DISH Dine Logo
English
EN
DISH DinePrivacy Policy

DISH Dine Privacy Policy for Guests

This Privacy Policy applies to the processing of personal data of Guests who use the services provided by DISH, including DISH Dine, DISH Order, DISH Reservation, and other DISH tools. Unless otherwise stated, the data controller for processing the personal data is DISH Digital Solutions GmbH, Metro-Strasse 1, 40235 Düsseldorf, Germany (hereinafter referred to as “DISH”, “we”, or “us”).

We are aware of how important it is to protect the privacy of our Guests; therefore, we see it as our job to be clear and transparent in explaining what we do with your data. This Privacy Policy describes how we collect, hold, use, and disclose your personal information, and how we maintain the quality and security of your personal information. If you have any questions, please contact us at the address below:

You can download our Privacy Policy as a PDF or access and print it at any time.

1 General Provisions

1.1 In this Privacy Policy, we explain how we collect, process, and use personal data in the context of online orders and/or reservations for our goods or services.

1.2 Personal data are individual details about your personal or material circumstances. Further details on the provision of our services can be found in our DISH General Terms of Use for Guests.

1.3 We process personal data that we collect about you exclusively within the limits of the applicable statutory provisions, including but not limited to Regulation (EU) 2016/679 (General Data Protection Regulation; “GDPR”).

2 Processing of Personal Data and Transfer to Third Parties

2.1 When you use our services and create an account, we collect and process your personal data for the following purposes:

(a) You have the option of creating your own account. With this, further orders can be placed easily and quickly at a later date. The processing of this personal data is based on Article 6(1) sentence 1 letter b) GDPR and is necessary for initiating and implementing the contract between you and us. Once you create an account, it is necessary that you provide us with the following data:

  • Full name
  • Address
  • Contact information such as phone number and email address

This data is necessary so that we can provide more accurate services to you.

(b) If you place an online order via "Order with Google", we will receive the data mentioned in letter (a) from DISH Digital Solutions GmbH, Metro-Strasse 1, 40235 Düsseldorf, which arranges the contract with us under the name "orderdirect". The processing of personal data by us is also carried out here on the basis of Article 6(1) sentence 1 letter b) GDPR. For the processing of your personal data by Google Ireland Inc. as well as by DISH Digital Solutions GmbH, we refer to the data privacy policies of these companies, which you can view when placing an online order via "Order with Google".

(c) For the purposes of restaurant reviews and our quality management, we may use the personal information you provided when placing your order online to send you a text message or email requesting feedback on your online order after you have completed your order. This will be used to both improve the service for Guests and strengthen the restaurant's external image for further Guests and can therefore be shown on the restaurant website as well as on other feedback platforms. You can decide whether to make your feedback anonymous or you would like to state your first and last name. The processing of this personal data that you provide to us as part of the feedback is based on Article 6(1) sentence 1 letter a) GDPR, the consent provided by you.

You can withdraw your consent by contacting us by writing an email to: privacy@dish.digital at any time.

(d) Some personal data is automatically collected via your terminal device (computer, mobile phone, tablet, etc.) when you use the online ordering service.

The IP address currently used by your end device, the date and time, the browser type and the operating system of your end device, as well as the pages accessed, are recorded. This is done for data security purposes and to optimize what we offer and the services we provide. The data will be anonymized after seven (7) days at the latest. The processing of this personal data takes place on the basis of Article 6(1) sentence 1 letter f) GDPR. The protection of our website and the optimization of our services constitute a legitimate interest.

(e) If you get in touch with us (e.g., by submitting an inquiry using the contact details we have provided), we will only process the personal data that you have provided to us and that is required to process and respond to your inquiry. The processing of this personal data is based on Article 6(1) sentence 1 letter b) GDPR and is necessary for initiating and implementing the contract between you and us.

(f) If you create an account with us, the creation of an account is based on your consent. We process name, address, and contact data upon the creation of the account. You can withdraw your consent and/or delete your account by contacting us by writing an email to: privacy@dish.digital at any time. We would like to point out that the withdrawal of consent or deletion of the account may have negative impacts on your user experience.

(g) We strive to make our services aligned with your preferences and improve our services and products. Therefore, we may approach you to conduct customer research. Unless it is necessary according to the applicable law, we only send these types of communications based on your prior consent. We would like to point out that participation in customer research is completely voluntary. You can unsubscribe from receiving these types of communications at any given time.

(h) We also process personal data for marketing purposes by sending personalized marketing messages and notifications. Such messages refer but are not limited to the latest news, updates, discounts by email, text, or notifications. Unless it is necessary according to the applicable law, we send these types of communications based on your prior consent. You can withdraw your consent and/or delete your account by contacting us by writing an email to: privacy@dish.digital at any time.

(i) If we want to use the personal data we collect from you for a different purpose, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent where required by applicable law.

2.2 In order to enable the data processing operations mentioned in this Privacy Policy, such as for the hosting and maintenance of our service, we use external service providers. They will only act on our instructions and have been contractually obliged to comply with the data protection provisions in accordance with Article 28 GDPR.

3 Cookies

3.1 In order to make our services attractive and to enable the use of certain functions, we use “cookies”. This is short information that is stored on your end device and assigned to the browser you are using. Some of the cookies we use are deleted after the end of a session, i.e., after you close your browser (“session cookies”). Other cookies remain on your end device and enable us to recognize your browser the next time you visit our website (persistent cookies). You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. For more information, please consult the help function of your internet browser. If you do not accept cookies, the functionality of our website may be limited. By accepting our "cookie banner", you consent to the processing of your personal data via cookies. The processing of this personal data takes place on the basis of Article 6(1) sentence 1 letter a) GDPR. We use the following analytics cookies:

(a) We use Adobe Analytics, a service provided by Adobe Systems Software Ireland Limited (4-6 Riverwalk Citywest Business Campus, Dublin 24, Republic of Ireland; "Adobe") with your consent. This service uses cookies which are stored on your end device and which enable an analysis of your use of our website. The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Adobe on servers in Ireland, where it will be anonymized and then transferred in anonymized form to servers in the United States for further processing. Adobe uses this information to evaluate your use of our website, to compile reports on website activity for website operators, and to provide other services related to website and internet usage. If required by law or if third parties process this data on behalf of Adobe, this information may be transferred to third parties. In no case will your IP address be associated with any other data held by Adobe.

(b) In addition, with your consent, we use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics 4 also uses cookies. The information generated by the cookies about your use of our website is usually transferred to a Google server in the USA and stored there. However, your IP address will be shortened beforehand by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of our website, compile reports on website activity, and provide other services relating to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

3.2 We take technical precautions to pseudonymize the data collected about you through analysis and/or advertising cookies. After pseudonymization, the data can no longer be directly associated with the user.

3.3 By clicking on “accept” in our “cookie banner”, you consent to the processing of your personal data using analytics and advertising cookies for the above purposes. The processing of this personal data takes place on the basis of Article 6(1) sentence 1 letter a) GDPR.

4 Provision of Personal Data and Retention Periods

4.1 Unless otherwise required by law (e.g., COVID-19 restrictions), the provision of your personal data is voluntary. There will be no consequences if you do not provide us with your personal data, except that you will not be able to place an online order for which this data is required for the fulfillment of the contract.

4.2 Personal data that you provide to us via our online ordering service will only be stored until the purpose for which it was processed has been fulfilled. If you create your own account, the data will be stored until the account is deleted.

4.3 Deviating retention periods may also result from a legitimate interest (e.g., to ensure data security and to prevent misuse). Personal data that we are required to store due to legal or contractual retention obligations will be locked when stored for the duration of the obligation in question.

5 Third-Party Websites

DISH may include links to third-party websites. We would like to point out that each of these websites has its own privacy statement. Although DISH carefully selects which websites to link, we cannot take responsibility for the way they handle your personal data.

6 Age

DISH Dine is not intended for persons aged under 16; therefore, we do not intend to collect personal data of Guests who are aged under 16. However, we are not able to verify the Guests’ age. We advise parents to monitor their children’s online activities to be able to provide parental consent or to prevent the minor’s personal data from being collected. Please contact us if you think we have collected personal data of a minor without consent by writing an email to: privacy@dish.digital. We will proceed to erase this data afterwards.

7 Automated Decision Making and Profiling

7.1 For necessary purposes of the legitimate interest or in the performance of a contract with you and to the extent necessary to fulfill our obligations to you, DISH uses automated decision-making and profiling. We may use your address data and/or location data to list available restaurants in your local area. Additionally, we may use automated decision making in complying with our legal obligations to prevent money laundering, terrorism financing, and other criminal offenses.

7.2 If such automated decision making and/or profiling results in a negative decision about you, and you do not agree with the decision, or if you would like to object to this type of processing, please reach out to us by writing an email to: privacy@dish.digital. We will then reassess the situation and/or provide further information on the reasoning behind the automated decision.

8 Sharing Data

8.1 DISH will share your information (order, name, address, phone number, and contact data) with the Restaurant if you choose to place an order or make a reservation so that the restaurant can fulfill its obligations to you or for necessary services such as resolving a complaint. You are in direct relation with the Restaurant; therefore, the Restaurant has its own responsibilities and obligations for the processing of your personal data. For questions on how the Restaurant handles your data, please contact the Restaurant directly.

8.2 DISH works with companies within the METRO Group and other third parties to carry out the processing described below and/or to comply with legal obligations. These group companies and third parties may process personal data on behalf of us (as data processors) or as autonomous data controllers and have access to your personal data for the purposes described in this Privacy Policy. The group companies and third parties are required to protect your personal data in accordance with the standards set out in this Privacy Policy and applicable data protection laws. We take appropriate measures to guarantee the same level of protection and confidentiality we promise to you from them.

8.3 We will share your data with other third-party data controllers where appropriate or required by applicable law or regulation (including, but not limited to a court order) or where it is necessary to disclose in order to comply with legal obligations, to exercise, establish or defend legal rights, or to protect the vital interests of any person. Such third-party controllers may include law enforcement agencies.

8.4 Disclosing your data to any company or prospective buyer of all or substantially all of our assets in connection with any sale or transfer of those assets is possible.

9 Transferring Data

We may transfer personal data outside of the European Economic Area (EEA). This may result in transferring personal data to or accessing personal data from other jurisdictions, including jurisdictions that may not provide the same level of protection as EU data protection laws provide. We take into account any applicable statutory obligations relevant to personal data transfers by relying on European Commission (EC) adequacy decisions, appropriate safeguards, and EC-approved standard contractual clauses. If you would like to learn more about the standard contractual clauses, please click here.

10 Your Rights

10.1 As a data subject within the meaning of the GDPR, you are entitled to the following rights under the legal conditions:

(a) The right to obtain information about the data processing as well as a copy of the processed data (right of access, Article 15 GDPR),

(b) The right to request the rectification of inaccurate data or the completion of incomplete data (right to rectification, Article 16 GDPR),

(c) The right to request the erasure of personal data (right to erasure, Article 17 GDPR),

(d) The right to request the restriction of data processing (also referred to as blocking) (right to restriction of processing, Article 18 GDPR),

(e) The right to obtain personal data in a structured, commonly used, and machine-readable format and to request the transfer of such data to another controller (right to data portability, Article 20 GDPR),

(f) The right to receive information on the essential aspects of joint controllers’ arrangement, which sets out the roles and responsibilities of each controller with regard to the processing of personal data, as well as the mechanisms and procedures for exercising data subjects' rights (Article 26(2) GDPR),

(g) The right to withdraw consent given at any time in order to stop data processing based on your consent. The withdrawal does not affect the lawfulness of the processing based on the consent prior to the withdrawal (right of withdrawal, Article 7 GDPR), as well as

(h) The right to object to certain data processing operations (Article 21 GDPR).

10.2 You also have the right to lodge a complaint with a supervisory authority if you consider that the data processing violates the GDPR (right to complain to a supervisory authority, Article 77 GDPR).

10.3 To exercise your rights, please contact us by writing an email to: privacy@dish.digital. We are happy to talk to you regarding your questions, complaints, and feedback.

11 Updates to this Privacy Policy

Please bear in mind that we may update this Privacy Policy from time to time to align with changing legal, technical, or business developments. When we update, we will take appropriate measures to inform you, consistent with the importance of the change we make. When required by the applicable data protection law, we will ask for your consent to any material changes to this Privacy Policy.

We encourage a periodic review of this Policy for the latest information on our privacy practices.

Contact Information

Data Protection Officer
DISH Digital Solutions GmbH
Metro-Strasse 1
40235 Düsseldorf
Germany
Email: privacy@dish.digital

DISH Dine_Privacy_en_V1_Oct2023