From 25 May 2018 on, a new regulation to protect the personal data of European citizens will apply: the general data protection regulation (GDPR). Under GDPR, you are obligated to ensure that the personal data of your EU-employees and your EU-guests (e.g. name, address, telephone numbers) that you process is protected in accordance with GDPR.
When using the orderbird app and my.orderbird.com, orderbird stores and processes personal data about you and, to a degree, your employees and guests. For this reason, the law provides that you, as a business owner, sign a data processing addendum (DPA) with orderbird.
What do I have to do?
Please download the data processing addendum (DPA), fill it in, sign it and mail it back to us:
The DPA regulates in detail which data we collect for the delivery of our services (orderbird App and my.orderbird.com), how we process the data and how we protect your data against unauthorized access.
You can fill out and sign the DPA directly on your computer.
- Download the DPA.
- Open the file with Adobe Acrobat Reader. You can download the program online free of charge.
- Enter your data into the document and sign it digitally. Here you can find instructions: "Fill and sign PDF forms".
- Save the completed contract on your computer and send your saved version by e-mail to firstname.lastname@example.org.
Alternatively, you can print out the DPA, fill it out, scan it and send it to us by email.
What happens if I do not sign the data processing addendum or do not sign it in time?
You can still use the orderbird app and my.orderbird.com without any restrictions. Since you are a business owner yourself, however, you are obligated to sign a DPA with us, since we also process a certain amount of data of your guests and your employees. You are the responsible party for signing the DPA in time. The penalties for non-compliance are high: In the event of non-compliance, entrepreneurs pay up to 4% of their total turnover or € 20 million.
What data does orderbird store?
- Your sales data will be stored for 10 years, according to the legal retention period.
- Your personal data as well as personal data of your employees and, if applicable, data of your customers (for example name, company name, customer number, address) as well as communication data (for example e-mail address, telephone number) and contract billing and payment data are processed.
- All actions in your cash register that are logged according to GoBD requirements are saved. This includes, for example, information about who opened or closed a shift and when they did it, who booked or cancelled which items, etc.
- Your data is protected against unauthorized access.
- Only companies with whom we cooperate have contractually regulated access to your data within the scope of the cooperation. They handle your data as confidentially as we do!
My business is located in Switzerland. Am I affected by the GDPR?
Yes, you are! Because you never know when an EU citizen might visit your business.
What exactly does the GDPR say?
In short: This Regulation ensures that certain rules are respected in the processing of personal data of EU citizens. For example, the processing of personal data must be transparent and bound to a purpose.
You can find the full text of the GDPR here.