Pub&Go

Privacy Policy – SuperVista

(in accordance with GDPR)

Last updated: 12.08.2025

1. Data Controller

Depending on the country in which the service is provided, the controller responsible for the processing of your personal data is:

Germany:

Pub&Go UG (haftungsbeschränkt)

Siemensstraße 2, 15711 Königs Wusterhausen, Germany

Spain:

Pub & Go Spain, SLU

CL. Luis Vélez de Guevara, 8, 28012 Madrid, Spain

E-Mail: privacy@pubandgo.de

The respective entity is the controller for all data processing activities that occur within its country of operation.

This privacy policy applies to all services of the SuperVista Group, including:

  • Pub&Go – digital ordering and payment platform for hospitality
  • Brillen.de – online optician (Germany)
  • Brillen.pl – online optician (Poland)
  • Gafas.es – online optician (Spain)

2. Data We Process

Basic data:

  • Email address (for order confirmation or invoicing)
  • Mobile phone number (for contact in connection with orders)
  • Postal code (for location assignment and invoicing)
  • Date of birth (for age verification in accordance with youth protection laws, particularly for the sale of alcoholic beverages; the full date is recorded)
  • Table number (for table service orders via Pub&Go)

Transaction data:

  • Order details (products, quantities, prices)
  • Order number
  • Transaction amount including tips
  • Date and time of the order

Technical data:

  • Location (only with your consent, to display nearby restaurants)
  • Session information (session duration, selected restaurant)
  • Preferred app language

Optional data:

  • Billing details (company name, VAT ID, address) – only if you request an invoice

3. Legal Basis for Processing

  • Art. 6(1)(b) GDPR – Performance of a contract (accepting and processing your order)
  • Art. 6(1)(c) GDPR – Legal obligation (creation and retention of invoices as required by tax law)
  • Art. 6(1)(a) GDPR – Consent (e.g. for location data)
  • Art. 6(1)(f) GDPR – Legitimate interest of the controller (system security, fraud prevention)

4. Purposes of Processing

  • Processing orders and payments
  • Generating order confirmations, receipts and invoices
  • Displaying nearby restaurants (when location access is enabled)
  • Storing shopping cart contents and language settings
  • Contacting you in connection with your order
  • Age verification for the sale of alcoholic beverages

5. Recipients of Data

Restaurants:

We share only the data necessary to fulfil your order (table number, ordered items, amount due).

Service providers:

  • Stripe Payments Europe Ltd., Ireland – payment processing
  • Google Ireland Ltd. / Google LLC, USA – map display (Google Maps), storage of restaurant data (Google Cloud)

6. Data Transfers to Third Countries

When using Google Cloud, Google Maps and Stripe, data may be transferred to the United States. Such transfers are based on the adequacy decision of the European Commission regarding the EU-US Data Privacy Framework (DPF), under which both Google LLC and Stripe, Inc. are certified. Standard Contractual Clauses (SCCs) of the European Commission are in place as a supplementary safeguard.

7. Data Retention

  • Session data: automatically deleted after 20–30 minutes of inactivity
  • Order and invoice data: retained for 10 years in accordance with statutory retention obligations (Germany: § 147 AO, § 257 HGB; Spain: Art. 30 Código de Comercio, Ley General Tributaria)
  • Email addresses: used solely for sending confirmations and invoices; deleted once the processing purpose no longer applies, unless a statutory retention obligation exists

8. Your Rights

You have the right to:

  • Access your data (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)

You also have the right to lodge a complaint with the competent supervisory authority:

Germany:

Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg (LDA)

Stahnsdorfer Damm 77, 14532 Kleinmachnow, Germany

E-Mail: poststelle@lda.brandenburg.de

Spain:

Agencia Española de Protección de Datos (AEPD)

C/ Jorge Juan, 6, 28001 Madrid, Spain

Website: www.aepd.es

9. Account Deletion

You can delete your SuperVista account at any time:

  • In the app: Via the account settings directly in the SuperVista app
  • By email: Send a deletion request to privacy@pubandgo.de

Upon receipt of your request, your personal data will be deleted unless statutory retention obligations apply (e.g., invoice data: 10 years). Deletion will be carried out within 30 days of confirmation.

10. Data Security

  • SSL/TLS-encrypted connections (HTTPS)
  • No storage of credit card data
  • API security measures
  • Regular system updates

11. Cookies

We use only strictly necessary cookies for:

  • Maintaining the user session
  • Storing language settings
  • Storing the shopping cart

We do not use marketing or analytics cookies without your explicit consent.

12. Mobile App

  • Requests your consent before accessing location data
  • Allows scanning of QR codes
  • Subject to the same data protection provisions as the web version

13. Changes to This Policy

We will inform you of material changes through:

  • A notification in the app
  • A notice on the homepage

Previous versions of this privacy policy are available upon request.

Data protection contact: privacy@pubandgo.de