DE EN FR

Privacy Policy

Privacy Policy in accordance with GDPR

1. Data Controller

The data controller responsible for data processing is:

WECONN3CT GmbH
Frankenweg 109
53604 Bad Honnef
Germany

Email: info@ordable.io
Phone: +49 (0) 162 4521879

2. Overview of Our App

This Privacy Policy applies to the use of:

3. What Data We Collect

3.1 Customer Data

When using our ordering functions, the following data is collected:

3.2 Employee and Admin Data

For use of the restaurant management system:

3.3 Automatically Collected Data

When using our services, the following is automatically collected:

4. Legal Bases for Processing

The processing of your personal data is based on the following legal bases:

5. Location Data

Our app does not directly access GPS data or location features of your device. For delivery orders, the delivery address is manually entered by you. The entered postal code is used to calculate the delivery zone and delivery fees.

6. App Permissions (Android)

The Android app requires the following permissions:

Permission Purpose
INTERNET Network communication with our servers
RECEIVE_BOOT_COMPLETED Automatic start after device reboot (kiosk mode)
WAKE_LOCK Keep screen active during use
SYSTEM_ALERT_WINDOW Overlay notifications for new orders

7. Authentication and Login

Login is done via email address and password. We use Supabase's authentication service. Email verification is required. Session data is stored in your browser's LocalStorage.

We do not offer social logins (Google, Facebook, etc.).


8. External Services and Data Transfers

To provide our services, we use the following external service providers:

Service Purpose Data Transferred
Supabase Backend, database, authentication All user and order data
Resend Email delivery (order confirmations) Email, name, order details, address
Google Fonts Font provision IP address

8.1 Supabase (Backend & Database)

We use Supabase as our backend infrastructure and database. Supabase acts as a data processor in accordance with Art. 28 GDPR. Data processing is based on a data processing agreement.

8.2 Resend (Email Service)

For sending order confirmations and notifications, we use the Resend email service. Resend acts as a data processor in accordance with Art. 28 GDPR.

8.3 Google Fonts

Our website uses fonts from Google Fonts. When accessing our pages, a connection to Google servers is established, whereby your IP address is transmitted. Google is certified under the EU-US Data Privacy Framework.

For more information, see Google's Privacy Policy: https://policies.google.com/privacy

9. Tracking and Analytics

We do not use tracking tools. Our app does not use Google Analytics, Firebase Analytics, advertising trackers, or any other third-party tracking tools.

10. Local Storage (LocalStorage)

Our app uses LocalStorage (not classic cookies) to store:

This data is stored exclusively locally on your device and is not transmitted to third parties.

11. Notifications

With your permission, we can send you push notifications. We use the browser's Web Notification API for this purpose. Activation only occurs with your express consent. Notifications inform about new orders and status changes.

We do not use Firebase Cloud Messaging or comparable external push services.

12. Payment Processing

Currently, no online payment processing is implemented in our app. Payments are made directly at the restaurant (cash or card payment on-site). Should we introduce online payments in the future, we will update this Privacy Policy accordingly and use PCI-DSS compliant payment service providers.


13. Data Security

We implement comprehensive technical and organizational measures to protect your data:

14. Data Disclosure to Third Parties

Your data is disclosed exclusively to the following recipients:

No disclosure to: Advertising networks, social media, or data brokers.

15. Storage Duration

We store your personal data only as long as necessary for the purposes for which it was collected:

After the storage period expires, your data will be deleted or anonymized.


16. Your Rights

You have the following rights regarding your data stored with us:

Right of Access (Art. 15 GDPR)

You have the right to receive free information about the data stored about you and a copy of this data at any time.

Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate personal data.

Right to Erasure (Art. 17 GDPR)

You have the right to request the deletion of your data stored with us, unless legal retention obligations prevent this.

Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of the processing of your data.

Right to Data Portability (Art. 20 GDPR)

You have the right to receive your data in a structured, commonly used, and machine-readable format or to request transmission to another controller.

Right to Object (Art. 21 GDPR)

You have the right to object to the processing of your data at any time for reasons arising from your particular situation.

Right to Withdraw Consent

If processing is based on your consent, you can withdraw it at any time with effect for the future.

Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf
Germany
www.ldi.nrw.de


17. Contact for Privacy Inquiries

For questions about data protection or to exercise your rights, please contact us at:

Email: info@ordable.io
Phone: +49 (0) 162 4521879

18. Currency of this Privacy Policy

This Privacy Policy is currently valid and has the status of January 2025.

Due to the further development of our app and services or due to changed legal requirements, it may become necessary to change this Privacy Policy. The current version can always be found on this page.

← Back to Home