General information
‍
- This privacy policy applies to the service - the POS software KASSA
- Only the German version of this privacy policy is authoritative. It is possible that translations are not always complete and up-to-date.

Scope of the Data Protection Policy & Cookie Policy
In accordance with Art. 13 of Regulation (EU) 2016/679 (GDPR) and Measure No. 231 of June 10, 2021 on the use of cookies, we hereby inform visitors to the website about the use of the data transmitted and the cookies used by the website. This privacy policy also complies with Recommendation No. 2/2001 adopted by the Working Party set up under Article 29 of Directive 95/46/EC.

It refers to the KASSA service operated by Limendo GmbH, but not to any other linked websites and programs.
‍
Data controller
When visiting the website, personal data or other data that can be linked to the user may be processed, including data collected through the use of cookies. The data controller is Limendo GmbH, with registered office at Via Enrico Fermi 20/B, 39100 Bolzano. The controller can be contacted using the following contact details
‍
Phone: +39 0471 1800 390
Mail: mail@limendo.com

Purpose and methods of processing
Types of data processed: When you visit our app, we collect inventory data (e.g. name, restaurant, item data), contact data (e.g. e-mail), contract data (e.g. subject matter of the contract), payment data (e.g. type of payment, payment history), usage data (e.g. interest in content), and meta/communication data (e.g. IP addresses).

When using our service, you provide us with certain data as follows: When creating an account, you provide at least your login details and some basic details such as first and last name and your email address.

By using the POS system, your item data, your sales and your customer data can be viewed. For commercial users, a separate order data processing contract must be concluded with us (Limendo GmbH).

If you contact our customer service, we collect the data that you provide to us during the interactions. These interactions may also be stored in order to provide our services in the best possible way.

As part of the registration process, the user's consent to the processing of the above-mentioned data is obtained. The legal basis for the processing of this data is Art. 6 para. 1 lit. a) GDPR if the user has given such consent. You can withdraw your consent at any time or change this data yourself. To withdraw your consent, simply send us an informal email. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

SSL encryption
To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

TRANSFER OF DATA TO PAYMENT SERVICE PROVIDERS DURING THE PAYMENT PROCESS
In the backend of "KASSA", we use the services of the payment service provider IVA PAYMENT SERVICES SINGLE MEMBER S.A., a Greek company based in ARCANIA BUSINESS CENTER, 18-20, AMAROUSIOU - CHALANDRIOU AVE, GR 15125, MAROURSI, to process our transactions. The catering and service companies conclude their own contract with Viva Wallet in this regard and register directly with Viva Wallet and conclude their own contract there.
‍
The use of this payment service is reserved exclusively for commercial users. When a payment is made via the payment service provider, we pass on the desired amount of the payment.The legal basis for the processing of this data is Art. 6 para. 1 lit. a) GDPR if the user has given consent. You can withdraw your consent at any time or change this data yourself. To withdraw your consent, simply send us an informal email. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
Your data will not be transferred in any way to third countries outside the EU or to international organizations or stored on servers in third countries.
‍
AUTOMATED DECISIONS
The controller does not use any system for automated decision-making regarding your personal data.
‍
RIGHTS OF THE DATA SUBJECT
You have the right to request access to and rectification or erasure of your data from the controller at any time. You will receive written feedback within 30 days, including by electronic means if necessary (unless you expressly request verbal feedback). You also have the right to request the restriction of processing or to refuse processing. You can also request the portability of your data to another controller. You can also withdraw the consent you have given on this website at any time. To revoke one or more of the consents granted, simply contact one of the addresses listed above.

If you believe that your data has been processed unlawfully, you have the right to lodge a complaint with the supervisory authority.

Methods of data processing
The processing of personal data is carried out by automated systems and/or manually and lasts only for the time necessary to achieve the stated purposes of data processing, in accordance with the applicable legal provisions.
‍
Voluntary nature of the data contribution
Apart from navigation data, it is up to the user to decide whether or not to enter personal data. The only consequence of not entering personal data may be that certain website services cannot be provided.
‍
Rights of the data subject
The person affected by the data processing can contact the processor or the controller in order to assert their rights, as also provided for in Art. 7 of the GDPR No. 196/2003, which is reproduced here in full and supplemented with passages from the EU GDPR.

Art. 7 - Right of access to personal data and other rights
1. the data subject shall have the right to obtain confirmation of the existence or otherwise of personal data concerning him/her, even if not yet recorded, and their communication in intelligible form. The data subject has the right to obtain the following information:
a) Origin of the personal data;
b) the purpose and nature of the processing;
c) the system used for processing by means of electronic tools;
d) data identifying the data controller, the data processors and the representative pursuant to Art. 5, para. 2;
e) persons or groups of persons to whom personal data may be communicated or who may become aware of it as appointed representatives in the territory of the State, persons in charge or appointees (this right of access is also enshrined in Art. 15 GDPR).

2. the data subject is entitled to obtain the following:
(a) the updating, rectification or, if interested, integration of the data (this right to rectification is also found in Art. 16 EU GDPR);
b) the deletion, transformation into anonymous form or blocking of data that is not lawfully processed, including data whose retention is not necessary for the purposes for which the data was collected or processed (this right to deletion can also be found in Art. 17 GDPR)
c) the confirmation that the steps of a) and b) have been brought to the attention, also as regards their content, of those to whom the data have already been communicated, unless this is impossible or involves a disproportionate effort in relation to the right to be protected.

3. the data subject has the right to object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning him/her, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for the purpose of market research or sales communications (right of objection also in Art. 21 EU GDPR).

4. you have the right to demand that we restrict the processing of the data (right to restriction pursuant to Art. 18 EU GDPR)

5. you have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible. (Right to data portability pursuant to 20 EU GDPR)

Retention periods
We store personal data in accordance with the GDPR/DSGVO and adhere to the statutory retention periods.
‍
Changes to the data protection provisions
Over time, changes to this privacy policy may be necessary, so users are advised to consult it frequently. LIMENDO GMBH will inform users of the existence of new versions of these provisions by means of links and notices in appropriate places on the website, e.g. as a notice on the homepage. Where required by applicable law, LIMENDO GMBH will ask users for their consent to specific data processing.