Rastron

Privacy Policy

Information on the processing of your personal data according to GDPR

Last updated: March 26, 2026

GDPR Compliant

Full compliance with European data protection regulations

EU-Based Platform Data

Your core platform data, such as customer and order information, is processed and stored exclusively in the EU.

Data Security

Advanced encryption and security measures protect your data

1. Controller

This privacy policy explains how TechSnap e.U. ("we", "us", "our") processes personal data for the Rastron platform. Our role in data processing depends on the context of our interactions with you.

The official contact details for the data controller are provided through our business information system.

2. Our Roles as Data Controller and Data Processor

As Data Controller

We act as a Data Controller when:

  • You are a representative of a restaurant or business that subscribes to our services ("Client").
  • You visit our website.

In this capacity, we determine the purposes and means of processing your personal data.

As Data Processor

We act as a Data Processor when:

  • You are a customer of one of our Clients ("End-User") placing an order through the Rastron platform.

In this capacity, we process your data on behalf of our Client (the restaurant), who is the Data Controller for your personal data. This privacy policy does not cover the data processing activities of our Clients. We recommend that you review their individual privacy policies.

3. Data Processing as a Data Controller (Our Clients and Website Visitors)

When you are our Client or a visitor to our website, we process your data for the following purposes:

Provision of our Services to Clients

We process data to create and manage your account, provide the Rastron platform, and fulfill our contractual obligations.

  • Legal Basis: Art. 6 (1) (b) GDPR (contract performance)
  • Data Types: Business contact data (name, email, phone number), Company data (business name, address, tax information), and Contract and billing information.
  • Retention Period: 7 years after contract termination (due to Austrian tax law retention obligations).

Communication and Support

We process inquiries and provide customer support to our Clients.

  • Legal Basis: Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (legitimate interest in effective communication).
  • Data Types: Contact data (name, email) and communication content.
  • Retention Period: 3 years after the last communication.

Website Analysis and Security

We analyze the usage of our website to improve our services and monitor for security threats like DDoS attacks. This analysis is performed in a privacy-friendly manner without using personal data for tracking.

  • Legal Basis: Art. 6 (1) (f) GDPR (legitimate interest in improving our service and securing our platform).
  • Data Types: Anonymized usage statistics and technical data (e.g., IP address for security purposes).
  • Retention Period: Up to 2 years for aggregated analytics data. IP addresses for security are stored for a much shorter period.

4. Data Processing as a Data Processor (End-Users of Restaurants)

When we process data on behalf of our Clients (the restaurants), the Client is the Data Controller. We process the following End-User data based on their instructions to enable order fulfillment.

  • Data Types: Account information (email or phone number), delivery address details and an associated phone number, and order and transaction information.
  • Purpose: The sole purpose of this processing is to provide the online ordering functionality to the restaurant you are ordering from.
  • Data Location: All data is processed and stored exclusively within the European Union.

5. Data Security

We implement robust technical and organizational measures to protect personal data from unauthorized access, loss, or destruction.

  • Encryption in Transit: All data transmitted between you and our services is encrypted using modern protocols (TLS).
  • Encryption at Rest: All data stored in our databases is encrypted at rest.

6. Use of Cookies

Our website uses cookies, which are small text files stored on your device that help our website function correctly. We only use cookies that are strictly necessary for providing our services.

Necessary (Functional) Cookies

These cookies are required for the basic functionality of our platform. They do not store any personally identifiable information.

  • Examples: Session cookies to manage your login state and cookies to remember your language preference.
  • Legal Basis: Art. 6 (1) (f) GDPR (legitimate interest in providing a functional website).

As we only use essential cookies, we are not required to ask for your consent for their use.

7. Third-Party Services and International Data Transfers

To enhance our website and services, we use specialized third-party providers. The use of these services may involve the transfer of technical data to servers located outside the European Union, particularly in the United States. We have a legitimate interest in using these services to monitor our service availability and improve our website's performance.

We ensure that any such data transfers are protected by appropriate legal safeguards, such as the EU-U.S. Data Privacy Framework or Standard Contractual Clauses (SCCs), which guarantee a level of data protection compliant with GDPR.

Hosting and Infrastructure (Cloudflare)

Our platform is hosted on infrastructure provided by Cloudflare, Inc. (USA). All platform data is processed and stored exclusively within the European Union. When you access our services, your requests are routed through Cloudflare's network.

  • Legal Basis: Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (legitimate interest in secure and reliable hosting).
  • Data Types: Technical request data (e.g., IP address), platform data stored in EU.
  • Further Information: Cloudflare's Privacy Policy.

Website Analytics (Cloudflare)

We use Cloudflare Web Analytics to analyze website traffic and performance. This service is privacy-first and does not use cookies or browser fingerprinting to identify users. It provides us with aggregated, anonymous statistics to help us improve our website.

  • Legal Basis: Art. 6 (1) (f) GDPR (legitimate interest in improving our website).
  • Data Types: Anonymized usage statistics.
  • Further Information: Cloudflare's Privacy Policy.

Live Chat (Crisp)

We use Crisp SA (France) to provide live chat support on our website. When you use the chat feature, your messages and basic visitor information are processed by Crisp.

  • Legal Basis: Art. 6 (1) (f) GDPR (legitimate interest in providing customer support).
  • Data Types: Chat messages, visitor metadata (e.g., IP address, browser type).
  • Further Information: Crisp's Privacy Policy.

Contact Forms (Web3Forms)

We use Web3Forms to process submissions from our contact and demo request forms.

  • Legal Basis: Art. 6 (1) (b) GDPR (responding to your inquiry).
  • Data Types: Information you provide in the form (e.g., name, email, message).
  • Further Information: Web3Forms Privacy Policy.

Spam Protection (hCaptcha)

We use hCaptcha (Intuition Machines, Inc., USA) to protect our forms from spam and abuse. hCaptcha runs invisibly and analyzes browser behavior to distinguish humans from bots.

  • Legal Basis: Art. 6 (1) (f) GDPR (legitimate interest in preventing spam).
  • Data Types: Browser metadata for bot detection.
  • Further Information: hCaptcha's Privacy Policy.

8. Your Rights

As a data subject under the GDPR, you have several rights. If your request concerns data for which we are a Data Processor (e.g., your order data with a restaurant), we recommend contacting the respective restaurant directly.

  • Right of Access (Art. 15 GDPR): You have the right to obtain information about the personal data we process about you.
  • Right to Rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate or completion of incomplete data.
  • Right to Erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data.
  • Right to Restriction (Art. 18 GDPR): You have the right to request the restriction of processing.
  • Right to Data Portability (Art. 20 GDPR): You have the right to receive your data in a structured format.
  • Right to Object (Art. 21 GDPR): You have the right to object to the processing of your data based on legitimate interests.
  • Withdrawal of Consent: Where processing is based on consent, you can withdraw it at any time.

9. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. The competent authority for us is:

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Austria

10. Contact for Data Protection Matters

For any questions about data protection or to exercise your rights, please contact us using the contact information on our contact page. We aim to process your request within one month.

Questions About Your Privacy?

Our data protection team is here to help you understand your rights and how we protect your data.

Contact Form