Bakery

Workplace dining services

About Us

Blog

Let's have a chat.

Bakery

Workplace dining services

About Us

Blog

Let's have a chat.

Privacy Policy

Last updated: December 3, 2025

1. Introduction

Below, we provide information about the processing of personal data when using

our website https://www.delicious-data.com/
our web application https://app.delicious-data.com/
our profiles on social media.

Personal data includes all data that can be related to a specific natural person, such as their name or IP address.

1.1. Contact Information

The responsible party according to Art. 4 Para. 7 EU General Data Protection Regulation (GDPR) is Delicious Data GmbH, Sonnenstraße 32, 80331 Munich, Germany, Email: info@delicious-data.com. We are legally represented by Valentin Belser, Jakob Breuninger, Daniel Smeds.

Our data protection officer can be reached via heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu, Email: datenschutz@heydata.eu.

1.2. Scope of Data Processing, Processing Purposes, and Legal Foundations
We provide detailed information on the scope of data processing, processing purposes, and legal foundations below. Generally, the following can be considered as legal grounds for data processing:

Art. 6 Para. 1 Sentence 1 lit. a GDPR serves as the legal basis for processing operations for which we obtain consent.
Art. 6 Para. 1 Sentence 1 lit. b GDPR is the legal basis insofar as the processing of personal data is necessary for the fulfillment of a contract, e.g., when a visitor to our site purchases a product or we perform a service for them. This legal basis also applies to processing necessary for pre-contractual measures, such as inquiries about our products or services.
Art. 6 Para. 1 Sentence 1 lit. c GDPR applies when the processing of personal data fulfills a legal obligation, as can be the case in tax law.
Art. 6 Para. 1 Sentence 1 lit. f GDPR serves as a legal basis when we can rely on legitimate interests for processing personal data, e.g., for cookies necessary for the technical operation of our website.

1.3. Data Processing Outside the EEA

To the extent that we transfer data to service providers or other third parties outside the EEA, adequacy decisions by the EU Commission pursuant to Art. 45 Para. 3 GDPR guarantee the security of the data during transfer, where applicable, as is the case for Great Britain, Canada, and Israel.

When transferring data to service providers in the USA, the legal basis for data transfer is an adequacy decision by the EU Commission if the service provider is additionally certified under the EU US Data Privacy Framework.

In other cases (e.g., if no adequacy decision exists), the standard contractual clauses generally serve as the legal basis for data transfer, unless we provide a different note. These are a framework adopted by the EU Commission and part of the contract with the respective third party. According to Art. 46 Para. 2 lit. b GDPR, they ensure the security of data transfer. Many providers have provided contractual guarantees that extend beyond standard contractual clauses, protecting the data beyond these. These include, for example, guarantees regarding data encryption or an obligation for the third party to inform affected parties if law enforcement accesses the data.

1.4. Storage Duration

Unless explicitly stated within this privacy policy, stored data is deleted once it's no longer necessary for its intended purpose and no legal retention obligations oppose deletion. If data is not deleted because it’s necessary for other legally permissible purposes, its processing will be restricted, meaning the data is locked and not processed for other purposes. This applies, for example, to data we must retain due to commercial or tax law.

1.5. Rights of the Affected Parties

Affected parties have the following rights regarding their personal data:

Right to access,
Right to rectification or erasure,
Right to restriction of processing,
Right to object to processing,
Right to data portability,
Right to revoke consent at any time.

Affected parties also have the right to file a complaint with a data protection supervisory authority regarding the processing of their personal data. Contact information for data protection authorities is available at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

1.6. Obligation to Provide Data

Customers, interested parties, or third parties must only provide us with those personal data necessary for the establishment, execution, and termination of the business relationship or other relationships or data we are legally obliged to collect. Without these data, we will generally have to refuse to conclude a contract or provide a service, or we will no longer be able to execute an existing contract or other relationship.

Mandatory information is marked as such.

1.7. No Automated Decision-Making in Individual Cases

For the establishment and execution of a business relationship or other relationship, we generally do not use fully automated decision-making pursuant to Article 22 GDPR. Should we use these procedures in individual cases, we will provide separate information, if required by law.

1.8. Contact

When contacting us, e.g., via email or phone, the information provided (e.g., names and email addresses) is stored by us to answer questions. The legal basis for processing is our legitimate interest (Art. 6 Para. 1 Sentence 1 lit. f GDPR) in answering inquiries directed at us. The data collected in this context is deleted after storage is no longer necessary, or processing is restricted if legal retention obligations exist.

1.9. Customer Surveys

From time to time, we conduct customer surveys to better understand our customers and their needs. We collect the data requested therein. It is our legitimate interest to better understand our customers and their needs, so the legal basis for the associated data processing is Art. 6 Para. 1 Sentence 1 lit f GDPR. We delete the data once the survey results have been analyzed.

2. Newsletter

We reserve the right to inform customers who have already used our services or purchased goods about our offers via email or other channels from time to time, unless they have objected to this. The legal basis for this data processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. Our legitimate interest lies in direct advertising (Recital 47 GDPR). Customers can object to the use of their email address for advertising at any time without any additional costs, for example via the link at the end of each email or by email to our email address mentioned above.

Interested parties have the option to subscribe to a free newsletter. We process the data provided during registration exclusively for sending the newsletter. Registration takes place by selecting the appropriate field on our website, by ticking the box in a paper document or through another clear action whereby interested parties declare their consent to process their data, so the legal basis is Art. 6 Para. 1 Sentence 1 lit. a GDPR. Consent can be revoked at any time, e.g., by clicking the corresponding link in the newsletter or informing us at our email address mentioned above. Processing of data until revocation remains lawful even in the event of revocation.

Based on the consent of the recipients (Art. 6 Para. 1 Sentence 1 lit. a GDPR), we also measure the open and click rates of our newsletters to understand which content is relevant to our recipients.

We send newsletters using the HubSpot tool from HubSpot, Inc., 25 1st Street Cambridge, MA 0214, USA. The provider processes content, usage, meta/communication data, and contact data in the EU. More information can be found in the provider's privacy policy at https://legal.hubspot.com/privacy-policy.

3. Data Processing on Our Website

3.1. Notice for Website Visitors from Germany

Our website stores information on the end device of website visitors (e.g., cookies) or accesses information already stored on the end device (e.g., IP addresses). Specific information can be found in the following sections.

This storage and access are based on the following provisions:

As far as this storage or access is absolutely necessary for us to provide the service explicitly requested by website visitors (e.g., to operate a chatbot used by the visitor or to ensure the IT security of our website), it is based on § 25 Para. 2 No. 2 of the Telecommunications-Digital Services Data Protection Act (TDDG).
Otherwise, this storage or access is based on the consent of website visitors (§ 25 Para. 1 TDDG).

Subsequent data processing takes place according to the following sections and based on GDPR regulations.

3.2. Informational Use of the Website

When using the website for informational purposes, meaning when visitors do not transmit separate information to us, we collect personal data sent by the browser to our server to ensure the stability and security of our website. This is our legitimate interest, so the legal basis is Art. 6 Para. 1 Sentence 1 lit. f GDPR.

These data are:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Transferred data volume
Website from which the request comes
Browser
Operating system and its interface
Language and version of the browser software.

These data are also stored in log files. They are deleted when their storage is no longer necessary, at the latest after 14 days.

3.3. Web Hosting and Website Provision

Our website is hosted by Webflow. Provider is Webflow, Inc., 398 11th St., Floor 2, San Francisco, CA 94103, USA. The provider processes personal data transmitted via the website, e.g., content, usage, meta/communication data, or contact data, in the USA. More information can be found in the provider's privacy policy at https://webflow.com/legal/eu-privacy-policy.

It is our legitimate interest to provide a website, so the legal basis for the described data processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR.

Legal basis for transmission to a country outside the EEA is adequacy decision. The security of data transmitted to a third country (i.e., a country outside the EEA) is ensured because the EU Commission decided under an adequacy decision pursuant to Art. 45 Para. 3 GDPR that the third country offers an adequate level of protection.

3.4. Contact Form

When contacting us through the contact form on our website, we store the data requested there and the message content.
The legal basis for processing is our legitimate interest in answering inquiries directed at us. Therefore, the legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR.
The data collected in this context is deleted once storage is no longer necessary, or processing is restricted if legal retention obligations exist.

3.5. Job Advertisements

We publish job advertisements on our website, associated pages, or third-party websites.

The processing of data provided during applications is carried out to conduct the application process. Insofar as these are necessary for our decision to establish an employment relationship, the legal basis is Art. 88 Para. 1 GDPR in conjunction with § 26 Para. 1 BDSG. We have marked or indicated the data necessary for the application process. If applicants do not provide this data, we cannot process the application.

Additional data are voluntary and not required for an application. If applicants provide additional information, the basis is their consent (Art. 6 Para. 1 Sentence 1 lit. a GDPR).

We kindly ask applicants to refrain from including information about political opinions, religious beliefs, and similarly sensitive data in their CVs and cover letters. They are not necessary for an application. If applicants nevertheless provide such information, we cannot prevent its processing in the context of the CV or cover letter. Its processing is then based on the applicant's consent (Art. 9 Para. 2 lit. a GDPR).

Finally, we process applicants' data for additional application processes if they have given us their consent. In this case, the legal basis is Art. 6 Para. 1 Sentence 1 lit. a GDPR.

Applicants' data are shared with the responsible personnel department employees, our processors in the recruiting sector, and other employees involved in the application process.

If we enter an employment relationship with the applicant following the application process, we delete the data only after the employment relationship ends. Otherwise, we delete the data at the latest six months after rejecting an applicant.

If applicants have given us their consent to use their data for additional application processes, we delete their data one year after receiving the application.

3.6. Customer Account

Website visitors can open a customer account on our website. We process the data requested during this process to fulfill the respective usage contract for the account, so the legal basis of processing is Art. 6 Para. 1 Sentence 1 lit. b GDPR.

Consent can be revoked anytime, e.g., via the contact details provided in our privacy policy. The lawfulness of processing until revocation is not affected by the revocation. If consent is revoked, we delete the data unless we are obliged or entitled to continue storing it.

In addition to the data entered during registration, we process first and last names, email addresses, associated business location, protocol data on user activities in the web application.

3.7. Scheduling Appointments

Visitors to our website can book appointments with us. In addition to the data entered, we process meta or communication data. We have a legitimate interest in offering interested parties an easy way to schedule appointments. Therefore, the legal basis for data processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. If we use a third-party tool to schedule, the information can be found under "Third-party Providers".

3.8. Technically Necessary Cookies

Our website uses cookies. Cookies are small text files stored in the web browser on the visitor's end device. Cookies help make the offer more user-friendly, efficient, and secure. If these cookies are necessary for our website's operation or functions (hereinafter "Technically Necessary Cookies"), the legal basis for the associated data processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in providing a functioning website to customers and other visitors.
Specifically, we use technically necessary cookies for the following purpose or purposes:

Cookies that handle language settings and
those set for media playback

3.9. Third-party Providers

3.9.1. Google Places API

We use Google Places API for maps on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland. The provider processes content data (e.g., entries in online forms) and meta/communication data (e.g., device information, IP addresses) in the EU.

The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. a GDPR. Processing occurs based on consents. Affected parties can revoke their consent anytime by contacting us via the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing until revocation.

We delete the data if the purpose for its collection is no longer applicable. More information can be found in the provider's privacy policy at https://business.safety.google/privacy/.

3.9.2. Weglot

We use Weglot for translations. The provider is Weglot, 138, rue Pierre Joigneaux in BOIS-COLOMBES (92270), France. The provider processes meta/communication data (e.g., device information, IP addresses) in the EU.

The data is deleted when the purpose for its collection is no longer applicable, and no retention obligation opposes it. More information can be found in the provider's privacy policy at https://weglot.com/privacy/.

3.9.3. HubSpot Live Chat

We use HubSpot Live Chat as a live chat. The provider is HubSpot, Inc., 25 1st Street Cambridge, MA 0214, USA. The provider processes usage data (e.g., visited web pages, interest in content, access times), content data (e.g., entries in online forms), and meta/communication data (e.g., device information, IP addresses) in the EU.

The data is deleted when the purpose for its collection is no longer applicable, and no retention obligations oppose it. More information can be found in the provider's privacy policy at https://legal.hubspot.com/privacy-policy.

3.9.4. HubSpot

We use HubSpot to generate leads, automate marketing, and analyze. The provider is HubSpot, Inc., 25 1st Street Cambridge, MA 0214, USA. The provider processes usage data (e.g., visited web pages, interest in content, access times), content data (e.g., entries in online forms), and meta/communication data (e.g., device information, IP addresses) in the EU.

The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in managing data easily and cost-effectively.

3.9.5. Webflow

We use Webflow to create websites. The provider is Webflow, Inc., 398 11th St., Floor 2, San Francisco, CA 94103, USA. The provider processes usage data (e.g., visited web pages, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA.

The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in setting up and maintaining a website and presenting ourselves externally.

The transmission of personal data to a country outside the EEA occurs on the legal basis of adequacy decision. The security of data transmitted to a third country (i.e., outside the EEA) is ensured because the EU Commission decided under an adequacy decision pursuant to Art. 45 Para. 3 GDPR that the third country offers an adequate level of protection.

We delete the data if the purpose for collecting data is no longer applicable. More information can be found in the provider's privacy policy at https://webflow.com/legal/eu-privacy-policy.

3.9.6. Vimeo Videos

We use Vimeo Videos for videos on the website. The provider is Vimeo, Inc., 555 West 18th Street New York, NY 10011, USA. The provider processes usage data (e.g., visited web pages, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA.

The transmission of personal data to a country outside the EEA occurs based on adequacy decision. The security of the data transferred to the third country (i.e., outside the EEA) is ensured because the EU Commission decided under an adequacy decision pursuant to Art. 45 Para. 3 GDPR that the third country offers an adequate level of protection.

We delete the data if the purpose for its collection is no longer applicable. More information can be found in the provider's privacy policy at https://vimeo.com/privacy.

3.9.7. Google Tag Manager

We use Google Tag Manager for analysis and advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., visited web pages, interest in content, access times) in the USA.

The transmission of personal data to a country outside the EEA occurs based on adequacy decision. The security of data transferred to a third country (i.e., outside the EEA) is ensured because the EU Commission decided under an adequacy decision pursuant to Art. 45 Para. 3 GDPR that the third country offers an adequate level of protection.

We delete the data if the purpose for its collection is no longer applicable. More information can be found in the provider's privacy policy at https://business.safety.google/privacy/.

3.9.8. Google Analytics

We use Google Analytics for analysis. The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The provider processes usage data (e.g., visited web pages, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA.

The transmission of personal data to a country outside the EEA occurs based on adequacy decision. The security of data transmitted to a third country (i.e., outside the EEA) is ensured because the EU Commission decided under an adequacy decision pursuant to Art. 45 Para. 3 GDPR that the third country offers an adequate level of protection.

3.9.9. heyData

We have embedded a data protection seal on our website. The provider is heyData GmbH, Schützenstraße 5, 10117 Berlin, Germany. The provider processes meta/communication data (e.g., IP addresses) in the EU.

The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in providing website visitors with a confirmation of our data protection compliance. Simultaneously, the provider has a legitimate interest in ensuring that only customers with existing contracts use its seals, so merely a picture copy of the certificate is not a viable alternative for confirmation.

The data is masked after collection, so they no longer have a personal reference. More information can be found in the provider's privacy policy at https://heydata.eu/datenschutzerklaerung.

4. Data Processing in Our Application

4.1. Access and Use of the Application

Our application is available for download in the Google Play Store for Android devices. When users download the application, the necessary information is transferred to the store, i.e., username, email address, and account customer number, time of download, payment information, and individual device identification number. We have no influence over this data collection and are not responsible for it. We only process data to the extent necessary to download the mobile application onto the user's mobile device.

For iOS device users and other platforms where our application is not available as a native application or who prefer not to obtain it, our application is accessible via the web browser. In this case, no download occurs through an application store. Data processing for browser-based usage takes place in accordance with the following sections, particularly for informational use (see 2.3.) and third-party tool usage.

4.2. Hosting

Our application is hosted by Microsoft Azure (hosted on servers within the EU), Google Cloud (hosted on servers within the EU), Hetzner Online (hosted on servers within the EU). The provider processes personal data transmitted via the application, e.g., content, usage, meta/communication data, or contact data. It is our legitimate interest to provide an application, so the legal basis for data processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR.

4.3. Informational Use of Our Application

When users use our application, we collect data necessary for us to offer users the functions of our application and ensure stability and security. This is our legitimate interest, so the legal basis is Art. 6 Para. 1 Sentence 1 lit. f GDPR.

The data processed to this extent are:

IP address
Date and time of request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific interface)
Access status/HTTP status code
Transferred data volume
Operating system and its interface
Language and version of the operating system

4.4. Data Processing to Provide Functions

In the application, we process data to provide users with application functions. The legal basis for processing is the usage contract concluded with the user for the application.

The data processed to this extent are:

Other identifier besides UUID
The data entered by the user in the application
Only the data entered by the user in the application
Location data
Universal Unique Identifier of the device (UUID)

4.5. User Account

Users can open a user account in the application. We process the data requested during this process to fulfill the usage contract concluded with the user for the account, so the legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. b GDPR. We delete the data when users delete their user account.

4.6. Third-party Tools

4.6.1. Amplitude

We use Amplitude for product analysis. The provider is Amplitude, Inc., 631 Howard St. Floor 5. San Francisco, CA 94105, USA. The provider processes meta/communication data (e.g., device information, IP addresses), usage data (e.g., visited websites, interest in content, access times) in the EU.

4.6.2. heyData

We use a data protection seal from the provider heyData GmbH, Schützenstraße 5, 10117 Berlin, Germany (privacy policy: https://heydata.eu/datenschutzerklaerung) to provide website visitors with confirmation of our data protection compliance. The provider is the recipient of personal data within the mentioned processing.

Since the data is masked after collection, website visitors cannot be identified. More information can be found in the provider's privacy policy at https://heydata.eu/en/privacy-policy.

4.7. AI-supported Data Analysis

We provide our customers with a feature in our protected web application app.delicious-data.com that enables the analysis and preparation of business data using artificial intelligence. For this, data from our customers' analysis systems (e.g., sales data, revenue figures) can be sent to external language models (LLMs).

We strive not to transfer personal data to these external service providers. The data provided by our customers for analysis are generally non-personal. However, it cannot be completely ruled out that customers enter information in free text fields that contain personal data such as names or email addresses. Processing this data serves our customers' legitimate interest in optimizing and analyzing their business processes.

Below we list the service providers used for this purpose.

4.7.1. Open Router

We use Open Router as a technical interface to forward analysis requests to various providers of AI language models. The provider is OpenRouter, Inc., located at 169 Madison Avenue, New York, NY 10016, USA.

The provider processes the requests we transmit, as well as meta/communication data in the USA.

The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in providing our customers with flexible access to various AI providers and efficiently designing their analysis processes.

The transmission of potentially personal data to a country outside the EEA occurs on the legal basis of adequacy decision. The security of data transferred to the third country (i.e., outside the EEA) is ensured because the EU Commission decided under an adequacy decision pursuant to Art. 45 Para. 3 GDPR that the third country offers an adequate level of protection. The data is deleted when the purpose for its collection is no longer applicable, and no retention obligation opposes it. More information can be found in the provider's privacy policy at https://openrouter.ai/privacy.

4.7.2. Google AI Platform

We use Google AI Platform services as subcontractor processors to analyze and answer our transmitted requests. The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

The provider processes the business data we transmit, which may contain personal data, as well as meta/communication data in the USA.

The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in enabling our customers to optimize and analyze their business processes by using AI technologies.

4.7.3. OpenAI (ChatGPT)

We use OpenAI services to analyze and answer our transmitted requests using the ChatGPT language model. The provider is OpenAI, L.L.C., 3180 18th Street, San Francisco, CA 94110, USA.

The provider processes the business data we transmit, which may contain personal data, as well as meta/communication data in the USA.

5. Data Processing on Social Media Platforms

We are represented in social media networks to present our organization and services there. These network operators regularly process user data for advertising purposes. Among other things, they create user profiles from their online behavior, which are used to display advertisements matching the users' interests on network pages and elsewhere on the Internet. To do this, network operators store information about user behavior in cookies on the users' computers. It is also not excluded that the operators merge this information with other data. More information and tips on how users can object to processing by the page operators are provided in the privacy statements of the respective operators listed below. It is also possible that operators or their servers are located in non-EU countries, meaning they process data there. This may pose risks to users, e.g., because the enforcement of their rights is complicated or government agencies access data.

If network users contact us through our profiles, we process the data provided to answer the inquiries. This is our legitimate interest, so the legal basis is Art. 6 Para. 1 Sentence 1 lit. f GDPR.

5.1. Facebook

We maintain a profile on Facebook. The operator is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://www.facebook.com/policy.php. An option to object to data processing can be found via ad settings: https://www.facebook.com/settings?tab=ads.
We are jointly responsible with Facebook for processing the data of visitors to our profile based on an agreement within the meaning of Art. 26 GDPR. Facebook explains which data is processed under https://www.facebook.com/legal/terms/information_about_page_insights_data. Affected parties can assert their rights either against us or against Facebook. However, according to our agreement with Facebook, we are obliged to forward requests to Facebook. Affected parties will receive a quicker response if they contact Facebook directly.

5.2. Instagram

We maintain a profile on Instagram. The operator is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://help.instagram.com/519522125107875.

5.3. YouTube

We maintain a profile on YouTube. The operator is Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland. The privacy policy is available here: https://policies.google.com/privacy?hl=en.

5.4. LinkedIn

We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available here: https://www.linkedin.com/legal/privacy-policy?_l=en_EN. An option to object to data processing can be found via ad settings: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

5.5. Xing

We maintain a profile on Xing. The operator is New Work SE, Dammtorstraße 29-32, 20354 Hamburg. The privacy policy is available here: https://privacy.xing.com/en/privacy-policy.

6. Changes to this Privacy Policy

We reserve the right to change this privacy policy with future effect. A current version is always available here.

7. Questions and Comments

We are happy to answer any questions or comments regarding this privacy policy using the contact information provided above.

1. Introduction

The following provides information about the processing of personal data when using

our website https://www.delicious-data.com/
our web application https://app.delicious-data.com/‍
our profiles on social media.

Personal data includes all data that can be linked to a specific natural person, such as their name or IP address.

1.1. Contact Information

The responsible party in accordance with Art. 4 Para. 7 EU General Data Protection Regulation (GDPR) is Delicious Data GmbH, Sonnenstraße 32, 80331 Munich, Germany, Email: info@delicious-data.com. We are legally represented by Valentin Belser, Jakob Breuninger, Daniel Smeds.

Our data protection officer can be reached via heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu, Email: datenschutz@heydata.eu.

1.2. Scope of Data Processing, Processing Purposes, and Legal Basis
We detail the scope of data processing, processing purposes, and legal basis further below. The legal basis for data processing generally includes the following:

Art. 6 Para. 1 Sentence 1 lit. a GDPR serves as our legal basis for processing for which we obtain consent.
Art. 6 Para. 1 Sentence 1 lit. b GDPR is the legal basis insofar as the processing of personal data is necessary for fulfilling a contract, such as when a visitor purchases a product from us or when we perform a service for them. This legal basis also applies to processing required for pre-contractual actions, such as inquiries about our products or services.
Art. 6 Para. 1 Sentence 1 lit. c GDPR applies when processing personal data to fulfill a legal obligation, as may be the case in tax law.
Art. 6 Para. 1 Sentence 1 lit. f GDPR serves as the legal basis when we can rely on legitimate interests to process personal data, such as cookies necessary for the technical operation of our website.

1.3. Data Processing Outside the EEA

To the extent that we transmit data to service providers or other third parties outside the EEA, adequacy decisions by the EU Commission under Art. 45 Para. 3 GDPR ensure the security of the data during transmission, if such decisions exist, as is the case for the United Kingdom, Canada, and Israel.

When transferring data to service providers in the USA, the legal basis for data transfer is an adequacy decision by the EU Commission, provided the service provider is additionally certified under the EU-US Data Privacy Framework.

In other cases (such as when no adequacy decision exists), the legal basis for data transfer is generally, unless we provide different guidance, standard contractual clauses. These are rules adopted by the EU Commission and part of the contract with the respective third party. According to Art. 46 Para. 2 lit. b GDPR, they ensure data transfer security. Many providers have given contractual guarantees extending beyond standard contractual clauses, protecting data beyond them. These include, for example, guarantees regarding data encryption or an obligation for the third party to notify affected individuals if law enforcement agencies wish to access data.

1.4. Storage Duration

Unless expressly stated elsewhere in this data protection declaration, the data stored with us is deleted as soon as it is no longer required for its intended purpose and no legal retention obligations prevent deletion. If data is not deleted because it is required for other and legally permissible purposes, its processing is restricted, i.e., the data is blocked and not processed for other purposes. This applies, for example, to data that we must retain for commercial or tax reasons.

1.5. Rights of the Data Subjects

Data subjects have the following rights concerning their personal data:

Right to information,
Right to rectification or deletion,
Right to restrict processing,
Right to object to processing,
Right to data portability,
Right to withdraw consent at any time.

Data subjects also have the right to lodge a complaint with a data protection supervisory authority about the processing of their personal data. Contact details for data protection supervisory authorities are available at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

1.6. Obligation to Provide Data

Customers, prospects, or third parties must only provide us with the personal data necessary for the establishment, implementation, and termination of the business relationship or other relationship, or data that we are legally required to collect. Without this data, we may generally need to refuse the conclusion of a contract or the provision of a service, or be unable to fulfill an existing contract or other relationship.

Mandatory information is marked as such.

1.7. No Automated Decision-making in Individual Cases

We do not use fully automated decision-making according to Article 22 GDPR to establish and conduct a business relationship or other relationship. Should we use these procedures in individual cases, we will inform you separately if required by law.

1.8. Contacting Us

When contacting us, e.g., via email or phone, the data provided by the person (such as names and email addresses) will be stored by us to answer inquiries. The legal basis for processing is our legitimate interest (Art. 6 Para. 1 Sentence 1 lit. f GDPR) in responding to inquiries directed at us. We delete the data associated with this after storage is no longer necessary or restrict processing if there are legal retention requirements.

1.9. Customer Surveys

From time to time, we conduct customer surveys to better understand our customers and their needs. We collect the data requested in each case. It is our legitimate interest to better understand our customers and their needs, so the legal basis for the data processing related to this is Art. 6 Para. 1 Sentence 1 lit f GDPR. We delete the data after evaluating the survey results.

2. Newsletter

We reserve the right to occasionally inform customers who have already used our services or purchased goods from us by email or other means about our offers, provided they have not objected. The legal basis for this data processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. Our legitimate interest is direct advertising (Recital 47 GDPR). Customers can object to the use of their email address for advertising purposes at any time without incurring any costs other than the transmission costs according to basic rates, e.g., via the link at the end of each email or by emailing us at the address mentioned above.

Prospective customers have the option to subscribe to a free newsletter. We process the data provided during registration exclusively for sending the newsletter. Registration is done by selecting the appropriate field on our website, checking the corresponding box in a paper document, or through another clear action, by which interested parties express their consent to the processing of their data, making the legal basis Art. 6 Para. 1 Sentence 1 lit. a GDPR. Consent can be revoked at any time, e.g., by clicking the relevant link in the newsletter or notifying us at the email address provided above. The data processing remains lawful until the revocation even if the consent is revoked.

Based on the consent of recipients (Art. 6 Para. 1 Sentence 1 lit. a GDPR), we also measure the open and click rates of our newsletters to understand which content is relevant to our recipients.

We send newsletters using the tool HubSpot from the provider HubSpot, Inc., 25 1st Street Cambridge, MA 0214, USA. The provider processes content, usage, meta/communication, and contact data in the EU. More information can be found in the provider's privacy policy at https://legal.hubspot.com/de/privacy-policy.

3. Data Processing on Our Website

3.1. Notice for Website Visitors from Germany

Our website stores information in the end device of website visitors (e.g., cookies) or accesses information already stored in the end device (e.g., IP addresses). Detailed information about this can be found in the following sections.

This storage and access are based on the following regulations:

Where such storage or access is strictly necessary for us to provide the expressly requested service by website visitors (e.g., to execute a chatbot used by the website visitor or to ensure the IT security of our website), it is based on § 25 Para. 2 No. 2 of the Telecommunications-Telemedia Data Protection Act (TTDSG).
Otherwise, this storage or access is based on the consent of the website visitors (§ 25 Para. 1 TTDSG).

The subsequent data processing takes place according to the following sections and based on the provisions of the GDPR.

3.2. Informational Use of the Website

During the informational use of the website, i.e., when visitors do not send us additional information, we collect personal data that the browser sends to our server to ensure the stability and security of our website. This is our legitimate interest, so the legal basis is Art. 6 Para. 1 Sentence 1 lit. f GDPR.

This data includes:

IP address
Date and time of the request
Time zone difference from Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Transferred data volume
Website from which the request comes
Browser
Operating system and its interface
Language and version of the browser software.

This data is also stored in log files. They are deleted when their storage is no longer necessary, at the latest after 14 days.

3.3. Web Hosting and Provision of the Website

Our website hosts use Webflow. The provider is Webflow, Inc., 398 11th St., Floor 2, San Francisco, CA 94103, USA. The provider processes personal data transmitted via the website, e.g., content, usage, meta/communication, or contact data, in the USA. More information can be found in the provider's privacy policy at https://webflow.com/legal/eu-privacy-policy.

It is our legitimate interest to provide a website, so the legal basis for the described data processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR.

The transmission of data to a country outside the EEA is based on adequacy decisions. The security of data transmitted to the third country (a country outside the EEA) is ensured because the EU Commission decided in an adequacy decision under Art. 45 Para. 3 GDPR that the third country provides an adequate level of protection.

3.4. Contact Form

When contacting us via the contact form on our website, we store the data requested there and the content of the message.
The legal basis for processing is our legitimate interest in answering inquiries directed at us. Therefore, the legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR.
We delete the data collected in this context after storage is no longer necessary, or restrict processing if there are legal retention obligations.

3.5. Job Advertisements

We publish job postings on our website, on pages linked with the website, or on third-party websites.

The processing of data provided during the application process is to conduct the application process. Insofar as this is necessary for our decision to establish an employment relationship, the legal basis is Art. 88 Para. 1 GDPR in conjunction with § 26 Para. 1 BDSG. The data required for conducting the application process is marked accordingly or indicated. If applicants do not provide this data, we cannot process the application.

Additional data is voluntary and not required for an application. If applicants provide additional information, the basis is their consent (Art. 6 Para. 1 Sentence 1 lit. a GDPR).

We ask applicants to avoid providing information about political opinions, religious beliefs, or similarly sensitive data in their resume and cover letter. They are not necessary for an application. If applicants provide such information anyway, we cannot prevent their processing within the processing of the resume or cover letter. Their processing is based on the applicants' consent (Art. 9 Para. 2 lit. a GDPR).

Finally, we process applicants' data for further application processes if they have given us their consent. In this case, the legal basis is Art. 6 Para. 1 Sentence 1 lit. a GDPR.

We share applicants' data with the responsible HR department staff, our processors in the recruiting area, and other employees involved in the application process.

If we enter an employment relationship with the applicant after completing the application process, we will only delete the data after the employment relationship ends. Otherwise, we delete the data at the latest six months after rejecting an applicant.

If applicants have given us their consent to use their data for other application processes, we delete their data one year after receiving the application.

3.6. Customer Account

Visitors to the website can open a customer account on our website. We process the data requested within this context to fulfill the respective service agreement regarding the account, so the legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. b GDPR.

Consent can be revoked at any time, e.g., via the contact details provided in our privacy policy. Revocation does not affect the lawfulness of processing until revocation. If consent is revoked, we will delete the data unless we are obliged or entitled to retain it further.

In addition to the data entered during registration, we process first and last names, email addresses, associated company location, and log data on user activities in the web application.

3.7. Appointment Booking

Website visitors can book appointments with us on our website. For this purpose, we process additional meta or communication data. We have a legitimate interest in offering interested parties a user-friendly option for scheduling appointments. Therefore, the legal basis for data processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. If we use a third-party tool for scheduling, information can be found under "Third-Party Providers".

3.8. Technically Necessary Cookies

Our website uses cookies. Cookies are small text files stored in the web browser on a visitor's end device. Cookies help to make the offer more user-friendly, effective, and secure. Insofar as these cookies are necessary for our website's operation or its functions (hereinafter "technically necessary cookies"), the legal basis for the associated data processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in providing a functioning website to customers and other website visitors.
We specifically use technically necessary cookies for the following purpose(s):

Cookies that take over language settings and
are set to play media content

3.9. Third-Party Providers

3.9.1. Google Places API

We use Google Places API for maps on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes content data (e.g., entries in online forms) and meta/communication data (e.g., device information, IP addresses) in the EU.

The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. a GDPR. Processing is based on consents. Affected individuals can revoke their consent at any time by contacting us, e.g., via the contact details provided in our privacy policy. Revocation does not affect the lawfulness of processing until revocation.

We delete the data when the purpose of its collection has ceased. More information is available in the provider's privacy policy at https://business.safety.google/privacy/.

3.9.2. Weglot

Data is deleted when the purpose of its collection has ceased, and no retention obligation stands in the way. More information is available in the provider's privacy policy at https://weglot.com/de/privacy/.

3.9.3. HubSpot LiveChat

We use HubSpot LiveChat as a live chat. The provider is HubSpot, Inc., 25 1st Street Cambridge, MA 0214, USA. The provider processes usage data (e.g., visited websites, interest in content, access times), content data (e.g., entries in online forms), and meta/communication data (e.g., device information, IP addresses) in the EU.

Data is deleted when the purpose of its collection has ceased, and no retention obligations stand in the way. More information is available in the provider's privacy policy at https://legal.hubspot.com/de/privacy-policy.

3.9.4. HubSpot

We use HubSpot for lead generation, marketing automation, and analysis. The provider is HubSpot, Inc., 25 1st Street Cambridge, MA 0214, USA. The provider processes usage data (e.g., visited websites, interest in content, access times), content data (e.g., entries in online forms), and meta/communication data (e.g., device information, IP addresses) in the EU.

The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in managing data in a simple and cost-effective way.

3.9.5. Webflow

We use Webflow for creating websites. The provider is Webflow, Inc., 398 11th St., Floor 2, San Francisco, CA 94103, USA. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA.

The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in setting up and maintaining a website, thus presenting ourselves externally.

The transmission of personal data to a country outside the EEA is based on an adequacy decision. The security of data transmitted to the third country (a country outside the EEA) is ensured because the EU Commission decided in an adequacy decision under Art. 45 Para. 3 GDPR that the third country provides an adequate level of protection.

Data is deleted when the purpose of its collection has ceased. More information is available in the provider's privacy policy at https://webflow.com/legal/eu-privacy-policy.

3.9.6. Vimeo Videos

We use Vimeo videos for videos on the website. The provider is Vimeo, Inc., 555 West 18th Street New York, NY 10011, USA. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA.

Data is deleted when the purpose of its collection has ceased. More information is available in the provider's privacy policy at https://vimeo.com/privacy.

3.9.7. Google Tag Manager

We use Google Tag Manager for analysis and marketing. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) in the USA.

Data is deleted when the purpose of its collection has ceased. More information is available in the provider's privacy policy at https://business.safety.google/privacy/.

3.9.8. Google Analytics

We use Google Analytics for analysis. The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA.

3.9.9. heyData

The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in providing website visitors with confirmation of our data protection compliance. At the same time, the provider has a legitimate interest in ensuring that only customers with existing contracts use its seal, which is why simply copying the certificate image is not a viable alternative for confirmation.

Data is masked after collection, so no personal reference remains. More information is available in the provider's privacy policy at https://heydata.eu/datenschutzerklaerung.

4. Data Processing in Our Application

4.1. Access and Use of the Application

Our application is available for download for Android devices on the Google Play Store. When users download the application, the required information is transmitted to the store, particularly the username, email address, account customer number, download time, payment information, and the individual device identifier. We have no influence over this data collection and are not responsible for it. We process the data only as far as it is necessary for downloading the mobile application onto the user's mobile device.

For users of iOS devices and other platforms who cannot or do not wish to access our application as a native app, our application is accessible via a web browser. In this case, there is no download via an application store. The data processing for browser-based use is done according to the following sections, particularly for informational use (see 2.3.) and the use of third-party tools.

4.2. Hosting

Our application is hosted by the providers Microsoft Azure (hosted on servers within the EU), Google Cloud (hosted on servers within the EU), and Hetzner Online (hosted on servers within the EU). The provider processes personal data transmitted through the application, e.g., content, usage, meta/communication, or contact data. It is our legitimate interest to provide an application, so the legal basis for data processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR.

4.3. Informational Use of Our Application

When users use our application, we collect the data technically required to provide users with the functions of our application and ensure stability and security. This is our legitimate interest, so the legal basis is Art. 6 Para. 1 Sentence 1 lit. f GDPR.

The data processed to this extent is:

IP address
Date and time of the request
Time zone difference from Greenwich Mean Time (GMT)
Content of the request (specific interface)
Access status/HTTP status code
Data volume transferred each time
Operating system and its interface
Language and version of the operating system

4.4. Data Processing for Providing Functions

In the application, we process data to provide users with application functions. The legal basis for processing is the service contract concluded with the user regarding the application.

The data processed to this extent is:

Other identifier besides UUID
Data entered by the user into the application
Only the data entered by the user into the application
Location data
Universal Unique Identifier of the device (UUID)

4.5. User Account

Users can open a user account in the application. The data requested within this context is processed to fulfill the respective service contract regarding the account, so the legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. b GDPR. We delete the data when users delete their user account.

4.6. Third-Party Tools

4.6.1. Amplitude

We use Amplitude for product analysis. The provider is Amplitude, Inc., 631 Howard St. Floor 5, San Francisco, CA 94105, USA. The provider processes meta/communication data (e.g., device information, IP addresses), usage data (e.g., visited websites, interest in content, access times) in the EU.

4.6.2. heyData

Since the data is masked after collection, it is not possible to identify website visitors. Further information is available in the provider's privacy policy at https://heydata.eu/en/privacy-policy.

4.7. AI-Powered Data Analysis

We provide our customers with a feature through our protected web application app.delicious-data.com that enables the analysis and preparation of business data using artificial intelligence. For this purpose, data from our customers' analysis systems (e.g., sales data, revenue figures) can be sent to external language models (LLMs).

It is our goal not to transmit any personal data to these external service providers. The data provided by our customers for analysis is generally non-personal. However, it cannot be completely ruled out that customers enter information in free-text fields that contain personal data such as names or email addresses. Processing this data is in our customers' legitimate interest of optimizing and analyzing their business processes.

Below, we list the service providers used for this purpose.

4.7.1. Open Router

We use Open Router as a technical interface for forwarding analysis requests to various providers of AI language models. The provider is OpenRouter, Inc., located at 169 Madison Avenue, New York, NY 10016, USA.

The provider processes the requests transmitted by us and meta/communication data in the USA.

The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in providing our customers with flexible access to various AI providers and making their analysis processes efficient.

The transmission of potentially personal data to a country outside the EEA is based on the adequacy decision. The security of data transmitted to the third country (a country outside the EEA) is ensured because the EU Commission decided in an adequacy decision under Art. 45 Para. 3 GDPR that the third country provides an adequate level of protection. Data is deleted when the purpose of its collection has ceased, and no retention obligation stands in the way. More information is available in the provider's privacy policy at https://openrouter.ai/privacy.

4.7.2. Google AI Platform

We use Google AI Platform services as sub-processors for analyzing and answering our forwarded requests. The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

The provider processes the business data we transmit, which may potentially contain personal data, as well as meta/communication data in the USA.

The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in enabling our customers to optimize and analyze their business processes through the use of AI technologies.

4.7.3. OpenAI (ChatGPT)

We use the services of OpenAI for analyzing and answering our forwarded requests using the ChatGPT language model. The provider is OpenAI, L.L.C., 3180 18th Street, San Francisco, CA 94110, USA.

The provider processes the business data we transmit, which may potentially contain personal data, as well as meta/communication data in the USA.

5. Data Processing on Social Media Platforms

We are represented on social media networks to introduce our organization and services. The operators of these networks regularly process their users' data for advertising purposes. Among other things, they create user profiles from their online behavior, which are used, for example, to display advertisements matching users' interests on network pages and elsewhere on the internet. Therefore, network operators store information about user behavior in cookies on users' computers. It is also possible that operators combine this information with additional data. Further information and information on how users can object to processing by site operators is provided in the privacy policies of the respective operators listed below. The operators or their servers may also be located in non-EU countries, leading to possible risks for users, e.g., because asserting their rights is more difficult or governmental agencies have access to data.

If users of networks contact us through our profiles, we process the data communicated to us to respond to requests. This is our legitimate interest, so the legal basis is Art. 6 Para. 1 Sentence 1 lit. f GDPR.

5.1. Facebook

We maintain a profile on Facebook. The operator is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy can be found here: https://www.facebook.com/policy.php. There is a possibility to object to data processing via ad settings: https://www.facebook.com/settings?tab=ads.
Under an agreement, we are jointly responsible with Facebook for processing the data of our profile visitors under Art. 26 GDPR. Facebook explains which data is processed under https://www.facebook.com/legal/terms/information_about_page_insights_data. Affected persons can assert their rights against both us and Facebook. However, according to our agreement with Facebook, we are obliged to forward inquiries to Facebook. Affected persons receive a quicker response if they contact Facebook directly.

5.2. Instagram

5.3. YouTube

5.4. LinkedIn

We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available here: https://www.linkedin.com/legal/privacy-policy?_l=en. There is an option to object to data processing via ad settings: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

5.5. Xing

We maintain a profile on Xing. The operator is New Work SE, Dammtorstraße 29-32, 20354 Hamburg. The privacy policy is available here: https://privacy.xing.com/en/privacy-policy.

6. Changes to This Data Protection Declaration

We reserve the right to change this data protection declaration with future effect. An updated version is available here at any time.

7. Questions and Comments

We are happy to answer any questions or comments regarding this data protection declaration using the contact details provided above.

Our platform turns your data into answers.

Bakery

Workplace dining services

About Us

Blog

Select Language

About Us

Our platform turns your data into answers.

Bakery

Workplace dining services

About Us

Blog

Select Language

About Us

Our platform turns your data into answers.

Bakery

Workplace dining services

About Us

Blog

Select Language

About Us

Our platform turns your data into answers.

Bakery

Workplace dining services

About Us

Blog

Select Language

About Us