Legal Center

These Terms of Service govern your use of and access to our cloud based service (SaaS) that enables (i) commercial customers in the gastronomy and the food and drink sector (hereinafter the "Buyer(s)") to communicate with, and send their orders to, their distributors (hereinafter the "Distributor(s)"), and (ii) the Distributors to manage their orders and communicate with their customers((i) and (ii) and all related services provided on or in connection with them collectively the "Service"). By accessing or using the Service, or by clicking a button or checking a box marked "I Agree" (or something similar), you acknowledge that you have read, understood, and agree to be bound by these Terms of Service (this "ToS") and have read and understood our Privacy Notice listed below. If you do not agree to this ToS then you should not use the Service. This ToS applies to all Buyers and Distributors who make use of the Service (each a “Customer”), unless a Customer has entered into a separate contract with Choco for use of the paid Service. In that case that contract between the relevant Customer and Choco shall apply in its entirety and supersede this ToS. 

The Service is offered by Choco Communications GmbH along with its affiliates (collectively, "Choco," "we," "our" or "us"). This ToS forms a binding ToS between the entity on whose behalf you are accepting this ToS and the relevant Choco entity identified below (each a “Party” and together “Parties”). You (as the person accepting this ToS) represent and warrant that you have the legal authority to bind that entity to this ToS and that you use the Service on that entity’s behalf. The references to “you” or “Customer” refer to that entity on behalf of which this ToS is accepted. 

The provisions of this ToS shall prevail over any other general or specific terms and conditions of the Customer. This ToS may be supplemented by Choco, where appropriate, by specific terms of use for certain aspects of the Services, which shall supplement this ToS and shall take precedence in the event of any conflict.

Please read this ToS carefully to ensure that you understand each provision. For the Customers based in the USA, this ToS contains a mandatory individual arbitration and class action/jury trial waiver provision that requires the use of arbitration on an individual basis to resolve disputes, rather than jury trials or class actions.

1. Access and Use

1.1 Eligibility: The Service is designed and intended for professional use only and is aimed exclusively at business customers, in particular the ones active in the catering, gastronomy and the food trade. Consumers are not permitted to use the Service. The Service is not available to any person who was previously removed from the Service by Choco. Users of the Service must be at least 18 years of age and able to form legally binding contracts under the relevant laws of the jurisdiction where they reside.

1.2 Limited license: The Service is accessible via mobile and web-based applications and any other online tools that may be designated by Choco. Subject to the terms and conditions of this ToS, the Customer is hereby granted a non-exclusive, limited, non-transferable, freely revocable, non-sublicensable license to install, access and use the Service solely for its business operations as permitted by the features of the Service. Use of the Service for any purpose not expressly permitted by this ToS is strictly prohibited. 

1.3 Accounts: The Customer’s end-users (the “Users”) will each have a user account that will be managed by the admin(s) of the Customer. When creating accounts, the Users must provide accurate and complete information and must keep their information up to date. The Customer is solely responsible for the activity that occurs under the accounts of its Users; for its Users’ compliance with the ToS and for their acts and omissions. The Customer shall ensure that its Users keep their account password secure. The Customer must notify Choco immediately if there is any suspicion that the access data may have become known to unauthorized persons. Choco will not be liable for any losses caused by any unauthorized use of an User account if it occurs through no fault of Choco.

1.4 Changes to the Service: Choco may, without prior notice, change or discontinue the features of the Service, introduce new features to the Service or stop providing the Service at any time.  

1.5 AI-Powered Services: The Service may encompass functionalities that are powered by artificial intelligence (“AI”). The Customer will retain ownership over the input it provides and the output generated by AI based on the input. Choco does not guarantee the accuracy, completeness and reliability of AI-powered Services and the output generated by AI and, to the extent permitted by law, disclaims all warranties and liability for such output. To the extent such full exclusion of liability is not enforceable, Choco’s (including its legal representatives’, employees’, agents’ and subcontractors’) aggregate liability shall be limited to GBP 100 (one hundred pounds). Output generated by AI may not be unique to the Customer and it does not represent Choco’s views. The Customer undertakes to comply with the fair use policies of Choco’s third party service providers when using AI-powered functionalities. In the event of a conflict between this section and the rest of the ToS, this section shall take precedence.

1.6 Third-Party Services. Choco may make ancillary services or add-ons that are offered by third parties available on the Service (“Third-Party Services”). Third-Party Services are subject to the specific terms and conditions of the third-party service provider (“Third-Party Service Provider”). The Customer acknowledges that a Third-Party Service Provider may refuse to provide services to the Customer at its own discretion. Choco does not control the Third-Party Services and is not responsible, directly or indirectly, for any damage or loss resulting from the use of or reliance on these Third-Party Services. For the avoidance of doubt, Third-Party Services do not constitute Services as defined under this ToS and are not subject to this ToS. The Customer shall be fully responsible for its use of the Third-Party Services. 

If enabled by the relevant Distributor with whom the order is placed, the Buyer may pay its orders using the Third-Party Service for payments. At no point or time do funds transmitted by Buyers to Distributors pass into Choco's control and/or ownership; this includes any refunds or chargebacks or any kind of fund movement. The available payment methods and their terms depend on the ToS between the Third-Party Service Provider and the Distributor. Choco has no control over or liability for these payments.

1.7 Advertisements. The Service may include advertisement placements or promotions of the Distributors or third-party advertisers, such as of food producers. Choco does not endorse, verify, or make any representations or warranties regarding any products advertised in the advertisements or for their content. Any interactions, transactions with or participation in the promotions of these advertisers are solely between you and such advertisers. You agree that Choco shall not be responsible for any loss or damage of any sort arising from your dealings with the advertisers. Some of the advertisements may contain links to third-party websites or materials. Choco does not endorse, control or assume any responsibility for any such third-party websites. If you access such a website via a third-party link, you do so at your own risk and you acknowledge that this ToS and Choco’s Privacy Notice do not apply to your use of such websites. 

2. Customer Responsibilities 

2.1 Customer obligations: Without prejudice to any other obligations provided for herein, each Customer shall: (i) comply with applicable laws and regulations when using the Service, including, but not limited to, any laws applicable to sending communications; (ii) use the Service in an honest and truthful manner and observe reasonable rules of politeness, courtesy and decency in its exchanges with other customers and users; (iii) provide Choco with all necessary information and actively cooperate with Choco with regard to its use of the Service. The Customer is responsible for arranging the internet connection and the necessary equipment to use the Service. 

2.2 Usage restrictions: The Customer agrees not to engage in any of the following prohibited activities: (i) rent, lease, distribute, sublicense, or otherwise provide third parties access to, the Service; (ii) disassemble, decompile or reverse engineer the Service, except to the extent that such restriction is expressly prohibited by law; (iii) modify, copy or create derivative works of the Service or disclose any part of the Service in any medium, including without limitation by any automated or non-automated "scraping"; (iv) interfere with the proper functioning of the Service or compromise the system integrity or security of the Service, including by imposing disproportionately large load on our infrastructure; (v) remove, circumvent, disable, damage or otherwise interfere with security-related features of the Service; (vi) send or store any viruses, worms, or other software agents through the Service; (vii) gain unauthorised access to personally identifiable or commercially sensitive information on the Service; (viii) impersonate another person or otherwise misrepresent your affiliation with a person or entity, conduct fraud, hide or attempt to hide your identity; (ix) use the Service to build competing services or for purposes other than those for which it was designed for (e.g., for sending unsolicited communication); and (x) to attempt to any of the foregoing.  

2.3 Suspension. Choco is entitled, but not obliged, to monitor the Customer’s and its Users’ use of the Service and may suspend their access to the Service (i) if Choco reasonably believes a violation of the ToS has occurred, (ii) if the suspension is necessary for technical or security reasons or to avert imminent damage to Choco, the Customer or third parties or (iii) if Choco is obliged to suspend access by law. Choco will use commercially reasonable efforts to provide advance notice of suspension, unless prohibited by law. Choco shall lift the suspension if the reason for the suspension no longer exists. Choco will have no liability for any damage, liabilities, losses (including any loss of data or profits), or any other consequences that the Customer may incur as a result of a suspension triggered by its own acts or omissions.

2.4 Relationship with Other Customers and Users. The Customer is solely responsible for its Users’ use of the Service and for their interactions with other users and customers. By making the Service available, Choco merely provides the infrastructure for placing and managing orders and for communication. Choco itself will not directly or indirectly become a party to the relationship between the Distributors and the Buyers. Each order (individual sale and purchase of products) shall be concluded solely between the relevant Buyer and the Distributor. All products that may be ordered from or via the Service are transported and delivered to the Buyer by the applicable Distributor, not by Choco. Title to products ordered on the Service, as well as the risk of loss for such products, is subject to the contract between the Buyer and the Distributor. Choco will have no liability whatsoever with regard to the performance of orders or the communications between the Buyers and the Distributors; and shall not be a party to disputes of any kind between users.  

3. Customer Content

3.1 License to Customer Content. Some areas of the Service allow content such as profile information, order information, product information, images, comments, questions, and other content or information to be submitted, posted, displayed, or otherwise to be made available by or on behalf of the Customer (altogether “Customer Content”). By making Customer Content available on or through the Service, the Customer expressly grants Choco a royalty-free, sublicensable, transferable, irrevocable, non-exclusive, worldwide license to use, reproduce, modify, publish, edit, translate, display and make derivative works of the Customer Content, in whole or in part, and in any form, media or technology, whether now known or hereafter developed, for the purpose of operating and providing the Service. 

3.2 The Customer agrees that Choco may collect, analyze and use information about the Customer’s use of the Services (“Usage Data”) and Customer Content for internal research, security, analytics purposes, for improving and providing its Services and for displaying relevant Ads and ad measurement purposes. Choco shall be entitled to create aggregated and/or de-identified information derived from Usage Data and Customer Content and use such information at its own discretion without being subject to any limitations, to the extent it does not identify the Customer or any person. Choco may sublicense or transfer the rights granted herein to its subcontractors. In addition, Choco reserves all right, title, interest and ownership over aggregated and/or de-identified information derived from User Data and Customer Content.

3.3 Warranties. In connection with its Customer Content the Customer affirms, represents and warrants that  (i) it owns or will obtain the necessary rights and permissions to share the Customer Content through the Service or otherwise make it available to Choco and to authorize the use of the Customer Content by Choco as contemplated in this ToS; (ii) it will provide the required information notices and obtain necessary consents under applicable data protection laws from the persons whose personal data may be included in the Customer Content for sharing their data with Choco; (iii) the Customer Content and use thereof as contemplated by this ToS does not violate any law or infringe any rights of any third party, including, but not limited to, any intellectual property rights and privacy rights; and (iv) all Customer Content and other provided information is truthful and accurate.

3.4 Responsibility for the Customer Content. The Customer shall be solely responsible for the Customer Content and the consequences of posting, publishing, sharing or otherwise making it available on the Service, and agrees that Choco is only acting as a passive conduit for online distribution and publication of the Customer Content. The Customer understands and agrees that it may be exposed to content posted by other customers and their users which may be inaccurate, inappropriate or unlawful. Choco takes no responsibility and assumes no liability for content provided by other customers and their users on the Service. 

3.5 Content Rules. The Customer shall only transmit information that is truthful, accurate, lawful and appropriate to the purpose of the Service. In particular, the following content is prohibited: (a) content that is not reasonably related to the ordering or execution of contracts between the Buyers and the Distributors (such as political or religious content); (b) content that is pornographic, obscene, indecent, shocking or unsuitable for a family audience, defamatory, offensive, violent, racist, or xenophobic; (c) unlawful content such as illegal hate speech, terrorist content, unlawful discriminatory content; (d) content that violates personal rights; (e) content that breaches a confidentiality ToS or discloses a trade secret without permission; (f) content that is false or misleading or promotes illegal, fraudulent or deceptive activities.

3.6 Removal. Choco is not obliged to monitor the Customer Content but reserves the right to do so at its own discretion. Choco may, without prior notice, remove or disable access to any Customer Content (i) if it violates this ToS including Choco policies made available to the Customer, (ii) upon request of the supervisory authorities or (iii) if it is likely to give rise to complaints by third parties or other Choco customers. Due account of the fundamental rights and freedoms and legitimate interests of all parties involved will be taken when making decisions about removal of the Customer Content. Choco will comply with any binding orders of courts and supervisory authorities to remove any illegal Customer Content from the Service.

3.7 Backup. Choco will use commercially reasonable efforts to ensure integrity and availability of the Customer Content. Notwithstanding the foregoing the Customer shall be solely responsible for the Customer Content and shall take back-ups on a regular basis and commensurately with the risk.

4. Our Proprietary Rights

4.1 Choco’s Intellectual Property. Except for the Customer Content, the Service and all materials therein including without limitation, software, images, graphics, illustrations, logos, photographs, audio, videos, music, and all intellectual property rights related thereto, are the exclusive property of Choco and its licensors. Choco and its licensors reserve all rights not expressly granted herein in the Service.  

4.2 Feedback. You may choose to, or we may invite you to, submit comments or ideas about the Service, including without limitation product testimonials and/or other feedback regarding potential improvements to the Service (collectively, "Feedback"). By submitting any Feedback, you agree that we are free to use the Feedback without any compensation, royalty, attribution or restriction based on intellectual property rights or otherwise, and/or to disclose the Feedback on a non-confidential basis to anyone, including for our own advertising and marketing purposes. You further acknowledge that, by acceptance of your submission, Choco does not waive any rights to use similar or related ideas previously known to Choco, or developed by its employees, or obtained from sources other than you. 

4.3 Customer Reference. Choco may use the Customer’s name and logo in its marketing materials, presentations and similar communications to refer to the Customer as a customer. The Customer may revoke this consent any time by giving prior written notice.

5. Privacy

With respect to the personal data that Choco processes on behalf of the Buyers for the provision of the functionalities of the Services, the Parties enter into a Data Processing ToS available here ("DPA") which is incorporated by reference into this ToS. Choco also processes the personal data of the Customers for its business operations, such as for ensuring security of the Service, billing and for compliance with laws. For more information about our privacy practices as a controller, please refer to the applicable Privacy Notice available on the Legal Center. 

6. No Warranty

Unless specifically agreed otherwise between the Parties the use of the Service is free of charge and it is provided on an "as is" and "as available" basis. Use of the Service is at your own risk. To the maximum extent permitted by applicable law, the Service is provided without warranties of any kind, whether express or implied, including, but not limited to, implied warranties of merchantability, fitness for a particular purpose, or non-infringement. No advice or information, whether oral or written, provided by Choco or through the Service will create any warranty not expressly stated herein. Without limiting the foregoing, Choco, its affiliates and licensors do not warrant that: (i) the Service will meet your requirements; (ii) the Service will be available at any particular time or location, uninterrupted or secure; (iii) any defects or errors will be corrected; or (iv) the Service is free of viruses or other harmful components. Any content downloaded or otherwise obtained through the use of the Service is downloaded at your own risk. Further, Choco does not warrant, endorse, guarantee, or assume responsibility for any product or service advertised or offered by a third party through the Service, including products offered by the Distributors, advertisers and Third-Party Service Providers or any content shared by other users. The disclaimers, exclusions, and limitations of warranty under this ToS will not apply to the Customer to the extent prohibited by applicable law.

7. Limitation of Liability 

To the maximum extent permitted by applicable law, in no event shall Choco, its affiliates, agents, directors, employees, subcontractors or licensors be liable for any indirect, punitive, incidental, special, consequential or exemplary damages, including without limitation damages for loss of profits, goodwill, use, data or other intangible losses, arising out of or relating to the use of, or inability to use, the Service. To the maximum extent permitted by applicable law, Choco assumes no liability or responsibility for the Service including but not limited to errors, security breaches, service interruptions and third-party content. To the maximum extent permitted by applicable law, Choco’s total cumulative liability, including that of its affiliates, agents, directors, employees, subcontractors, and licensors, for any claims, proceedings, liabilities, obligations, damages, losses, or costs arising out of or in connection with the Service shall not exceed GBP 100.00 in the aggregate. This limitation of liability section applies whether the alleged liability is based on contract, tort, negligence, strict liability, or any other basis, even if Choco has been advised of the possibility of such damage.

8. Indemnification

8.1 Customer indemnification. The Customer agrees to defend, indemnify and hold harmless Choco and its affiliates, agents, licensors, subcontractors, from and against any and all claims, damages, obligations, losses, liabilities, costs or debt, and expenses (including but not limited to attorney's fees) arising from: (i) the Customer’s violation of any term of this ToS, including without limitation its breach of any of the representations and warranties; (ii) the Customer’s violation of any third-party right, including without limitation any right of privacy or intellectual property rights; (iii) the Customer’s violation of any applicable law, rule or regulation; (iv) the Customer Content; or (v) the Customer’s willful misconduct or gross negligence.

8.2 Choco indemnification. Choco will defend the Customer against third-party claims alleging that the Service, when used as permitted under this ToS and without modification, infringes a third-party’s intellectual property rights. In such cases, Choco may, at its sole discretion, (i) modify the infringing portion of the Service to make it non-infringing, or (ii) or replace the infringing portion of the Service with a non-infringing alternative, or (iii) terminate the Customer’s access to the Service. This indemnification does not apply to claims arising from (a) the Customer’s use of the Service in violation of this ToS, (b) the Customer content, data, or integrations, or (c) third-party software or services. This Section states Choco’s sole liability, and the Customer’s sole and exclusive right and remedy, for infringement of third-party intellectual property rights by the Service.

9. Term and Termination

9.1 Term. The ToS becomes effective upon your acceptance or your use of the Service, whichever is earlier, and runs for an indefinite period until terminated.

9.2 Termination. The Customer may terminate the ToS at any time with 7 days' notice by sending a corresponding message by e-mail to Choco at contact@choco.com. Choco may terminate the ToS without giving any reason and close the Customer’s account, subject to at least 14 days' notice. In addition, either party shall be entitled to terminate the ToS immediately if the other party has materially breached this ToS.

9.3 Consequences of termination. The termination shall result in the automatic deletion of the Customer account, including the accounts of its Users. After termination, Choco will have no obligation to continue storing the Customer Content and will delete the Customer Content in its systems upon Customer’s request or in line with its retention policy, whichever is earlier. Notwithstanding the foregoing, Choco will be entitled to retain the Customer Content if Choco is obliged to do so by law or to the extent that the Customer Content is required for accounting and documentation purposes or for the operation of the Cloud Service. Specific provisions about deletion of the personal data that Choco processes as a processor are set out in the DPA. 

9.4 Closure of account. Choco also reserves the right to close and delete a User or Customer account that has remained inactive for a continuous period of six months. Deletion of Customer account shall result in the termination of the ToS with that Customer.  

10. Additional Terms for Mobile Applications

10.1 Mobile Applications. The Service is available in the form of a mobile application accessible via a mobile device. To use any mobile application, you must have a mobile device that is compatible with the mobile applications. Choco does not warrant that its mobile applications will be compatible with your mobile device. You may use mobile data in connection with the mobile applications and may incur additional charges for these services. You agree that you are solely responsible for any such charges. You acknowledge that Choco may from time-to-time issue upgraded versions of the mobile applications and may automatically upgrade the version of the Choco mobile application that you are using on your mobile device. You consent to such automatic upgrading on your mobile device and agree that the terms and conditions of this ToS will apply to all such upgrades. 

10.2 Mobile Applications from Apple App Store. The following applies to Choco’s mobile application you download from the Apple App Store ("App Store App"): You acknowledge and agree that this ToS is solely between you and Choco, not Apple, Inc. ("Apple") and that Apple has no responsibility for the App Store App or content thereof. You acknowledge that Apple has no obligation whatsoever to furnish any maintenance and support services with respect to the App Store App. In the event of any failure of the App Store App to conform to any applicable warranty, you may notify Apple, and Apple will refund the purchase price for the App Store App to you; to the maximum extent permitted by applicable law, Apple will have no other warranty obligation whatsoever with respect to the App Store App other than refunding purchase price paid for the App Store App via App Store (if any), and any other claims, losses, liabilities, damages, costs or expenses attributable to any failure to conform to any warranty will be solely governed by this ToS and any law applicable to Choco as provider of the software. You acknowledge that Apple is not responsible for addressing any claims of you or any third party relating to the App Store App or your possession and/or use of the App Store App, including, but not limited to: (i) product liability claims; (ii) any claim that the App Store App fails to conform to any applicable legal or regulatory requirement; and (iii) claims arising under consumer protection or similar legislation; and all such claims are governed solely by this ToS and any law applicable to Choco as provider of the software. You acknowledge that, in the event of any third-party claim that the App Store App or your possession and use of that App Store App infringes that third party's intellectual property rights, Choco, not Apple, will be solely responsible for the investigation, defense, settlement and discharge of any such intellectual property infringement claim to the extent required by this ToS. You and Choco acknowledge and agree that Apple, and Apple's subsidiaries, are third-party beneficiaries of this ToS as relates to your license of the App Store App, and that, upon your acceptance of the terms and conditions of this ToS, Apple will have the right (and will be deemed to have accepted the right) to enforce this ToS as relates to your license of the App Store App against you as a third-party beneficiary thereof.

10.3 Mobile Applications from Google Play Store. The following applies to Choco mobile application you download from the Google Play Store ("Google-Play App"): (i) you acknowledge that the ToS is between you and Choco only, and not with Google, Inc. ("Google"); (ii) your use of Google-Play App must comply with Google's then-current Google Play Store Terms of Service; (iii) Google is only a provider of the Google Play Store where you obtained the Google-Play App; (iv) Choco, and not Google, is solely responsible for its the Google-Play App; (v) Google has no obligation or liability to you with respect to the Google-Play App or the ToS; and (vi) you acknowledge and agree that Google is a third-party beneficiary to the ToS as it relates to Google-Play App.

11. General

11.1 Confidentiality. Each party undertakes to keep the documents, data and information of the other party which are either to be regarded as confidential due to the nature of the information or the circumstances of their disclosure or have been designated or marked as confidential by the disclosing party, such as business and/or trade secrets (the "Confidential Information") strictly confidential. The duty of confidentiality shall commence upon gaining knowledge of the Confidential Information and will continue for a period of five years. The recipient party may only disclose the Confidential Information of the disclosing party to its affiliates, employees, trainees, subcontractors or consultants on a need to know basis for the performance of this ToS, provided that they are bound by the confidentiality obligations at least as protective as those contained herein and where required by law. When requests are made by judicial or administrative authorities relating to the disclosure of the Confidential Information, the receiving party shall without undue delay notify the disclosing party thereof in writing, to the extent permitted by law. This confidentiality obligation does not extend to information that (ii) is generally known or becomes known to public through no fault of the receiving party, (iii) is independently developed by the receiving party itself without access to the Confidential Information of the disclosing party or (iv) was brought to the attention of or shared with the receiving party by a bona fide third party authorized to do so. 

11.2 Force majeure. Choco shall not be liable for any failure or delay in performing its obligations under this ToS to the extent such failure or delay is caused by events beyond its reasonable control, including but not limited to acts of God, natural disasters (such as fire, flood, or storm), war, terrorism, riot, civil commotion, malicious damage, strikes, lockouts, or other industrial disputes, failure of utility services or transportation or telecommunications networks. 

11.3 Assignment. This ToS, and any rights and licenses granted hereunder, may not be transferred or assigned by the Customer. Choco may assign the ToS and its rights and obligations thereunder without the Customer’s consent. Choco also remains free to subcontract any of its obligations to its subcontractors or affiliates, Choco will remain responsible for their acts and omissions.

11.4 Changes to the ToS. Choco may, in its sole discretion, modify or update this ToS from time to time. When Choco changes the ToS in a material manner, Choco will update the 'last modified' date at the top of this page. The Customer’s continued use of the Service after any such change constitutes its acceptance of the new version of the ToS. If you do not agree to the changes, do not use or access (or continue to access) the Service.

11.5 Entire ToS/Severability. This ToS includes the Local Addendum in the Annex 1, the DPA and any amendments and additional terms the Customer may enter into with Choco in connection with the Service. It shall constitute the entire agreement between the Customer and Choco concerning the Service. If any provision of this ToS is deemed invalid by a court of competent jurisdiction, the invalidity of such provision shall not affect the validity of the remaining provisions of this ToS, which shall remain in full force and effect. In the event of a conflict among the documents making up this ToS, the order of preference will be the applicable provisions of the Annex 1 (the Local Addendum) to ToS, DPA and main body of this ToS (i.e., Terms of Service).

11.6 No Waiver. No waiver of any term of this ToS shall be deemed a further or continuing waiver of such term or any other term, and either Parties’ failure to assert any right or provision under this ToS shall not constitute a waiver of such right or provision.

11.7 Headings. Headings or titles used in this ToS are for convenience and reference purposes only and shall not be considered in the interpretation or construction of any provision of this ToS.

11.8 Contact. Please contact us at legal@choco.com with any questions regarding this ToS.

11.9 Governing law. The ToS shall be governed by the laws of the country in which the Choco entity party to this ToS is located. Any disputes arising from or in connection with this ToS shall be subject to the exclusive jurisdiction of the competent courts in that country.

Annex 1 Local Addendum

US 

1. Use by the US Government 

If the Service is used on behalf of the United States Government, then the following provision applies. The Service will be deemed to be "commercial computer software" and "commercial computer software documentation," respectively, pursuant to DFAR Section 227.7202 and FAR Section 12.212, as applicable. Any use of the Service and any accompanying documentation by the U.S. Government will be governed solely by this ToS and is prohibited except to the extent expressly permitted by this ToS.

2. US export laws and embargo

2.1 Choco’s Service originate in the United States, and is subject to United States export laws and regulations. The Service may not be exported or re-exported to certain countries or those persons or entities prohibited from receiving exports from the United States. In addition, the Service may be subject to the import and export laws of other countries. You agree to comply with all United States and foreign laws related to use of the Mobile Applications and the Service.

2.2 The Customer represents and warrants that (i) it is not located in a country that is subject to a U.S. Government embargo, or that has been designated by the U.S. Government as a “terrorist supporting” country; and (ii) its Users and representatives are not listed on any U.S. Government list of prohibited or restricted parties.

3. DMCA

3.1 Since we respect artist and content owner rights, it is our policy to respond to alleged infringement notices that comply with the Digital Millennium Copyright Act of 1998 ("DMCA"). If you believe that your copyrighted work has been copied in a way that constitutes copyright infringement and is accessible via the Service, please notify our copyright agent as set forth in the DMCA. For your complaint to be valid under the DMCA, you must provide the following information in writing:

1. An electronic or physical signature of a person authorized to act on behalf of the copyright owner;
2. Identification of the copyrighted work that you claim has been infringed;
3. Identification of the material that is claimed to be infringing and where it is located on the Service;
4. Information reasonably sufficient to permit Choco to contact you, such as your address, telephone number, and, e-mail address;
5. A statement that you have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or law; and
6. A statement, made under penalty of perjury, that the above information is accurate, and that you are the copyright owner or are authorized to act on behalf of the owner.
7. The above information must be submitted to the following DMCA Agent:

Attn: DMCA Notice Choco Legal Department

Address: Wrangelstraße 100, 10997 Berlin, Germany  

Email: legal@choco.com

3.2 Under federal law, if you knowingly misrepresent that online material is infringing, you may be subject to criminal prosecution for perjury and civil penalties, including monetary damages, court costs, and attorneys' fees.

3.3 Please note that this procedure is exclusively for notifying Choco and its affiliates that your copyrighted material has been infringed. The preceding requirements are intended to comply with the rights and obligations under the DMCA, including 17 U.S.C. §512(c), but do not constitute legal advice. It may be advisable to contact an attorney regarding your rights and obligations under the DMCA and other applicable laws.

3.4 In accordance with the DMCA and other applicable law, Choco has adopted a policy of terminating, in appropriate circumstances, Users who are deemed to be repeat infringers. Choco may also at its sole discretion limit access to the Service and/or terminate the User Accounts of any Users who infringe any intellectual property rights of others, whether or not there is any repeat infringement.

4. Governing Law, Arbitration, and Class Action/Jury Trial Waiver

4.1 Governing Law. You agree that: (i) the Service shall be deemed solely based in California; and (ii) the Service shall be deemed a passive one that does not give rise to personal jurisdiction over us, either specific or general, in jurisdictions other than California. This ToS shall be governed by the internal substantive laws of the State of California, without respect to its conflict of laws principles. The parties acknowledge that this ToS evidences a transaction involving interstate commerce. Notwithstanding the preceding sentences with respect to the substantive law, any arbitration conducted pursuant to the terms of this ToS shall be governed by the Federal Arbitration Act (9 U.S.C. §§ 1-16). The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. You agree to submit to the personal jurisdiction of the federal and state courts located in Los Angeles County, California for any actions for which we retain the right to seek injunctive or other equitable relief in a court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation or violation of a our copyrights, trademarks, trade secrets, patents, or other intellectual property or proprietary rights, as set forth in the Arbitration provision below, including any provisional relief required to prevent irreparable harm. You agree that Los Angeles County, California is the proper forum for any appeals of an arbitration award or for trial court proceedings in the event that the arbitration provision below is found to be unenforceable.

4.2 Arbitration. Read this section carefully because it requires the parties to arbitrate their disputes and limits the manner in which you can seek relief from Choco. For any dispute with Choco, you agree to first contact us at and attempt to resolve the dispute with us informally. In the unlikely event that Choco has not been able to resolve a dispute it has with you after sixty (60) days, we each agree to resolve any claim, dispute, or controversy (excluding any claims for injunctive or other equitable relief as provided below) arising out of or in connection with or relating to this ToS, or the breach or alleged breach thereof (collectively, "Claims"), by binding arbitration by JAMS, under the Optional Expedited Arbitration Procedures then in effect for JAMS, except as provided herein. JAMS may be contacted at www.jamsadr.com. The arbitration will be conducted in Los Angeles County, California, unless you and Choco agree otherwise. Each party will be responsible for paying any JAMS filing, administrative and arbitrator fees in accordance with JAMS rules, and the award rendered by the arbitrator shall include costs of arbitration, reasonable attorneys' fees and reasonable costs for expert and other witnesses. Any judgment on the award rendered by the arbitrator may be entered in any court of competent jurisdiction. Nothing in this Section shall be deemed as preventing Choco from seeking injunctive or other equitable relief from the courts as necessary to prevent the actual or threatened infringement, misappropriation, or violation of our data security, Intellectual Property Rights or other proprietary rights.

4.3 Class Action/Jury Trial Waiver. With respect to all persons and entities, regardless of whether they have obtained or used the Service for personal, commercial or other purposes, all Claims must be brought in the parties' individual capacity, and not as a plaintiff or class member in any purported class action, collective action, private attorney general action or other representative proceeding. This waiver applies to class arbitration, and, unless we agree otherwise, the arbitrator may not consolidate more than one person's Claims. You agree that, by entering into this ToS, you and Choco are each waiving the right to a trial by jury or to participate in a class action, collective action, private attorney general action, or other representative proceeding of any kind.

Preamble

This Data Processing Agreement ("DPA") specifies the data protection obligations and rights of the Parties in connection with the personal data processed by Choco as a processor on behalf of the Customers when providing the Services as per the Terms of Service ("ToS").

For the purposes of this DPA "Data Protection Laws" means any applicable laws and regulations in any relevant jurisdiction relating to the use or processing of personal data, including: (i) EU Regulation 2016/679 ("GDPR"); (ii) GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (the "UK GDPR"); (iii) any laws or regulations ratifying, implementing, adopting, supplementing or replacing the GDPR in member states of the European Union; (iv) in the UK, the Data Protection Act 2018; (v) any laws and regulations implementing or made pursuant to EU Directive 2002/58/EC (as amended by 2009/136/EC); (vi) in the UK, the Privacy and Electronic Communications (EC Directive) Regulations 2003; (vii) the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (“CCPA”), as set forth in California Civil Code § 1798.100 et seq.; (viii) in the United Arab Emirates (“UAE”) Federal Law No. 45/2021 on the Protection of Personal Data (“PPDL”); (ix) in Saudi Arabia (“KSA”), the Personal Data Protection Law issued by Cabinet Decision No. 98/1443 (“PDPL”) and all other applicable laws or regulations relating to the processing and protection of personal information; in each case, as updated, amended or replaced from time to time. 

The terms "data subject", "processing", "processor" and "controller" shall have the meanings set out in the Data Protection Laws. “Personal Data” or “Personal Information” has the meaning set out in Data Protection Laws, but is limited to personal data processed by Choco acting as a processor on behalf of the Customers under these ToS as further described in Annex 1. Any other defined terms shall have the meanings ascribed to them in the ToS.

1. Subject and Scope of the Assignment

1.1 Choco shall process the Personal Data which Customer has provided directly or indirectly for the provision of the Services exclusively on behalf of, and in accordance with, the instructions of Customer, unless it is otherwise required by the applicable law. In such a case, Choco shall notify Customer of such legal requirements prior to the processing, unless the relevant law prohibits such notification.

1.2 The processing of Personal Data by Choco on behalf of Customer is specified in Annex 1 to this DPA. Any additional instructions outside of the scope of Schedule 1 shall be agreed upon, in writing, by both Parties. Customer warrants and represents that it has obtained all necessary consents and complied with all obligations required by Data Protection Laws for transferring or otherwise making available any Personal Data to Choco under the ToS. 

1.3 If Choco is of the opinion that a Customer instruction violates this DPA or Data Protection Laws, then it shall without undue delay inform Customer thereof in writing. 

2. Requirements of Personnel

Choco shall ensure that all persons who are authorized to have access to the Personal Data are under a contractual obligation to maintain confidentiality or are under an appropriate statutory obligation of confidentiality when processing the Personal Data.

3. Processing Security

3.1 Choco shall implement and maintain throughout the term of the ToS appropriate technical and organizational measures ("TOM") specified in Annex 2 to ensure a level of protection of the Personal Data commensurate to the risk, taking into account the state of the art, the cost of implementation and, to the extent known to Choco, the nature, scope, circumstances and purposes of the processing of the Personal Data and the varying likelihood and severity of the risk to the rights and freedoms of the data subjects. Choco shall regularly assess the effectiveness of the TOM and implement alternative measures if necessary for ensuring appropriate level of security.

3.2 It shall be incumbent upon the Customer to review the TOM taken by Choco, particularly to review whether these measures are also sufficient with regard to circumstances of the data processing that are not known to Choco.

4. Use of Sub-Processors and Data Transfers

4.1 The Customer generally authorizes Choco to make use of services of sub-processors when processing the Personal Data. The current sub-processors engaged by Choco are listed in Annex 3. Choco will impose on any sub-processor substantially similar data protection obligations which are no less protective than the ones set out under this DPA and will remain liable towards the Customer for its sub-processors’ performance under this DPA to the extent Choco will be liable for its own performance.

4.2 Choco will update the list of sub-processors in Annex 3 before authorizing a new sub-processor to process Personal Data on behalf of Customer and send a notice of that update. If the Customer wants to receive these updates, it shall sign up to the notification mechanism available in Annex 3. If Customer does not object within 14 days following Choco’s notification by sending an email to legal@choco.com, then the engagement shall be deemed approved.

4.3 If the Customer objects, Choco shall be entitled, at its choice, to either provide its Services without using the rejected additional sub-processor or to terminate the ToS.

4.4 The Customer authorizes Choco, its affiliates and its sub-processors to transfer, access or process the Personal Data outside the UK, the European Economic Area ("EEA"), UAE or KSA provided that the requirements of transfer or engagement under Data Protection Laws are met.

5. Rights of the Data Subjects

5.1 Taking into account the nature of the processing of the Personal Data, Choco shall assist the Customer with appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Customer’s obligation to respond to requests for exercising the data subject’s rights laid down in the Data Protection Laws.

5.2 Choco shall in particular:

• inform the Customer without undue delay if a data subject contacts Choco directly with a request to exercise his/her rights;
• provide the Customer upon the Customer's request with all information available to Choco regarding the processing of the Personal Data that the Customer needs to respond to the request of a data subject and that the Customer does not have itself;
• correct, delete or restrict the processing of the Personal Data without undue delay upon the instruction of the Customer, unless the Customer is able to do so itself and it is technically possible for Choco to do so;
• support the Customer to the extent necessary to receive the Personal Data processed in Choco’s sphere of responsibility - insofar as this is technically possible for Choco - in a structured, common and machine-readable format, insofar as a data subject asserts a right to data portability.

6. Support Obligations

6.1 Choco shall notify the Customer without undue delay after becoming aware of a breach of Personal Data. The notification shall include a description, if possible, of the nature of the breach; the categories and approximate number of data subjects affected by the breach; the probable consequences of the breach; of the measures taken or proposed by Choco to remedy the breach of the protection of the Personal Data and, if applicable, measures to mitigate its possible adverse effects.

6.2 Choco shall investigate the cause of the breach and, where appropriate, take reasonable measures to mitigate its possible adverse effects.

6.3 If Customer is obligated to inform the supervisory authorities and/or data subjects about the personal data breach, Choco shall assist the Customer with complying with this obligation, taking into account the nature of processing and the information available to Choco. Any additional costs incurred by Choco in this context, which exceed statutory processor obligations under the applicable law, will be borne by Customer.

6.4 Choco shall notify Customer of any subpoena or other judicial or administrative order, process or proceeding seeking access to, or disclosure of, the Personal Data insofar as such notification is not prohibited by law. If Customer is obliged to provide information to a supervisory authority regarding the processing of the Personal Data or to otherwise cooperate with such authorities, Choco shall support Customer in providing such information insofar as Customer does not have the information itself and reasonably cooperate with Customer and with supervisory authorities, including granting the competent supervisory authority the necessary rights of access, information and inspection.

6.5 Choco shall provide reasonable assistance to Customer regarding Customer’s compliance with its obligations related to security of processing, data protection impact assessments and prior consultations with the supervisory authorities in each case taking into account the nature of the processing and information available to Choco. Any additional costs incurred by Choco in this context, exceeding the foreseen statutory processor obligations under the applicable law, will be borne by Customer.

7. Data Deletion and Return

7.1 Upon termination of the ToS and written request from the Customer, Choco will either delete or return Personal Data, unless Choco is obliged to continue storing the Personal Data under applicable law.

7.2 Some Personal Data may be archived in our back-up systems and such archived Personal Data will be deleted in accordance with Choco’s retention policy. Any Personal Data archived in backups will be isolated and protected from any further processing. For the period that the data is stored after the termination of the ToS, the rights and obligations of the Parties under this DPA shall continue to apply.

8. Verifications and Audits

8.1 Choco shall,where required under the Data Protection Laws, keep records of its processing activities performed on behalf of Customer and upon request, make available to Customer these records or any other information necessary to demonstrate compliance with statutory processor obligations set out under the Data Protection Laws.

8.2 Choco shall allow for and contribute to audits, including on-site inspections, by Customer or an auditor mandated by Customer in relation to the processing of the Personal Data. The audits and on-site inspections should, as far as possible, not hinder Choco in its normal business operations and should not place an undue burden on Choco. In particular, on-site inspections at Choco for no specific reason should not take place more than once per calendar year and only during Choco’s normal business hours. Customer shall notify Choco of inspections in written or text form at least 30 (thirty) days in advance, providing Choco with information about the scope, duration, and inspection plan. Customer and Choco shall cooperate in good faith and mutually agree on the scope, duration, and start date of the inspection. Any costs incurred by Choco for any on-site inspections which are not clearly disproportionate or excessive, will be borne by the Customer. The auditor mandated by Customer shall be an independent contractor which does not compete with Choco and such auditor shall enter into a non-disclosure agreement with Choco.

9. Region Specific Terms

To the extent Choco processes Personal Data subject to CCPA, the terms set forth in Annex-4 will apply.

10. Miscellaneous

10.1 Each Party’s liability taken together in the aggregate, arising out of or related to this DPA, whether in contract, tort, or under any other theory of liability, is subject to the limitation of liability provisions of the ToS.

10.2 This DPA, including its annexes, is incorporated by reference into the ToS and constitutes an integral part of the ToS between Choco and Customer. If there is any conflict between the terms of the following documents, the order of precedence is: (1) Annex 4 (Region-Specific Terms); (2) the main body of this DPA; (3) ToS. All defined terms not defined in the DPA shall have the meanings ascribed to them in the ToS.

10.3 Amendments and side agreements to any parts of this DPA must be made in writing. This rule also applies to this written form requirement itself. The governing law and jurisdiction under the ToS shall apply accordingly for any parts of this DPA.

Annex 1 - Description of Personal Data Processing

Annex 2 - Technical and Organizational Measures

Taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, Choco shall, in its capacity as data processor, implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including, but not limited to, the following:

1 Confidentiality

1.1 Physical access control

Choco shall take appropriate measures to reduce the risk of unauthorized persons gaining access to data processing systems with which Customer’s personal data are processed and used.

Technical measures:

• Automatic access control systems, control of access by gatekeeper services and alarm systems
• Lockable server cabinets
• key regulation, service directives stipulating that service rooms are to be locked when employees are absent

1.2 System access control

Choco shall take appropriate measures to prevent data processing systems (computers) from being used by unauthorized persons. For this purpose, Choco shall take the following precautions:

Technical measures:

• Login with username + password
• Smartphone encryption
• Encryption of company laptops
• Remote laptop management
• Deployment of anti-virus software for laptops and systems

Organizational measures:

• Manage user permissions
• Create user profiles
• Policies on use of Company Hardware
• General policy on data protection and / or security

1.3 Data access control

Choco shall take appropriate measures to ensure that the persons authorized to use the data processing systems can only access the personal data subject to their access authorization and that the Personal Data of Customer cannot be read, copied, modified or removed without authorization during processing, use and after storage. For this purpose, Choco shall take the following precautions:

Technical measures:

• Erasure of data carriers on laptops before reuse.
• Logging of access to important documents, especially when entering, changing and deleting data.
• File shredder (min. level 3, cross cut)

Organizational measures:

• Creating an authorization concept
• Management of rights by system administrator
• Reduction in the number of administrators
• Closed area for sensitive documents

1.4 Separation control

Choco shall take appropriate measures to ensure that the Personal Data of Customer collected for different purposes can be processed separately. For this purpose, Choco shall take the following precautions:

Technical measures:

• Separate storage on different software
• Software-based customer separation

Organizational measures:

• Creation of an authorization concept
• Determination of database rights

2 Integrity

2.1 Transmission control

Choco shall take reasonable measures to reduce the risk that the Personal Data of Customer can be read, copied, modified or removed without authorization during electronic transmission or during their transport or storage on data carriers. To this end, Choco shall take the following precautions:

Technical measures:

• Email encryption
• Logging of accesses and retrievals of important documents and data
• Provision via encrypted connections such as sftp, https

2.2 Data input control

Choco shall take appropriate measures to ensure that it is possible to check and determine retrospectively whether and by whom personal data of the customer have been entered into data processing systems, changed or removed. For this purpose, Choco shall take the following precautions:

Technical measures:

• Possibility of technical logging of the entry, modification and deletion of personal data.

Organizational measures:

• Traceability of entry, modification, and deletion of personal data through individual user names.
• Retention of forms from which personal data have been transferred to automated processing operations.
• Assignment of rights to enter, change, and delete personal data on the basis of an authorization concept.

3 Availability and resilience

3.1 Availability control

Choco shall take reasonable measures to ensure that the Personal Data of Customer is protected against accidental destruction or loss. For this purpose, Choco shall take the following precautions:

Technical measures:

• Fire and smoke detection systems
• Careful selection of the hosting service provider

Organizational measures:

• Regular control of the hosting service provider

4 Procedures for regular review, assessment and evaluation.

Choco shall implement procedures for regular review, assessment and evaluation of the effectiveness of technical and organizational measures to ensure the security of processing.

4.1 Data protection management

Organizational measures:

• Central documentation of all procedures, regulations and guidelines on data protection with access for employees as required / authorized
• A review of the effectiveness of the technical protective measures is carried out regularly
• Employees trained and committed to confidentiality
• Raising employee awareness through training

4.2 Incident response management

Organizational measures:

• Documentation of security incidents and data breaches
• Regulation of responsibilities for the follow-up of security incidents and data breaches
• Security breach response support.
• Formalized process for handling requests for information from data subjects is in place.

Annex 3 - Subprocessor List

You may find the list of sub-processors and the notification mechanism for new sub-processors at https://legal.choco.com/buyer-subprocessors.

Annex 4 - Region Specific Terms 

4.1 CCPA:

The following terms apply where Choco processes personal information subject to the CCPA. 

The terms “business”, “business purposes”, “commercial purposes”, “collects”, “collected”, “collection”, “consumer”, “de-identified”, “personal information”, “sell”, “selling”, “sale”, “sold”, “service provider” or “third party” shall have the same meaning as in the CCPA.  Personal Information” has the meaning set out in the CCPA, but is limited to personal data processed by Choco acting as a processor on behalf of the Customers under these ToS as further described in the Schedule 1 to the Annex 4.

1. Status of Parties; Details of the processing activities

1.1 The Parties agree that with respect to the provision of Services, as applicable, as to processing of the personal information, the Customer is the “Business” and Choco is the “Service Provider”, as such terms are defined in the CCPA.

1.2 The Customer warrants and represents that it has obtained all necessary consents and complied with all obligations required by CCPA for making available any Customer Personal Information to Choco and for allowing collection of the Customer Personal Data Information by Choco on the Customer’s behalf under the ToS.

2. Obligations of Choco

2.1 Choco agrees:

(a) to process the Customer Personal Information that it processes in its capacity as a Service Provider only:

(i) on behalf of the Customer and/or the applicable Business and in accordance with the Customer's documented instructions unless otherwise required by the CCPA;

(ii) for the purpose of carrying out the Services or as otherwise instructed by the Customer; and

(iii) in compliance with this DPA and the CCPA.

(b) that it shall not process the the Customer Personal Information other than on the Customer’s documented instructions in the Annex 4 and ToS, which include processing to detect data security incidents, protecting against fraudulent or illegal activity, maintaining and improving the Services, managing the Customer’s account, creation of datasets of aggregate consumer information and deidentified information, appointing Subcontractors, and any other business purpose or operational purpose permissible under the CCPA for a service provider that does not cause Choco to lose its Service Provider status. Any additional instructions outside of the scope of the ToS and the DPA shall be agreed upon, in writing, by both Parties

(c) that it shall not (i) sell or share the the Customer Personal Information, (ii) retain, use or disclose the Customer Personal Information for any purpose other than for the business purposes, including retaining, using, or disclosing the personal information for a commercial purpose other than providing the Services, carrying out the instructions of the Customer, or as otherwise permitted under the CCPA; (iii) retain, use, or disclose the the Customer Personal Information outside of the Business relationship between the Customer and Choco.

(d) that it shall promptly notify the Customer of any requests, complaints, messages, or any other notices received from any third party regarding the processing of the Customer Personal Information under this DPA (including requests from Consumers to correct, or limit or restrict use of such Consumers’ personal information), and that it will reasonably assist the Customer with its obligations to reply to or comply with requests, provided that Choco reserves the right to reimbursement from the Customer for any reasonable costs incurred as a result of providing such assistance.

(e) that if it is legally required to process the Customer Personal Data otherwise than as instructed by the Customer, it shall notify the Customer before such processing occurs, unless the law requiring such processing prohibits Choco from notifying the Customer on an important ground of public interest, in which case it shall notify the Customer as soon as that law permits it to do so.

(f) that it will provide reasonable assistance to the Customer in fulfilling its legal obligations under the CCPA.

(g) that it has implemented and will maintain reasonable technical, organisational, and security measures to protect the Customer Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, appropriate to the risks represented by the processing and the nature of the Customer Personal Information to be protected. It shall be incumbent upon the Customer to determine whether these measures are sufficient with respect to the circumstances surrounding the data processing that are not known by Choco.

(h) to take reasonable steps to ensure that its personnel who have access to the Customer Personal Information have committed themselves to confidentiality or are under appropriate statutory obligation of confidentiality.

(i) to inform a Consumer making a request that it should submit the request directly to the Customer.

(j) To notify the Customer if it makes a determination that it can no longer meet its obligations under the CCPA.

(k) to allow for and contribute to audits and assessments, including inspections, conducted by the Customer  or another auditor mandated by the Customer, upon terms mutually agreeable to the Parties, to the extent that such information is within Choco’s control and Choco is not precluded from disclosing such information by applicable law, a duty of confidentiality, or any other obligation owed to a third party.

3. Except as otherwise specified in this DPA, each Party shall perform its obligations under this DPA at its own cost.

Schedule 1 to the Annex 4.1 CCPA Terms

This Schedule forms part of the DPA.

Purposes:

The Customer Personal Information shall be processed for the provision of the Services.

Consumers:

Personal Information relevant to the Services, the extent of which is determined and controlled by the Customer in its sole discretion, and which may include, but is not limited to Personal Information relating to the following categories of data subjects:

Employees or contact persons of the Customer’s Distributors

Employees, consultants, agents, advisors, freelancers of the Customer (who are natural persons)

the Customer’s users authorized by the Customer to use the Services

Categories of data:

Personal Information relevant to the Services, the extent of which is determined and controlled by the Customer in its sole discretion, and which may include, but is not limited to the following categories of Personal Information:

• First and last name
• Position
• Contact information (company, email, phone, physical business address)
• ID data
• Log-in data
• Device data
• Usage data
• Any other data provided directly or indirectly by the Customer, its Authorized Users and/or Personnel of its Distributors

Special categories of data (if appropriate):

None. The personal data processed will not include sensitive personal data including information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, government issued identification numbers, health or medical records, financial information and criminal records.

Processing operations:

Collect, store, and process the Customer Personal Information to perform, operate, maintain, support and improve the Services pursuant to the Agreement, including the activities such as transmitting orders and messages, detecting data security incidents, protecting against fraudulent or illegal activity, managing the Customer’s account, creating datasets of aggregate consumer information and deidentified information and appointing subcontractors.

Duration:

The Personal Information will be processed by Choco for the duration of the ToS.

Choco bietet eine mobile Anwendung und ein webbasiertes Tool (zusammen „die App") an, die die Kommunikation und das Auftragsmanagement zwischen

gewerbliche Kunden aus dem Gastronomie-, Getränke- und Lebensmittelbereich, wie z. B. Restaurants, (im Folgenden "Käufer") und ihren Lieferanten („Lieferanten") erleichtern sollen. Diese Datenschutzerklärung beschreibt, wie Choco Communications DACH GmbH, Wrangelstraße 100, 10997 Berlin, Deutschland und Choco Communications GmbH, mit Sitz in der Wrangelstraße 100, 10997 Berlin, Deutschland, die beide per E-Mail unter legal@choco.com kontaktiert werden können (zusammen „Choco", „wir", „uns"), personenbezogene Daten im Zusammenhang mit der Nutzung der App als gemeinsam Verantwortliche erheben, nutzen, verarbeiten und weitergeben.

Die auf die Verarbeitung personenbezogener Daten anwendbaren Gesetze sind (i) die EU-Verordnung 2016/679 (nachfolgend „DSGVO"), (ii) alle Gesetze oder Verordnungen, mit denen die DSGVO ratifiziert, umgesetzt, angenommen, ergänzt oder ersetzt wird, (iii) alle Gesetze und Verordnungen, die zur Umsetzung der EU-Richtlinie 2002/58/EG (in der Fassung von 2009/136/EG) erlassen wurden, und (iv) in Deutschland das Telekommunikations- Telemedien-Datenschutz-Gesetz (nachfolgend "TTDSG"); und zwar jeweils in ihrer von Zeit zu Zeit aktualisierten, geänderten oder ersetzten Fassung. Die Begriffe „betroffene Person", „personenbezogene Daten", „Verarbeitung", „Auftragsverarbeiter", „gemeinsamer Verantwortlicher" und „Verantwortlicher" haben die in der DSGVO festgelegte Bedeutungen.

Anwendungsbereich

Choco stellt die App und die damit verbundenen Dienste für seine Käufer- und Lieferantenkunden (zusammenfassend „Kunden") bereit. Die betroffenen Personen im Sinne der DSGVO können nur als Endnutzer dieser Kunden („Nutzer" oder “Sie, Ihr”) die App nutzen oder von den Diensten von Choco profitieren. Bei der Bereitstellung der App und der Dienste für unsere Kunden verarbeitet Choco Ihre personenbezogenen Daten als Auftragsverarbeiter im Namen des jeweiligen Kunden gemäß dessen Anweisungen. Wenn Sie beispielsweise im Namen eines Käufers eine Bestellung an einen Lieferanten senden, verarbeiten wir Ihre Daten im Auftrag des betreffenden Käufers. Unsere Kunden sind für die Einhaltung der Datenschutzverpflichtungen verantwortlich, z.B. dafür, Sie über die Verwendung Ihrer personenbezogenen Daten im Zusammenhang mit den von uns in ihrem Auftrag durchgeführten Verarbeitungstätigkeiten zu informieren. Weitere Informationen finden Sie in den Datenschutzrichtlinien der jeweiligen Kunden. Diese Datenschutzrichtlinie gilt ausschließlich für Fälle, in denen wir bei der Verarbeitung der personenbezogenen Daten der Nutzer als Verantwortlicher auftreten.

A. Informationen, die wir sammeln

1. Von Ihnen bereitgestellte Informationen

Informationen zum Konto

Bei der Erstellung eines Kontos werden Sie aufgefordert, obligatorische Informationen anzugeben, z. B. Ihren Vor- und Nachnamen, Ihre E-Mail-Adresse, Ihre Telefonnummer und den Namen des Unternehmens, für das Sie arbeiten oder das Sie vertreten. Wenn Sie diese Informationen nicht angeben, können Sie kein Konto zur Nutzung der App erstellen. Sie können in Ihrem Profil zusätzliche Informationen angeben, z. B. ein Profilbild und Ihren Titel im Unternehmen.

Kommunikation mit Choco

Sie können aus verschiedenen Gründen mit uns kommunizieren. Sie können ein Kontaktformular ausfüllen, unseren Kundendienst kontaktieren, eine Umfrage ausfüllen, an einem Nutzerinterview teilnehmen oder auf andere Weise mit uns interagieren. Wir können diese Kommunikation aufzeichnen, einschließlich aller Informationen, die Sie uns während solcher Interaktionen zur Verfügung stellen. Diese Mitteilungen können zu verschiedenen Zwecken verarbeitet werden, wie in Abschnitt B "Wie verwenden wir Ihre Daten" näher beschrieben.

Transaktionsdaten

Wir erhalten Transaktionsdaten, wenn Sie Aktionen in unserer App durchführen, wie z. B. das Datum und die Uhrzeit der Bestellungen, die Sie im Namen eines Kunden aufgeben, Artikel, die Sie zu Teambestellungen hinzugefügt haben oder Lieferprüfungen, die Sie durchführen. Wir verwenden Transaktionsdaten, um unseren Kunden die Funktionalitäten unserer App zur Verfügung zu stellen.

Andere von Ihnen übermittelte Informationen

Wenn Sie die App nutzen, können Sie verschiedene Informationen eingeben, verwalten und bearbeiten. Zu diesen Informationen gehören insbesondere Ihre Kommunikation mit anderen Benutzern, aber auch andere Informationen, die Sie hochladen, wie z. B. Bilder und Kontakten. Wir verwenden diese Informationen, um unseren Kunden als Auftragsverarbeiter die Funktionen unserer App zur Verfügung zu stellen.

In einigen Fällen werden Sie möglicherweise um Ihre ausdrückliche Erlaubnis gebeten, bevor wir auf Ihre Informationen zugreifen.

• Kamera-Zugang: Sie können den Kamerazugriff aktivieren, um Bilder direkt von Ihrem Telefon in die App hochladen zu können. Hierfür benötigen wir Ihre Erlaubnis, auf Ihre Kamera und die in Ihrem Kameraalbum gespeicherten Medieninhalte zuzugreifen. Dieser Zugriff ist für die Nutzung der App nicht zwingend erforderlich, kann aber Ihre Kommunikation und den Bestellvorgang erleichtern. Dieser Zugriff basiert auf Ihrer Einwilligung gemäß Artikel 6 Absatz 1 Buchstabe a DSGVO. Die Einwilligung ist freiwillig und kann gemäß Artikel 7 Absatz 3 der DSGVO jederzeit widerrufen werden.
• Zugang zur Kontaktliste: Sie haben auch die Möglichkeit, Teammitglieder zu Ihrem Konto hinzuzufügen, indem Sie deren Kontaktinformationen manuell oder direkt aus der Kontaktliste auf Ihrem Telefon hinzufügen. Für die zweite Option benötigen wir Ihre Erlaubnis, auf Ihre Kontaktliste zuzugreifen. Dieser Zugriff ist für die Nutzung der App nicht zwingend erforderlich. Wenn Sie uns die Erlaubnis erteilen, werden wir auf die Namen und Telefonnummern in Ihrer Kontaktliste zugreifen und sie Ihnen anzeigen. Wir überprüfen auch, ob einer Ihrer Kontakte bereits Choco nutzt und zeigen Ihnen auch diese Informationen an. Wir werden weiterhin auf Ihre Kontaktliste zugreifen, bis Sie Ihre Erlaubnis widerrufen. Wir speichern Ihre Kontaktlisten nicht auf unseren Servern. Wir speichern nur die Informationen (Name und Telefonnummer) Ihrer Kontakte, die bereits Choco-Nutzer sind, und derer, die Sie zur Nutzung von Choco eingeladen haben. Wenn Sie Nutzer einen Käufers sind, können Sie auch die Kontaktdaten des Handelsvertreters Ihres Lieferanten hinzufügen. In diesem Fall gelten die gleichen Bedingungen wie oben. Der Zugang und die beschriebene Verarbeitung beruhen auf Ihrer Einwilligung gemäß Artikel 6 Absatz 1 Buchstabe a DSGVO. Die Einwilligung ist freiwillig und kann gemäß Artikel 7 Absatz 3 DSGVO jederzeit widerrufen werden.
• Zugang zum Mikrofon: Mit der Sprachbestellfunktion können Sie Bestellungen aufgeben, indem Sie sie direkt auf Ihrem Telefon aufzeichnen. Um diese Funktion zu aktivieren, benötigen wir Ihre Erlaubnis, auf das Mikrofon Ihres Telefons zuzugreifen. Dieser Zugriff ist optional und für die Nutzung der App nicht erforderlich. Wenn Sie Ihre Erlaubnis erteilen, greifen wir nur dann auf das Mikrofon zu, wenn Sie gerade aktiv eine Bestellung aufnehmen. Der Zugang und die beschriebene Verarbeitung beruhen auf Ihrer Einwilligung gemäß Artikel 6 Absatz 1 Buchstabe a DSGVO. Die Einwilligung ist freiwillig und kann gemäß Artikel 7 Absatz 3 DSGVO jederzeit widerrufen werden.
• Standortzugriff: Wenn Sie die App als Lieferantenmitarbeiter verwenden, können Sie Ihre Leads und Kunden auf einer Karte in der App anzeigen. Die Karte wird über Google Maps API bereitgestellt und die Google-Datenschutzrichtlinie gilt für die Nutzung der Kartenfunktion. Um die relevanten Ergebnisse in Ihrer Nähe anzeigen zu können, benötigen wir Zugriff auf Ihren Standort. Dieser Zugriff ist optional und für die Nutzung der App nicht erforderlich. Wenn Sie Ihre Zustimmung erteilen, greifen wir nur dann auf Ihren Standort zu, wenn Sie die App verwenden. Der Zugang und die beschriebene Verarbeitung beruhen auf Ihrer Einwilligung gemäß Artikel 6 Absatz 1 Buchstabe a DSGVO. Die Einwilligung ist freiwillig und kann gemäß Artikel 7 Absatz 3 DSGVO jederzeit widerrufen werden.

   2. Automatisch erfasste Informationen

Geräte- und Verbindungsdaten

Wenn Sie unsere App besuchen, sammelt die App automatisch bestimmte Informationen von Ihrem Gerät, wie z. B. die Version des Betriebssystems, Gerätetyp und -hersteller, Zugriffszeiten, Ihre IP-Adresse, Ihren Mobilfunkanbieter, Konfigurationen, Browsertyp, Informationen über die Internetverbindung und auch den allgemeinen Standort auf der Grundlage Ihrer IP-Adresse.

Nutzungsdaten

Wir verwenden automatische Datenerfassungstools wie Cookies, Trackingpixel und ähnliche Technologien, um Informationen darüber zu sammeln, wie Sie mit unserer App und unseren Mitteilungen/E-Mails interagieren. Dazu gehören Informationen wie die Benutzer-ID, die IP-Adresse, die von Ihnen besuchten Seiten und die auf diesen Seiten verbrachte Zeit, die von Ihnen verwendeten Funktionen, Ihre Befehle und andere statistische Informationen in Bezug auf Ihre Nutzung der App.

   3. Informationen, die wir aus anderen Quellen sammeln

Informationen, die von anderen Benutzern und/oder Kunden bereitgestellt werden

Wir können Ihre Kontaktinformationen (wie Name, geschäftliche E-Mail-Adresse, geschäftliche Telefonnummer, Ihr Unternehmen und Titel) von anderen Kunden erhalten, die mit der Organisation, der Sie angehören, kommunizieren möchten. Wir können Ihre Kontaktinformationen auch von Nutzern erhalten, die derselben Organisation angehören wie Sie und die Sie einladen, die App zu nutzen. Wir verwenden diese Informationen in unserer Eigenschaft als Auftragsverarbeiter für unsere Kunden, um Ihnen Mitteilungen zu senden und Sie in deren Namen in die App einzubinden. Der jeweilige Kunde ist jedoch dafür verantwortlich, Sie als Verantwortlicher über diese Aktivitäten zu informieren. Wenn Sie ein Konto erstellen, beginnen wir als Anbieter der App mit der Verarbeitung Ihrer Daten als für die Verarbeitung Verantwortlicher im Einklang mit dieser Datenschutzrichtlinie.

B. Wie verwenden wir Ihre Informationen
 

   1. Zur Bedienung der App

Wir verarbeiten Ihre personenbezogenen Daten für die folgenden Zwecke:

• Betrieb, Hosting und Wartung der App, einschließlich der Überwachung der Leistung des Dienstes, der Fehlersuche und -behebung bei etwaigen Fehlfunktionen,
• Authentifizierung von Benutzern bei der Anmeldung,
• Erkennen, Vorbeugen und Reagieren auf Sicherheitsvorfälle sowie auf böswillige, betrügerische oder illegale Aktivitäten,
• Gewährleistung von Sicherheit, Integrität und Schutz unserer App, unserer Nutzer, Kunden, Mitarbeiter und Dritter.

Die Rechtsgrundlage für die oben aufgeführten Verarbeitungen ist unser berechtigtes Interesse im Sinne von Artikel 6 Absatz 1 Buchstabe f DSGVO, die Funktionalität und den fehlerfreien Betrieb der App sicherzustellen und die Nutzung unserer App zu verwalten.

Kategorien personenbezogener Daten: Accountinformationen, Kommunikation mit Choco, Transaktionsdaten, andere von Ihnen übermittelte Informationen, Geräte- und Verbindungsdaten, Nutzungsdaten
 

   2. Um die Beziehung zu unseren Kunden zu verwalten

Wir verarbeiten Ihre personenbezogenen Daten, um die Beziehungen zu unseren Kunden zu verwalten, z. B. für die Rechnungsstellung, die Kontoverwaltung und die Durchsetzung der Bedingungen der Vereinbarung zwischen den Kunden und Choco.

Die Rechtsgrundlage für diese Verarbeitung ist unser berechtigtes Interesse im Sinne von Artikel 6 Absatz 1 Buchstabe f DSGVO an der Verwaltung und Pflege der Beziehung zu unseren Kunden.

Kategorien personenbezogener Daten: Accountinformationen, Kommunikation mit Choco, Transaktionsdaten, andere von Ihnen übermittelte Informationen, Geräte- und Verbindungsdaten, Nutzungsdaten

   3. Um Ihre Nutzung der App zu unterstützen und um mit Ihnen zu kommunizieren

Wir verwenden Ihre personenbezogenen Daten, um Ihre Fragen und Anfragen zu beantworten und Sie zu unterstützen. Wir können diese Kommunikation aufzeichnen, einschließlich aller Informationen, die Sie uns während solcher Interaktionen zur Verfügung stellen. Wir können diese Informationen verwenden, um unsere Kundensupportprozesse zu verbessern.

Wir verwenden Ihre personenbezogenen Daten auch, um Ihnen technische oder rechtliche Hinweise, Aktualisierungen, Sicherheitsmitteilungen oder andere Nachrichten zu senden, die den Betrieb der App oder die Verwaltung Ihres oder des Kundenkontos betreffen. Wir verwenden automatisch erfasste Informationen über Ihre Interaktionen mit unseren Mitteilungen, um unsere Mitteilungen an Sie zu verbessern. Einige dieser Mitteilungen können in Form von Push-Benachrichtigungen gesendet werden. Sie können Push-Benachrichtigungen in den Einstellungen Ihres Mobilgeräts deaktivieren.

Die Rechtsgrundlage für diese Verarbeitung ist unser berechtigtes Interesse im Sinne von Artikel 6 Absatz 1 Buchstabe f DSGVO, auf Ihre Anfragen zu antworten und Sie über die Funktionsweise der App zu informieren.

Kategorien personenbezogener Daten: Accountinformationen, Kommunikation mit Choco, Transaktionsdaten, andere von Ihnen übermittelte Informationen, Geräte- und Verbindungsdaten, Nutzungsdaten

   4. Um unsere Dienstleistungen zu verbessern

Um unsere App und Ihr Nutzererlebnis zu verbessern, verwenden wir Tools zur statistischen Erfassung und Analyse des allgemeinen Nutzungsverhaltens. Wir sammeln Informationen über Ihre In-App-Aktivitäten und Ihre Beteiligung an den über unsere App gesendeten Mitteilungen. Wir erstellen und analysieren statistische Informationen darüber, wie unsere App genutzt wird. Wir können Nutzertrends und Nutzerverhalten analysieren und überwachen, Tests für neue Funktionen durchführen und Fehlerbehebungen vornehmen. Wo es angemessen ist, aggregieren wir die Informationen oder anonymisieren sie.

Rechtsgrundlage ist unser berechtigtes Interesse im Sinne von Artikel 6 Absatz 1 Buchstabe f DSGVO an der Verbesserung der Funktionen und Leistung unserer App und der Sicherstellung ihrer Funktionalität.

Wir können Sie kontaktieren, um Sie nach Ihrer Meinung zu unserer App zu fragen oder um Sie zu bitten, an einer Nutzerumfrage teilzunehmen. Rechtsgrundlage für die Kontaktaufnahme zu diesem Zweck ist unser berechtigtes Interesse an der Verbesserung der Funktionen unserer App. Ihre Teilnahme an einer Nutzerumfragebasiert auf Ihrer Einwilligung gemäß Artikel 6 Absatz 1 Buchstabe a DSGVO. Wir können auch Ihre Kommunikation mit uns nutzen, wie z. B. Ihr Feedback zur Verbesserung unserer App.

Kategorien personenbezogener Daten: Accountinformationen, Kommunikation mit Choco, Transaktionsdaten, andere von Ihnen übermittelte Informationen, Geräte- und Verbindungsdaten, Nutzungsdaten
 

   5. Zur Erfüllung gesetzlicher Verpflichtungen und zur Verteidigung unserer Rechte

Wir können Ihre personenbezogenen Daten verwenden, um unsere gesetzlichen Anforderungen zu erfüllen, z.B. um Aufzeichnungen über Zahlungen zu Buchhaltungszwecken zu führen. Die Rechtsgrundlage für diese Verarbeitung ist Artikel 6 Absatz 1 Buchstabe c DSGVO. Wir können Ihre Daten auch auf der Grundlage unseres berechtigten Interesses im Sinne von Artikel 6 Absatz 1 Buchstabe f DSGVO verarbeiten, um unsere Rechte im Falle von Rechtsstreitigkeiten zu verteidigen.

Kategorien personenbezogener Daten: Accountinformationen, Kommunikation mit Choco, Transaktionsdaten, andere von Ihnen übermittelte Informationen, Geräte- und Verbindungsdaten, Nutzungsdaten, Kontaktdaten

6. Um Werbungen zu zeigen

Wir können Ihnen in unserer App Werbung von Lebensmittelherstellern und anderen Drittanbietern anzeigen, die für Kunden relevant sein können, in deren Auftrag Sie die App nutzen. Diese Werbungen sind nicht personalisiert – als B2B-App betreiben wir keine personalisierte oder verhaltensbasierte Werbung.

Wir können Ihre personenbezogenen Daten (z. B. Klicks) erfassen und verwenden, um die Werbungen anzuzeigen und Werbeleistung zu messen. Wir können Berichte über die Werbeleistung an die Werbetreibenden weitergeben. Diese Berichte enthalten jedoch nur aggregierte und nicht identifizierbare Daten und keine personenbezogenen Daten.

Wir geben Ihre personenbezogenen Daten unter keinen Umständen an Dritte wie Werbenetzwerke, Social-Media-Plattformen, Ad-Serving-Unternehmen oder Datenbroker weiter. Wir verfolgen Sie auch nicht über Websites oder Apps von Drittanbietern.

Die rechtliche Grundlage für diese Verarbeitung ist unser berechtigtes Interesse an der Monetarisierung der App und der Verbesserung der Benutzererfahrung sowie das berechtigte Interesse unserer Kunden, relevante Produkte und Angebote zu entdecken. Sie können jederzeit von Ihrem Recht Gebrauch machen, dieser Verarbeitung zu widersprechen.

Einige Anzeigen können Links zu Websites Dritter enthalten. Wir sind nicht für die Datenschutzpraktiken dieser Websites verantwortlich.

Kategorien personenbezogener Daten: Accountinformationen, Geräte- und Verbindungsdaten, Nutzungsdaten.

C. Bereitstellung von Dienstleistungen für unsere Kunden

Wir verarbeiten Ihre personenbezogenen Daten, um unseren Kunden als Auftragsverarbeiter Dienstleistungen und Funktionen unserer App zur Verfügung zu stellen. Wir haben keine Kontrolle darüber, wie die Nutzer die App nutzen. Wir verarbeiten personenbezogene Daten nur in ihrem Namen, um ihre Anweisungen auszuführen. So können wir beispielsweise Ihre Kontaktinformationen verarbeiten, um Ihnen eine Nachricht von einem Anbieter zukommen zu lassen oder Sie einzuladen, die App im Namen eines Anbieters zu nutzen. Kundenadministratoren sind für die Verwaltung des Zugriffs auf das Konto ihrer Organisation verantwortlich, einschließlich der Änderung der Zugriffsrechte von Benutzern, falls erforderlich. Weitere Informationen finden Sie in den Datenschutzrichtlinien unserer Kunden.

Kategorien personenbezogener Daten: Accountinformationen, Transaktionsdaten, andere von Ihnen übermittelte Informationen, Nutzungsdaten

D. Cookies und andere Tracking-Technologien

Wir verwenden Tracking-Technologien wie Cookies, Pixel und andere ähnliche Technologien, um automatisch Informationen zu sammeln, wenn Sie die App nutzen oder wenn Sie mit Mitteilungen interagieren, die wir Ihnen senden oder die von anderen Nutzern über die App gesendet werden. Die mit diesen Tools erfassten Daten werden in Abschnitt A. 2 über automatisch erfasste Informationen beschrieben.

Einige dieser Tools sammeln Informationen vom Endgerät, um die Grundfunktionen unserer App zu ermöglichen. Diese werden als wesentliche Tools bezeichnet und dienen dazu, die Sicherheit und Stabilität unserer App zu gewährleisten, Missbrauch zu verhindern und böswillige Aktivitäten zu erkennen. Ohne diese Tools könnten wir unsere App nicht anbieten. Einige dieser Tools werden für die statistische Erfassung und Analyse des allgemeinen Nutzerverhaltens auf der Grundlage von Zugriffsdaten verwendet, um zu verstehen und zu untersuchen, wie unsere Nutzer mit unserer App interagieren, um unsere App bereitzustellen, zu aktualisieren und zu verbessern.

E. Wie wir Ihre Informationen weitergeben

Wir können Ihre personenbezogenen Daten an die folgenden Kategorien von Empfängern weitergeben.

1. Choco-Gruppe

Choco teilt Infrastruktur, Systeme und Technologie mit anderen Unternehmen, die der Choco Communications GmbH ("Choco Gruppe") gehören oder von ihr betrieben werden. Wir können personenbezogene Daten innerhalb der Choco-Gruppe weitergeben, um unsere Dienste bereitstellen und verbessern zu können und unser Geschäft zu betreiben. Andere Unternehmen innerhalb der Choco Gruppe fungieren in diesem Fall als unsere Dienstleister (Auftragsverarbeiter) und werden Ihre personenbezogenen Daten gemäß unseren Anweisungen verarbeiten. 

2. Unsere Dienstleistungsanbieter

Wir teilen Ihre personenbezogenen Daten mit unseren beauftragten Dienstleistern, die uns bei der Bereitstellung, Unterstützung und Verbesserung unserer Dienste und der App unterstützen und Ihre personenbezogenen Daten in unserem Namen verarbeiten. Zu diesen Drittanbietern gehören Hosting-Provider, IT-Tools und -Dienste, operative Dienste, CRM- und Kommunikations-Tools, Cybersecurity-Dienste und die Tools, die wir für die statistische Erfassung und Analyse des allgemeinen Nutzungsverhaltens auf unserer App und unseren Diensten verwenden - eine vollständige Liste finden Sie hier.

Diese Dienstleister sind (gesetzlich und vertraglich) in ihren Möglichkeiten, Ihre personenbezogenen Daten zu nutzen, eingeschränkt. Durch den Abschluss von Auftragsverarbeitungsverträgen mit diesen Dienstleistern stellen wir sicher, dass sie Datenschutz- und Sicherheitsverpflichtungen unterliegen, die mit dieser Datenschutzerklärung und den geltenden Gesetzen im Einklang stehen.

3. Zuständige Behörden und berechtigte Dritte

Wir sind verpflichtet, Ihre personenbezogenen Daten offenzulegen, um einer gesetzlichen Verpflichtung oder einem rechtmäßigen Ersuchen einer Regierung oder einer Strafverfolgungsbehörde nachzukommen. Eine Offenlegung der personenbezogenen Daten ist dadurch gerechtfertigt, dass die Verarbeitung zur Erfüllung einer rechtlichen Verpflichtung erforderlich ist, der wir gemäß Artikel 6 Absatz 1 Buchstabe c DSGVO in Verbindung mit den nationalen Rechtsvorschriften über die Weitergabe von Daten an Strafverfolgungsbehörden und andere Aufsichtsbehörden unterliegen.

Wir können Ihre personenbezogenen Daten an Dritte weitergeben, um die Nutzungsbedingungen der App oder andere Vereinbarungen, die wir mit Ihnen oder unseren Kunden getroffen haben, durchzusetzen; um unsere Rechte oder die Rechte Dritter zu schützen oder zu verteidigen; um illegale Aktivitäten zu verhindern oder auf Rechtsansprüche zu reagieren. Jegliche Offenlegung der personenbezogenen Daten ist durch die Tatsache gerechtfertigt, dass wir ein berechtigtes Interesse im Sinne von Artikel 6 Absatz 1 Buchstabe f DSGVO haben, die Rechte, das Eigentum und die Sicherheit von Choco, unseren Kunden und Dritten zu schützen oder zu verteidigen.

4. Umstrukturierung des Unternehmens

Im Rahmen der Weiterentwicklung unseres Geschäfts kann sich die Struktur unseres Unternehmens durch Änderung der Rechtsform, Gründung, Erwerb oder Übertragung von Tochtergesellschaften, Unternehmensteilen oder Komponenten ändern. Wir können Ihre personenbezogenen Daten an Dritte weitergeben, wenn wir an einer tatsächlichen oder geplanten Fusion, Übernahme, Finanzierung, einem Konkurs, dem Verkauf aller oder eines Teils unserer Vermögenswerte oder einer Umstrukturierung beteiligt sind. Eine angemessene und verhältnismäßige Weitergabe personenbezogener Daten im zulässigen Umfang ist dadurch gerechtfertigt, dass wir ein berechtigtes Interesse im Sinne von Artikel 6 Absatz 1 Buchstabe f DSGVO daran haben, unsere Unternehmensform gegebenenfalls an die wirtschaftlichen und rechtlichen Gegebenheiten anzupassen.
 

5. Informationen, die Sie mit anderen Nutzern teilen

Sie können Ihre persönlichen Daten (wie z. B. Ihren Vor- und Nachnamen und Ihre Kontaktinformationen) mit anderen Nutzern teilen, mit denen Sie sich aus freien Stücken entschieden haben, über die App zu kommunizieren und/oder Ihre Bestellungen aufzugeben. Wie bei jeder anderen Kommunikationsplattform können Nutzer, die sich im selben Chat wie Sie befinden, Ihre Kontaktinformationen sehen, einschließlich der Nutzer des anderen Unternehmens in Ihrem Chat. Die Verarbeitung im Rahmen dieses Kapitels erfolgt in unserer Eigenschaft als Auftragsverarbeiter auf der Grundlage der Anweisungen des Kunden als Verantwortlicher.

F. Datenübermittlung an Drittländer

Einige der Empfänger können sich in Ländern außerhalb des Europäischen Wirtschaftsraums befinden, die nach Ansicht der zuständigen Aufsichtsbehörde in Ihrem Wohnsitzland keinen angemessenen Schutz bieten.

Wann immer wir personenbezogene Daten in diese Länder übermitteln, ergreifen wir geeignete Maßnahmen, die durch die Datenschutzgesetze vorgeschrieben sind. Zu diesen Maßnahmen gehört der Abschluss von Standardvertragsklauseln mit internationalem Datenübertragungszusatz oder internationalen Datenübertragungsvereinbarungen, die vom europäischen Parlament gebilligt wurden und den Empfängern höhere Standards für den Schutz personenbezogener Daten auferlegen. Erforderlichenfalls führen wir auch eine Folgenabschätzung für die Übermittlung durch, um sicherzustellen, dass die Rechte der betroffenen Personen nicht beeinträchtigt werden.

Wo dies nicht möglich ist, stützen wir die Datenübermittlung auf Ausnahmen nach Art. 49 DSGVO, insbesondere Ihre ausdrückliche Einwilligung oder die Erforderlichkeit der Übermittlung für die Erfüllung des Vertrages oder für die Durchführung vorvertraglicher Maßnahmen. Ist eine Übermittlung in ein Drittland geplant und liegen kein Angemessenheitsbeschluss oder geeignete Garantien vor, besteht die Möglichkeit und das Risiko, dass Behörden des jeweiligen Drittlandes (z.B. Geheimdienste) Zugriff auf die übermittelten Daten erhalten, um diese zu erheben und auszuwerten, und dass die Durchsetzbarkeit Ihrer Rechte als Betroffener nicht gewährleistet ist. Bei der Einholung Ihrer Einwilligung über das Einwilligungsbanner werden Sie auch hierüber informiert.

G. Ihre Rechte als betroffene Person

Als betroffene Person haben Sie die folgenden Rechte:

• Recht auf Zugang zu den personenbezogenen Daten, die wir über Sie gespeichert haben,
• Recht auf Berichtigung der personenbezogenen Daten, die wir über Sie gespeichert haben,
• Recht auf Löschung Ihrer personenbezogenen Daten unter bestimmten, in den Datenschutzgesetzen (Art. 17 DSGVO) festgelegten Umständen,
• Recht auf Einschränkung der Verarbeitung Ihrer personenbezogenen Daten unter bestimmten, in Artikel 18 DSGVO genannten Umständen,
• Recht auf Widerspruch gegen die Verarbeitung, wenn die Verarbeitung auf unseren berechtigten Interessen beruht,
• Recht auf Übermittlung Ihrer Daten an einen Dritten (Recht auf Datenübertragbarkeit);
• das Recht, keiner Entscheidung unterworfen zu werden, die ausschließlich auf einer automatisierten Verarbeitung beruht, und
• Recht auf Widerruf Ihrer Einwilligung, wenn die Datenverarbeitung auf Ihrer Einwilligung beruht.

Bitte beachten Sie, dass das Recht, Ihre Einwilligung zu widerrufen, die Rechtmäßigkeit der Verarbeitung vor Ihrem Widerruf nicht berührt.

Ihre Anfragen zur Geltendmachung von Betroffenenrechten und unsere Antworten darauf werden zu Dokumentationszwecken für einen Zeitraum von bis zu drei (3) Jahren und in Einzelfällen für längere Zeiträume zur Begründung, Ausübung oder Verteidigung von Rechtsansprüchen gemäß Artikel 6 Absatz 1 Buchstabe f DSGVO aufbewahrt, was auf unserem berechtigten Interesse an der Abwehr von Ansprüchen und der Vermeidung von Bußgeldern beruht.

Wenn Sie Fragen, Kommentare oder Beschwerden über unseren Umgang mit Ihren personenbezogenen Daten haben oder wenn Sie Ihre Rechte als Betroffener ausüben möchten, wenden Sie sich bitte an das Choco Legal Team unter folgenden Kontaktdaten: legal@choco.com.

Sie können den Datenschutzbeauftragten auch unter der unten angegebenen Postadresse erreichen (Stichwort: "Zu Händen des Datenschutzbeauftragten von Choco"):

ISiCO Datenschutz GmbH, Am Hamburger Bahnhof 4, 10557 Berlin

Als betroffene Person haben Sie das Recht, sich bei einer Aufsichtsbehörde zu beschweren, wenn Sie der Ansicht sind, dass die Verarbeitung der Sie betreffenden personenbezogenen Daten gegen die Datenschutz-Grundverordnung verstößt. Die für die Verarbeitung personenbezogener Daten durch Choco in Deutschland zuständige Datenschutzbehörde ist die Bundesbeauftragte für Datenschutz, siehe diesen Link und die Berliner Beauftragte für Datenschutz und Informationsfreiheit, siehe diesen Link.

Wenn Sie Ihre Rechte in Bezug auf personenbezogene Daten ausüben möchten, die Choco als Auftragsverarbeiter im Namen seiner Kunden verarbeitet, richten Sie Ihre Anfrage bitte an den betreffenden Kunden.

H. Datenschutzbeauftragter und Kontaktangaben

Sie können Ihre Datenschutzanliegen gerne an unseren Datenschutzbeauftragten richten, indem Sie eine E-Mail an die oben genannte E-Mail-Adresse senden. Bitte beachten Sie, dass E-Mails an die oben genannte E-Mail-Adresse nicht ausschließlich von unserem Datenschutzbeauftragten empfangen werden, da dies eine allgemeine E-Mail für das Choco Legal Team ist. Wenn Sie sich ausschließlich an unseren Datenschutzbeauftragten wenden und/oder vertrauliche Informationen übermitteln möchten, verweisen Sie bitte in der Betreffzeile oder im Text Ihrer E-Mail auf den Datenschutzbeauftragten und bitten Sie ihn, sich direkt mit Ihnen in Verbindung zu setzen, um Ihre Datenschutzanliegen weiter zu besprechen. Sie können sich auch an den Datenschutzbeauftragten wenden, indem Sie die oben genannte Postanschrift der für die Verarbeitung Verantwortlichen verwenden (Stichwort: "Zu Händen des Datenschutzbeauftragten").

I. Informationen über die gemeinsame Verantwortlichkeit

Die Choco Communications GmbH und die Choco Communications DACH GmbH bestimmen gemeinsam die Zwecke und Mittel der Verarbeitung. Die Choco Communications GmbH ist Ihr Ansprechpartner, wenn Sie Ihre unter Abschnitt E beschriebenen Rechte ausüben möchten. Bitte wenden Sie sich an legal@choco.com, wenn Sie weitere Informationen über den Inhalt einer solchen Vereinbarung zwischen den Parteien wünschen.

J. Dauer der Speicherung

Wir bewahren die personenbezogenen Daten, die wir als für die Verarbeitung Verantwortlicher verarbeiten, so lange auf, wie es zur Erfüllung der Zwecke, für die wir sie verarbeitet haben, erforderlich ist. Danach löschen oder anonymisieren wir Ihre Daten, es sei denn, wir sind gesetzlich verpflichtet, sie länger aufzubewahren, oder sie sind für die Begründung, Ausübung oder Verteidigung von Rechtsansprüchen erforderlich. In diesen Fällen werden wir die personenbezogenen Daten nach Ablauf der gesetzlichen Fristen löschen.

K. Sicherheit

Wir setzen verschiedene technische, administrative und organisatorische Maßnahmen ein, um Ihre personenbezogenen Daten vor unbefugtem Zugriff und unrechtmäßiger Verarbeitung, Veränderung oder Zerstörung zu schützen.

L. Hyperlink

Unsere App kann Hyperlinks zu Websites Dritter enthalten. Wenn diese Hyperlinks aktiviert sind, werden Sie von unserer App direkt auf die Webseiten der Drittanbieter weitergeleitet. Dies erkennen Sie u.a. an der sich ändernden URL. Wir können keine Verantwortung für den vertraulichen Umgang mit Ihren Daten auf diesen Drittanbieter-Websites übernehmen und auch nicht dafür, dass diese die Datenschutzgrundverordnung (DSGVO) einhalten, was außerhalb unserer Kontrolle liegt. Bitte informieren Sie sich direkt auf diesen Websites über den dortigen Umgang mit Ihren personenbezogenen Daten.

M. Änderungen an dieser Datenschutzerklärung

Wir halten diese Datenschutzerklärung immer auf dem neuesten Stand. Daher behalten wir uns das Recht vor, sie von Zeit zu Zeit zu aktualisieren oder zu ändern und diese Änderungen bei der Verarbeitung Ihrer personenbezogenen Daten zu berücksichtigen. Wir werden das Datum der letzten Aktualisierung am Anfang der Datenschutzerklärung angeben.

Choco propose une application mobile et un outil web (ensemble « l’Application ») conçus pour faciliter la communication et la gestion des commandes entre les Restaurateur commerciaux du secteur alimentaire tels que les restaurants (« Restaurateur ») et leurs fournisseurs (« Fournisseurs »). La présente politique de confidentialité décrit la manière dont Choco Communication France SAS, dont le siège social est situé au 112 rue Réaumur, 75002 Paris, et Choco Communications GmbH, dont le siège social est situé à Wrangelstraße 100, 10997 Berlin, Allemagne, toutes deux pouvant être contactées par e-mail à legal@choco.com, (ensemble, « Choco », « nous ») collectent, utilisent, traitent et partagent les données à caractère personnel dans le cadre de l'utilisation de l'Application en tant que responsables conjoints du traitement.

Les lois applicables au traitement des données à caractère personnel sont notamment (i) le règlement de l'UE 2016/679 (« RGPD »), (ii) toute loi ou réglementation ratifiant, mettant en œuvre, adoptant, complétant ou remplaçant le RGPD; (iii) toute loi et réglementation mettant en œuvre ou adoptée en vertu de la directive 2002/58/CE de l'UE (telle que modifiée par 2009/136/CE) en France; et les termes « personne concernée », « données à caractère personnel », « traitement », « responsable conjoint du traitement » et « responsable du traitement » ont la signification qui leur est donnée dans le RGPD.

Champ d'application

Choco fournit l'Application et les services associés aux Restaurateur et Fournisseurs (ensemble, les « Clients »). Les personnes concernées au sens du RGPD ne peuvent utiliser l'Application ou bénéficier des services de Choco qu'en tant qu'utilisateurs finaux de ces Clients (« Utilisateur(s) » ou « vous »). Lors de la fourniture de l'Application et des services à nos Clients, Choco traite vos données à caractère personnel en tant que sous-traitant pour le compte du Client concerné, conformément à ses instructions. Par exemple, lorsque vous envoyez une commande à un Fournisseur au nom d'un Acheteur, nous traitons vos données au nom de l'Acheteur concerné. Nos Clients sont responsables de leur respect des obligations en matière de protection de la vie privée, notamment ils doivent vous informer de l'utilisation de vos données à caractère personnel dans le cadre des activités de traitement que nous effectuons en leur nom. Pour plus d'informations, veuillez-vous référer aux politiques de confidentialité des Clients respectifs. La présente politique de confidentialité s'applique exclusivement aux scénarios dans lesquels nous agissons en tant que responsable du traitement des données à caractère personnel des Utilisateurs.

A. Informations collectées

1. Informations fournies par vous

Informations sur le compte

Lors de la création d'un compte, il vous sera demandé de fournir des informations obligatoires, telles que vos nom et prénom, votre adresse électronique, votre numéro de téléphone et le nom de votre entreprise. Si vous ne fournissez pas ces informations, vous ne pourrez pas créer de compte pour utiliser l'Application. Vous pouvez fournir des informations supplémentaires dans votre profil, telles qu'une photo de profil et votre rôle dans l'entreprise.

Communications avec Choco

Vous pouvez communiquer avec nous pour différentes raisons. Vous pouvez remplir un formulaire de contact, contacter notre service clientèle, répondre à une enquête, participer à un entretien en tant qu’utilisateur ou interagir avec nous de toute autre manière. Nous pouvons conserver un enregistrement de ces communications, y compris toute information fournie au cours de ces interactions. Ces communications peuvent être traitées pour différentes finalités, comme indiqué dans la section B « Comment utilisons-nous vos informations ? ».

Données de transaction

Nous recevons des données de transaction lorsque vous effectuez des actions sur notre Application, telles que la date et l'heure des commandes que vous passez au nom d'un Client, les articles que vous avez ajoutés aux commandes d'équipe ou les contrôles de livraison que vous effectuez. Nous utilisons principalement les données de transaction pour fournir les fonctionnalités de notre Application à nos Clients.

Autres informations communiquées par vous

Lorsque vous utilisez l'application, vous pouvez saisir, gérer et modifier différentes informations. Ces informations comprennent, en particulier, vos communications avec d'autres Utilisateurs, mais peuvent également inclure d'autres informations que vous téléchargez, telles que des images. Nous utilisons ces informations pour fournir les fonctionnalités de notre Application à nos Clients en tant que sous-traitant.

Dans certains cas, il peut vous être demandé une autorisation spécifique avant que nous n'accédions à vos informations.
 

• Accès à l'appareil photo : Vous pouvez activer l'accès à l'appareil photo pour pouvoir télécharger des photos sur l'Application directement à partir de votre téléphone. Pour cela, nous avons besoin de votre autorisation pour accéder à votre appareil photo et au contenu multimédia sauvegardé dans votre appareil photo. Cet accès n'est pas obligatoire pour utiliser l'Application, mais il peut faciliter vos communications et votre processus de commande. Cet accès est basé sur votre consentement, conformément à l'article 6.1 (a) du RGPD, que vous pouvez retirer à tout moment, conformément à l'article 7.3 du RGPD .
• Accès à la liste de contacts : Vous avez également la possibilité d'ajouter des membres de votre équipe à votre compte en ajoutant leurs coordonnées manuellement ou directement à partir de la liste de contacts de votre téléphone. Pour la seconde option, nous avons besoin de votre autorisation pour accéder à votre liste de contacts. Cet accès n'est pas obligatoire pour utiliser l'Application. Si vous nous en donnez l'autorisation, nous accèderons aux noms et aux numéros de téléphone figurant dans votre liste de contacts et nous vous les afficherons. Nous vérifierons également si l'un de vos contacts utilise déjà Choco et afficherons cette information. Nous continuerons à accéder à votre liste de contacts jusqu'à ce que vous retiriez votre autorisation. Nous ne stockons pas vos listes de contacts sur nos serveurs. Nous ne stockons que les informations (nom et numéro de téléphone) de vos contacts qui sont déjà des utilisateurs de Choco et de ceux que vous avez invités à utiliser Choco. Si vous êtes un Utilisateur Acheteur, vous pouvez également ajouter les coordonnées du représentant commercial de votre Fournisseur. Les mêmes conditions s'appliquent dans ce cas. L'accès et le traitement décrits sont fondés sur votre consentement, conformément à l'article 6.1. a) du RGPD, que vous pouvez retirer à tout moment, conformément à l'article 7.3 du RGPD.
• Accès au microphone : la fonction de commande vocale vous permet de passer des commandes en les enregistrant directement depuis votre téléphone. Pour activer cette fonction, nous avons besoin de votre autorisation afin d’accéder au microphone de votre téléphone. Cet accès est facultatif et n'est pas nécessaire pour utiliser l'application. Si vous y consentez, nous n'aurons accès au microphone qu’au moment où vous enregistrez une commande. Votre consentement est révocable à tout moment.
• Accès à la localisation : Si vous utilisez l'Application en tant que représentant commercial, vous pouvez visualiser vos prospects et vos clients sur une carte dans l'Application. La carte est fournie via l'API Google Maps et les règles de confidentialité de Google s'appliquent à l'utilisation de cette fonction. Pour pouvoir afficher les résultats pertinents proche de vous, nous devons avoir accès à votre position. Cet accès est facultatif et n'est pas nécessaire pour utiliser l'Application. Si vous y consentez, nous n'aurons accès à votre position qu’au moment où vous utiliserez l'Application. Votre consentement  est révocable à tout moment.

   2. Informations collectées automatiquement

Données relatives aux appareils et aux connexions

Lorsque vous visitez notre Application, l'Application recueille automatiquement certaines informations à partir de votre appareil, telles que la version du système d'exploitation, le type d'appareil et le fabricant, les temps d'accès, votre adresse IP, votre opérateur mobile, les configurations, le type de navigateur, les informations sur la connexion Internet et notamment la localisation générale sur la base de votre adresse IP.

Données d'utilisation

Nous utilisons des outils de collecte de données automatisés, tels que des cookies, des pixels de suivi et des outils similaires, pour collecter des informations sur la façon dont vous interagissez avec notre Application et nos communications/emails. Cela inclut des informations telles que l'ID de l’Utilisateur, l'adresse IP, les pages que vous visitez et le temps passé sur ces pages, les fonctions que vous utilisez, vos commandes et d'autres informations statistiques relatives à votre utilisation de l'Application.

   3. Informations que nous recueillons auprès d'autres sources

Informations fournies par d'autres Utilisateurs et/ou Clients

Nous pouvons obtenir vos coordonnées (telles que le nom, l'adresse électronique professionnelle, le numéro de téléphone professionnel, votre entreprise et votre rôle) de la part d'autres Clients qui souhaitent communiquer avec l'organisation dont vous faites partie. Nous pouvons également obtenir vos coordonnées de la part d'Utilisateurs appartenant à la même organisation que vous et qui vous invitent à utiliser l'Application. Nous utilisons ces informations en notre qualité de sous-traitant de nos Clients pour vous envoyer des communications et pour vous intégrer à l'Application en leur nom. Mais c'est le Client concerné qui est responsable de vous informer de ces activités en tant que responsable du traitement. Lorsque vous créez un compte, en tant que fournisseur de l'Application, nous commençons à traiter vos données en tant que responsable du traitement conformément à la présente politique de confidentialité.

B. Comment utilisons-nous vos informations ?
 

   1. Pour utiliser l'Application

Nous traitons vos données à caractère personnel pour les finalités suivantes :

• L'exploitation, l'hébergement et la maintenance de l'Application, y compris le contrôle de la performance du service, le dépannage et le débogage de tout dysfonctionnement,
• Authentifier les Utilisateurs lorsqu'ils se connectent,
• Détecter, prévenir et répondre aux incidents de sécurité et à toute activité malveillante, trompeuse, frauduleuse ou illégale,
• Assurer la sécurité, l'intégrité et la sécurité de notre Application, de nos Utilisateurs, de nos Clients, de nos employés et des tiers.

La base légale des activités de traitement énumérées ci-dessus est notre intérêt légitime, au sens de l'article 6.1. f), du RGPD, à assurer la fonctionnalité et le fonctionnement sans bogue de l'Application et à gérer l'utilisation de notre Application.

Catégories de données à caractère personnel : données relatives au compte, communications avec Choco, données relatives aux transactions, autres informations soumises par vous, données relatives à l'appareil et à la connexion, données d’utilisation.
 

   2.Pour gérer la relation avec le Client

Nous traitons vos données à caractère personnel pour gérer les relations avec nos Clients, par exemple pour la facturation, la gestion des comptes et l'application des conditions de l'accord entre les Clients et Choco.

La base juridique de ce traitement est notre intérêt légitime, au sens de l'article 6, paragraphe 1, point f), du règlement RGPD, à gérer et maintenir la relation avec nos Clients.

Catégories de données à caractère personnel : données relatives au compte, communications avec Choco, données relatives aux transactions, autres informations soumises par vous, données relatives à l'appareil et à la connexion, données relatives à l'utilisation.
 

   3. Pour vous aider à utiliser l'Application et pour communiquer avec vous

Nous utilisons vos données à caractère personnel pour répondre à vos questions et à vos demandes et pour vous fournir une assistance à la clientèle. Nous pouvons conserver un enregistrement de ces communications, y compris toute information fournie au cours de ces interactions. Nous pouvons utiliser ces informations pour améliorer nos processus d'assistance à la clientèle.

Nous utiliserons également vos données à caractère personnel pour vous envoyer des avis techniques ou juridiques, des mises à jour, des messages de sécurité ou d'autres messages concernant le fonctionnement de l'Application ou l'administration de votre compte ou de celui du Client. Nous utilisons les informations collectées automatiquement sur vos interactions avec nos communications pour améliorer nos communications avec vous. Certaines de ces communications peuvent être envoyées sous forme de notifications push. Vous pouvez désactiver les notifications push à partir des paramètres de votre appareil mobile.

La base légale de ce traitement est notre intérêt légitime au sens de l'article 6.1 f), du RGPD afin de répondre à vos demandes et de vous informer sur le fonctionnement de l'Application.

Catégories de données à caractère personnel : données relatives au compte, communications avec Choco, données relatives aux transactions, autres informations soumises par vous, données relatives à l'appareil et à la connexion, données relatives à l'utilisation.
 

   4. Pour améliorer nos Services

Afin d'améliorer notre Application et votre expérience d'utilisateur, nous utilisons des outils pour l'enregistrement statistique et l'analyse du comportement général d'utilisation. Nous recueillons des informations sur votre activité dans l'Application et sur votre engagement dans les communications envoyées par l'intermédiaire de notre Application. Nous générons et analysons des informations statistiques sur la façon dont notre Application est utilisée. Nous pouvons analyser et surveiller les tendances et le comportement des Utilisateurs, mener des tests pour de nouvelles fonctionnalités et effectuer des activités de dépannage. Le cas échéant, nous agrégeons ou désidentifions les informations.

La base légale est notre intérêt légitime conformément à l'article. 6.1 f) du RGPD en améliorant les fonctions et les performances de notre Application et en assurant sa fonctionnalité.

Nous pouvons vous contacter pour vous demander votre avis sur notre Application ou pour vous demander de participer à une étude sur les Utilisateurs. La base légale pour vous contacter à cette fin est notre intérêt légitime pour l’amélioration des fonctions de notre Application. Votre participation à toute recherche ou enquête auprès des Utilisateurs sera basée sur votre consentement. Nous pouvons également utiliser vos communications avec nous, telles que tout retour d'information que vous pourriez fournir pour améliorer notre Application.

Catégories de données à caractère personnel : données relatives au compte, communications avec Choco, données relatives aux transactions, autres informations soumises par vous, données relatives à l'appareil et à la connexion, données relatives à l'utilisation.
 

   5. Pour respecter les obligations légales et défendre nos droits

Nous pouvons utiliser vos données à caractère personnel pour nous conformer à nos obligations légales, telles que l'enregistrement des paiements à des fins comptables. La base légale de ce traitement est l'article 6.1 c), du RGPD. Nous pouvons également traiter vos informations sur la base de notre intérêt légitime au sens de l'article 6.1, f), du RGPD pour défendre nos droits.

Catégories de données à caractère personnel : données relatives au compte, communications avec Choco, données relatives aux transactions, autres informations soumises par vous, données relatives à l'appareil et à la connexion, données relatives à l'utilisation, données de contact.

   6. Pour afficher des publicités

Nous pouvons afficher des publicités de fabricants de produits alimentaires et d'autres annonceurs tiers sur notre application, lesquelles peuvent être pertinentes pour les clients (restaurants)  pour le compte desquels vous utilisez l'application. Ces publicités ne sont pas personnalisées. En tant qu'application B2B, nous ne faisons pas de publicité personnalisée ou comportementale.

Nous pouvons collecter et utiliser vos données personnelles pour afficher les publicités et mesurer les performances publicitaires. Nous pouvons partager des rapports sur les performances publicitaires avec les annonceurs.

Nous ne partageons pas vos données personnelles avec des tiers tels que des réseaux publicitaires, des plateformes de réseaux sociaux, des sociétés de diffusion publicitaires ou des courtiers en données. Nous ne vous suivons pas non plus sur les sites Web ou les applications de tiers.

La fondement juridique de ce traitement est notre intérêt légitime à monétiser l'application et à améliorer l'expérience utilisateur, ainsi que l'intérêt légitime de nos clients utilisateurs à découvrir des produits et des offres pertinents. Vous pouvez exercer votre droit d'opposition à ce traitement à tout moment.

Certaines publicités peuvent inclure des liens vers des sites web tiers. Nous ne sommes pas responsables des pratiques de ces sites en matière de protection de la vie privée.

Catégories de données personnelles : données relatives au compte, données relatives à l'appareil et à la connexion, données relatives à l'utilisation.

C. Pour fournir des services à nos Clients

Nous traitons vos informations personnelles pour fournir des services et des fonctionnalités de notre Application à nos Clients en tant que sous-traitant. Nous n'avons aucun contrôle sur la façon dont les Utilisateurs utilisent l'Application. Nous traitons uniquement les informations personnelles en leur nom afin d'exécuter leurs instructions. Par exemple, nous pouvons traiter vos coordonnées pour vous transmettre un message d'un Fournisseur ou vous inviter à utiliser l'Application au nom d'un Fournisseur. Les administrateurs Clients sont responsables de la gestion de l'accès au compte de leur organisation, y compris la modification des droits d'accès des Utilisateurs si nécessaire. Pour plus d'informations, veuillez-vous référer à la politique de confidentialité de nos Clients.

Catégories de données à caractère personnel : données relatives au compte, informations de contact, données relatives aux transactions, autres informations soumises par vous, données relatives à l'utilisation.

D. Cookies et autres technologies de suivi

Nous utilisons des technologies de suivi telles que les cookies, les pixels et d'autres outils similaires pour collecter automatiquement des informations lorsque vous utilisez l'Application ou lorsque vous interagissez avec les communications que nous vous envoyons ou les communications envoyées par d'autres Utilisateurs via l'Application. Les données collectées par le biais de ces outils sont décrites dans la section A. 2 sur les informations collectées automatiquement.

Certains de ces outils collectent des informations à partir de l'appareil final pour permettre les fonctions de base de notre Application. Ils sont appelés outils essentiels et servent à assurer la sécurité et la stabilité de notre application, à prévenir les abus et à détecter les activités malveillantes. Sans ces outils, nous ne pourrions pas fournir notre Application. Certains de ces outils sont utilisés pour la collecte statistique et l'analyse du comportement général de l'utilisateur sur la base des données d'accès afin de comprendre et de rechercher comment nos Utilisateurs interagissent avec notre Application pour fournir, mettre à jour et améliorer notre Application.
 

E. Comment nous partageons vos informations

Nous pouvons partager vos données à caractère personnel avec les catégories de destinataires suivantes.

   1. Groupe Choco

Choco partage des infrastructures, des systèmes et des technologies avec d'autres sociétés détenues ou exploitées par Choco Communications GmbH (« Groupe Choco »). Nous pouvons partager des informations personnelles au sein du groupe Choco pour être en mesure de fournir et d'améliorer nos services et d'exploiter notre entreprise. D'autres sociétés du groupe Choco agissent alors en tant que fournisseurs de services (sous-traitants) et traitent vos données à caractère personnel conformément à nos instructions.

   2. Nos prestataires de services

Nous partageons vos données à caractère personnel avec nos fournisseurs de services sous contrat qui nous aident à fournir, soutenir et améliorer nos services et notre Application et qui traitent vos données à caractère personnel en notre nom. Ces prestataires de services tiers comprennent les fournisseurs d'hébergement, les outils et services informatiques, les services opérationnels, les outils de CRM et de communication, les services de cybersécurité et les outils que nous utilisons pour l'enregistrement statistique et l'analyse du comportement général d'utilisation de notre application et de nos services. Vous trouverez une liste de ces prestataires de services ici.

Ces prestataires de services sont limités (par la loi et par contrat) dans leur capacité à utiliser vos données à caractère personnel. Nous veillerons à ce que ces parties soient soumises à des obligations en matière de protection de la vie privée et de sécurité conformes à la présente politique de confidentialité et aux lois applicables en concluant avec elles des accords de traitement des données.

   3. Autorités compétentes et tiers légitimes

Nous sommes tenus de divulguer vos données à caractère personnel afin de nous conformer à une obligation légale ou à une demande légitime émanant d'un gouvernement ou d'une autorité chargée de l'application de la loi. Toute divulgation de données à caractère personnel sera justifiée par le fait que le traitement est nécessaire pour remplir une obligation légale à laquelle nous sommes soumis conformément à l'article 6. 1, c), du RGPD, dans le cadre des exigences légales nationales relatives à la divulgation de données aux autorités chargées de l'application de la loi et à d'autres autorités de contrôle.

Nous pouvons divulguer vos données à caractère personnel à des tiers afin d'appliquer les conditions d'utilisation de l'Application ou tout autre accord que nous avons exécuté avec vous ou nos Clients ; pour protéger ou défendre nos droits ou les droits de tiers ; pour prévenir toute activité illégale ou pour répondre à toute demande légale. Toute divulgation des données à caractère personnel est justifiée par le fait que nous avons un intérêt légitime au sens de l'article 6.1 f) du RGPD à protéger ou défendre les droits, la propriété et la sécurité de Choco, de nos Clients et des tiers.

   4. Restructuration des entreprises

Dans le cadre du développement de nos activités, la structure de notre entreprise peut changer en modifiant la forme juridique, en fondant, en acquérant ou en transférant des filiales, des parties d'entreprises ou des composants. Nous pouvons partager vos données à caractère personnel avec des tiers si nous sommes impliqués dans une fusion, une acquisition, un financement, une faillite, une vente de tout ou partie de nos actifs ou une réorganisation. La divulgation raisonnable et proportionnée des données à caractère personnel dans le cadre autorisé est justifiée par le fait que nous avons un intérêt légitime au sens de l'article 6. 1, f), du RGPD à adapter notre forme sociale aux circonstances économiques et juridiques si nécessaire.
 

5. Informations que vous partagez avec d'autres utilisateurs
 

Vous pouvez partager vos données à caractère personnel (telles que votre nom, votre prénom et vos coordonnées) avec d'autres Utilisateurs, avec lesquels vous avez librement décidé de communiquer et/ou de passer vos commandes via l'Application. Comme sur toute autre plateforme de communication, les Utilisateurs qui sont dans le même chat que vous peuvent voir vos informations de contact, y compris les Utilisateurs de l'autre entreprise dans votre chat. Le traitement en vertu du présent chapitre est effectué en notre qualité de sous-traitant sur la base des instructions du Client en tant que responsable du traitement.

F. Transfert de données vers des pays tiers

Certains des destinataires peuvent être situés dans des pays autres que ceux de l’EEE, et n'offrent pas une protection équivalente à celle de l’Union Européenne.

Lorsque nous transférons des données à caractère personnel vers ces pays, nous prenons les mesures appropriées requises par les Lois sur la protection des données. Ces mesures comprennent la conclusion de clauses contractuelles types approuvées par la Commission européenne et qui imposent des obligations plus strictes aux destinataires en ce qui concerne la protection des données à caractère personnel. Si nécessaire, nous effectuons également une évaluation de l'impact du transfert pour nous assurer qu'il n'y a pas d'impact négatif sur les droits de la personne concernée.

Lorsque cela n'est pas possible, nous fondons le transfert de données sur les exceptions prévues à l'article 49 du RGPD, en particulier votre consentement explicite ou la nécessité du transfert pour l'exécution du contrat ou pour la mise en œuvre de mesures précontractuelles. Si un transfert vers un pays tiers est prévu et qu'il n'y a pas de décision d'adéquation ou de garanties appropriées, il est possible et il existe un risque que les autorités du pays tiers concerné (par exemple les services secrets) aient accès aux données transférées afin de les collecter et de les analyser, et que l'applicabilité de vos droits en tant que personne concernée ne soit pas garantie. Lors de l'obtention de votre consentement par le biais de la bannière de consentement, vous en serez également informé.

G. Vos droits en tant que personne concernée

En tant que personne concernée, vous disposez des droits suivants :

• le droit d'accès aux données à caractère personnel que nous détenons à votre sujet,
• le droit de rectifier les données à caractère personnel que nous détenons à votre sujet,
• le droit de demander la suppression de vos données à caractère personnel dans certaines circonstances spécifiées dans les Lois sur la protection des données, article 17 du RGPD,
• le droit de limiter le traitement de vos données à caractère personnel dans certaines circonstances spécifiées à l'article 18 du RGPD,
• le droit de s'opposer au traitement dans le cas où le traitement est fondé sur nos intérêts légitimes,
• le droit de transférer vos informations à un tiers (droit à la portabilité des données) ;
• le droit de ne pas faire l'objet d'une décision fondée uniquement sur un traitement automatisé ; et
• le droit de retirer votre consentement si le traitement des données est basé sur votre consentement.

Veuillez noter que l'existence du droit de retirer votre consentement n'affecte pas la licéité du traitement avant le retrait.

Vos demandes d'exercice des droits en matière de protection des données et nos réponses seront conservées à des fins de documentation pendant une période maximale de trois (3) ans et, dans certains cas, pendant des périodes plus longues pour l'établissement, l'exercice ou la défense de réclamations légales conformément à l'article 6. 1, f), du RGPD, qui est fondé sur notre intérêt légitime à défendre Choco contre toute réclamation et à éviter les amendes.

Si vous avez des questions, des commentaires ou des plaintes concernant notre traitement de vos données à caractère personnel, ou si vous souhaitez exercer vos droits en tant que personne concernée, veuillez contacter l'équipe juridique de Choco en utilisant les coordonnées suivantes : legal@choco.com.

Vous pouvez également contacter le délégué à la protection des données en utilisant l'adresse postale ci-dessous (mot-clé : "A l'attention du délégué à la protection des données de Choco") :

ISiCO Datenschutz GmbH, Am Hamburger Bahnhof 4, 10557 Berlin.

En tant que personne concernée, vous avez le droit de déposer une plainte auprès d'une autorité de contrôle si vous estimez que le traitement des données à caractère personnel vous concernant enfreint le RGPD. L'autorité de protection des données responsable du traitement des données à caractère personnel par Choco dans l’EEE est celle de l’état membre de votre résidence habituelle ou du lieu de l’infraction présumée. Vous pouvez utiliser ce lien pour déposer une plainte auprès de l'autorité de contrôle Française (CNIL). .

Si vous souhaitez exercer vos droits concernant les informations personnelles que Choco traite en tant que sous-traitant pour le compte de ses Clients, veuillez adresser votre demande au Client concerné.

H. Délégué à la protection des données et coordonnées

Vous pouvez adresser vos préoccupations en matière de protection des données à notre délégué à la protection des données en envoyant un courrier électronique à l'adresse mentionnée ci-dessus. Veuillez noter que les mails envoyés à l'adresse ci-dessus ne seront pas uniquement reçus par notre délégué à la protection des données, car il s'agit d'un mail générique destiné à l'équipe juridique de Choco. Si vous souhaitez uniquement contacter notre délégué à la protection des données et/ou si vous souhaitez envoyer des informations confidentielles, veuillez mentionner le délégué à la protection des données dans l'objet ou le corps de votre courriel et demandez-lui de vous contacter directement pour discuter plus en détail de vos préoccupations en matière de protection des données. Vous pouvez également contacter le délégué à la protection des données en utilisant l'adresse postale susmentionnée des responsables du traitement (mot-clé : « À l'attention du délégué à la protection des données »).

I. Informations sur le contrôle conjoint

Choco Communications GmbH et Choco Communication France SAS déterminent conjointement les finalités et les moyens du traitement. Choco Communications GmbH sera votre point de contact lorsque vous souhaiterez exercer les droits décrits à la section E. Veuillez contacter legal@choco.com si vous souhaitez obtenir de plus amples informations sur l'essence de cet accord entre les parties.

J. Durée de stockage

Nous conservons les données à caractère personnel que nous traitons en tant que responsable du traitement aussi longtemps que nécessaire pour atteindre les objectifs pour lesquels nous les avons traitées. Ensuite, nous supprimons ou anonymisons vos données, sauf si nous sommes légalement tenus de les conserver plus longtemps ou si elles sont nécessaires à l'établissement, à l'exercice ou à la défense de droits en justice. Dans ces cas, nous supprimerons ces données à caractère personnel après l'expiration des périodes légales.

K. Sécurité

Nous mettons en œuvre diverses mesures techniques, administratives et organisationnelles pour protéger vos données à caractère personnel contre l'accès non autorisé et le traitement illégal, l'altération ou la destruction.

L. Lien hypertexte

Notre Application peut contenir des hyperliens vers des sites web de tiers. Si ces hyperliens sont activés, vous serez redirigé de notre Application directement vers les sites web de prestataires de services tiers. Vous pouvez le reconnaître, entre autres, au changement d'URL. Nous ne pouvons assumer aucune responsabilité quant au traitement confidentiel de vos données sur ces sites web tiers, ni quant à leur conformité avec le RGPD, qui échappe à notre contrôle. Veuillez-vous référer directement à ces sites web pour obtenir des informations sur le traitement de vos données à caractère personnel.

M. Modifications de la présente politique de confidentialité

Nous tenons toujours cette politique de confidentialité à jour. Par conséquent, nous nous réservons le droit de la mettre à jour ou de la modifier de temps à autre et de maintenir ces changements dans le traitement de vos données à caractère personnel. Nous indiquerons la date de la dernière mise à jour au début de la politique de confidentialité.

Choco ofrece una aplicación móvil y una herramienta basada en web (conjuntamente, "la App") diseñadas para facilitar la comunicación y la gestión de pedidos entre compradores comerciales del sector alimentario, como restaurantes ("Restaurantes"), y sus proveedores ("Proveedores"). La presente Política de Privacidad describe el modo en que Choco Communications Espagna, S.L. con domicilio social en C/ Sardenya 229, sobreático 08013 Barcelona, España, y Choco Communications GmbH, con domicilio social en Wrangelstraße 100, 10997 Berlín, Alemania, con las que puede ponerse en contacto por correo electrónico en legal@choco.com, (conjuntamente, "Choco", "nosotros", "nos") recopilan, utilizan, tratan y comparten datos personales en relación con el uso de la App como corresponsables del tratamiento.

La legislación aplicable al tratamiento de datos personales es la siguiente: (i) el Reglamento UE 2016/679 ("RGPD"), (ii) la Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos y garantía de los derechos digitales y los informes, guías, resoluciones y otras publicaciones de la Agencia Española de Protección de Datos, (iii) cualquier ley o reglamento que ratifique, aplique, adopte, complemente o sustituya el RGPD; (iv) cualquier ley o reglamento que trasponga o adopte la Directiva UE 2002/58/CE (modificada por 2009/136/CE) en España; y los términos "interesado", "datos personales", "tratamiento", "encargado del tratamiento" y "responsable del tratamiento" tendrán el significado que se les da en el RGPD.

Ámbito de aplicación

Choco proporciona la App y los servicios asociados a sus clientes con la consideración de Restaurantes y Proveedores (colectivamente, "Clientes"). Los interesados en el sentido del RGPD solo pueden utilizar la App o beneficiarse de los servicios de Choco como usuarios finales de estos Clientes ("Usuario(s)"o "usted"). Al proporcionar la App y los servicios a nuestros Clientes, Choco trata sus datos personales como encargado en nombre del Cliente correspondiente de acuerdo con sus instrucciones. Por ejemplo, cuando usted envía un pedido a un Proveedor en nombre de un Restaurante, nosotros tratamos sus datos en nombre del Restaurante correspondiente. Nuestros Clientes son responsables de cumplir con las obligaciones de privacidad, como informarle sobre el uso de sus datos personales en relación con las actividades de tratamiento que realizamos en su nombre. Para más información, consulte las políticas de privacidad de los respectivos Clientes. La presente Política de Privacidad se aplica exclusivamente a los supuestos en los que actuamos como responsables del tratamiento de los datos personales de los Usuarios.

A. Información que recopilamos

   1. Información facilitada por usted

Información sobre la cuenta

Al crear una cuenta, se le pedirá que facilite información obligatoria, como su nombre y apellidos, dirección de correo electrónico, número de teléfono y nombre de la empresa para la que trabaja o a la que representa. Si no facilita esta información, no podrá crear una cuenta para utilizar la App. Puede proporcionar información adicional en su perfil, como una foto de perfil y su cargo en la empresa.

Comunicaciones con Choco

Puede comunicarse con nosotros por diferentes motivos. Puede rellenar un formulario de contacto, ponerse en contacto con nuestro servicio de atención al cliente, rellenar una encuesta, participar en una entrevista de usuario o interactuar con nosotros de cualquier otra forma. Podemos mantener un registro de estas comunicaciones, incluida cualquier información proporcionada durante dichas interacciones. Estas comunicaciones pueden ser tratadas para diferentes fines, como se describe con más detalle en la Sección B "Cómo utilizamos su información".

Datos de la transacción

Recibimos datos de transacciones cuando realiza acciones en nuestra App, como la fecha y hora de los pedidos que realiza en nombre de un Cliente, los artículos que ha añadido a los pedidos de equipo o las comprobaciones de entrega que lleva a cabo. Utilizamos los datos de las transacciones principalmente para ofrecer las funcionalidades de nuestra App a nuestros clientes.

Otra información facilitada por usted

Cuando utiliza la aplicación, puede introducir, gestionar y editar diversa información. Esta información incluye, en particular, sus comunicaciones con otros Usuarios, pero también puede incluir otra información que cargue, como imágenes. Utilizamos esta información para proporcionar las funcionalidades de nuestra App a nuestros Clientes como procesador.
 

Para poder hacer uso de algunas de las funciones de la App, es posible que tenga que proporcionar información adicional a Choco. En esos casos, se le pedirá su permiso específico. 

• Acceso a la cámara: Puede habilitar el acceso a la cámara para poder subir fotos a la App directamente desde su teléfono. Para ello, necesitamos su permiso para acceder a su cámara y al contenido multimedia guardado en su fototeca. Este acceso no es obligatorio para utilizar la App, pero puede facilitar las comunicaciones y el proceso de pedido. Este acceso se basa en su consentimiento, de conformidad con el artículo 6.1 (a) del RGPD, que puede retirar en cualquier momento, de conformidad con el artículo 7.3 del RGPD.
• Acceso a la lista de contactos: También tiene la opción de añadir miembros del equipo a su cuenta añadiendo su información de contacto manualmente o directamente desde la lista de contactos de su teléfono. Para la segunda opción, necesitamos su permiso para acceder a su lista de contactos. Este acceso no es obligatorio para utilizar la App. Si nos das permiso, accederemos a los nombres y números de teléfono de su lista de contactos y se los mostraremos. También comprobaremos si alguno de sus contactos ya está utilizando Choco y mostraremos también esta información. Seguiremos accediendo a su lista de contactos hasta que retire su permiso. No almacenamos sus listas de contactos en nuestros servidores. Sólo almacenamos la información (nombre y número de teléfono) de sus contactos que ya son usuarios de Choco y de aquellos a los que has invitado a utilizar Choco. Si usted es un Usuario con la condición de Restaurante, también puede añadir los datos de contacto del representante de ventas de su Proveedor. En ese caso, se aplicarán las mismas condiciones anteriores. El acceso y el tratamiento descritos se basan en su consentimiento, de conformidad con el artículo 6.1 (a) del RGPD, que puede retirar en cualquier momento, de conformidad con el artículo 7.3 del RGPD.
• Acceso al micrófono: la función de pedidos por voz le permite realizar pedidos grabándolos directamente en su teléfono. Para habilitar esta función, necesitamos su permiso para acceder al micrófono de su teléfono. Este acceso es opcional y no es necesario para utilizar la aplicación. Si nos das permiso, sólo accederemos al micrófono mientras estés grabando un pedido. Puede revocar su permiso en cualquier momento.
• Acceso a la ubicación: Si está utilizando la App como representante de ventas, puede ver sus clientes potenciales y clientes en un mapa dentro de la App. El mapa se proporciona a través de la API de Google Maps y la Política de privacidad de Google se aplica al uso de la función de mapas. Para poder mostrar los resultados relevantes cerca de usted, necesitamos acceder a su ubicación. Este acceso es opcional y no es necesario para utilizar la aplicación. Si concede su permiso, sólo accederemos a su ubicación mientras esté utilizando la aplicación. Puede revocar su permiso en cualquier momento. 

   2. Información recogida automáticamente

Datos del dispositivo y de la conexión

Cuando usted visita nuestra App, ésta recoge automáticamente cierta información de su dispositivo, como la versión del sistema operativo, el tipo y fabricante del dispositivo, las horas de acceso, su dirección IP, su operador de telefonía móvil, configuraciones, tipo de navegador, información sobre la conexión a Internet e incluyendo la localización general basada en su dirección IP.

Datos de uso

Utilizamos herramientas automatizadas de recogida de datos, como cookies, píxeles de seguimiento y herramientas similares, para recopilar información sobre cómo interactúa con nuestra App y comunicaciones/correos electrónicos. Esto incluye información como el ID de usuario, la dirección IP, las páginas que visita y el tiempo que pasa en ellas, las funciones que utiliza, sus comandos y otra información estadística relacionada con su uso de la App. 
 

   3. Información que recopilamos de otras fuentes

Información facilitada por otros Usuarios y/o Clientes

Podemos obtener su información de contacto (como nombre, dirección de correo electrónico profesional, número de teléfono profesional, su empresa y cargo) de otros Clientes que deseen comunicarse con la organización de la que usted forma parte. También podemos obtener su información de contacto de los Usuarios que pertenezcan a la misma organización que usted y que le inviten a utilizar la App. Utilizamos esta información en calidad de encargados del tratamiento de nuestros Clientes para enviarle comunicaciones y darle de alta en la App en su nombre. Pero es el Cliente en cuestión quien tiene la responsabilidad de informarle sobre estas actividades como responsable del tratamiento. Cuando usted crea una cuenta, como proveedor de la App, comenzamos a tratar sus datos también como responsables del tratamiento de conformidad con la presente Política de Privacidad.

 

B. Cómo utilizamos su información

   1. Para utilizar la App

Tratamos sus datos personales para los siguientes fines:

• Funcionamiento, alojamiento y mantenimiento de la App, incluida la supervisión del rendimiento del servicio, la solución de problemas y la depuración de cualquier fallo,
• Autenticar a los usuarios cuando se conectan,
• Detectar, prevenir y responder a incidentes de seguridad y a cualquier actividad maliciosa, engañosa, fraudulenta o ilegal,
• Garantizar la seguridad, integridad y protección de nuestra App, nuestros usuarios, clientes, empleados y terceros.

La base jurídica para las actividades de tratamiento mencionadas anteriormente es nuestro interés legítimo en el sentido del artículo 6.1 (f) del RGPD para garantizar la funcionalidad y el funcionamiento sin errores de la App y gestionar el uso de nuestra App.

Categorías de datos personales: datos de cuenta, comunicaciones con Choco, datos de transacciones, otra información enviada por usted, datos de dispositivo y conexión, datos de uso.
 

   2. Gestionar la relación con el Cliente

Tratamos sus datos personales para gestionar las relaciones con nuestros Clientes, como la facturación, la gestión de cuentas y el cumplimiento de los términos del acuerdo entre los Clientes y Choco.

La base legal para este tratamiento es nuestro interés legítimo en el sentido del artículo 6.1 (f) del RGPD en la gestión y el mantenimiento de la relación con nuestros Clientes.

Categorías de datos personales: datos de cuenta, comunicaciones con Choco, datos de transacciones, otra información enviada por usted, datos de dispositivo y conexión, datos de uso.
 

   3. Para facilitarle el uso de la App y comunicarnos con usted

Utilizamos sus datos personales para responder a sus preguntas y solicitudes y para ofrecerle atención al cliente. Podemos conservar un registro de estas comunicaciones, incluida cualquier información facilitada durante dichas interacciones. Podemos utilizar esta información para mejorar nuestros procesos y sistemas de atención al cliente.

También utilizaremos sus datos personales para enviarle avisos técnicos o legales, actualizaciones, mensajes de seguridad u otros mensajes relacionados con el funcionamiento de la App o la administración de su cuenta o la del Cliente. Utilizamos la información recopilada automáticamente sobre sus interacciones con nuestras comunicaciones para mejorar nuestras comunicaciones con usted. Algunas de estas comunicaciones pueden enviarse en forma de notificaciones push. Puede desactivar las notificaciones push desde los ajustes de su dispositivo móvil.

La base jurídica de este tratamiento es nuestro interés legítimo en el sentido del artículo 6.1(f) del RGPD para responder a sus solicitudes e informarle sobre el funcionamiento de la App.

Categorías de datos personales: datos de cuenta, comunicaciones con Choco, datos de transacciones, otra información enviada por usted, datos de dispositivo y conexión, datos de uso.
 

   4. Mejorar nuestros servicios

Con el fin de mejorar nuestra App y su experiencia de usuario, utilizamos herramientas para el registro estadístico y el análisis del comportamiento de uso general. Recopilamos información sobre su actividad en la App y su compromiso con las comunicaciones enviadas a través de nuestra App. Generamos y analizamos información estadística sobre cómo se utiliza nuestra App. Podemos analizar y controlar las tendencias y el comportamiento de los usuarios, realizar pruebas de nuevas funciones y solucionar problemas. Cuando ello es posible, agregamos o anonimizamos la información.

La base jurídica es nuestro interés legítimo de conformidad con el art. 6.1 (f) del RGPD para mejorar las funciones y el rendimiento de nuestra App y garantizar su funcionalidad.

Podemos ponernos en contacto con usted para pedirle su opinión sobre nuestra App, para pedirle que participe en una investigación de usuarios. La base jurídica para ponernos en contacto con usted con este fin es nuestro interés legítimo en mejorar las funciones de nuestra App. Su participación en cualquier investigación o encuesta de usuarios se basará en su consentimiento. También podemos utilizar sus comunicaciones con nosotros, como cualquier comentario que nos proporcione para mejorar nuestra App.

Categorías de datos personales: datos de cuenta, comunicaciones con Choco, datos de transacciones, otra información enviada por usted, datos de dispositivo y conexión, datos de uso.

   5. Cumplir con obligaciones legales y defender nuestros derechos

Podemos utilizar sus datos personales para cumplir con nuestras obligaciones legales, como mantener registros de pagos con fines contables. La base jurídica de este tratamiento es el artículo 6.1(c) del RGPD. Por ejemplo, estamos obligados bajo los artículos 19 del Real Decreto 1619/2012, de 30 de noviembre, por el que se aprueba el Reglamento por el que se regulan las obligaciones de facturación y 29 de la Ley 58/2003, de 17 de diciembre, General Tributaria a conservar las facturas que emitamos a su empresa, las cuales pueden incluir datos personales sobre usted. También podemos tratar su información sobre la base de nuestro interés legítimo en el sentido del artículo 6.1 (f) del RGPD en la defensa de nuestros derechos.

Categorías de datos personales: datos de cuenta, comunicaciones con Choco, datos de transacciones, otra información enviada por usted, datos de dispositivo y conexión, datos de uso, datos de contacto.

C. Prestar servicios a nuestros clientes

Tratamos su información personal para proporcionar servicios y funcionalidades de nuestra App a nuestros Clientes como encargado del tratamiento. No tenemos ningún control sobre la forma en que los Usuarios utilizan la App. Sólo tratamos información personal en su nombre para ejecutar sus instrucciones. Por ejemplo, podemos tratar su información de contacto para enviarle un mensaje de un Proveedor o invitarle a utilizar la App en nombre de un Proveedor. Los administradores de clientes son responsables de gestionar el acceso a la cuenta de su organización, incluida la modificación de los derechos de acceso de los Usuarios según sea necesario. Para más información, consulte la política de privacidad de nuestros clientes.

Categorías de datos personales: datos de cuenta, información de contacto, datos de transacciones, otra información enviada por usted, datos de uso.

D. Cookies y otras tecnologías de seguimiento

Utilizamos tecnologías de seguimiento como cookies, píxeles y otras herramientas similares para recopilar automáticamente información cuando usted utiliza la App o cuando interactúa con las comunicaciones que le enviamos o con las comunicaciones enviadas por otros Usuarios a través de la App. Los datos recogidos a través de estas herramientas se describen en la Sección A. 2 sobre Información recogida automáticamente.

Algunas de estas herramientas recopilan información del dispositivo final para permitir las funciones básicas de nuestra App. Se reconocen como herramientas esenciales y sirven para garantizar la seguridad y estabilidad de nuestra App, evitar usos indebidos y detectar actividades maliciosas. Sin estas herramientas, no podríamos ofrecer nuestra App. Algunas de estas herramientas se utilizan para la recopilación estadística y el análisis del comportamiento general del usuario basado en los datos de acceso para comprender e investigar cómo nuestros usuarios interactúan con nuestra App para proporcionar, actualizar y mejorar nuestra App.

 E. Cómo compartimos su información

Podemos compartir sus datos personales con las siguientes categorías de destinatarios.

   1. Grupo Choco

Choco comparte infraestructura, sistemas y tecnología con otras empresas propiedad de Choco Communications GmbH ("Grupo Choco") u operadas por ésta. Podemos compartir información personal dentro del Grupo Choco cuyas empresas actuarán en calidad de encargados del tratamiento y en base a los correspondientes contratos de encargo para poder prestar y mejorar nuestros servicios y operar nuestro negocio. En ese caso, otras empresas del Grupo Choco actúan como nuestros proveedores de servicios (encargados del tratamiento) y tratarán sus datos personales de acuerdo con nuestras instrucciones.

   2. Nuestros proveedores de servicios

Compartimos sus datos personales con nuestros proveedores de servicios contratados que nos ayudan a prestar, apoyar y mejorar nuestros servicios y App y que tratan sus datos personales en nuestro nombre. Compartimos sus datos con estos terceros proveedores quienes actúan en calidad de encargados del tratamiento y en base a los correspondientes contratos de encargo. Estos terceros proveedores de servicios incluyen proveedores de alojamiento, herramientas y servicios informáticos, servicios operativos, herramientas de CRM y comunicación, servicios de ciberseguridad y las herramientas que utilizamos para el registro estadístico y el análisis del comportamiento de uso general en nuestra App y nuestros servicios. Aquí encontrará una lista de estos proveedores de servicios.

Estos proveedores de servicios están limitados (por ley y por contrato) en su capacidad para utilizar sus datos personales. Nos aseguraremos de que estas partes estén sujetas a obligaciones de privacidad y seguridad coherentes con esta Política de Privacidad y las leyes aplicables mediante la celebración de acuerdos de encargo de tratamiento de datos con ellos.

   3. Autoridades competentes y terceros legítimos

Tenemos el deber de revelar sus datos personales para cumplir con cualquier obligación legal o solicitud legítima por parte de autoridades competentes. Cualquier divulgación de los datos personales estará justificada por el hecho de que el tratamiento es necesario para cumplir con una obligación legal a la que estamos sujetos de conformidad con el artículo 6.1 (c) del RGPD según es necesario para cumplir con disposiciones nacionales para la divulgación de datos a las autoridades competentes.

Podemos revelar sus datos personales a terceros para exigir el cumplimiento de las condiciones de uso de la App o cualquier otro acuerdo que hayamos firmado con usted o con nuestros clientes; para proteger o defender nuestros derechos o los derechos de terceros; para prevenir cualquier actividad ilegal o para responder a cualquier reclamación legal. Cualquier divulgación de los datos personales está justificada por el hecho de que tenemos un interés legítimo en el sentido del artículo 6.1(f) del RGPD en proteger o defender los derechos, la propiedad y la seguridad de Choco, nuestros Clientes y terceros.

   4. Reestructuración de empresas

En el contexto del desarrollo ulterior de nuestro negocio, la estructura de nuestra empresa puede cambiar modificando la forma jurídica, fundando, adquiriendo o transfiriendo filiales, partes de empresas o componentes. Podemos compartir sus datos personales con terceros si estamos involucrados en una fusión, adquisición, financiación, procedimientos de insolvencia, venta de la totalidad o parte de nuestros activos o en una reorganización. La divulgación razonable y proporcionada de datos personales en el ámbito permitido se justifica por el hecho de que tenemos un interés legítimo en el sentido del artículo 6.1 (f) del RGPD en adaptar nuestra forma corporativa a las circunstancias económicas y legales si es necesario.
 

   5. Información que comparte con otros usuarios

Usted podrá compartir sus datos personales (como su nombre, apellidos e información de contacto) con otros Usuarios, con los que libremente haya decidido comunicarse y/o realizar sus pedidos a través de la App. Al igual que en cualquier otra plataforma de comunicación, los Usuarios que estén en el mismo chat que usted podrán ver su información de contacto, incluidos los Usuarios del otro negocio en su chat.

F. Transferencias internacionales de datos

Algunos de los destinatarios pueden estar situados en territorios fuera de la UE, que no ofrecen una protección adecuada según la autoridad de control competente en su país de residencia.

Siempre que llevemos a cabo transferencias de datos personales a esos países, tomaremos las medidas adecuadas exigidas por las leyes de protección de datos. Estas medidas incluyen la firma de Cláusulas Contractuales Tipo con Apéndice de Transferencia Internacional de Datos o Acuerdo de Transferencia Internacional de Datos, que han sido aprobados por la Comisión Europea e imponen normas más estrictas a los destinatarios en materia de protección de datos personales. Si es necesario, también llevamos a cabo una evaluación del impacto de la transferencia para asegurarnos de que no afecta negativamente a los derechos del interesado.

Cuando esto no sea posible, basaremos la transferencia de datos en las excepciones previstas en el art. 49 RGPD, en particular su consentimiento expreso o la necesidad de la transferencia para el cumplimiento del contrato o para la adopción de medidas precontractuales. Si está prevista una transferencia a un tercer país y no existe una decisión de adecuación o garantías adecuadas, es posible y existe el riesgo de que las autoridades del tercer país correspondiente (por ejemplo, los servicios secretos) puedan acceder a los datos transferidos para recopilarlos y analizarlos, y de que no se pueda garantizar la exigibilidad de sus derechos como interesado. Cuando obtenga su consentimiento a través del banner de consentimiento, también se le informará de ello.

G. Sus derechos como interesado

Como interesado, tiene los siguientes derechos:

• Derecho a acceder a los datos personales que tenemos sobre usted,
• Derecho a rectificar los datos personales que tenemos sobre usted,
• Derecho a solicitar la supresión de sus datos personales en determinadas circunstancias especificadas en la legislación sobre protección de datos, artículo 17 del RGPD,
• Derecho a limitar el tratamiento de sus datos personales en determinadas circunstancias especificadas en el artículo 18 del RGPD,
• Derecho a oponerse al tratamiento en caso de que éste se base en nuestros intereses legítimos,
• Derecho a transferir su información a un tercero (derecho a la portabilidad de datos);
• Derecho a no ser objeto de una decisión basada únicamente en un tratamiento automatizado.
• Derecho a retirar su consentimiento en caso de que el tratamiento de datos se base en su consentimiento.

Tenga en cuenta que la existencia del derecho a retirar su consentimiento no afecta a la legalidad del tratamiento anterior a su retirada.

Sus solicitudes para el ejercicio de los derechos de protección de datos y nuestras respuestas a ellas se conservarán con fines de documentación durante un período de hasta tres (3) años y, en casos individuales, durante períodos más largos para el establecimiento, ejercicio o defensa de reclamaciones legales de conformidad con el artículo 6.1 (f) del RGPD, que se basa en nuestro interés legítimo en defender a Choco contra cualquier reclamación y evitar multas.

Si tiene alguna pregunta, comentario o queja sobre nuestro tratamiento de sus datos personales, o si desea ejercer sus derechos como interesado, póngase en contacto con el equipo jurídico de Choco utilizando los siguientes datos de contacto: legal@choco.com.

También puede ponerse en contacto con el Responsable de Protección de Datos utilizando la dirección postal que figura a continuación (palabra clave: "A la atención del Responsable de Protección de Datos de Choco"):

ISiCO Datenschutz GmbH, Am Hamburger Bahnhof 4. Berlín, 10557 Berlín

Como interesado, tiene derecho a presentar una reclamación ante una autoridad de control si considera que el tratamiento de los datos personales que le conciernen infringe el RGPD. La autoridad de protección de datos responsable de supervisar el tratamiento de datos personales por parte de Choco en España es la Agencia Española de Protección de Datos, en este enlace.

Si desea ejercer sus derechos en relación con la información personal que Choco trata como encargado del tratamiento en nombre de sus Clientes, dirija su solicitud al Cliente correspondiente.

H. Delegado de protección de datos y datos de contacto

Puede dirigir sus dudas sobre la protección de datos a nuestro delegado de protección de datos enviando un correo electrónico a la dirección indicada anteriormente. Tenga en cuenta que el delegado de protección de datos no será el único destinatario de los correos electrónicos enviados a esta dirección, ya que se trata de un correo electrónico genérico para el equipo jurídico de Choco. Si sólo desea ponerse en contacto con nuestro delegado de protección de datos o si desea enviar información confidencial, mencione al delegado de protección de datos en el asunto o en el cuerpo de su correo electrónico y pídale que se ponga en contacto con usted directamente para tratar sus dudas sobre la protección de datos. También puede ponerse en contacto con el delegado de protección de datos utilizando la dirección postal de los responsables del tratamiento de datos indicada más arriba (palabra clave: "A la atención del delegado de protección de datos").

I. Información sobre la corresponsabilidad

Choco Communications GmbH y Choco Communications Espagna, S.L. determinan conjuntamente los fines y medios del tratamiento. Choco Communications GmbH será su punto de contacto cuando desee ejercer los derechos descritos en la sección E. Póngase en contacto con legal@choco.com si desea más información sobre la esencia de dicho acuerdo entre las partes.

J. Duración del almacenamiento

Conservamos los datos personales que tratamos como responsables del tratamiento durante el tiempo necesario para cumplir los fines para los que los tratamos. Una vez transcurrido ese plazo, eliminamos o anonimizamos sus datos, a menos que estemos legalmente obligados a conservarlos durante un periodo de tiempo más largo, o a menos que sean necesarios para el establecimiento, ejercicio o defensa de reclamaciones legales. En esos casos, eliminaremos dichos datos personales una vez transcurridos los plazos legales.

K. Seguridad

Aplicamos diversas medidas técnicas, administrativas y organizativas para proteger sus datos personales contra el acceso no autorizado y el tratamiento ilícito, la alteración o la destrucción.

L. Hiperenlace

Nuestra App puede contener hipervínculos a sitios web de terceros. Si se activan estos hipervínculos, se le redirigirá desde nuestra App directamente a los sitios web de terceros proveedores de servicios. Podrá reconocerlo, entre otras cosas, por el cambio de URL. No podemos aceptar ninguna responsabilidad por el tratamiento confidencial de sus datos en estos sitios web de terceros, ni por su cumplimiento con el RGPD, que está fuera de nuestro control. Consulte directamente esos sitios web para obtener información sobre el tratamiento de sus datos personales.

M. Cambios en esta política de privacidad

Mantenemos siempre actualizada esta política de privacidad. Por lo tanto, nos reservamos el derecho a actualizarla o modificarla de vez en cuando y a mantener estos cambios en el tratamiento de sus datos personales. Indicaremos la fecha de la actualización más reciente al principio de la política de privacidad.

Choco offers a mobile application and web-based tool (collectively, the “App") designed to facilitate communication and order management between commercial buyers in the food sector such as restaurants (“Buyers") and their suppliers (“Suppliers"). This Privacy Policy describes how Choco Communications UK Ltd, a company incorporated in England and Wales whose registered office is at 6th Floor, One London Wall, London, EC2Y 5EB, and Choco Communications GmbH, whose registered office is at Wrangelstraße 100, 10997 Berlin, Germany, both of which may be contacted by email at legal@choco.com, (collectively, "Choco," "we," "us") collect, use, process and share personal data in connection with the use of the App as joint controllers.

The laws applicable to processing of personal data are namely (i) EU Regulation 2016/679 ("GDPR"); (ii) GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (the "UK GDPR"); (iii) any laws or regulations ratifying, implementing, adopting, supplementing or replacing the GDPR; (iv) in the UK, the Data Protection Act 2018 ("DPA"); (v) any laws and regulations implementing or made pursuant to EU Directive 2002/58/EC (as amended by 2009/136/EC); and (vi) in the UK, the Privacy and Electronic Communications (EC Directive) Regulations 2003; in each case, as updated, amended or replaced from time to time. The terms "data subject", "personal data", "processing", "processor" and "controller" shall have the meanings set out in the DPA.

Scope of Application

Choco provides the App and associated services to its Buyer and Supplier customers (collectively, “Customers"). The data subjects within the meaning of UK GDPR may only utilize the App or benefit from Choco’s services as the end users of these Customers (“User(s)” or “You”). When providing the App and services to our Customers, Choco processes your personal data as a processor on behalf of the relevant Customer in line with their instructions. For instance, when you send an order to a Supplier on behalf of a Buyer, we process your data on behalf of the relevant Buyer. Our Customers are responsible for complying with the privacy obligations such as informing you about use of your personal data in relation to the processing activities we perform on their behalf. Please refer to the privacy policies of the respective Customers for more information. This Privacy Policy applies exclusively to scenarios where we act as a data controller in processing the Users’ personal data.

A. Information we collect

   1. Information provided by you

Account information

When creating an account, you will be asked to provide mandatory information, such as your first and last name, email address, phone number and company name. If you don’t provide this information, you will not be able to create an account to use the App. You may provide additional information in your profile, such as a profile picture and your title in the company.

Communications with Choco

You may communicate with us for different reasons. You may fill out a contact form, contact our customer support, complete a survey, participate in a user interview or interact with us in any other way. We may keep a record of these communications including any information provided during such interactions. These communications may be processed for different purposes as further described in Section B “How do we use your information”.

Transaction data

We receive transaction data when you carry out actions on our App, such as the date and time of the orders you place on behalf of a Customer, items you added to team orders or delivery checks you carry out. We mainly use transaction data to provide the functionalities of our App to our Customers.

Other information submitted by you

When using the App, you may enter, manage and edit various information. This information includes, in particular, your communications with other Users and other information you upload to the App, such as images. We use this information to provide the functionalities of our App to our Customers as a processor.

In some cases you may be asked for your specific permission before we access your information.

• Camera access: You may enable camera access to be able to upload pictures to the App directly from your phone. For this, we need your permission to access your camera and media content saved in your camera roll. This access is not mandatory for using the App, but it may make your communications and ordering process easier. This access is based on your consent, as per Article Article 6.1 (a) of UK GDPR, which you can withdraw at any time, in accordance with Article 7.3 of UK GDPR.
• Contact list access: You also have the option of adding team members to your account by adding their contact information manually or directly from the contact list on your phone. For the second option, we need your permission to access your contact list. This access is not mandatory for using the App. If you give permission, we will access the names and phone numbers in your contact list and display them to you. We’ll also check if any of your contacts are already using Choco and display this information as well. We will continue accessing your contact list until you withdraw your permission. We do not store your contact lists on our servers. We only store the information (name and phone number) of your contacts who are already Choco users and the ones that you have invited to use Choco. If you’re a Buyer User, you can also add the contact details of your Supplier’s sales representative. The same terms above apply in that case. The access and the described processing is based on your consent, as per Article Article 6.1 (a) of UK GDPR, which you can withdraw at any time, in accordance with Article 7.3 of UK GDPR.
• Microphone access: voice ordering feature allows you to place orders by recording them directly on your phone. To enable this feature, we need your permission to access your phone’s microphone. This access is optional and not required to use the App. If you grant permission, we’ll only access the microphone while you are actively recording an order. This access is based on your consent, as per Article Article 6.1 (a) of UK GDPR, which you can withdraw at any time, in accordance with Article 7.3 of UK GDPR.
• Location access: If you’re using the App as a sales representative, you may view your leads and customers on a map within the App. The map is provided via Google Maps API and Google Privacy Policy applies to use of the maps feature. To be able to display the relevant results near you, we need access to your location. This access is optional and not required to use the App. If you grant permission, we’ll only access your location while you’re using the App. This access is based on your consent, as per Article Article 6.1 (a) of UK GDPR, which you can withdraw at any time, in accordance with Article 7.3 of UK GDPR.

   2. Information collected automatically

Device and Connection Data

When you visit our App, the App automatically collects certain information from your device, such as the operating system version, device type and manufacturer, access times, your IP address, your mobile carrier, configurations, browser type, information on Internet connection and including general location based on your IP address.

Usage Data

We use automated data collection tools, such as cookies, tracking pixels, and similar tools, to collect information about how you interact with our App and communications/emails. This includes information like User ID, IP address, the pages you visit and the time spent on those pages, the features you use, your commands and other statistical information relating to your use of the App. You may find more information on this in Section C on Cookies and other tracking technologies.

   3. Information we collect from other sources

Information provided by other Users and/or Customers

We may obtain your contact information (such as name, business email address, business phone number, your company and title) from other Customers who want to communicate with the organization that you’re part of. We may also obtain your contact information from the Users that are in the same organization as you are and who invite you to use the App. We use this information in our capacity as a processor for our Customers for sending you communications and for onboarding you to the App on their behalf. But it’s the relevant Customer who is responsible for informing you about these activities as the controllers. When you create an account, as the provider of the App, we start processing your data as the controller in accordance with this Privacy Policy as well.

B. How do we use your information

   1. To operate the App

We process your personal data for the following purposes:

• Operating, hosting and maintaining the App, including monitoring service performance, troubleshooting and debugging any malfunctions,
• Authenticating Users when they log in,
• Detecting, preventing, and responding to security incidents and to any malicious, deceptive, fraudulent or illegal activity,
• Ensuring safety, integrity and security of our App, our Users, Customers, employees and third parties.

The legal basis for the above listed processing activities is our legitimate interest within the meaning of Article 6.1(f) of UK GDPR in ensuring the functionality and error-free operation of the App and managing the use of our App.

Categories of personal data: account data, communications with Choco, transaction data, other information submitted by you, device and connection data, usage data

   2. To manage the relationship with the Customer

We process your personal data for managing relationships with our Customers, such as for billing, account management and enforcing the terms of the agreement between the Customers and Choco.

The legal basis for this processing is our legitimate interest within the meaning of Article 6.1(f) of UK GDPR in managing and maintaining the relationship with our Customers.

Categories of personal data: account data, communications with Choco, transaction data, other information submitted by you, device and connection data, usage data
 

   3. To support your use of the App and to communicate with you

We use your personal data to respond to your questions and requests and to provide you with customer support. We may keep a record of these communications including any information provided during such interactions. We may use this information to improve our customer support processes.

We will also use your personal data to send you technical or legal notices, updates, security messages or other messages concerning the operation of the App or administration of your or the Customer’s account. We use automatically collected information about your interactions with our communications to improve our communications with you. Some of these communications may be sent in the form of push notifications. You may disable push notifications from the settings of your mobile device.

The legal basis for this processing is our legitimate interest within the meaning of Article 6.1(f) of UK GDPR in responding to your requests and informing you about the functioning of the App.

Categories of personal data: account data, communications with Choco, transaction data, other information submitted by you, device and connection data, usage data
 

   4. To improve our Services

In order to improve our App and your user experience, we use tools for the statistical recording and analysis of general usage behavior. We collect information about your in-App activity and engagement with the communications sent via our App. We generate and analyze statistical information about how our App is used. We may analyze and monitor user trends and user behavior, conduct tests for new features and perform troubleshooting activities. Where suitable, we aggregate or de-identify the information.

Legal basis is our legitimate interest in accordance with Art. 6.1 (f) of UK GDPR in improving the functions and performance of our App and ensuring its functionality.

We may contact you to ask you for your opinion about our App, to ask you to participate in user research. Legal basis for contacting you for this purpose is our legitimate interest in improving the functions of our App. Your participation in any user research or survey will be based on your consent. We may also use your communications with us, such as any feedback you may provide for improving our App.

Categories of personal data: account data, communications with Choco, transaction data, other information submitted by you, device and connection data, usage data

   5. To comply with legal obligations and defend our rights

We may use your personal data to comply with our legal requirements, such as keeping records of payments for accounting purposes. The legal basis for this processing is Article 6.1(c) of UK GDPR. We may also process your information based on our legitimate interest within the meaning of Article 6.1(f) of UK GDPR in defending our rights.

Categories of personal data: account data, communications with Choco, transaction data, other information submitted by you, device and connection data, usage data, contact data

   6. To display ads

We may display you advertisements ("ads") from food manufacturers and other third-party advertisers on our App, which may be relevant to the Buyers on whose behalf you are using the App. These ads are not personalised — as a B2B App we do not engage in personalised or behavioural advertising. 

We may collect and use your personal data to display ads and measure ad performance. We may share the ad performance reports with the advertisers. However, these reports will only include aggregated and non-identifiable data, and will never include any personal data.

We do not share your personal data with third parties such as ad networks, social media platforms, ad serving companies, or data brokers under any circumstances. We also do not track you across third party websites or apps.

The legal basis for this processing is our legitimate interest in monetising the App and enhancing the user experience, as well as our Buyer Customers’ legitimate interests in discovering relevant products and offers. You may exercise your right to object to this processing at any time.

Some ads may include links to third party websites. We are not responsible for the privacy practices of those websites. 

Categories of personal data: account data, device and connection data, usage data 

C. Providing services to our Customers

We process your personal information to provide services and functionalities of our App to our Customers as a processor. We don’t have any control over how Users utilize the App. We only process personal information on their behalf to execute their instructions. For instance, we may process your contact information for delivering you a message from a Supplier or inviting you to use the App on behalf of a Supplier. Customer admins are responsible for managing access to their organization’s account, including the modification of access rights of Users as necessary. For more information, please refer to the privacy policy of our customers.

Categories of personal data: account data, contact information, transaction data, other information submitted by you, usage data

D. Cookies and other tracking technologies

We use tracking technologies such as cookies, pixels and other similar tools to automatically collect information as you use the App or when you interact with communications we send you or communications sent by other Users via the App. The data collected via these tools are described under Section A. 2 on Information Collected Automatically.

Some of these tools collect information from the end device to enable the basic functions of our App. These are called (“Essential tools”) and are for enabling the security and stability of our App, preventing misuse and detecting malicious activity. Without these tools, we could not provide our App. Some of these tools are used for statistical collection and analysis of general user behavior based on access data to understand and research how our users interact with our App to provide, update and improve our App.

E. How we share your information

We may share your personal data with the following categories of recipients.

   1. Choco Group

Choco shares infrastructure, systems, and technology with other companies owned or operated by Choco Communications GmbH (“Choco Group”). We may share personal information within Choco Group to be able to provide and improve our services and operate our business. Other companies within Choco Group act as our service providers (processors) in that case and will process your personal data in line with our instructions. 

   2. Our service providers

We share your personal data with our contracted service providers who assist us in providing, supporting and improving our services and App and who process your personal data on our behalf. These third party service providers include hosting providers, IT tools and services, operational services, CRM and communication tools, cybersecurity services and the tools we use for the statistical recording and analysis of general usage behavior on our App and services. You can find a list of these service providers here.

These service providers are limited (by law and by contract) in their ability to use your personal data. We will ensure that these parties are subject to privacy and security obligations consistent with this Privacy Policy and applicable laws via concluding data processing agreements with them.

   3. Competent authorities and legitimate third parties

We are under a duty to disclose your personal data in order to comply with any legal obligation or lawful request by a government or law enforcement authority. Any disclosure of the personal data will be justified by the fact that the processing is necessary to fulfill a legal obligation to which we are subject in accordance with Article 6.1(c) of UK GDPR in the national legal requirements for the disclosure of data to law enforcement authorities and to other supervisory authorities.

We may disclose your personal data to third parties in order to enforce the App’s terms of use or any other agreement we executed with you or our Customers; to protect or defend our rights or the rights of third parties; to prevent any illegal activity or to respond to any legal claims. Any disclosure of the personal data is justified by the fact that we have a legitimate interest within the meaning of Article 6.1(f) of UK GDPR in protecting or defending the rights, property and safety of Choco, our Customers and third parties.

    4. Corporate restructuring

In the context of the further development of our business, the structure of our company may change by changing the legal form, founding, acquiring, or transferring subsidiaries, parts of companies or components. We may share your personal data with third parties if we are involved in an actual or proposed merger, acquisition, financing, bankruptcy, sale of all or a portion of our assets or a reorganization. Reasonable and proportionate disclosure of personal data in the permissible scope is justified by the fact that we have a legitimate interest within the meaning of Article 6.1(f) of UK GDPR in adapting our corporate form to the economic and legal circumstances if necessary.
 

   5. Information you share with other users

You may share your personal data (such as your name, surname and contact information) with other Users, with whom you have freely decided to communicate and/or to place your orders via the App. Just like any other communication platform, Users who are in the same chat as you may see your contact information, including the Users of the other business in your chat.

F. Data transfer to third countries

Some of the recipients may be located in counties outside of the UK, which do not provide adequate protection according to the competent supervisory authority in your country of residence.

Whenever we transfer personal data to those countries, we will take appropriate measures required by Data Protection Laws. These measures include entering into Standard Contractual Clauses with International Data Transfer Addendum or International Data Transfer Agreement which have been approved by the UK Parliament and impose higher standards on the recipients with respect to protection of personal data. If necessary, we also conduct a transfer impact assessment to make sure that there is no adverse impact on the data subject’s rights.

Where this is not possible, we base the data transfer on exceptions under Art. 49 UK GDPR, in particular your express consent or the necessity of the transfer for the fulfillment of the contract or for the implementation of pre-contractual measures. If a transfer to a third country is planned and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your rights as a data subject cannot be guaranteed. When obtaining your consent via the consent banner, you will also be informed of this.

G. Your rights as a data subject

As a data subject, you have the following rights:

• Right to access the personal data we hold about you,
• Right to rectify the personal data we hold about you,
• Right to request deletion of your personal data under certain circumstances specified in the Data Protection Laws Art.17 of UK GDPR,
• Right to restrict processing of your personal data under certain circumstances specified in the Article 18 of UK GDPR,
• Right to object to processing in case the processing is based on our legitimate interests,
• Right to transfer your information to a third-party (right to data portability);
• Right not to be subject to a decision based solely on automated processing; and
• Right to withdraw your consent in case the data processing is based on your consent.

Please note that the existence of the right to withdraw your consent does not affect the lawfulness of processing before your withdrawal.

Your requests for the assertion of data protection rights and our answers to them will be kept for documentation purposes for a period of up to three (3) years and, in individual cases, for longer periods for the establishment, exercise or defense of legal claims in accordance with Article 6.1(f) of UK GDPR, which is based on our legitimate interest in defending Choco against any claims and the avoidance of fines.

If you have any questions, comments or complaints about our handling of your personal data, or if you wish to exercise your data subject rights, please contact the Choco Legal Team using the following contact details: legal@choco.com.

As a data subject you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the UK GDPR. The data protection authority responsible for Choco's processing of personal data in the UK is the Information Commissioner's Office, on this link.

If you wish to exercise your rights in relation to personal information that Choco processes as a processor on behalf of its Customers, please direct your request to the relevant Customer.

H. Data Protection Officer and contact details

You are welcome to direct your data protection concerns to our Data Protection Officer by sending an email to the above-mentioned email address. Please note that emails to the above email address will not solely be received by our Data Protection Officer as this is a generic email for the Choco Legal Team. If you solely wish to contact our Data Protection Officer and/or if you wish to send confidential information, please refer to the Data Protection Officer in the subject line or body of your email and please ask for them to contact you directly to further discuss your data protection concerns. You can also reach out to the Data Protection Officer by using the above postal address of the data controllers (keyword: "To the attention of Data Protection Officer").

You can also reach out to the Data Protection Officer by using the below postal address (keyword: "To the attention of Choco’s Data Protection Officer"): ISiCO Datenschutz GmbH, Am Hamburger Bahnhof 4, 10557 Berlin.
 

I. Information on the Joint Controllership

Choco Communications GmbH and Choco Communications UK Ltd jointly determine the purposes and means of processing. Choco Communications GmbH will be your point of contact when you want to exercise your rights described under section E. Please contact legal@choco.com if you want more information about the essence of such agreement between the parties.

J. Storage duration

We keep the personal data we process as a controller as long as necessary to fulfill the purposes for which we processed it. After that we either delete or anonymize your data unless we are legally required to keep it for a longer period of time, or unless they are necessary for establishment, exercise or defense of legal claims. In those cases, we’ll delete such personal data after the expiration of the legal periods.

K. Security

We implement various technical, administrative and organizational measures to protect your personal data against unauthorized access and unlawful processing, alteration or destruction.

L. Hyperlink

Our App may contain hyperlinks to third-party websites. If these hyperlinks are activated, you will be redirected from our App directly to the websites of third-party service providers. You can recognize this, amongst other things, by the changing URL. We cannot accept any responsibility for the confidential handling of your data on these third-party websites, nor for their compliance with the UK GDPR, which is beyond our control. Please refer directly to those websites for information about their handling of your personal data.

M. Changes to this Privacy Policy

We always keep this privacy policy up to date. Therefore, we reserve the right to update or change it from time to time and to maintain these changes in the processing of your personal data. We will indicate the date of the most recent update in the beginning of the Privacy Policy.

Welcome to choco.com/us, a website of Atlantic Food Waste Partners, LLC, a subsidiary of Choco Communications GmbH (“CHOCO”, “we”, “us” or “our”). Choco provides a mobile application and a webtool (the “App”) to the entities who are suppliers and buyers in the food industry (collectively, “Customers"). This Privacy Notice explains how we collect, use, disclose, and otherwise process Personal Information in connection with choco.com/us (together with any other website operated by Choco, the “Site”), App and other services and business operations (collectively, the “Services”). It does not address our privacy practices relating to employees and other personnel.

What is Personal Information?

When we use the term “Personal Information” in this Privacy Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual. It does not include aggregated or de-identified information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual.

Our Collection of Personal Information

We collect Personal Information about individuals when they visit our Site or create an online account on our App. Sometimes we collect Personal Information automatically when an individual interacts with our Services and sometimes we collect the Personal Information directly from an individual when they interact with us. At times, we may collect Personal Information about an individual from other users, customers, sources and third parties, even before our first direct interaction.

Personal Information Collected From Individuals

The Site

Personal Information Submitted by Site Visitors

We collect the following Personal Information submitted to us by visitors to our Site:

• Contact Information, including first name, last name, employer, title, account status, email address, mailing address, phone number and communication preferences.
• Inquiry Information, including information provided in custom messages sent through the forms or contact information provided on our Site.

Personal Information Collected Automatically

As is true of most digital platforms, we and our third-party providers may collect Personal Information from an individual’s device automatically when visiting or interacting with our Site, including:
 

• Log File Data, including internet protocol (IP) address, operating system, browser type, browser id, the URL entered and the referring page/campaign, date/time of visit, the time spent on our Site and any errors that may occur during the visit to our Site and general geographic location based on the log data we or our third-party providers collect.

The processing of this log data is essential to enable you to visit our Site, to ensure the constant functionality and security of our systems and to manage our Site in general.

• Cookie Data: including data about user’s preferences, the activity on our Site, such as the links and objects viewed, clicked or otherwise interacted with.

For information about our and our third-party partners’ use of cookies and related technologies to collect information automatically, and any choices individuals may have in relation to its collection, please refer to the Cookies and Online Ads section of this Privacy Notice below.

The App

Personal Information Submitted by App Users

We collect Personal Information from our users and prospective users in connection with the online user accounts and ongoing maintenance of the accounts, which includes:

• Online Account Information, including username and password.
• Contact Information, including first name, last name, title, employer, email address, mailing address, phone number and communication preferences
• Other Profile Information, including a photograph for the online account or other Personal Information shared through the account.
• Communication Information, including Personal Information provided when contacting us in connection with our Services, in relation to a survey, comment, question, request or inquiry, support requests and user interviews.
• Transaction Information and Messages: including transactions you carry out in our App, such as the date and time of the orders you place on behalf of a Customer and messages with other users.
• Camera and Contact list access, including images and contacts saved in your phone. While using the App you have the option of adding pictures and/or screenshots to simplify the ordering process. For that, you need to give Choco permission to access your camera. Only the pictures you upload to our App will be stored in our servers. You can also grant us permission to access the contact list on your phone to be able to add team members to your account. In that case, you’ll be able to select them directly from the contact list your phone. Neither of these permissions are mandatory to use the App. If you give permission, we will continue accessing your camera and contact list until you withdraw your permission. We do not store your images or contact lists on our servers. We only store the images you upload to the App and information (name and phone number) of your contacts who are already using Choco and the ones that you have invited to use Choco.
• Microphone access: voice ordering feature allows you to place orders by recording them directly on your phone. To enable this feature, we need your permission to access your phone’s microphone. This access is optional and not required to use the App. If you grant permission, we’ll only access the microphone while you are actively recording an order. You can revoke your permission at any time.
• Location access: If you’re using the App as a sales representative, you may view your leads and customers on a map within the App. The map is provided via Google Maps API and Google Privacy Policy applies to use of the maps feature. To be able to display the relevant results near you, we need access to your location. This access is optional and not required to use the App. If you grant permission, we’ll only access your location while you’re using the App. You can revoke your permission any time. 
   

Personal Information Collected Automatically

• Device and Connection Data: When you visit our App, the App automatically collects certain information from your device, such as the operating system version, device type and manufacturer, access times, your IP address, your mobile carrier, configurations, browser type, information on Internet connection and including general location based on your IP address.
• Usage Data: We use first-party automated data collection tools, such as tracking pixels and similar tools, to collect information about how you interact with our App and communications/emails. This includes information like User ID, IP address, the pages you visit and the time spent on those pages, the features you use, your commands and other statistical information relating to your use of the App.

Job Applicants

Personal Information Submitted by Applicants

We collect Personal Information obtained from your job application provided to us during the recruitment process through, inter alia, our Site, a recruiter, an internal employee referral or from publicly available sources (e.g., LinkedIn). We may also receive your Personal Information from our recruitment service providers. On our Site you have the opportunity to apply for open vacancies in our company.

Depending on the position you are applying for, we collect the following information:

• Application Data: your first and last name, your e-mail address, phone number, your CV, your cover letter, link to your LinkedIn profile, link to your website, your right to work in the country you applied for, salary expectations, fluency in the main language/s of the country you applied for, your preferences for starting work and your willingness to relocate, as well as other information depending on the position.

Personal Information From Third Parties

We also obtain Personal Information from third parties which we often combine with Personal Information we collect either automatically or directly from an individual.

We may receive the same categories of Personal Information as described above from the following third parties:

• Your Employer: in connection with your role as an employee or contractor of a company or other legal entity, we may obtain your information from such an entity.
• Restaurants and Suppliers: in connection with your role as an end user of a Restaurant or Supplier, we may receive your information from other Restaurants and/or Suppliers. For example, we may receive your information from another entity in conjunction with processing a purchase order, or responding to an inquiry.
• Social Media: When an individual interacts with our Services through various social media networks, such as when someone “Likes” us on Facebook or follows us or shares our content on Facebook, Twitter, LinkedIn, or other social networks, we may receive some information about individuals that they permit the social network to share with third parties. The data we receive is dependent upon an individual’s privacy settings with the social network. Individuals should always review and, if necessary, adjust their privacy settings on third-party websites and social media networks and services before sharing information and/or linking or connecting them to other services.
• Service Providers: Our service providers that perform services solely on our behalf, such as payment processors and analytics providers. For example, we receive Personal Information from our service providers that conduct marketing or analytics activities.
• Other Third Parties: From time to time, we may receive information about individuals from third parties. For example, we may obtain information from our marketing partners or from third parties to enhance or supplement our existing information about an individual. We may combine this information with the information we collect directly from individuals.
• Publicly Available Sources: We collect Personal Information about individuals that we do not otherwise have, such as contact information, employment-related information, and interest-in-services information, from publicly available sources. We may combine this information with the information we collect from an individual directly. We use this information to contact individuals, to send advertising or promotional materials or to better understand the demographics of the individuals with whom we interact.

Our Use of Personal Information

We use Personal Information we collect to:

• Fulfill or meet the reason for which the Personal Information was provided. For instance, if you contact us by email, we will use the Personal Information you provide to answer your question or resolve your problem;
• Manage our organization and its day-to-day operations;
• Process job applications;
• Communicate with individuals, send technical or legal notices, updates, security messages and to provide customer support;
• Request individuals to complete surveys about our service offerings;
• Market our Services to individuals, including through email, direct mail, phone or text message; and to organize sweepstakes, contests and promotional activities;
• display ads from food manufacturers and other third-party advertisers on our App, which may be relevant to the Buyers on whose behalf you are using the App; and track ad performance;
• Manage relationships with our Customers, such as for billing and account management;
• Administer our Services, including by recognizing an individual and remembering their information when they return to our Site;
• Host and maintain the Services;
• Prepare for and facilitate our events;
• Create and maintain accounts for our users; authenticate users when they log in;
• Process payment for accounts, deliveries, balances and related services;
• Identify and analyze how individuals use our Site and Services; conduct user research;
• Improve and customize our service offerings to address the needs and interests of our user base and other individuals we interact with;
• Test, enhance, update and monitor the Services, or diagnose or fix technology problems and security incidents;
• Help maintain the safety, security and integrity of our property and Services, technology assets and business;
• Evaluate, negotiate or conduct a merger, divesture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of CHOCO’s assets, whether as a going concern or as a part of bankruptcy, liquidation or similar proceeding, in which Personal Information held by CHOCO about consumers is among the assets transferred or is otherwise relevant to the evaluation, negotiation or conduct of the transaction;
• Defend, protect or enforce our rights or applicable contracts and agreements;
• Prevent, investigate or provide notice of fraud or unlawful or criminal activity; and
• Comply with legal obligations.

We may provide additional privacy disclosures where the scope of the inquiry/request and/or Personal Information we require fall outside the scope of this Privacy Notice. In that case, the additional privacy disclosures will govern how we may process the information provided at that time.

Providing functionalities of our App and associated services

We process Personal Information to provide services and functionalities of our App to our Customers as a service provider. In that case we only process Personal Information on their behalf to execute their instructions. For instance, we may process your Personal Information for delivering you a message from a Supplier or inviting you to use the App on behalf of a Supplier. For more information, please refer to the privacy policy of our Customers

Our Disclosure of Personal Information

We may disclose Personal Information in the following ways:

• Affiliates: We may share Personal Information with other companies owned or controlled by CHOCO, and other companies owned by or under common ownership as CHOCO, which also includes our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns, particularly when we collaborate in providing the Services.
• Restaurants and Suppliers: We may disclose your information to end users of other Restaurants and/or Suppliers at your instruction, with whom you have freely decided to communicate and/or to place your orders via the Services.
• Service Providers: We share Personal Information with third parties who assist us in providing our customer services and facilitating our communications with individuals that submit inquiries. We engage third-party service providers that perform business or operational services for us or on our behalf, such as website hosting, infrastructure provisioning, IT services, analytics services, administrative services.
• Other Businesses As Needed To Provide Services: We may share Personal Information with third parties that an individual engages with through our Services or as needed to fulfill a request or transaction that an individual requested. including, for example, payment processing services.
• Other Third Parties: We work with advertising, analytics and social media partners as described in the Cookies and Online Ads section below.
• Business Transaction or Reorganization: We may take part in or be involved with a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may disclose Personal Information to a third party during negotiation of, in connection with or as an asset in such a corporate business transaction. Personal Information may also be disclosed in the event of insolvency, bankruptcy or receivership.
• Legal Obligations and Rights: We may disclose Personal Information to third parties, such as legal advisors and law enforcement:
  • in connection with the establishment, exercise, or defense of legal claims;
  • to comply with laws or to respond to lawful requests and legal process;
  • to protect our rights and property and the rights and property of others, including to enforce our agreements and policies;
  • to detect, suppress, or prevent fraud;
  • to protect the health and safety of us and others; or
  • as otherwise required by applicable law.
• Otherwise With Consent or Direction: We may disclose Personal Information about an individual to certain other third parties or publicly with their consent or direction. For example, with an individual’s consent or direction we may post their testimonial on our Site or service-related publications.

Cookies and Online Ads

Cookies

What We Collect:

We, and our third-party partners, may automatically collect certain types of usage information when an individual visits our Site. We may collect this information through a variety of data collection technologies, including cookies, web beacons, embedded scripts, location-identifying technologies, file information, and similar technology (collectively, “cookies”). For example, we may collect information about an individual’s device and its software, such as IP address, browser type, Internet service provider, platform type, device type, operating system, date and time stamp, and other similar information. We may collect analytics data or use third-party analytics tools such as Google Analytics to help us measure traffic and usage trends for our Services.

How We Use That Information:

We may use the data collected through cookies for different purposes:

• Essential cookies: for enabling and supporting our security features, for keeping our Site stable, monitoring its effectiveness, preventing misuse and detecting malicious activity, diagnosing and fixing technical issues. This also includes cookies set for cookie consent management. Without these tools, we could not provide our Site.
• Preference cookies: for remembering information so that an individual will not have to re-enter it during their visit to our Site and also to provide features, insights and customized content.
• Analytics cookies: to understand and research how our visitors interact with our Site, to aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our Site; to update and improve our Site.
• Marketing cookies: to evaluate the effectiveness of our marketing campaigns, to show you personalized advertisements based on your interests. These cookies may be placed on our Site by third parties to understand your browsing activities, including across unaffiliated third-party sites, to show you relevant advertisements on other sites you visit. See section “Online Advertising on our Site” for more information.

Online Ads on the Site

This section is exclusively limited to ads displayed on the Site, we do not enageg in interest-based advertising for in-App ads.

Online Advertising on our Site:

We participate in interest-based advertising and use third-party advertising companies to serve targeted advertisements based on an individual’s browsing history. We permit third-party online advertising networks, social media companies and other third-party services, to collect information about an individual’s use of our Site over time so that they may play or display ads on other websites, or services an individual may use, and on other devices an individual may use. Typically, though not always, the information used for interest-based advertising is collected through cookies, which recognize the device an individual is using and collect information, including click stream information, browser type, time and date the individual visited the website, AdID, precise geolocation and other information. We may share a common account identifier (such as a hashed email address or user ID) with our third-party advertising partners to help identify an individual across devices. We and our third-party partners use this information to make the advertisements an individual sees online more relevant to their interests, as well as to provide advertising- related services such as reporting, attribution, analytics and market research. You may opt out of these advertising cookies by accessing the cookie settings on the bottom left of our Site or by contacting us. You can also set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Third-Party Partners:

We use Google Analytics to recognize an individual and link the devices they use when they visit our Site on their browser or mobile device, log in to their account on our Services, or otherwise engage with us. We share a unique identifier, like a user ID or hashed email address, with Google to facilitate the Services. Google Analytics allows us to better understand how our users interact with our Services. For information on how Google Analytics collects and processes data, as well as how individuals can control information sent to Google, review Google’s site “How Google uses data when you use our partners’ sites or apps” located at www.google.com/policies/privacy/partners/. Individuals can learn about Google Analytics’ currently available opt-outs, including the Google Analytics Browser Ad-On here https://tools.google.com/dlpage/gaoptout/.

We may also utilize certain forms of display advertising and other advanced features through Google Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, the DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting. These features enable us to use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick advertising cookie) or other third-party cookies together to inform, optimize, and display ads based on past visits to the Service. Individuals may control their advertising preferences or opt-out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available at https://google.com/ads/preferences, or by visiting NAI’s online resources at http://www.networkadvertising.org/choices.

Social Media:

Our Site and social media accounts may include social media features, such as the Facebook Like button or other widgets. These social media companies may recognize an individual and collect information about their visit to our Site, and they may set a cookie or employ other data collection technologies. An individual’s interactions with those features are governed by the privacy policies of those companies.

We display targeted advertising to individuals through social media platforms, such as Linkedin, Meta and other social media forums. These companies have interest-based advertising programs that allow us to direct advertisements to users who have shown interest in our Services while those users are on the social media platform, or to groups of other users who share similar traits, such as likely commercial interests and demographics. We may share a unique identifier, such as a user ID or hashed email address, with these platform providers or they may collect information from our Site visitors through a first-party pixel, in order to direct targeted advertising to an individual or to a custom audience on the social media platform. These advertisements are governed by the privacy policies of those social media companies that provide them.

Opting Out of Targeted Ads on Social Networks:

If an individual does not want to receive targeted ads on their social networks, they may be able to adjust their advertising preferences through their settings on those networks. An individual may learn more about advertising preferences by clicking on the links provided below. Please note that these links are provided for convenience only and we do not control the content or features that may be available on these third-party services.

- Meta: To learn more about advertising preferences on Facebook Companies, please visit: https://www.facebook.com/help/109378269482053.

Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com.

Opt-Out: https://help.instagram.com/1896641480634370

- Google/ YouTube

Privacy Policy: https://policies.google.com/privacy

Opt-Out: https://www.google.com/settings/ads.

-Twitter

Privacy Policy: https://twitter.com/en/privacy

Opt-Out: https://twitter.com/personalization.

-LinkedIn : Operating the LinkedIn company page under joint controllership on the basis of a Joint Controller Agreement (so-called Page Insights Joint Controller Addendum)

Information on the processed site insights data and the contact options in the event of requests for data protection: https://legal.linkedin.com/pages-joint-controller-addendum

-Privacy Policy: https://www.linkedin.com/legal/privacy-policy

-Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Children’s Personal Information

Our Site and Services are not directed to, and we do not intend to, or knowingly, collect or solicit Personal Information from children under the age of 13. If an individual is under the age of 13, they should not use our Site or Services or otherwise provide us with any Personal Information either directly or by other means. If a child under the age of 13 has provided Personal Information to us, we encourage the child’s parent or guardian to contact us via legal@choco.com to request that we remove the Personal Information from our systems. If we learn that any Personal Information we collect has been provided by a child under the age of 13, we will promptly delete that Personal Information.
 

Links to Third-Party Websites or Services

Our Site and Services may include links to third-party websites, plug-ins and applications. Except where we post, link to or expressly adopt or refer to this Privacy Notice, this Privacy Notice does not apply to, and we are not responsible for, any Personal Information practices of third-party websites and online services or the practices of other third parties. To learn about the Personal Information practices of third parties, please visit their respective privacy notices.

Region-Specific Disclosures

We may choose or be required by law to provide different or additional disclosures relating to the processing of Personal Information about residents of certain countries, regions or states. Please refer below for disclosures that may be applicable to you:

• For residents of the State of Nevada, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. We do not currently sell covered information based on such statute.
• For residents of the State of California, please click here for additional California-specific privacy disclosures

Updates to this Privacy Notice

We will update this Privacy Notice from time to time. When we make changes to this Privacy Notice, we will change the date at the beginning of this Privacy Notice. If we make material changes to this Privacy Notice, we will notify individuals by email to their registered email address, by prominent posting on this Site or our online Services, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided.

Contact Us

For any questions or requests in connection with this Privacy Notice or other privacy-related matters, please send an email to legal@choco.com

Alternatively, inquiries may be addressed to:

Choco Communications GmbH 

Attn: Legal Department 

Wrangelstraße 100

10997 Berlin Germany

1. SCOPE OF DISCLOSURES

This California Privacy Notice (the "CA Notice") applies to information that Atlantic Food Waste Partners, LLC, a subsidiary of Choco Communications GmbH, and their respective subsidiaries and affiliates ("CHOCO", "we", "us", or "our") collect in connection with their websites, mobile applications, products and services (collectively, the " Services"). This CA Notice supplements the information contained in our Privacy Notice and applies solely to individual residents of the State of California ("consumers" or "you").

This CA Notice provides additional information about the categories of personal information we collect about California residents and the rights granted to them under the California Consumer Privacy Act of 2018 (" CCPA").

Unless otherwise expressly stated, all terms in this CA Notice have the same meaning as defined in our Privacy Notice or as otherwise defined in the CCPA.

2. PERSONAL INFORMATION DISCLOSURES

When we use the term " Personal Information" in this CA Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

For the purposes of this CA Notice, Personal Information does not include:

• Publicly available information from government records.
• Deidentified, aggregated or anonymized information that is maintained in a form that is not capable of being associated with or linked to you.
• Information excluded from the CCPA's scope, such as:
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach- Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

Categories of Personal Information Collected

In the last 12 months, we have collected the following categories of Personal Information established under the CCPA:

• Identifiers, such as your name, mailing address, email address, IP address, or other similar identifiers.
• California Customer Records (Cal. Civ. Code § 1798.80(e)), such as username and password, phone number, company name, job title, business email address, and department
• Internet/Network Information, such as your browsing history, log and analytics data, information about the device(s) used to access the Services, domain server, search history and information regarding your interaction with our websites or Services and other usage Data.
• Location Data, including general geographic location based on the log data we or our third-party providers collect
• Sensory Information, such as pictures you provide or upload in connection with our Services, and the content and audio recordings of phone calls between you and us that we record where permitted by law.
• Profession/Employment Information, such as current employer, your first and last name, your e-mail address, phone number, your CV, your cover letter, link to your LinkedIn profile, link to your website, your right to work in the country you applied for, salary expectations, fluency in the main language/s of the country you applied for, your preferences for starting work and your willingness to relocate, as well as other information depending on the position.
• Other Personal Information, such as Personal Information you provide to us in relation to a survey, comment, question, request or inquiry, or information you provide in conversations via the message service.
• Transaction Information and Messages: including transactions you carry out in our App, such as the date and time of the orders you place on behalf of a Customer and messages with other users.
• Camera and Contact list access, including images and contacts saved in your phone. While using the App you have the option of adding pictures and/or screenshots to simplify the ordering process. For that, you need to give Choco permission to access your camera. Only the pictures you upload to our App will be stored in our servers. You can also grant us permission to access the contact list on your phone to be able to add team members to your account. In that case, you’ll be able to select them directly from the contact list on your phone. Neither of these permissions are mandatory to use the App. If you give permission, we will continue accessing your camera and contact list until you withdraw your permission. We do not store your images or contact lists on our servers. We only store the images you upload to the App and information (name and phone number) of your contacts who are already using Choco and the ones that you have invited to use Choco.

3. SOURCES OF PERSONAL INFORMATION

Please see the “Our Collection of Personal Information” Section of our Privacy Notice to see the sources of the Personal Information we collect.

4. OUR USE OF PERSONAL INFORMATION

Please see the “Our Use of Personal Information” Section of our Privacy Notice to see how we use Personal Information.

5. CATEGORIES OF RECIPIENTS OF PERSONAL INFORMATION

For each category of Personal Information listed above, we disclose this Personal Information as described in the “Our Disclosure of Information“ and “Cookies and Online Ads” sections of our Privacy Notice.
 

6. RETENTION PERIOD

We will only keep your Personal Information for as long as necessary to fulfil the purposes for which we collected it in the first place, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 
 

7. YOUR CALIFORNIA PRIVACY RIGHTS

As a California resident, you may be able to exercise the following rights in relation to the Personal Information about you that we have collected (subject to certain limitations at law):

The Right to Know: You have the right to request any or all of the following information relating to your Personal Information we have collected and disclosed in the last 12 months, upon verification of your identity:

- The specific pieces of Personal Information we have collected about you;

- The categories of Personal Information we have collected about you;

- The categories of sources of the Personal Information;

- The categories of Personal Information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed;

- The categories of Personal Information we have sold, if any, and the categories of third parties to whom the information was sold (if applicable); and

- The business or commercial purposes for collecting or selling (if applicable) the Personal Information.

The Right to Request Deletion: You have the right to request the deletion of Personal Information we have collected from you, subject to certain exceptions.

The Right to Request to Correct: You have the right to correct any inaccurate Personal Information we have collected from you, subject to certain exceptions.

The Right to Opt Out of Personal Information Sales or Sharing: Although we do not “sell” or “share” Personal Information in the traditional sense, under the CCPA some of our disclosures may be considered a “sale” or “sharing” of Personal Information. You have the right to direct us not to “sell” or “share” Personal Information we have collected about you to third parties now or in the future. If you are under the age of 16, you have the right to opt in, or to have a parent or guardian opt in on your behalf, to such sales or sharing. We do not knowingly “sell” or “share” the Personal Information of individuals under 16 years of age.The Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising these rights. However, please note that if the exercise of these rights limits our ability to process Personal Information (such as in the case of a deletion request), we may no longer be able to provide you our products and Services or engage with you in the same manner. "Shine the Light": California residents that have an established business relationship with us have rights to know how their information is disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year under California's "Shine the Light" law (Civ. Code § 1798.83).

When displaying ads in our App, we do not sell or share personal information with third parties including but not limited to ad networks, social media platforms, ad serving companies, or data brokers under any circumstances.

8. HOW TO EXERCISE YOUR CALIFORNIA CONSUMER RIGHTS

To exercise your rights, please submit a request by:

• Emailing legal@choco.com with the subject line "California Rights Request", or
• Filling out our California Resident Rights Request Form.

We will need to verify your identity before processing your request. In order to verify your identity, we will generally require either the successful login to your account (if applicable) or the matching of sufficient information you provide us to the information we maintain about you in our systems. Although we try to limit the Personal Information collected in connection with a request to exercise your rights, certain requests may require us to obtain additional Personal Information from you. In certain circumstances, we may decline a request to exercise the right to know, right to correct and/or right to deletion, particularly where we are unable to verify your identity or locate your information in our systems, or as permitted by law.

To Exercise Your Right to Opt Out of Personal Information Sales and Sharing

Cookies placed on our Site for interest-based advertising and analytics may be considered as “sale” or “sharing” under CCPA. Please see the Cookies and Online Ads section in the US Privacy Notice for more information about how we and third parties use cookies and related technologies to collect information automatically on our Site and other online services.

To exercise your right to opt out of Personal Information Sales and Sharing, you may change your preferences by accessing the cookie settings on the bottom left of our Site or by contacting us.

You may also set your browser to refuse all or some browser cookies or enable a browser-based universal opt-out mechanism such as the Global Privacy Control. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
 

9.NOTICE OF LOYALTY PROGRAM

From time to time, we may offer promotions, like rewards for signing up for our Services or giving discounts for the first order you place on behalf of the entity you’re representing on our Services. Although these rewards are offered to business entities as our potential or existing customers, Under the CCPA these programs may be deemed a “financial incentive” program. While we do not assign a monetary value to the Personal Information we collect from you in the promotions in exchange for the rewards/discounts offered, we do receive value in the form of customer loyalty and increased engagement with our Services. In determining the value to CHOCO, we consider the revenue generated from activities related to the collection and retention of your Personal Information less expenses related to providing the promotions. This value will vary depending on the orders made, the types of promotions, the value of the business deal, and many other factors. If you participate, we may collect the following categories of Personal Information: your name, phone number, and email address, as well as the customer entity you’re representing when using our Services. Participation in the promotions is optional and those who opted-in may withdraw their consent by contacting us at legal@choco.com. 

10. UPDATES TO THIS CA NOTICE

We will update this CA Notice from time to time. When we make changes to this CA Notice, we will change the "Effective Date" at the beginning of this CA Notice. All changes shall be effective from the date of publication unless otherwise provided in the notification. Your continued use of the Services after any changes have been posted, means that you agree to all such changes.

11. CONTACT US

If you have any questions or requests in connection with this CA Notice or other privacy-related matters, please send an email to legal@choco.com

Alternatively, inquiries may be addressed to: Choco Communications GmbH

Attn: Legal Department

Wrangelstraße 100

10997 Berlin

Germany

Choco offers a mobile application and web-based tool (collectively, the “App") designed to facilitate communication and order management between commercial buyers in the food sector such as restaurants (“Buyers") and their suppliers (“Suppliers"). This Privacy Policy describes how Choco Communications FZCO, a company incorporated in United Arab Emirates whose registered office is at IFZA Business Park, DDP, PO Box 342001, Dubai, and Choco Communications GmbH, whose registered office is at Wrangelstraße 100, 10997 Berlin, Germany, both of which may be contacted by email at legal@choco.com, (collectively, "Choco," "we," "us") collect, use, process and share personal data in connection with the use of the App as joint controllers.

The laws applicable to processing of personal data are namely in the United Arab Emirates (“UAE”) Federal Law No. 45/2021 on the Protection of Personal Data (“PPDL”), in Saudi Arabia (“KSA”), the Personal Data Protection Law issued by Cabinet Decision No. 98/1443 (“PDPL”) (altogether "Data Protection Laws"); in each case, as updated, amended or replaced from time to time. The terms "data subject", "personal data", "processing", "processor" and "controller" shall have the meanings set out in the DPA.

Scope of Application

Choco provides the App and associated services to its Buyer and Supplier customers (collectively, “Customers"). The data subjects within the meaning of Data Protection Laws may only utilize the App or benefit from Choco’s services as the end users of these Customers (“User(s)” or “You”). When providing the App and services to our Customers, Choco processes your personal data as a processor on behalf of the relevant Customer in line with their instructions. For instance, when you send an order to a Supplier on behalf of a Buyer, we process your data on behalf of the relevant Buyer. Our Customers are responsible for complying with the privacy obligations such as informing you about use of your personal data in relation to the processing activities we perform on their behalf. Please refer to the privacy policies of the respective Customers for more information. This Privacy Policy applies exclusively to scenarios where we act as a data controller in processing the Users’ personal data.

A. Information we collect

1. Information provided by you

Account information

When creating an account, you will be asked to provide mandatory information, such as your first and last name, email address, phone number and company name. If you don’t provide this information, you will not be able to create an account to use the App. You may provide additional information in your profile, such as a profile picture and your title in the company.

Communications with Choco

You may communicate with us for different reasons. You may fill out a contact form, contact our customer support, complete a survey, participate in a user interview or interact with us in any other way. We may keep a record of these communications including any information provided during such interactions. These communications may be processed for different purposes as further described in Section B “How do we use your information”.

Transaction data

We receive transaction data when you carry out actions on our App, such as the date and time of the orders you place on behalf of a Customer, items you added to team orders or delivery checks you carry out. We mainly use transaction data to provide the functionalities of our App to our Customers.

Other information submitted by you

When you use the app, you can enter, manage and edit various information. This information includes, in particular, your communications with other Users but may include other information you upload as well, such as images. We use this information to provide the functionalities of our App to our Customers as a processor.

In order to make use of some of the App’s features, you may need to provide additional information to Choco. In those cases, you will be asked for your specific permission.
 

• Camera access: You may enable camera access to be able to upload pictures to the App directly from your phone. For this, we need your permission to access your camera and media content saved in your camera roll. This access is not mandatory for using the App, but it may make your communications and ordering process easier. This access is based on your consent, which you can withdraw at any time
• Contact list access: You also have the option of adding team members to your account by adding their contact information manually or directly from the contact list on your phone. For the second option, we need your permission to access your contact list. This access is not mandatory for using the App. If you give permission, we will access the names and phone numbers in your contact list and display them to you. We’ll also check if any of your contacts are already using Choco and display this information as well. We will continue accessing your contact list until you withdraw your permission. We do not store your contact lists on our servers. We only store the information (name and phone number) of your contacts who are already Choco users and the ones that you have invited to use Choco. If you’re a Buyer User, you can also add the contact details of your Supplier’s sales representative. The same terms above apply in that case. The access and the described processing is based on your consent, which you can withdraw at any time.
• Microphone access: voice ordering feature allows you to place orders by recording them directly on your phone. To enable this feature, we need your permission to access your phone’s microphone. This access is optional and not required to use the App. If you grant permission, we’ll only access the microphone while you are actively recording an order. You can revoke your permission at any time.
• Location access: If you’re using the App as a sales representative, you may view your leads and customers on a map within the App. The map is provided via Google Maps API and Google Privacy Policy applies to use of the maps feature. To be able to display the relevant results near you, we need access to your location. This access is optional and not required to use the App. If you grant permission, we’ll only access your location while you’re using the App. You can revoke your permission any time. 

2. Information collected automatically

Device and Connection Data

When you visit our App, the App automatically collects certain information from your device, such as the operating system version, device type and manufacturer, access times, your IP address, your mobile carrier, configurations, browser type, information on Internet connection and including general location based on your IP address.

Usage Data

We use automated data collection tools, such as cookies, tracking pixels, and similar tools, to collect information about how you interact with our App and communications/emails. This includes information like User ID, IP address, the pages you visit and the time spent on those pages, the features you use, your commands and other statistical information relating to your use of the App. You may find more information on this in Section C on Cookies and other tracking technologies.

3. Information we collect from other sources

Information provided by other Users and/or Customers

We may obtain your contact information (such as name, business email address, business phone number, your company and title) from other Customers who want to communicate with the organization that you’re part of. We may also obtain your contact information from the Users that are in the same organization as you are and who invite you to use the App. We use this information in our capacity as a processor for our Customers for sending you communications and for onboarding you to the App on their behalf. But it’s the relevant Customer who is responsible for informing you about these activities as the controllers. When you create an account, as the provider of the App, we start processing your data as the controller in accordance with this Privacy Policy as well.

B. How do we use your information

1. To operate the App

We process your personal data for the following purposes:

• Operating, hosting and maintaining the App, including monitoring service performance, troubleshooting and debugging any malfunctions,
• Authenticating Users when they log in,
• Detecting, preventing, and responding to security incidents and to any malicious, deceptive, fraudulent or illegal activity,
• Ensuring safety, integrity and security of our App, our Users, Customers, employees and third parties.

The legal basis for the above listed processing activities is our legitimate interest in ensuring the functionality and error-free operation of the App and managing the use of our App.

Categories of personal data: account data, communications with Choco, transaction data, other information submitted by you, device and connection data, usage data

2. To manage the relationship with the Customer

We process your personal data for managing relationships with our Customers, such as for billing, account management and enforcing the terms of the agreement between the Customers and Choco.

The legal basis for this processing is our legitimate interest within in managing and maintaining the relationship with our Customers.

Categories of personal data: account data, communications with Choco, transaction data, other information submitted by you, device and connection data, usage data
 

3. To support your use of the App and to communicate with you

We use your personal data to respond to your questions and requests and to provide you with customer support. We may keep a record of these communications including any information provided during such interactions. We may use this information to improve our customer support processes.

We will also use your personal data to send you technical or legal notices, updates, security messages or other messages concerning the operation of the App or administration of your or the Customer’s account. We use automatically collected information about your interactions with our communications to improve our communications with you. Some of these communications may be sent in the form of push notifications. You may disable push notifications from the settings of your mobile device.

The legal basis for this processing is our legitimate interest in responding to your requests and informing you about the functioning of the App.

Categories of personal data: account data, communications with Choco, transaction data, other information submitted by you, device and connection data, usage data
 

4. To improve our Services

In order to improve our App and your user experience, we use tools for the statistical recording and analysis of general usage behavior. We collect information about your in-App activity and engagement with the communications sent via our App. We generate and analyze statistical information about how our App is used. We may analyze and monitor user trends and user behavior, conduct tests for new features and perform troubleshooting activities. Where suitable, we aggregate or de-identify the information.

Legal basis is our legitimate interest in improving the functions and performance of our App and ensuring its functionality.

We may contact you to ask you for your opinion about our App, to ask you to participate in user research. Legal basis for contacting you for this purpose is our legitimate interest in improving the functions of our App. Your participation in any user research or survey will be based on your consent. We may also use your communications with us, such as any feedback you may provide for improving our App.

Categories of personal data: account data, communications with Choco, transaction data, other information submitted by you, device and connection data, usage data
 

5. To comply with legal obligations and defend our rights

We may use your personal data to comply with our legal requirements, such as keeping records of payments for accounting purposes. 

Categories of personal data: account data, communications with Choco, transaction data, other information submitted by you, device and connection data, usage data, contact data
 

C. Providing services to our Customers

We process your personal information to provide services and functionalities of our App to our Customers as a processor. We don’t have any control over how Users utilize the App. We only process personal information on their behalf to execute their instructions. For instance, we may process your contact information for delivering you a message from a Supplier or inviting you to use the App on behalf of a Supplier. Customer admins are responsible for managing access to their organization’s account, including the modification of access rights of Users as necessary. For more information, please refer to the privacy policy of our customers.

Categories of personal data: account data, contact information, transaction data, other information submitted by you, usage data

D. Cookies and other tracking technologies

We use tracking technologies such as cookies, pixels and other similar tools to automatically collect information as you use the App or when you interact with communications we send you or communications sent by other Users via the App. The data collected via these tools are described under Section A. 2 on Information Collected Automatically.

Some of these tools collect information from the end device to enable the basic functions of our App. These are called (“Essential tools”) and are for enabling the security and stability of our App, preventing misuse and detecting malicious activity. Without these tools, we could not provide our App. Some of these tools are used for statistical collection and analysis of general user behavior based on access data to understand and research how our users interact with our App to provide, update and improve our App.

E. How we share your information

We may share your personal data with the following categories of recipients.

1. Choco Group

Choco shares infrastructure, systems, and technology with other companies owned or operated by Choco Communications GmbH (“Choco Group”). We may share personal information within Choco Group to be able to provide and improve our services and operate our business. Other companies within Choco Group act as our service providers (processors) in that case and will process your personal data in line with our instructions.

2. Our service providers

We share your personal data with our contracted service providers who assist us in providing, supporting and improving our services and App and who process your personal data on our behalf. These third party service providers include hosting providers, IT tools and services, operational services, CRM and communication tools, cybersecurity services and the tools we use for the statistical recording and analysis of general usage behavior on our App and services. You can find a list of these service providers here.

These service providers are limited (by law and by contract) in their ability to use your personal data. We will ensure that these parties are subject to privacy and security obligations consistent with this Privacy Policy and applicable laws via concluding data processing agreements with them.

3. Competent authorities and legitimate third parties

We are under a duty to disclose your personal data in order to comply with any legal obligation or lawful request by a government or law enforcement authority. Any disclosure of the personal data will be justified by the fact that the processing is necessary to fulfill a legal obligation to which we are subject in the national legal requirements for the disclosure of data to law enforcement authorities and to other supervisory authorities.

We may disclose your personal data to third parties in order to enforce the App’s terms of use or any other agreement we executed with you or our Customers; to protect or defend our rights or the rights of third parties; to prevent any illegal activity or to respond to any legal claims. Any disclosure of the personal data is justified by the fact that we have a legitimate interest in protecting or defending the rights, property and safety of Choco, our Customers and third parties.

4. Corporate restructuring

In the context of the further development of our business, the structure of our company may change by changing the legal form, founding, acquiring, or transferring subsidiaries, parts of companies or components. We may share your personal data with third parties if we are involved in an actual or proposed merger, acquisition, financing, bankruptcy, sale of all or a portion of our assets or a reorganization. Reasonable and proportionate disclosure of personal data in the permissible scope is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances if necessary.
 

5. Information you share with other users

You may share your personal data (such as your name, surname and contact information) with other Users, with whom you have freely decided to communicate and/or to place your orders via the App. Just like any other communication platform, Users who are in the same chat as you may see your contact information, including the Users of the other business in your chat.

F. Data transfer to third countries

Some of the recipients may be located in counties outside of the UK, which do not provide adequate protection according to the competent supervisory authority in your country of residence.

Whenever we transfer personal data to those countries, we will take appropriate measures required by Data Protection Laws. These measures include entering into Standard Contractual Clauses with International Data Transfer Addendum or International Data Transfer Agreement which have been approved by the UK Parliament and impose higher standards on the recipients with respect to protection of personal data. If necessary, we also conduct a transfer impact assessment to make sure that there is no adverse impact on the data subject’s rights.

Where this is not possible, we base the data transfer in particular on your express consent or the necessity of the transfer for the fulfillment of the contract or for the implementation of pre-contractual measures. If a transfer to a third country is planned and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your rights as a data subject cannot be guaranteed. When obtaining your consent via the consent banner, you will also be informed of this.

G. Your rights as a data subject

As a data subject, you have the following rights:

• Right to access the personal data we hold about you,
• Right to rectify the personal data we hold about you,
• Right to request deletion of your personal data under certain circumstances specified in the Data Protection Laws,
• Right to object to processing in case the processing is based on our legitimate interests,
• Right to transfer your information to a third-party (right to data portability);
• Right not to be subject to a decision based solely on automated processing; and
• Right to withdraw your consent in case the data processing is based on your consent.

Please note that the existence of the right to withdraw your consent does not affect the lawfulness of processing before your withdrawal.

Your requests for the assertion of data protection rights and our answers to them will be kept for documentation purposes for a period of up to three (3) years and, in individual cases, for longer periods for the establishment, exercise or defense of legal claims, which is based on our legitimate interest in defending Choco against any claims and the avoidance of fines.

If you have any questions, comments or complaints about our handling of your personal data, or if you wish to exercise your data subject rights, please contact the Choco Legal Team using the following contact details: legal@choco.com.
 

If you wish to exercise your rights in relation to personal information that Choco processes as a processor on behalf of its Customers, please direct your request to the relevant Customer.

H. Data Protection Officer and contact details

You are welcome to direct your data protection concerns to our Data Protection Officer by sending an email to the above-mentioned email address. Please note that emails to the above email address will not solely be received by our Data Protection Officer as this is a generic email for the Choco Legal Team. If you solely wish to contact our Data Protection Officer and/or if you wish to send confidential information, please refer to the Data Protection Officer in the subject line or body of your email and please ask for them to contact you directly to further discuss your data protection concerns. You can also reach out to the Data Protection Officer by using the above postal address of the data controllers (keyword: "To the attention of Data Protection Officer").

You can also reach out to the Data Protection Officer by using the below postal address (keyword: "To the attention of Choco’s Data Protection Officer"): ISiCO Datenschutz GmbH, Am Hamburger Bahnhof 4, 10557 Berlin.

 

I. Information on the Joint Controllership

Choco Communications GmbH and Choco Communications UK Ltd jointly determine the purposes and means of processing. Choco Communications GmbH will be your point of contact when you want to exercise your rights described under section E. Please contact legal@choco.com if you want more information about the essence of such agreement between the parties.

J. Storage duration

We keep the personal data we process as a controller as long as necessary to fulfill the purposes for which we processed it. After that we either delete or anonymize your data unless we are legally required to keep it for a longer period of time, or unless they are necessary for establishment, exercise or defense of legal claims. In those cases, we’ll delete such personal data after the expiration of the legal periods.

K. Security

We implement various technical, administrative and organizational measures to protect your personal data against unauthorized access and unlawful processing, alteration or destruction.

L. Hyperlink

Our App may contain hyperlinks to third-party websites. If these hyperlinks are activated, you will be redirected from our App directly to the websites of third-party service providers. You can recognize this, amongst other things, by the changing URL. We cannot accept any responsibility for the confidential handling of your data on these third-party websites, nor for their compliance with the Data Protection Laws, which is beyond our control. Please refer directly to those websites for information about their handling of your personal data.

M. Changes to this Privacy Policy

We always keep this privacy policy up to date. Therefore, we reserve the right to update or change it from time to time and to maintain these changes in the processing of your personal data. We will indicate the date of the most recent update in the beginning of the Privacy Policy.