Protecting your personal data and privacy is very important to us. We process your personal data exclusively within the framework of the provisions of the General Data Protection Regulation (GDPR) and the Data Protection Act (DSG). Below we will inform you about our company and the type, scope and purpose of data collection and use: 

Contact details of the responsible entity
GMS GOURMET GmbH
Oberlaaer Straße 298
1230 Vienna
Tel. +43 (0) 50/8760

Our privacy policy explains:
• What information we collect and for what reason;
• How we use this information;
• Your rights as a data subject

We process personal data exclusively on one of the following legal bases:
• Your consent
• On a contractual basis
• Based on legitimate interest

On the website, data is processed exclusively on the basis of the legal provisions (GDPR, data protection regulation (DSG), telecommunications law (TKG 2021)).

You have the right to revoke your consent with effect for the future at any time and free of charge and without giving reasons. To do so, please send an email to or click here.

1. Data collection and use

• Ordering from our online shop (web shop)

We need your data to conclude, carry out and terminate your orders. This includes:

• First name and last name
• Invoice and delivery address
• Email address
• Invoice and payment information
• Telephone number.

Order processing includes, but is not limited to, shipping orders, processing your payment, sending electronic order confirmations and invoices, or supporting customer service.

Legal bases:
• Consent according to Art. 6 para. 1 lit. a GDPR
• Contract fulfilment or pre-contractual measure according to Art. 6 para. 1 lit. a GDPR

Storage duration:
Your personal data will be deleted when your data is no longer required for the fulfilment of the purpose pursued with the storage (e.g. order processing, processing of warranty claims and claims for damages, etc.) and in each case in compliance with the legal retention periods.

• Vouchers
We use the data provided in the context of voucher ordering to check and process the order and to send and redeem the voucher. This also includes the logging and processing of data related to the use of the voucher, in particular for the prevention of fraud.

We also store the following data for these purposes:

• Value of the voucher
• Type of voucher
• Voucher number / code
• Payment method if applicable
• Order date or date of issue, if applicable

Legal bases:
• Consent according to Art. 6 para. 1 lit. a GDPR
• Contract fulfilment or pre-contractual measure according to Art. 6 para. 1 lit. b GDPR

Storage duration:
Your personal data will be deleted when your data is no longer necessary for the fulfilment of the intended purpose or when you revoke your consent to the storage, and in each case in compliance with the legal retention periods.

• Reservation

You can use a reservation form to make reservations in our catering establishments. For reservations we use the reservation tool of the provider molzait GmbH (https://molzait.com) . Please note the data privacy policy of molzait GmbH, which you will be referred to when making your reservation (https://molzait.com/privacy). The responsible entity for data processing when making a reservation is molzait GmbH.

• Server log

When you access our website, the browser on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information will be collected without any action on your part and stored until its automatic deletion:

• IP address of your computer making the request;
• Date and time of access;
• Name and URL of the accessed file;
• Website of origin (referrer URL);
• Browser used and, if applicable, the operating system of your computer and the name of your access provider.

We are currently utilising the option to use this data for purposes such as:

Ensuring a smooth connection establishment of the website;

Ensuring a comfortable usage experience of our website;

Evaluating system security and stability;

Fulfilling administrative purposes. The collected data is never used to identify you personally.

Legal bases:
Our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR

Storage duration:
6 months from date of creation

2. The rights of data subjects

You have the right to obtain information about your personal data processed by us, its origin and recipient, its storage period and the purpose of its processing. Upon written request, we will be happy to inform you at any time about your personal data stored by us.

If your data processed by us is inaccurate or incomplete, you may request that it be corrected or completed. We will correct or complete your data immediately. If it is unclear whether the processed personal data is inaccurate, incomplete or processed unlawfully, you may request that the processing of your data be restricted until this issue has been resolved.

You may also request the deletion of unlawfully processed personal data. Please note, however, that this only applies to data that is processed incorrectly, incompletely or unlawfully. You also have the right to object to the processing of your personal data if such data processing is based on the legal basis of our legitimate interest.

If you wish to make use of your rights, we kindly ask you to email us on .

We cannot process data subject requests without first establishing their identity. For this reason, we kindly as you to assist us in establishing your identity and attach a copy of your ID to your request.

If you believe that the processing of your personal data violates data protection regulations or your data protection rights have been violated in another way, you can lodge a complaint with the supervisory authority. In Austria, this is data protection authority at Barichgasse 40-42 in 1030 Vienna.

3. Data transmission/data transfer

• Data transmission

Your personal data will not be transferred to third parties (such as insurance companies, courts, public authorities, banks, tax consultants, auditors, companies within our group of companies, etc.) or to processors (such as IT service providers) for purposes other than those listed below.

We pass on your personal data only in the following cases:
• You have given express consent in accordance with Art. 6 para. 1 lit. a GDPR;
• passing on the data in accordance with Art. 6 para. 1 p. 1 lit. f GDPR is required to protect the interests of the company as well as for the assertion, exercising or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being passed on;
• in in the event of there being a legal obligation to pass on the data in accordance with Art. 6 para. 1 lit. c GDPR, and
• this is legally permissible and required in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships.

The data processor processes the data only to fulfil the order and in accordance with our instructions. You can find the list of the order processors of GMS GOURMET GmbH here.

We also reserve the right to transfer personal data we have about you if we sell or transfer all or part of our business or assets (including in the event of a reorganisation, dissolution or liquidation).

• Data transfers

We may also transfer your personal data to countries outside of the country in which the information was originally gathered. These countries may not have the same data protection laws as the country in which you originally provided the personal data.

When we transfer your data to other countries, we protect this data as described in this data protection declaration and such transfers are subject to applicable law. The countries to which we transfer the personal data are located
• within the European Union or
• outside the European Union

When we transfer personal data from the European Union to countries or international organisations outside the European Union, the transfer is made on the following basis:
• an adequacy decision by the European Commission;
• in the absence of such a decision, for other legally permissible grounds such as the existence of a legally binding and enforceable document between authorities or public bodies, binding internal company rules, standard data protection clauses, and approved or certified codes of conduct.

In exceptional cases, a data transfer may also take place based on Art. 49 GDPR:
• Art. 49 para. 1 lit. a GDPR the data subject has given their explicit consent to the proposed data transfer after having been informed of the potential risks to them of such data transfers without the existence of an adequacy decision and without appropriate safeguards;
• Art. 49 para. 1 lit. b GDPR the transfer is necessary for the performance of a contract between the data subject and the responsible entity or for the performance of pre-contractual measures at the request of the data subject;
• Art. 49 para. 1 lit. c GDPR the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject by the responsible entity with another natural or legal person.

4. Google tools

• Google AdWords and Google conversion tracking

The website at www.gourmet.at uses the online advertising program Google AdWords and in this connection its Google Ads conversion tracking tool. Google AdWords places a cookie on your computer if you have accessed our website via a Google ad. As a rule, these cookies expire after 30 days and are not designed to identify you personally. If the user visits certain pages of our website and the cookie has not yet expired, then we and Google can see that the user clicked on the ad and was redirected to www.gourmet.at. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (a mark indicating that the user no longer wishes to be addressed) are generally stored as analysis values for this cookie. Every Google AdWords customer receives a different cookie. This means that cookies cannot be tracked via the websites of AdWords customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. These evaluations allow us to identify which of the advertising measures are particularly effective. We do not receive any additional data from the use of the advertising material; in particular, we cannot identify users based on this information. Due to the marketing tool used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: The integration of Google Ads conversion tracking means that Google is notified that you have viewed the web page in question or clicked on one of our ads. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or are not logged in, it is possible that Google will find out and store your IP address.

Users who do not wish to participate in the tracking process can simply disable the Google conversion tracking cookie in the settings of their web browser. These users will then not be included in the conversion tracking statistics.

The storage of conversion cookies is based on your consent in accordance with Art. 6 para. 1 lit. f GDPR. If you would like to learn more about Google’s privacy policy and terms of use, please click the following link: https://policies.google.com/privacy?hl=de.

• Google Analytics Remarketing

The website at www.gourmet.at uses the features of Google Analytics Remarketing in conjunction with the cross-device features of Google AdWords. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This feature allows advertising audiences created with Google Analytics Remarketing to be linked to the cross-device features of Google AdWords. This means that interest-based, personalised advertising messages that are tailored to you based on your previous usage and surfing behaviour on one device (such as your mobile phone) can also be displayed on another of your devices (such as a tablet or PC).

If you have given your consent, Google will link your web and app browsing history to your Google Account for this purpose. In this way, the same personalised advertising messages can be displayed on every device on which you log in with your Google account.

To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target groups for cross-device advertising.

You can permanently object to cross-device remarketing/targeting by disabling personalised advertising in your Google account; to do this, click this link: support.google.com/ads/answer/2662922

The aggregation of the collected data in your Google account is based solely on the consent (Art. 6 para. 1 lit. a GDPR) you give to Google. You can revoke this consent at any time without giving reasons with effect for the future. In the case of data collection processes that are not merged in your Google account (for example because you do not have a Google account or have objected to the merging), the collection of the data is also based your consent in accordance with Art. 6 para. 1 lit. f GDPR. You can revoke this consent at any time without giving reasons with effect for the future.

For further information, go to: https://www.google.com/policies/technologies/ads/.and to: https://support.google.com/google-ads/answer/7664943?hl=de&ref_topic=3122875

• Use of Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called cookies, which are text files placed on your computer to help analyse how you use the website. The information generated by the cookie about your use of the website will usually be transmitted to and stored by Google on servers in the USA. If IP anonymisation is activated on this website, however, your IP address will be stored by Google in shortened form within Member States of the European Union or in other states that are contracting parties to the Agreement on the European Economic Area.

Only in exceptional cases is a complete IP address transmitted to a Google server in the USA and abbreviated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, compile reports on website activity and provide the website operator with other services related to website usage and internet activity. Your usage data are not passed on to third parties. The IP address sent by your browser as part of Google Analytics will not be associated by Google with any other data.

You can prevent the installation of cookies by selecting the appropriate settings in your browser; please note, however, that in this case you may not be able to use all the features of this website. You can additionally prevent the collection of data produced by the cookie and associated with your use of the website (including your IP address), its transmission to, and its processing by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

5. SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS. You can recognise an encrypted connection by the character string “https://” and the lock symbol in your browser line.

6. Changes or additions

We reserve the right to make changes or additions to the information content at any time and without notice. If parts or individual phrases of this text do not, no longer, or not completely correspond to the current legal situation, the remaining parts of the document remain unaffected in their content and validity.

Last updated: 25/04/2023