Frequently asked questions about data protection & GDPR
How GastroSystem handles your data and your customers' data — transparent and GDPR-compliant.
Data protection & GDPR
Is GastroSystem GDPR-compliant?
Yes. GastroSystem processes all data in accordance with the General Data Protection Regulation (GDPR). We provide a Data Processing Agreement (DPA).
Where is my data stored?
All data is stored on servers in Germany. We do not use non-European data centres for customer data.
Who owns the customer data?
You do. You are the data controller under GDPR. GastroSystem processes the data only on your behalf.
Can I export customer data?
Yes. You can export customer data at any time — for your own marketing or when switching providers.
What happens with a data access request?
You can view a customer's data in the dashboard and delete it if needed. GastroSystem supports the right to access and erasure.
Do I need my own privacy policy?
Yes. For your online shop and app, you need your own privacy policy. We provide a template.
Are cookies set?
The GastroSystem web shop only sets technically necessary cookies. For analytics (e.g. Plausible), no personal data is collected.
How long is order data stored?
Order data is stored in accordance with statutory retention requirements (10 years for tax-relevant data).
Is there a Data Processing Agreement?
Yes. We provide a DPA that governs data processing. You receive it upon signing the contract.
Is data shared with third parties?
Only with sub-processors necessary for operation (e.g. hosting, payment providers). All are listed in the DPA.
Can I have customer data deleted?
Yes. Customers can request deletion of their data. You can do this directly in the dashboard — subject to statutory retention requirements.