Data Protection Policy and Notice
(Last revised: November 24, 2019)
Weissbeerger (Weissbeerger Ltd., and any and all subsidiaries, together: “Weissbeerger”, “we”, “us”, “our”) respects the privacy of its customers, employees and candidates, and users, and is committed to protecting the personal information you share with us. We also protect the privacy of our website visitors, followers, vendors, service providers, partners and others who come in contact with Weissbeerger.
This Data Protection Policy and Notice covers our treatment of Personal Data (i.e. any information which can be used to identify you), as well as other information we gather when you access any of our websites, or interact with our services, including, but not limited to the Trayz site and app, the Beverage Analytics site and app, and our company website (collectively the “Services”). We are transparent about our practices regarding the information we collect use, maintain and process and we describe our practices in this policy and notice. This policy also serves as a notification to our data subjects regarding the collection of their personal data and the manner in which that is used.
For the purposes of EU’s General Data Protection Regulation (“GDPR”) and other applicable data protection law, (together, the “Data Protection Law”), Weissbeerger is the Controller of personal data of its employees, candidates, website visitors and data relating to Weissbeerger customers and their accounts for use of the Services. However, data that our customers provide in the use of the Services, is processed on behalf of the Customer; in that case, the customers are the Controller, and we are the Processor on their behalf, including also any personal data relating to our customers’ employees, patrons etc.
Summary: We collect both personal data which can identify individuals, and non-personal data. We also collect data about our employees and service providers. (We do not deliberately collect any personal data about consumers).
Weissbeerger creates innovative technology for food and beverage venues such as bars, restaurants and breweries, to improve their operational efficiency by generating business intelligence, based on Point of Sale data and additional metrics. Our customers provide this data to us, and we provide analysis of the data, to help the customer optimize sales and other business operations. More specifically, Weissbeerger processes that data on behalf of its customers, to give concrete recommendations on such matters as pricing optimization, combinations and promotions, menu changes, suggested new offerings and more. Weissbeerger provides its customers with secure access to their data to support customers as they operate their business.
Weissbeerger does knowingly collect or process personal data relating to point of consumption (e.g. bar) end-users and customers.
There are several categories of data Weissbeerger collects from its Customers.
One type of data is non-identifiable and anonymous information (“non-personal data”).
We also collect several categories of personal data (“Personal Data”), some of which is provided directly by the data subject – such as website and app activity, or by the data subject’s employer if they are a customer, partner or service provider of Weissbeerger. This includes: your name (first and last), email address, phone numbers and other contact details job title and position, organization name, login credentials, your account username and password and usage details, billing and payment details and history, as well as other information you choose to provide to Weissbeerger. Weissbeerger uses this information to offer the Services and support, and will share this data across Weissbeerger group companies and affiliates to optimize the Services. You are not required to provide this data, but then the services we can provide you will be limited or unavailable.
Additionally, we may obtain location data related to the geographic location of your Point of Consumption, if you are associated with one, as well as your laptop, mobile device or other digital device on which the Services are used.
Weissbeerger’s customers and others using our Services do not have any legal obligation to provide any information to Weissbeerger, however, we require certain information in order to perform our contracts or to provide the Services. If you choose not to provide us with certain information, we may not be able to provide you or your employer – our customer – with some or all of the Services.
Weissbeerger also collects the email addresses of people who communicate with Weissbeerger via email or via messenger services or other social media platforms or create accounts and login credentials.
We may also collect information on connection, geolocation and/or browsing data (if you interact with us from your laptop or mobile phone, for example) that we collect by using cookies and similar tracking technologies as described below.
When you or your employer use the Services, data that is transferred to Weissbeerger will sometimes include names of the managers, bar tenders and servers in the point of consumption (e.g. bar) as well as some performance metrics on these employees.
Weissbeerger also collects Personal Data of its employees, customers and visitors through the use of CCTV cameras and office access cards. This consists of video images of you in the public spaces at Weissbeerger’s offices, as well as records of your entrances and exits of the Weissbeerger offices and office floors. It also includes identity verification systems and data. Weissbeerger may not be aware of the nature of the information collected through our services (for example, through our CCTV systems), and such information may include sensitive or special categories of Personal Data, but we do not knowingly collect such data about our customers, visitors etc.
Weissbeerger collects data on technicians, whether Anheuser-Busch Inbev SA/NV (the “Group”, or “AB InBev”, of which group we are a part) employees or independent contractors, who install the Services for customers, and other staff of AB InBev. This data will include names and contact information for the technician and some performance metrics and location.
Weissbeerger collects data relating to our employees. This is governed by a specific notice we have made available to our employees.
Weissbeerger also collects data relating to employment candidates. This includes CVs and the data contained therein, notes on meetings, standardized tests, reports, references, interviewer impressions and such industry standard data, as well as collecting data made publicly available or available to us on social networks. We collect such data based on the intention of the candidate to enter into an employment agreement with Weissbeerger. Candidates are not obligated to provide this data, but then we cannot consider their candidacy.
Summary: We use Personal Data to provide and improve our Services and services of AB InBev, and to meet our contractual, ethical and legal obligations.
Where Weissbeerger is the Controller of personal data, we will process it only on a lawful basis, generally based on the fulfillment of contract; or based on a legitimate interest of providing information and services and support with respect to the Services or based on a legitimate interest in marketing the Services. In some cases, Weissbeerger may collect data based on the consent of the data subject, or in fulfilment of a legal obligation. Note that with regard to data provided to us in the Services, other than contact data, we are generally a Processor of any personal data provided to us and we process this subject to the Data Protection Agreement we have entered into with the Controller (such as a bar, or other point of consumption), and data subjects of such data can refer to the Controller for details of their data processing.
Weissbeerger will use Personal Data to provide and improve our Services to our customers and others and meet our contractual, ethical and legal obligations, including also:
- To enable us to meet our legal, contractual, ethical and business obligations as an employer and a potential employer for our employees and job applicants;
- Carrying out our obligations arising from any contracts entered into between you or your employer or organization and Weissbeerger and/or any contracts entered into with Weissbeerger and to provide you with the information and services that you request from Weissbeerger including:
- Administering your account with Weissbeerger including to identify and authenticate you;
- Providing and operating the Services, tracking their use, and optimizing the Services;
- Contacting you for the purpose of providing you with technical assistance and other related information about the Services; as well as replying to your queries, troubleshooting problems; detecting and protecting against error, fraud or other criminal activity; and managing your subscription;
- To notify you about changes to the Services, send you updates and notices, to provide you with information relating to the Services
- Carrying out our legal obligations, for example for:
- Compliance and audit purposes, such as meeting our reporting obligations in our various jurisdictions, and for crime prevention and prosecution in so far as it relates to our staff, customers, facilities, property etc.;
- For security purposes and to identify and authenticate your access to our sites and Services;
- We process personal data for the purposes of our legitimate interest of providing a higher quality service and improving the user experience, or to provide you with information relating to the adjacent services, including services provided by other members of our Group, and to solicit feedback in connection with your use of the Services;
- For our legitimate interest to detect and prevent damage to Weissbeerger, its employees and third parties;
- We use personal data for marketing purposes, including limited profiling for marketing purposes, based on our legitimate interest in marketing our services and the goods and services of our group affiliates. We likewise process personal data pursuant to our legitimate interest in marketing when we: send our newsletters, and send you (personalized) information on our Group affiliates’ products and services through various means (such as e-mail or SMS). You have the right to object to such processing;
- We also use personal data to create and operate internal tools and analytics for the benefit of our Group affiliates’ services; our affiliates in AB InBev uses this data to better serve its clients and the industry.
Summary: Weissbeerger transfers and discloses non-personal data to third parties at its own discretion.
Weissbeerger uses anonymous, statistical or aggregated information related to the use of the Services, including any aggregated information related to your personal account, and share, publish, post, disseminate, transmit or otherwise communicate or make available such information, to suppliers, business partners, sponsors, affiliates and any other third party, at Weissbeerger’s sole discretion, provided however, that the information will not identify you personally and that Weissbeerger will not knowingly, or intentionally use the information to reveal your identity without your consent or another lawful basis, under the terms of this policy. Where data cannot reasonably, and in a commercially viable way, be re-identified, we will treat it as anonymous.
Weissbeerger also uses anonymous, statistical or aggregated information to properly operate the Services, to improve the quality and functionality of the Services, to enhance your experience, to create new services, including customized services, to change or cancel existing content or services and for other internal and statistical purposes.
Summary: We transfer your Personal Data to members of our group and to third parties who assist us in providing the Services. We have a contract with those third parties to govern their processing on our behalf.
We transfer Personal Data to:
- Other companies in our Group: This includes certain members of AB InBev situated in the EU, in Israel, in the US, and elsewhere; specific people within those companies may be granted access to the data for legitimate business purposes in connection with the Services, including a number of AB InBev internal applications that serve the purposes detailed in this policy.
- Third Party vendors: We transfer personal data to third parties who processor the data on our behalf, in a variety of circumstances detailed below. We take reasonable steps to ensure that these third parties process your personal data only to the extent necessary to perform their functions. We put a contract in place with them to govern their processing on our behalf. These third parties include business partners, suppliers, affiliates, agents and/or sub-contractors for the performance of any contract we enter into with you. They may assist us in providing the Services, processing transactions, fulfilling requests for information, receiving and sending communications, analysing data, providing IT and other support services or in other tasks, from time to time. These third parties may also include analytics and search engine providers that assist us in the improvement and optimisation of our website and our marketing.
We periodically add and remove third party providers. At present, third-party providers to whom we transfer, or plan to transfer, personal data include the following:
- Website analytics;
- Customer ticketing and support;
- Email, server and cloud-computing providers;
- On-site and cloud-based database services;
- Data analytics tools;
- Vendor and customer Interface;
- Payroll and pension management systems and providers, and other HR management software;
- Time and attendance software;
- CRM software;
- ERP software;
- Document management and sharing services;
- Fraud detection and credit risk reduction services;
- Cybercrime prevention tools;
- Visitors registration system;
- Project Management system;
- Web VC and meeting room platforms;
- Call center systems and services;
- Customer-service providers;
- Recruiting and applicant management software and partners;
- Our lawyers, accountants, and other standard business software and partners.
We will transfer personal data to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal or audit or compliance obligation, in the course of any legal or regulatory proceeding or investigation, or in order to enforce or apply our terms and other agreements with you or with a third party; or to assert or protect the rights, property, or safety of Weissbeerger, our customers, or others.
Summary: We store your Personal Data in servers controlled by reputable cloud-service providers.
We keep Personal Data in servers which will be owned or controlled by Weissbeerger in our various sites, and those of AB InBev, or processed by third parties on behalf of Weissbeerger, by reputable cloud-service providers, including also Amazon Web Services, in the USA, Israel, EU and elsewhere. We also store data at our locations, principally in Israel.
Summary: We transfer your Personal Data outside of the EEA in accordance with Chapter V of GDPR using various mechanisms including Adequacy Rulings, Privacy Shield, Standard Contractual Clauses and Binding Corporate Rules.
Personal Data controlled or processed by Weissbeerger is transferred to, and stored and used at, multiple locations. When your Personal Data is transferred outside of the European Economic Area (EEA), we will take all steps reasonably necessary to ensure that your Personal Data is subject to appropriate safeguards, and that it is treated securely and in accordance with this policy. Weissbeerger transfers data from its various locations and jurisdictions to other jurisdictions all in accordance with GDPR Chapter V, as follows:
- To Israel. Weissbeerger headquarters are based in Israel. Israel is considered by the European Commission to offer an adequate level of protection for the personal information of EU Member State residents; we may transfer Personal Data to other countries with an adequacy ruling too; and
- To the United States of America and additional non-EU locations. Transfer to the US and elsewhere is done subject to the Privacy Shield, or subject to Standard Contractual Clauses, or another mechanism valid under GDPR; and
- Within / to the EU;
- To members of AB InBev group. All Personal Data transfers within AB InBev are subject to either Standard Contractual Clauses, or – once approved – Binding Corporate Rules in accordance with GDPR Chapter V. The AB InBev Binding Contractual Rules are currently pending approval from the Belgium Data Protection Authority.
We may transfer your personal data outside of the EEA, for the purposes detailed above, but also, in particular for the following purposes; to:
- Store or backup the personal data;
- Enable us to provide you with the Services and fulfill our contract with you;
- Fulfill any legal, audit, ethical or compliance obligations which require us to make that transfer;
- Facilitate the operation of AB InBev businesses as described above, where it is in our legitimate interests and we have concluded these are not overridden by your rights;
- Serve our customers across multiple jurisdictions;
- Operate parent company, subsidiaries and affiliates in an efficient and optimal manner;
- Detect and prevent damage to Weissbeerger, AB InBev, its employees and third parties.
Summary: We retain your Personal Data only for as long as necessary to meet our legal and ethical obligations, which for different types of data will be different periods.
Weissbeerger will retain personal data it processes only for as long as required in our view, to provide the Services and as necessary to comply with our legal and other obligations, to resolve disputes and to enforce agreements. We will also retain personal data to meet any audit, compliance and business best-practices. In the case of data processed pursuant to a contract, such data may be retained for the duration of the contract, and at least the applicable statute-of-limitations period applicable thereafter (typically at least seven years).
Job applicant data will generally be retained for up to two years, and will thereafter be pseudonymized for a period of up to two years, to enable to efficiently process repeat applicants. It will then usually be deleted.
CCTV data is generally retained for at least a month, but may be retained longer where necessary. Office access data is retained for a period of at least one year.
Customer data is retained for the duration of customer’s contract with Weissbeerger, and for a period of at least seven years thereafter.
Data stored in our backups will be retained there until cycled out.
Weissbeerger websites use industry standard technologies such as cookies, pixels and similar technologies, which store certain information on your computer or browsing device and which will allow us to identify the computer or device from which you connect and in some cases to identify them with the user, and to enable automatic activation of certain features, and make your website experience more convenient and effortless. We use different types of cookies: some cookies are required for the operation of our Services and under our terms with you; this includes for example, cookies that enable you to log into secure areas of our services. We also use analytical and performance monitoring cookies, which allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. Finally, we use functionality cookies which are used to recognise users when they return to our Services. This enables us to personalise content to your preferences, including for example, your choice of language or region.
Different cookies are kept for different periods. Session cookies are used to keep track of your activities online in a given browsing session; these cookies generally expire when the browser is closed but may be retained for a period on your device. Persistent cookies remain in operation even when you have closed the browser; they are used to remember your login details and password. Persistent cookies will remain valid until a set expiry date, unless deleted by the user before the expiry date. Third-party cookies are installed by third parties with the aim of collecting certain information to research behaviour, demographics. Third party cookies on our site include, for example, Google Analytics. Likewise, pixels from Facebook and others enable integration of third-party service providers (e.g. Twitter, Youtube, Pintrest, Instagram) are embedded on our site. Third party cookies will be retained according to the terms of those third parties, and you can control those cookies in your browser settings.
How to disable cookies: the effect of disabling cookies depends on which cookies you disable but, in general, the website and some services delivered through it may not operate properly, may not recognize your device, may not remember your preferences and so on, if cookies are disabled or removed. However, allowing or disabling cookies is your choice and in your control. If you want to disable cookies on our site, you need to change your browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies for some popular browsers can be found here:
- Internet Explorer: http://windows.microsoft.com/en-GB/internet-explorer/delete-manage-cookies
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Safari: http://help.apple.com/safari/mac/8.0/#/sfri11471
Note that our websites may, from time to time, contain links to external sites. We are not responsible for the operation, privacy policies and practices or the content of such sites.
Summary: We take industry standard steps to maintain the security of the Personal Data we process. On discovering a breach, we will promptly notify, as may be required, the controller, the relevant authorities and data subjects, and take steps to remedy the breach.
We take great care in implementing, enforcing and maintaining the security of the personal data we process. Weissbeerger implements, enforces and maintains security measures, technologies and policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of personal data. We likewise take steps to monitor compliance of such policies on an ongoing basis. Where we deem it necessary in light of the nature of the data in question and the risks to data subjects, we may encrypt data. Likewise, we take industry standard steps to ensure our websites are safe.
Note however, that no data security measures are perfect or impenetrable, and we cannot guarantee that unauthorized access, leaks, viruses and other data security breaches will never occur.
Your personal data will only be processed by a third party data processor if that data processor agrees to comply with required technical and organisational data security measures.
Weissbeerger shall act in accordance with its policies and with applicable law to promptly notify, as may be required, the relevant data controllers, authorities and data subjects in the event that any personal data processed by Weissbeerger is lost, stolen, or where there has been any unauthorized access to it, all in accordance with applicable law and on the instructions of qualified authority. Weissbeerger shall promptly take reasonable remedial measures.
Summary: Data subjects to whose Personal Data GDPR applies have rights to data portability, access data, rectify data, object to processing and erase data. These rights cannot be exercised in a manner that is inconsistent with the rights of others.
Data subjects with respect to whose data GDPR and other data protection law applies, have rights under GDPR and local laws, including, in different circumstances, rights to: data portability, access data, rectify data, object to processing or profiling, and erase data (right to be forgotten). It is clarified for the removal of doubt, that where personal data is provided by a customer being the data subject’s employer or who is otherwise the Controller, such data subject rights will have to be effected through that customer and Controller. In addition, data subject rights cannot be exercised in a manner inconsistent with the rights of Weissbeerger and AB InBev employees and staff, and proprietary rights, as well as third-party rights. As such, for example, job references, reviews, internal notes and assessments, documents and notes including proprietary information or forms of intellectual property, cannot ordinarily be accessed or erased. In addition, these rights may not be exercisable where they relate to data that is not in a structured form, for example emails, or where other exemptions apply, or where the data cannot readily be identified and isolated. If processing occurs based on consent, data subjects have a right to withdraw their consent.
If, for any reason, a data subject wishes to exercise these rights and modify, erase or retrieve their Personal Data, they can do so by contacting Weissbeerger’s data protection team at: ). Weissbeerger will undertake a process to identify a data subject exercising their rights. Weissbeerger may keep details of such rights exercised for its own compliance and audit requirements. Personal Data may be either deleted or retained in an aggregated and de-identified manner, and such information may continue to be used by Weissbeerger.
Data subjects in the EU have the right to lodge a complaint, with their data protection supervisory authority.
Summary: We do not knowingly collect Personal Data about minors below legal drinking age in the different jurisdictions in which we collect data. We do not sell any Personal Data. We aim to process only adequate Personal Data limited to the needs and purpose
We do not knowingly collect or solicit information or data from those who are minors or are under the legal drinking age or knowingly allow them to register for the Services. If you are a minor or are under the legal drinking age, do not register or attempt to register for any of the Services or send any information about yourself to us. If we learn or reasonably suspect that we have collected or have been sent Personal Data from a minor or someone under the legal drinking age, we will delete that Personal Data as soon as reasonably practicable without any liability to Weissbeerger. If you believe that we might have collected or been sent information from a minor or someone under the legal age, please contact us at: , as soon as possible.
Weissbeerger does not sell any data subjects’ personal information.
Summary: This policy is updated from time to time.
You may contact us or our data protection officer, as may be required. Any access requests or complaints may be lodged with our data protection team at: dpo@Weissbeerger.com