Data Protection

1. Responsible party

VIRTUMA UG (limited liability)
Petersberg 12
54457 Wincheringen
Germany

Email: info@virtuma.de
Phone: +49 6583 99 31 30

Represented by the Managing Director.

Virtuma UG operates the following services:

  • Restopage.eu – Restaurant System & Ordering Platform
  • shop.restopage.eu – Online Shop (WooCommerce)
  • Restopage Mobile App
  • Letzdine – Restaurant Search and Ordering Platform

2. General information on data processing

We process personal data on the basis of:

  • the General Data Protection Regulation (GDPR)
  • the Federal Data Protection Act (BDSG)
  • other EU data protection regulations applicable in Germany

Personal data is only processed if this is necessary for the operation of our platforms, apps, shops, and services, or if there is a legal basis.

3. What data we process

3.1. Customers & Orderers

  • First and Last Name
  • Delivery Address / Billing Address
  • Phone number
  • E-mail address
  • Order history
  • Shopping Cart and Order Content
  • Metadata (IP address, device, browser, time)
  • Payment Information
    (no full credit card details – these remain with the payment service provider)

3.2. Restaurant Operators

  • Company Data (name, address, email, VAT ID, etc.)
  • Contact Person / Responsible Parties
  • Payout Data (Stripe, Mollie, etc.)
  • Order and customer communication
  • System usage data

3.3. Users of the Restopage Mobile App

The app uses:

  • Firebase Auth (Login / Accounts)
  • Firebase Cloud Messaging (Push notifications)
  • Firebase Analytics (Usage Analysis)
  • Firebase Crashlytics (Error analysis)
  • Firestore / Realtime Database (technically possible for order data)

Collected data:

  • Device ID
  • App usage behavior
  • Language Settings
  • Firebase Tokens
  • Login details
  • Order information from the Restopage system

3.4. Letzdine Platform

  • manually entered location data
  • Cookies & tracking data
  • Search history
  • Order and Account Data
  • Transmission of order data to restaurants

4. Purpose of data processing

Data is processed for:

  • Execution & Fulfillment of Orders
  • Management of User and Restaurant Accounts
  • Provision & Optimization of Platforms and Apps
  • Internal evaluations & statistics
  • Fraud, Abuse, and Security Prevention
  • Fulfillment of legal obligations
  • Customer Service & Support
  • Marketing (e.g., region/location for ad targeting)
  • automated restaurant recommendations
  • Communication based on order history

5. Disclosure of personal data

5.1. Sharing with Restaurants (upon Order)

Data necessary for contract fulfillment:

  • Name
  • Phone
  • Delivery/collection address
  • ordered items
  • Order notes
  • Time
  • Payment method

5.2. Sharing with Payment Providers

Providers used:

  • Stripe
  • Mollie Payments (WooCommerce)
  • PayPal

These only receive the data necessary for payment processing.
We do not store full credit card details.

5.3. Other Recipients

  • Google Firebase (Auth, Messaging, Analytics, Crashlytics)
  • Google Analytics
  • Google Tag Manager
  • Google Fonts
  • Google reCAPTCHA
  • Hosting providers (e.g. hosting.de, Hostinger)
  • WooCommerce / WordPress / Plugins
  • Content Delivery Networks (e.g., jQuery CDN, Bootstrap CDN)
  • Font Awesome
  • WPML (Language Management)
  • Contact Form 7
  • Google Adsense (if activated)

6. International data transfer

Some providers process data outside the EU, particularly in the USA.
This includes, among others:

  • Google (Analytics, Firebase, reCAPTCHA, Fonts)
  • Stripe
  • PayPal
  • Mollie (partially)

Legal Basis:

  • Standard Contractual Clauses (SCCs) in accordance with Art. 46 GDPR
  • technical and organizational protective measures

7. Cookies & Tracking

We use cookies for:

  • Login & session management
  • Shopping cart functions (WooCommerce)
  • Payment providers
  • Analysis & Statistics (Analytics, Tag Manager)
  • Security (reCAPTCHA)
  • Language settings (WPML)
  • CDN optimization

When visiting the website, a cookie banner with an opt-in consent option appears in accordance with Art. 6 para. 1 lit. a GDPR.

8. Processor Agreements

With all service providers who process personal data for us, data processing agreements (Art. 28 GDPR) exist, e.g.:

  • Google (Firebase + Analytics)
  • Stripe
  • PayPal
  • Mollie
  • Hosting providers
  • Plugin/software providers as far as necessary

9. Storage period

  • Order data: 10 years (statutory retention period)
  • User accounts: until deletion by the user
  • Firebase Tokens: until app logout
  • Analysis data: up to 26 months
  • Restaurant data: during system usage
  • Support requests: max. 24 months

10. Your Rights

You have the following rights at any time:

  • Right of Access (Art. 15 GDPR)
  • Right to Rectification (Art. 16 GDPR)
  • Right to Erasure (Art. 17 GDPR)
  • Right to Restriction of Processing (Art. 18 GDPR)
  • Right to Data Portability (Art. 20 GDPR)
  • Right to Object, particularly to direct marketing (Art. 21 GDPR)
  • Withdrawal of Consent (Art. 7 para. 3 GDPR)
  • Right to lodge a complaint with a supervisory authority

Competent supervisory authority for Rhineland-Palatinate:
State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
Hintere Bleiche 34
55116 Mainz
Germany

11. Data Security

We implement technical and organizational measures:

  • SSL/TLS encryption
  • Server security configurations
  • Firewall & Monitoring
  • Access restrictions
  • Hashing & encryption
  • regular updates
  • Backups

12. Children & minors

Our services are not directed at persons under 16 years of age.
We do not knowingly process data from children under 16 years of age.

13. Changes to this privacy policy

We reserve the right to update this privacy policy if services or legal requirements change.

14. Contact for Data Protection Questions

VIRTUMA UG
Petersberg 12
54457 Wincheringen
Germany
Email: info@virtuma.de