Our Commitment to GDPR
Gastrolie is designed with the General Data Protection Regulation (EU) 2016/679 in mind. As a platform headquartered in Germany, data protection is fundamental to how we design, build, and operate our services.
Data Processing Architecture
- Multi-Tenant Isolation: Each customer's data is logically isolated. No cross-tenant data access is possible.
- Role-Based Access Control: 8 hierarchical roles ensure users only access data they are authorized to see.
- Data Minimization: We only collect data necessary for the platform's functionality.
- EU Data Residency: All data is processed and stored within the European Union.
Your Rights Under GDPR
Right of Access (Art. 15)
Request a copy of your personal data we hold.
Right to Rectification (Art. 16)
Request correction of inaccurate personal data.
Right to Erasure (Art. 17)
Request deletion of your personal data.
Right to Restrict Processing (Art. 18)
Request limitation of how we process your data.
Right to Data Portability (Art. 20)
Receive your data in a structured, machine-readable format.
Right to Object (Art. 21)
Object to processing based on legitimate interest.
Data Processing Agreement (DPA)
Our Data Processing Agreement (DPA) outlines our responsibilities as a data processor, including security measures, sub-processor management, and breach notification procedures.
View our full DPA or contact us for questions.
Breach Notification
In the event of a personal data breach, we aim to notify affected customers without undue delay. We are committed to transparent communication regarding any security incidents.
Supervisory Authority
Our lead supervisory authority is the Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI), the data protection authority of the State of Hessen, Germany.