Sodexo builds strong, lasting relationships with its customers, partners, consumers and associates, based on mutual trust: making sure that their personal data are safe and remain confidential is an absolute priority for Sodexo.
Sodexo complies with all applicable regulatory and legal provisions on the protection of personal data.
Sodexo takes the protection of your personal data very seriously.
https://www.sohappy-catering.de and downstream EDP systems (backend) process and included personal data with a view to the provision of services for fulfilling orders: delivery of meals and billing.
We developed this policy to inform you of the conditions under which we collect, process, use and protect your personal data. Please read it carefully to familiarize yourself with the categories of personal data that are subject to collection and processing, how we use these data and with whom we are likely to share it. This policy also describes your rights and how you can get in touch with us to exercise these rights or to ask us any questions you might have concerning the protection of your personal data.
This policy may be amended, supplemented or updated, in particular to comply with any legal, regulatory, case law or technical developments that may arise. However, your personal data will always be processed in accordance with the policy in force at the time of the data collection, unless a compulsory legal prescription determines otherwise.
We would point out that the transmission of data on the Internet (e.g. email communication) may present gaps in security. It is not possible to protect data completely against third party access.
Sodexo SCS GmbH, a company organised under German law having its registered office at Eisenstrasse 9a in 65428 Rüsselsheim am Main and registered in the Commercial Register of Darmstadt under number HRB 93571, operates and functions as controller for the purposes of data processing on https://www.sohappy-catering.de and downstream EDP systems (backend) in accordance with its recognition under German law.
You can contact our data protection officer at: Datenschutz.de@Sodexo.com or by post at our postal address, adding “Data Protection Officer” to the address.
means any information relating to an identified or identifiable natural person (hereinafter “data subject”) or one that can be directly or indirectly identified by reference to a name, to an identification number, to location data, to an online identifier or to one or more factors specific to this person, which express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
“us” or “our”
Sodexo SCS GmbH (hereinafter “Sodexo”)
any website user/visitor.
The website of Sodexo SCS GmbH, https://www.sohappy-catering.de/
We may collect your personal data in the following ways:
We will not process any data without your consent and you may refuse the use of your data for certain purposes whenever necessary.
We may collect the following categories of personal data and manage them on https://www.sohappy-catering.de and downstream EDP systems (backend):
Diners (data - purpose):
Contract partner (data - purpose):
Different billing recipient (data - purpose):
Further details for fulfilment of performance (data - purpose):
Additional data will only be stored with your consent; the fulfilment of certain orders may, however, require that these data be provided.
We collect some information automatically when you visit the website in order to personalize and enhance your experience. We collect this information using various methods such as:
Some Internet sites used so-called “cookies”. Cookies cannot damage your computer in any way and do not contain viruses. Cookies are used to make our service more user-friendly, more effective and more secure. Cookies are small information files which are sent to your browser when you visit our website and stored on your computer. This file contains information such as the domain name, the internet access provider and the operating system as well as the date and time of access by the user.
Cookies are not used to determine the identity of an individual who visits our website. Cookies allow us to identify, in particular, your geographic location and the display language in order to improve your online browsing experience. They also enable us to process information about your visit to our website, such as the pages viewed and the searches made, in order to improve our website content, to follow your areas of interest and offer you more suitable content.
Most cookies we use are so-called “session cookies”, which are automatically erased at the end of your visit. Other cookies remain stored on your end-device until you erase them. These cookies enable us to recognise your browser the next time you visit us.
You can configure your browser to tell you when cookies are installed and to allow cookies only on a single case basis, to accept cookies in specific cases or to generally refuse them and to activate automatic erasure of cookies when you close your browser. If you deactivate cookies, the functioning of this website may be restricted or you may no longer be able to use some of the services we offer. In this case, we cannot be held liable for any consequences related to the reduced functionality of our services arising from our inability to store the cookies required for the smooth functioning of the website.
By clicking on the corresponding icons of social networks such as Twitter, Facebook, LinkedIn, etc., if these are displayed on our website, and if you have agreed that cookies may be downloaded while you are browsing our website, the social networks in question may also download cookies to your devices (computer, tablet or mobile phone).
These types of cookies are downloaded to your device only on condition that you have given your consent. You can, however, revoke your consent to these social networks downloading these types of cookies at any time.
Manage your cookies
If you send us an enquiry using the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing your enquiry and any follow-up questions that there may be. We will not pass on these data without your consent.
This means that your data entered in the contact form are processed solely on the basis of your consent (Art. 6 (1) (a) GDPR). You may withdraw this consent at any time, for which an informal email notification to us will be sufficient. This will not affect the lawfulness of data processing carried out up to the time that you withdraw your consent.
We will retain your data entered in the contact form until you request us to erase them, withdraw your consent or the purpose for which the data are stored no longer applies (such as once the processing of your enquiry has been completed). Compulsory legal provisions – in particular storage periods – are not affected by this.
Processing of data (customer and contract data)
We collect, process and use personal data only where they are necessary for establishing, structuring in terms of content or amendment of the legal relationship (inventory data). The legal basis for this is Art. 6 (1) (b) GDPR, which permits the processing of data for the performance of a contract or for taking steps prior to entering into a contract. We collect, process and use personal data about the use of our Internet sites (usage data) only where this is necessary to enable users to use our services or for billing.
The customer data we collect are erased once the order has been completed or the business relationship has ended. This does not affect statutory storage periods.
IP address and server log files
An IP address is a unique identifier used by some electronic devices to identify and communicate with each other on the internet. When you consult our website, we can use the IP address of the device used by you to connect you to the website. We use this information to determine the general physical location of the device and to know in which geographical areas visitors are located.
The provider of the sites also automatically collects and stores information in so-called server log files, which your browser automatically sends to us to use. These are:
These data are not combined in any way with any other data sources.
This website uses functions of the web analysis service Google Analytics (provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland), to compile statistics.
These statistics tell us, for example, how many users consulted the website, which pages were visited and in which geographical areas website users are located. The information gathered via the statistics may include, for example, your IP address, the website from which you arrived at our site and the type of device that you used.
For this purpose, Google Analytics uses so-called analytics cookies, which are text files stored on your computer to enable us to analyse your use of our website. The information generated by the cookie about your use of this website will as a rule be transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored on the legal basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the analysis of user behaviour in order to optimise both its web offering and its advertising.
Your IP address is hidden on our systems and will only be used if necessary to resolve a technical problem, for website administration and to gain insight into our users’ preferences. Website traffic information is only accessible to authorized staff. We do not use any of this information to identify visitors and we do not share this information with third parties.
Regarding the use of Google Analytics, the IP anonymisation function is activated. This means that within the Member States of the European Union or in other signatory States of the European Economic Area your IP address will be abbreviated before being sent to the USA. Only in exceptional circumstances will the full IP address be sent to a Google server in the USA and abbreviated there. Google will use this information on behalf of the operator of this website to analyse your use of the website, to compile reports on website activities and to provide other services for the website operator in connection with the use of the website and the use of the Internet. The IP address transmitted from your browser within the scope of Google Analytics will not be combined with other data from Google.
Objection to data collection
You may prevent the collection of your data by Google Analytics by clicking on the following link: Google Analytics deactivation. This will place an opt-out cookie which will prevent the collection of your data when you visit this website in the future: deactivate Google Analytics.
Contract data processing
We have signed a contract with Google for contract data processing, fully implementing the strict requirements of the German data protection authorities for the use of Google Analytics.
Demographic features with Google Analytics
This website uses the Google Analytics function ‘demographic features’. This enables us to compile reports including statements about age, gender and interests of visitors to the site. These data are derived from interest-related Google adverting as well as from visitor data from third party offerors. These data cannot be attributed to any particular person. You may deactivate this function at any time using the display settings in your Google account or generally prohibit the collection of your data by Google Analytics as set out under ‘Objection to data collection’.
You have the option to click on the dedicated icons of social networks such as Twitter, Facebook, LinkedIn, etc. that appear on our website.
Social networks create a friendlier atmosphere on the website and assist in promoting the website via sharing. Video sharing services enrich the video content of our website and increase its visibility.
When you click on these buttons, we may have access to the personal information that you have made public and accessible via your profiles on the social networks in question. We neither create nor use any separate databases from these social networks based on the personal information that you have published there and we do not process any data relating to your private life through these means.
If you do not want us to have access to your personal information published in the public spaces of your profile or your social accounts, then you should use the procedures provided by the social networks in question to limit access to this information, or simply do not click on the social networks buttons.
To enable you to take part in a competition, we, as the organiser of competitions, collect, process and use personal data where necessary to establish the legal relationship with you and to subsequently implement and carry out the competition. The personal data in question are in particular your surname, forename and email address for the purpose of competition notification and your date of birth so that we can check your age, and if necessary other details such as your address, so that we can send you your prize should you win.
Under Art. 6 (1) (a.) – (c.) GDPR, we are entitled to collect, store and transmit personal data if the data subject has consented to the data processing or if it is for the fulfilment of a contract or a legal obligation.
In the event that certain prizes are delivered or provided via trade dealers or other third parties (co-operation partners of Sodexo), we transmit the prize-winner’s contact details within the necessary scope to the co-operation partner in question so that they can contact the winner. No data are transmitted to any other third party.
Your data will also be transmitted internally to other departments involved in the running of the business processes in question, such as accounts, billing, purchasing and IT. Once the business purpose of carrying out the competition has been fulfilled and you have not been identified as a winner, we will erase your data within one month of the end of the competition. If you have been identified as a winner, longer storage periods apply under provisions of tax law and commercial law.
We reserve the right to suspend competitions and to postpone the prize draw as circumstances require. Should this be necessary, you will be informed. In such cases, the data of the entrants already entered will remain in the draw pot, which may result in the storage period of entrants’ data being adjusted and thus extended.
After the postponed draw has taken place we will proceed as described above.
We collect, process and use personal data only where they are necessary for establishing, structuring in terms of content or amendment of the legal relationship (inventory data).
The legal basis for this is Art. 6 (1) (b) GDPR, which permits the processing of data for the performance of a contract or for taking steps prior to entering into a contract.
We collect, process and use personal data about the use of our Internet sites (usage data) only where this is necessary to enable users to use our services or for billing.
The customer data we collect are erased once the order has been completed or the business relationship has ended. This does not affect statutory storage periods.
We may also process your data for the purpose of tracing COVID-19 chains of infection in connection with the statutory duty of catering businesses to register meal patrons. The legal basis for this is then Art. 6 (1) (c) GDPR in conjunction with the regulations of the relevant federal state.
The security and confidentiality of your personal data are of great importance to us. This is why we restrict access to your personal data only to members of our staff who need to have this information in order to process your orders or to provide the requested service.
We will not disclose your personal data to any unauthorized third parties. We may, however, share your personal data with entities within the Sodexo group and with authorized service providers (for example: technical service providers offering services such as hosting, maintenance, consulting) whom we may call upon for the purpose of providing our services.
We do not authorize our service providers to use or disclose your data, except to the extent necessary to deliver the services on our behalf or to comply with legal obligations. Furthermore, we may share personal data concerning you (i) if the law or a legal procedure requires us to do so, (ii) in response to a request by public authorities or other officials or (iii) if we are of the opinion that transferring these data is necessary or appropriate to prevent any physical harm or financial loss or in respect of an investigation concerning a suspected or proven unlawful activity.
We will store your data only for as long as necessary to fulfil the purposes for which it was collected and processed. This period may be extended, if applicable, for any amount of time prescribed by any legal or regulatory provisions that may apply.
As a general rule, we do not collect sensitive personal data via our website. “Sensitive personal data” refers to any information concerning a person’s racial or ethnic origins, political opinions, religious or philosophical beliefs, union membership, health data or data relating to the sexual life or the sexual orientation of a natural person. This definition also includes personal data relating to criminal convictions and offenses.
In the event that it would be strictly necessary to collect such data to achieve the purpose for which the processing is performed, we will do so in accordance with local legal requirements for the protection of personal data and, in particular, with your explicit prior consent and under the conditions described in this Confidentiality Policy.
The website is for use by adult persons who have the capacity to conclude a contract under the legislation of the country in which they are located.
Users under the age of 18 years must obtain consent from their legal guardians prior to submitting their data to the website.
As Sodexo is an international group, your personal data may be transmitted to internal or external recipients that are authorized to perform services on our behalf and that are located in countries outside the European Union or the European Economic Area which do not offer an adequate level of personal data protection.
To guarantee the security and confidentiality of personal data thus transmitted, we will take all necessary measures to ensure that these data receive adequate protection, such as signing standard European Commission contractual clauses or other equivalent measures.
Sodexo is committed to ensuring the protection of your rights under applicable laws. You will find below a table summarizing your different rights:
Right to information:
You may request information about the processing of your personal data. You may also request rectification of inaccurate Personal Data, or to have incomplete Personal Data completed.
You may request all available information about the source of the personal data and you may also request a copy of the personal data which are processed by Sodexo.
Right to erasure:
Your right to be forgotten entitles you to request the erasure of your Personal Data in cases where:
Right to restriction of processing:
You may request that processing of your Personal Data be restricted in cases where:
Right to data portability:
You can request, where applicable, the portability of your Personal Data that you have provided to Sodexo. If they are stored in a structured, commonly used, and machine-readable format you have the right to transmit this data from Sodexo to another provider, where:
You can also request that your Personal Data be transmitted directly to a third party of your choice (where technically feasible).
Right to lodge a complaint with the responsible supervisory authority:
In the event of any breaches of data protection law, you have a right to lodge a complaint with the responsible supervisory authority. The responsible supervisory authority in matters of data protection is the Data Protection Officer of the federal state (Land) in which our company has its registered office. A list of data protection officers and their contact details can be found by following this link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
We implement all possible technical and organizational security measures to ensure security and confidentiality in processing your personal data.
To this end, we take all necessary precautions given the nature of the personal data and the risks related to its processing, in order to maintain data security and in particular to prevent distortion, damage or unauthorized third-party access (physical protection of the premises, authentication procedures with personal, secured access via identifiers and confidential passwords, a connection log, encryption of certain data, etc.).
Only authorised persons have access to the Sodexo IT system, and they gain knowledge of the necessary data only as required (need to know principle). The security and access rights are strictly monitored in compliance with predefined user requirements. The system restricts access by users to the content and services for which the user has entitlement.
On our websites we offer you links to websites which may be of interest to you. We have no influence over the content of these websites. We undertake no liability with regard to the content on these other websites. The linked sites were checked for possible legal violations at the time at which the link was placed and none was apparent at the time at which the link was placed. We cannot, however, be reasonably expected to undertake continuous monitoring of the content of linked sites without specific grounds for suspecting a legal violation. We will remove the links in question at once as soon as we become aware of any legal violations by the linked Internet sites.
If you have subscribed to services such as newsletters or other notifications via our website and you no longer wish to receive emails, you may unsubscribe from the service using the ‘Unsubscribe’ button on the relevant website.
We herewith object to the use of contact details published within the scope of the legal obligation to publish a legal notice (‘Impressum’) on our website for sending unsolicited advertising and information material that we have not specifically requested. The operators of the pages explicitly reserve the right to take legal steps in the event of the unsolicited sending of advertising information by spam emails or other means.
If you have any questions or comments with regard to this policy, please do not hesitate to contact us at the following address: Datenschutz.firstname.lastname@example.org .
Last updated: 26/05/2020