicly accessible sources for customer acquisition purposes;

Advertising and marketing (including the organization of events), provided you have not objected to the use of your data (if we send you advertising as an existing customer, you may object at any time; we will then place you on a suppression list to prevent further advertising mailings);

Market and opinion research; media monitoring;

Assertion of legal claims and defense in connection with legal disputes and regulatory proceedings;

Ensuring the operation of our business, in particular our IT systems, our websites, apps, and other platforms;

In this context, we process in particular information that a data subject voluntarily provides to us when making contact—for example by postal mail, email, instant messaging, contact form, social media, or telephone—or when registering for a user account.

We may store such information, for example, in an address book or using comparable tools. If we receive data about other persons, the persons transmitting such data are obliged to ensure data protection vis-à-vis those persons and to ensure the accuracy of such personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities, provided and to the extent that such processing is permitted by law.

Provision of the website and creation of log files

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data, which make it possible to assign them to a user, are collected in this process:

Type and version of the browser used

User’s operating system

User’s Internet service provider

User’s IP address

Date and time of access

Websites from which the user’s system accesses our website

Websites that are accessed by the user’s system via our website

The data are also stored in our system’s log files. These data are not stored together with other personal data of the user.

The storage of the IP address by the system is necessary in order to deliver the website to the user’s device; for this purpose, the user’s IP address must be stored for the duration of the session. In addition, the data are stored in log files to ensure the functionality of the website. The data are used to optimize the website and to ensure the security of our information technology systems. These purposes also constitute our legitimate interest in processing the data. The legal basis is therefore Art. 6(1)(f) GDPR.

The data are deleted as soon as they are no longer necessary for achieving the purpose for which they were collected. In the case of data collected to provide the website, this is the case when the respective session has ended. In the case of log files, the data are stored in rotating log files, with older entries being automatically deleted. The storage period therefore depends on the circumstances and cannot be precisely limited in time. As a general rule, it can be assumed that the data are deleted after no later than one year; however, longer storage may be possible.

The collection of data for the provision of the website and the storage of the data in log files are strictly necessary for the operation of the website. Consequently, the user has no right to object.

4. Communication channels

Social media

We are present on social media platforms and other online platforms in order to communicate with interested persons and to provide information about our activities and services. This is apparent to you in each case (typically via corresponding icons). We have configured these elements so that they are deactivated by default. If you activate them (by clicking on them), the operators of the respective social networks may record that you are on our website and where, and may use this information for their own purposes. In connection with such platforms, personal data may also be processed outside Switzerland.

The respective terms and conditions (GTC), terms of use, data protection declarations, and other provisions of the individual operators of such platforms also apply. These provisions inform in particular about the rights of data subjects directly vis-à-vis the respective platform, including, for example, the right of access.

The terms and conditions of the respective social media platform apply.
Facebook:Meta Platforms Ireland Limited, Ireland, Privacy Policy
Instagram: Meta Platforms Ireland Limited, Ireland, Privacy Policy
LinkedIn: LinkedIn Ireland Unlimited Company, USA / Ireland, Privacy Policy
TikTok: TikTok Information Technologies UK Limited, Privacy Policy
X: X Corp, USA, Privacy Policy

Contact form and email contact

A contact form is available on our website which can be used for electronic contact. If a user makes use of this option, the data entered in the input form are transmitted to us and stored. These data include:

First name and last name
Address (street, postal code, city, country)
Email address
Telephone number
Individual message

As part of the submission process, your consent is obtained for the processing of the data and reference is made to this privacy policy.

Alternatively, contact can be made via the provided email address. In this case, the personal data transmitted with the email are stored.

The processing of the personal data from the input form serves solely to handle the contact request. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data. Any other personal data processed during the submission process are used to prevent misuse of the contact form and to ensure the security of our information technology systems. Depending on the circumstances, data processing is based on the user’s consent, the implementation of pre-contractual measures, the performance of a contract, and/or the safeguarding of our legitimate interests. The legal basis for data processing is therefore Art. 6(1)(a), (b) and/or (f) GDPR.

The data are deleted as soon as they are no longer necessary for achieving the purpose for which they were collected. For the personal data from the contact form input and those transmitted by email, this is the case when the respective conversation with the user has ended. A conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The user has the option at any time to withdraw their consent to the processing of personal data. If the user contacts us by email, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of the contact will be deleted in this case, unless storage is required to comply with contractual or legal obligations.

As a rule, you may object at any time to receiving notifications and communications such as newsletters. By lodging such an objection, you may also object to the statistical recording of usage for performance and reach measurement. Mandatory notifications and communications in connection with our activities and services remain reserved.

5. Personal data abroad

We generally process personal data in Switzerland. However, we may also disclose or transfer personal data to other countries, in particular in order to process them or have them processed there.

We may disclose personal data to all states and territories where, according to the assessment of the Swiss Federal Data Protection and Information Commissioner (FDPIC) or pursuant to a decision of the Swiss Federal Council, the applicable law ensures an adequate level of data protection.

We may disclose personal data to states whose laws do not ensure an adequate level of data protection, provided that appropriate data protection is ensured for other reasons, for example through corresponding contractual arrangements, on the basis of standard data protection clauses, or with other suitable safeguards. By way of exception, we may transfer personal data to states without adequate or appropriate data protection if the specific data protection requirements are met, for example the explicit consent of the data subjects or a direct connection with the conclusion or performance of a contract.

6. Rights of data subjects

Data subjects whose personal data we process have the rights granted under Swiss data protection law (DSG) and, where applicable, also under the GDPR. These include the right of access as well as the right to rectification, erasure, or restriction of the personal data processed.

Data subjects whose personal data we process have the right to lodge a complaint with a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB).

Please note, however, that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are permitted to rely on this), or require the data for the assertion of claims. If any costs are incurred for you, we will inform you in advance.

The exercise of such rights generally requires that you clearly prove your identity (e.g., by providing a copy of an identification document where your identity is otherwise not clear or cannot be verified). To assert your rights, you may contact us at the address specified in Section 1.

7. Data security

We implement appropriate technical and organizational measures to ensure a level of data security appropriate to the respective risk. However, we cannot guarantee absolute data security.

Access to our website is secured by transport encryption (SSL/TLS, in particular using Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a padlock symbol in the address bar.

Our digital communications—like all digital communications in general—are subject to mass surveillance without cause or suspicion, as well as other forms of surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence over the corresponding processing of personal data by intelligence services, law enforcement agencies, and other security authorities.

8. Use of the website

Cookies

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is accessed again.

Technically necessary cookies:

The user data collected through technically necessary cookies are not used to create user profiles. The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these functions, it is necessary that the browser is recognized even after a page change.

Other cookies:

In addition, we use cookies on our website that enable an analysis of users’ browsing behavior. This results from the use of Google services (see below).

Duration of storage, right to object and removal options:

Cookies are stored on the user’s device. As a user, you therefore have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, some functions of the website may no longer be fully available.
Betreffend technisch nicht notwendige Cookies verweisen wir zudem auf die untenstehenden Ausführungen.

Use and analysis

Cookies enable us to carry out certain analyses of our websites, in particular to determine usage frequency or the number of users of the pages, or to analyze patterns of website usage.

Cookies are used in particular to make our websites, content, and offerings more user-friendly. By using cookies, options you have selected or decisions you have made can be stored as settings to make your visit to our website more convenient. We may also use cookies to recognize you on subsequent visits.

Cookies generally remain stored beyond the end of a browser session and can be retrieved again when you revisit the website. If you do not wish this, you can configure your internet browser to refuse the acceptance of cookies or to delete cookies when the browser is closed. However, this may result in you not being able to use all functions of our websites to their full extent.

For cookies used for performance and reach measurement or for advertising purposes, a general objection (“opt-out”) is available for many services via **AdChoices** (Digital Advertising Alliance of Canada), the **Network Advertising Initiative (NAI)**, **YourAdChoices** (Digital Advertising Alliance), or **Your Online Choices** (European Interactive Digital Advertising Alliance, EDAA).

Tracking pixels

We may use tracking pixels on our websites. Tracking pixels are also known as web beacons. Tracking pixels—including those from third parties whose services we use—are small, usually invisible images that are automatically retrieved when our websites are visited. Using tracking pixels, the following information may be collected: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, specific subpages of our websites accessed including the amount of data transferred, and the website last accessed in the same browser window (referrer).

Meta Pixel and audience creation (Custom Audiences)

With the help of the Meta Pixel (or comparable functions for transmitting event data or contact information via interfaces in apps), Meta Platforms Ireland Limited is able, on the one hand, to identify visitors to our online offering as a target group for the display of advertisements (so-called “Meta Ads”). Accordingly, we use the Meta Pixel to ensure that the Meta Ads placed by us are shown only to those users on Meta platforms and within the services of partners cooperating with Meta (the so-called “Audience Network”: [https://www.facebook.com/audiencenetwork/](https://www.facebook.com/audiencenetwork/)) who have also shown an interest in our online offering or who exhibit certain characteristics (e.g., interest in specific topics or products, which can be inferred from the websites visited) that we transmit to Meta (so-called “Custom Audiences”). With the help of the Meta Pixel, we also aim to ensure that our Meta Ads correspond to users’ potential interests and do not appear intrusive. Furthermore, the Meta Pixel enables us to track the effectiveness of Meta Ads for statistical and market research purposes by showing whether users were redirected to our website after clicking on a Meta Ad (so-called “conversion tracking”).

Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Consent (Art. 6(1) sentence 1 lit. a GDPR). Website: https://www.facebook.com;
**Privacy Policy:** https://www.facebook.com/about/privacy

LinkedIn Pixel

A LinkedIn Pixel is an HTML code that is loaded when a user visits a website. When a user visits our online offering, the pixel is triggered and tracks the user’s behavior and conversions (possible purposes include measuring campaign performance, optimizing ad delivery, and building custom and similar audiences).

Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland; Legal basis: Consent (Art. 6(1) sentence 1 lit. a GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy

TikTok Pixel

A TikTok Pixel is an HTML code that is loaded when a user visits a website. When a user visits our online offering, the pixel is triggered and tracks the user’s behavior and conversions (possible purposes include measuring campaign performance, optimizing ad delivery, and building custom and similar audiences).

Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal basis:Consent (Art. 6(1) sentence 1 lit. a GDPR); Website: https://ads.tiktok.com/help/article?aid=6669727593823993861(https://ads.tiktok.com/help/article?aid=6669727593823993861); Privacy Policy:https://www.tiktok.com/de/privacy-policy(https://www.tiktok.com/de/privacy-policy).

9. Third-party services

We use services from specialized third parties in order to carry out our activities and operations on a permanent, user-friendly, secure, and reliable basis. Such services allow us, among other things, to integrate functions and content into our websites. In the course of such integration, the services used necessarily collect users’ Internet Protocol (IP) addresses at least temporarily for technical reasons. For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data in connection with our activities and operations in aggregated, anonymized, or pseudonymized form. This may include, for example, performance or usage data in order to be able to provide the respective service.

In particular, we use:
**Google services:** Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General information on data protection: “Privacy & Security Principles,” Privacy Policy, “Google is committed to complying with applicable data protection laws,” “Privacy Guide for Google Products,” “How we use data from sites or apps that use our services” (information provided by Google), “Types of cookies and other technologies used by Google,” and “Personalized advertising” (activation / deactivation / settings).

Microsoft services:
Microsoft services: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom, and Switzerland; General information on data protection: “Privacy at Microsoft,” “Privacy (Trust Center),” Privacy Policy.

Digital infrastructure

We use services from specialized third parties in order to make use of the digital infrastructure required in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers. We use: Hosting; provider: hosttech GmbH; Privacy Policy.

Map material

We use third-party services to embed maps into our websites. In particular, we use: Google Maps, including the Google Maps Platform: map service; provider: Google (USA); Google Maps-specific information: “How Google uses location information.”

Digital advertising on third-party websites

Google Ads: Online advertising platform operated by Google for web advertising. Terms for Google advertising products regarding data processing on behalf of a controller.

Digital advertising on social media platforms

Facebook: Placement of advertisements within the Facebook platform and evaluation of advertising results; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Privacy Policy: https://www.facebook.com/about/privacy; Basis for third-country transfer: EU–US Data Privacy Framework (DPF).

Instagram: Placement of advertisements within the Instagram platform and evaluation of advertising results; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Consent (Art. 6(1) sentence 1 lit. a GDPR); Privacy Policy: https://instagram.com/about/legal/privacy; Basis for third-country transfer: EU–US Data Privacy Framework (DPF).

TikTok: Placement of advertisements within the TikTok platform and evaluation of advertising results; Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal basis: Consent (Art. 6(1) sentence 1 lit. a GDPR); Privacy Policy: https://www.tiktok.com/de/privacy-policy.

LinkedIn: Placement of advertisements within the LinkedIn platform and evaluation of advertising results; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland; Legal basis: Consent (Art. 6(1) sentence 1 lit. a GDPR).
Datenschutzerklärung: https://www.linkedin.com/legal/privacy-policy

Web optimization

Our website uses the free JavaScript library “jQuery” to display various elements. This library is provided by Google via Google Hosted Libraries. When a page is accessed, the user’s browser establishes a connection to Google’s servers. As a result, Google becomes aware that the data subject has visited our website.

The use of Google Hosted Libraries is in the interest of an appealing presentation and short loading times for our online offerings. In addition, we ensure that a patched version of jQuery is always integrated, which increases security. This constitutes our legitimate interest within the meaning of Art. 6(1)(f) GDPR.

Further information about Google Hosted Libraries can be found at https://developers.google.com/speed/libraries/ and in Google’s privacy policy at https://www.google.com/policies/privacy/.

10. Performance and reach measurement

Notifications and communications may contain web links or tracking pixels that record whether an individual message has been opened and which web links were clicked. Such web links and tracking pixels may also record the use of notifications and communications on a personal basis. We require this statistical recording of usage for performance and reach measurement in order to send notifications and communications effectively and in a user-friendly manner, tailored to the needs and reading habits of recipients, and in a permanent, secure, and reliable way.

We use services and tools to determine how our online offering is used. In this context, we can, for example, measure the success and reach of our activities and operations as well as the impact of third-party links to our website. We may also test and compare how different versions of our online offering or parts of it are used (the “A/B testing” method). Based on the results of performance and reach measurement, we can in particular remedy errors, strengthen popular content, or make improvements to our online offering.

When using services and tools for performance and reach measurement, the Internet Protocol (IP) addresses of individual users must be stored. IP addresses are generally shortened (“IP masking”) in order to follow the principle of data minimization through corresponding pseudonymization and thereby enhance the protection of users’ data.

When using services and tools for performance and reach measurement, cookies may be used and user profiles may be created. User profiles may include, for example, the pages visited or content viewed on our websites, information about the size of the screen or browser window, and the (at least approximate) location. In principle, user profiles are created exclusively in pseudonymized form. We do not use user profiles to identify individual users. Certain third-party services with which users are logged in may, however, attribute the use of our online offering to the user account or user profile with the respective service.

In particular, we use:

Google Analytics: Performance and reach measurement; provider: Google (USA); Google Analytics–specific information: measurement across different browsers and devices (cross-device tracking) as well as with pseudonymized Internet Protocol (IP) addresses, which are only exceptionally transmitted in full to Google in the USA; “Data protection,” “Browser add-on to deactivate Google Analytics.”

Google Tag Manager: Integration and management of other services for performance and reach measurement as well as additional services from Google and from third parties; provider: Google (USA); Google Tag Manager–specific information: “Data collected with Google Tag Manager”; further data protection information can be found with the respective integrated and managed services.

Lokker Studio: Tool for data visualization using dashboards that consolidate the platforms relevant to us, including Google Analytics, Google Ads, and YouTube. Terms of Use of Lokker Studio.

11. Final provisions

We may amend and supplement this privacy policy at any time. We will inform you of such amendments and supplements in an appropriate manner, in particular by publishing the current version of the privacy policy on our website. www.gastrosof.ch

Gastrosof GmbH

Switzerland

077 410 76 38
Help & Support
Subscribe to our newsletter

    © Copyright 2026 Gastrosof GmbH. All rights reserved.