Privacy Policy

Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website or use our platform. Personal data is any data that can personally identify you. For detailed information about specific processing operations, the services used, and your rights, please refer to the complete privacy policy below.

Responsible Entity

foodfluencer
Markus & Miruna Pangerl
Lenaustr. 1
81373 München
Germany
Email: privacy@foodfluencer.me

Your Privacy Rights

You have the following rights regarding your personal data:

• Right to access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to object to processing (Art. 21 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to withdraw consent (Art. 7(3) GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Detailed information about your rights can be found in the "Rights of Data Subjects" section of the complete privacy policy.

Overview of Data Processing

Types of Data Processed

• Master data (e.g., names, company name, address)
• Contact data (e.g., email, phone number)
• Contract data (e.g., usage and payment information)
• Usage data (e.g., access times, feature usage, page views)
• Communication content (e.g., messages, support requests)
• Payment data (e.g., payment status, transaction ID via Stripe)
• Meta/communication data (e.g., IP address, device type, browser information)

Categories of Data Subjects

• Platform users (e.g., registered restaurants and influencers)
• Prospects and website visitors
• Communication partners (e.g., via contact form, email)
• Newsletter recipients
• Business partners and contractors

Purposes of Processing

• Operation and provision of the platform (Art. 6(1)(b) GDPR)
• Implementation of pre-contractual measures and fulfillment of contractual obligations
• User management and payment processing
• Communication, support, and feedback management (Art. 6(1)(b) and (f) GDPR)
• Protection against misuse, ensuring IT security (Art. 6(1)(f) GDPR)
• Sending newsletters and direct marketing (Art. 6(1)(a) or (f) GDPR)
• Web analytics, usage statistics, reach measurement (Art. 6(1)(a) or (f) GDPR)
• Fulfillment of legal obligations (Art. 6(1)(c) GDPR)

Legal Bases Overview

• Consent (Art. 6(1)(a) GDPR) – e.g., for analytics cookies, newsletters
• Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR) – e.g., use of the platform
• Legal obligation (Art. 6(1)(c) GDPR) – e.g., tax retention obligations
• Legitimate interests (Art. 6(1)(f) GDPR) – e.g., security, functionality, analysis

Services Used (Selection)

• Stripe – Payment processing (Ireland/USA, SCC & DPF)
• Supabase – Hosting, authentication, database (EU)
• Mailchimp – Newsletter delivery (USA, SCC & DPF)
• PostHog – Usage analysis (EU)
• Google Analytics – Web analytics (Ireland/USA, SCC & DPF)
• Vercel – Hosting of the web application (USA/EU, SCC)

Detailed information about these services, their data processing, and any transfers to third countries can be found in the "Third-Party Providers & Services Used" section of the privacy policy.

Complete Privacy Policy

1. General Information on Data Processing

We process personal data of users only in compliance with relevant data protection regulations. This means that data is only processed when a legal permission exists, in particular when data processing is necessary for providing our services (e.g., platform usage), for fulfilling a contract, based on our legitimate interests, or on the basis of consent.

We implement organizational, contractual, and technical security measures according to the state of the art to ensure that the provisions of data protection laws are observed and to protect the data processed by us against accidental or deliberate manipulation, loss, destruction, or against access by unauthorized persons.

2. Hosting and Access Data

Our platform is operated via Vercel Inc. Our hosting provider collects server log files, which may contain the following data:

• IP address of the requesting device
• Date and time of access
• Resources accessed (e.g., URLs, API endpoints)
• Browser type and version
• Operating system and device information

This data is temporarily stored for security reasons (e.g., to investigate misuse or fraud) based on our legitimate interest (Art. 6(1)(f) GDPR) and deleted after a maximum of 14 days.

3. Registration and Use of the Platform

When you register as a restaurant or influencer, we process your registration data (name, email, company name, etc.) to set up and provide your user account and for contract fulfillment in accordance with Art. 6(1)(b) GDPR.

In addition, we process usage data (e.g., login times, profile views) and communication content (e.g., via our messaging system) to provide you with the functionality of the platform and for quality assurance.

You can delete your account at any time; the associated data will then be deleted, provided that no legal retention obligations oppose this.

4. Third-Party Providers & Services Used

Below, we inform you about the third-party providers we use as part of our platform, as well as the associated data processing. If providers are outside the EU/EEA, data transfer takes place on the basis of appropriate safeguards such as EU Standard Contractual Clauses (SCC) or certification under the EU-US Data Privacy Framework (DPF).

5. Cookies and Consent Management

We use cookies and similar technologies (e.g., Local Storage, Session Storage) on our website and platform to enable technical functionality (necessary cookies) and – with your consent – for analysis and marketing purposes (optional cookies).

Necessary Cookies

These cookies are required for you to use our website and platform. Without them, certain basic functions would not work. These cookies do not require consent and are set based on our legitimate interest in accordance with Art. 6(1)(f) GDPR.

Optional Cookies

We only use these cookies with your explicit consent via our cookie banner. These include, for example:

• Analytics cookies (e.g., Google Analytics, PostHog)
• Marketing cookies (e.g., for reach measurement)

The legal basis for processing optional cookies is your consent in accordance with Art. 6(1)(a) GDPR in conjunction with § 25 TTDSG.

You can withdraw or change your consent at any time via the cookie banner or your browser settings.

Consent Management Tool

We use a consent management tool that displays a banner on first access to the site. There you can activate or deactivate individual services and adjust your decision at any time. The decision is stored locally in a cookie.

6. Rights of Data Subjects

As a data subject, you have the following rights under the GDPR:

• Access (Art. 15 GDPR): You have the right to request confirmation as to whether personal data concerning you is being processed. If this is the case, you will receive information about the processed data and further information.
• Rectification (Art. 16 GDPR): You have the right to have incorrect or incomplete data corrected.
• Erasure (Art. 17 GDPR): You can request the deletion of your data, provided that no legal retention obligations prevent this.
• Restriction of processing (Art. 18 GDPR): You have the right to request a restriction of processing, e.g., if the accuracy of the data is contested.
• Data portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used, and machine-readable format.
• Objection (Art. 21 GDPR): You can object to the processing of your data at any time if it is based on legitimate interest.
• Withdrawal of consent (Art. 7(3) GDPR): You can withdraw your consent at any time with effect for the future.
• Complaint to a supervisory authority (Art. 77 GDPR): If you believe that the processing violates the GDPR, you have the right to lodge a complaint. For example, the Bavarian State Office for Data Protection Supervision (BayLDA) is responsible.

Exercising your rights is free of charge. Please direct your requests to: privacy@foodfluencer.me

7. Storage Duration and Deletion of Data

We store personal data only as long as necessary for the respective processing purposes or as required by legal retention obligations.

• Contract-related data: is retained in accordance with tax and commercial law requirements for 6 to 10 years (e.g., § 257 HGB, § 147 AO).
• Communication data: we delete after final processing of your request, unless retention obligations exist.
• Usage data: is stored pseudonymously and regularly deleted once it is no longer required for analysis and security purposes.

As soon as the purpose of processing ceases to exist and no legal obligations for storage remain, the data is routinely deleted.

8. International Data Transfers

Some of the service providers we use (e.g., Stripe, Google, Mailchimp, Vercel) are based in third countries outside the EU, particularly the USA. To ensure an adequate level of data protection, data is only transferred if:

• An adequacy decision by the EU Commission exists (e.g., participation in the EU-US Data Privacy Framework), or
• EU Standard Contractual Clauses (SCC) have been concluded, or
• You have given your explicit consent pursuant to Art. 49(1)(a) GDPR.

Detailed information on the respective providers used and their safeguards for third-country transfers can be found in the "Third-Party Providers & Services Used" section of this privacy policy.

9. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to accommodate changed legal situations, technical developments, or when changes to our services are introduced – such as when new features are implemented.

The current version, available at https://foodfluencer.me/privacy, applies to your revisit.

We recommend that you regularly inform yourself about the content of our privacy policy.

Last updated: May 2025