Cookies settings

Cookies are small text files that are sent and saved to your browser when visiting Dish website or our partner sites.

Personal Data Handling Policy

1. Information about DISH and its history

1.1. This Personal Data Handling Policy (hereinafter referred to as "Policy") has been adopted by Hospitality Digital GmbH, Metro-Straße 1, 40235 Düsseldorf, registered in the Commercial Register maintained by Amtsgericht Düsseldorf, HRB-Nr.:62421 (hereinafter referred to as "DISH").

1.2. This Policy governs the rules of processing personal data of users of the online who create a user account (hereinafter referred to as the “DISH Guide Customer”). In these cases, DISH performs as a personal data controller and determines the purpose and methods of personal data processing.

1.3. This Policy also applies to a limited extent to restaurant customers who make reservations directly in restaurants, besides through the restaurant website that uses DISH reservation tools and whose personal data are processed by DISH in the role of a data processor - provider of services for the restaurant. In such cases the personal data controller is the appropriate restaurant that determines the purpose and method of handling the personal data of their customers.

1.4. For information on how the Restaurant processes the personal data of its guests as a personal data controller, contact the Restaurant.

1.5. The Data Protection Officer on DISH: .

1.6. The protection of personal data is governed by the EU Regulation No. 2016/679 - The General Data Protection Regulation (“GDPR”) as well as other related specific legal regulations for the protection of personal data and privacy of natural persons.

2. What personal data are we processing and for what purposes?

2.1. Registration and administration of your DISH Guide customer account

2.2. DISH processes the personal data you provide when creating and administering your DISH Guide user account. These data include in particular the first and last name, e-mail address, and phone number. In addition, you may customize your profile by giving other personal data that you voluntarily add or upload.

2.3. We process personal data such as your name, surname, e-mail address and telephone number on the basis of DISH's legitimate interest as processing is necessary to administer your customer account. The other personal information you provided in your customer account which includes the gender, default city, favorite restaurants or date of birth, we process based on your consent obtained during the registration process to better target our offers of goods and provide credits or other benefits to customers.

Making a reservation in the restaurant

2.4. To arrange your booking we process your name, surname and contact details (email and phone). Processing the data to fulfil your booking request in this case also involves passing this information to your chosen restaurant. The legal basis for the processing of provided personal data is the performance of the contractual arrangements between you and DISH under the Terms and Conditions. If the data is not provided, DISH cannot make your reservation. If you voluntarily provide any sensitive data during the reservation, such as food allergies or other health restrictions, then it is left to DISH to process these data for the sole purpose of making your reservation.

2.5. Submitting your personal data to your chosen restaurant and your subsequent visit to a restaurant means that the respective restaurant becomes a separate personal data controller and has full responsibility for further processing (see Article 1.3).

Sending offers of goods and services; newsletter subscription

2.6. In the event that you give us your consent, DISH will process your personal data in the scope of the name, email address, telephone number, your default city, and your favorite restaurant for sending offers of DISH products and services as well as other information about restaurant activities and offers. The legal reason for processing your data is to grant your consent which is entirely voluntary.

2.7. You can also subscribe to electronic newsletters at any time by filling in your contact details (email) and by ticking the appropriate box.

2.8. If you made a reservation directly at a restaurant, on its website, including the cases that restaurant on its website uses the DISH reservation tool, or you handed your personal information directly during your visit, your personal information provided to the restaurant may be used by the restaurant for sending its own commercial communication. Commercial communication can be sent based on the restaurant instruction through the DISH tools. The scope and conditions for processing your personal data for this purpose are determined by the appropriate restaurant (see Article 1.4).

2.9. DISH Customer Line

2.10. DISH operates a customer line for both existing and potential customers of DISH or restaurants (hereinafter referred to as the “Caller”). The purpose of the customer line is to improve the quality of service, receive and fulfil Caller’s requirements. For this purpose we process your personal data (such as your name, surname, email address and/or phone number) and other information that the Caller provides. The calls can be recorded and the Caller is informed about that in advance. The processing, storage or recording of personal data by DISH is usually based on a legitimate interest or consent depending on the type of Caller's request. If you do not want the call to be recorded, use other means of communication to contact DISH. If it is necessary to meet your request, the provided personal data may be forwarded to the restaurant.

Personal data for contract negotiations

2.11. If you provide your personal data in the context of contacting DISH for the purposes of establishing business cooperation with DISH (in case of an inquiry about our services these data typically include first name, surname, e-mail address and/or phone number and other information, such as the name, registered office and identification no. of the inquiring party, or the inquired DISH product), we will process them for the purposes of contract negotiations.

Personal Data obtained through Social Networks

2.12. If you use Facebook social network to sign in to your customer account, you will also allow DISH to access your public name, avatar and e-mail address.

Data obtained through Cookies

2.13. DISH uses cookies on its websites that serve, among other things, to better target ads and optimize the offer of DISH products and services, monitor site traffic, or individual activity. Some cookies require your consent which you give us through your browser settings. For more information about which cookies we use, how you can manage them and how we use cookie data, see the Cookies Terms and Conditions here.

Personal Data of Third Parties

2.14. If you provide or publish any personal information related to third parties during your reservation, restaurant review, call the customer line or otherwise use the website, you are responsible for getting the consent of these third parties for the disclosure of personal data. At the same time, you are responsible for knowing that the third parties have become acquainted with these privacy policies.

3. Other ways and purposes of data processing, including personal data

3.1. To promote restaurants or DISH we can use your published review associated with your name and surname or username, or photos. Processing takes place solely on the basis of your consent which you grant by posting a review.

At the same time as you grant your consent to use your personal information as part of the review, you give DISH the right of unlimited use of your review by posting it on the online booking portal and making it available to other DISH Guide customers, with the potential to be further spreaded and shared on the Internet or on other online platforms or offline media, regardless of whether or not the review is protected by your copyright or not. DISH is entitled to grant an exclusive or non-exclusive right in full scope to use the review by third parties. You can find a detailed overview of the rights in the Terms and Conditions here.

3.2. If you have this feature enabled, we can send you push notifications directly from the DISH website. For this purpose DISH uses the information about your equipment. These notifications are displayed based on your consent given when the relevant notification is displayed in the website . You can change these settings at any time in your browser or application.

4. Revocation of consent to the processing of personal data

4.1. If your particular personal data processing is subject to your consent (e.g. processing of personal data for direct marketing purposes), you may withdraw your consent to such processing at any time free of charge or at any time you may object to the processing of personal data on DISH by sending an email to

4.2. With respect to email commercial communication you can withdraw your consent or cancel your subscription of newsletters also by clicking on the relevant link located in the footer of each commercial communication.

4.3. The information on withdrawal of your consent for saving cookies or the methods of disabling cookies in your browser can be found in the Cookies Terms of Use here.

4.4. The data obtained from the recorded calls to customer line will be discarded by DISH if you withdraw your consent for its processing, unless otherwise set out by law. Withdrawal of consent can be made through any contact specified in this Policy.

4.5. Withdrawal of consent for the processing of personal data for a particular purpose is without prejudice to the lawfulness of the processing of such data that occurred prior to the withdrawal of consent.

5. Who has access to the data?

5.1. First of all, personal data is processed by DISH and restaurants that you actually visited or made a reservation (see Article 1.4). DISH having the access to personal data are bound by confidentiality and this commitment persists even after the termination of their collaboration with DISH.

5.2. DISH as the controller assigns other people to the process personal data and they are the processors. The processor means any entity that processes personal data for DISH for purposes and in a manner that DISH defines. The processor may not extend this purpose in any way. We only provide the processors with the data they absolutely need to provide their services. The processors that DISH uses include companies providing online marketing tools, analysis and website testing and mobile applications, companies providing emailing options, hosting and cloud providers, or solutions for telephone communications with customers.

6. How long do we process the data?

6.1. Personal data that you provide to us via our online reservation service will only be stored until the purpose for which it was processed has been fulfilled. If you create your own account, the data will be stored until the account is deleted.

6.2. In the case of personal data processed by DISH for a restaurant as a processor (see Article 1.4), personal data can be processed only as long as the cooperation between DISH and the relevant restaurant is persists. In this case, DISH shall pass all personal data to the restaurant and discard any saved copies. Only a restaurant is responsible for the further processing of personal data.

6.3. Commercial communications are sent to users until their withdrawal of consent for their sending or unsubscription from commercial communications or until the account of registered users is cancelled. Thirteen months from date of sending the last commercial communication, DISH automatically stops sending another messages. Upon lapse of such periods, DISH shall liquidate all personal data, unless we have a right in the specific instance to keep it or we are obliged to keep the data longer (for example, for the purpose of protecting rights or enforcing legal claims).

6.4. Time periods for particular types of cookies are defined in the Cookies Terms of Use here.

6.5. The data obtained from your restaurant’s review that you publish on DSIH Guide by DISH for the duration of your registration, or until you request the cancellation of processing of your personal data for the review of a restaurant. Upon the expiration of your registration or upon the receipt of your request for cancellation of processing, your review will continue to be published on DISH Guide in anonymous form.

6.6. In the case of contract negotiations about business cooperation, we use data for the period needed for the respective negotiations, for a maximum of 5 years since the contact was established, unless in the specific instance we have the right or the obligation to retain the data longer (e.g. for the purpose of protecting rights or enforcing legal claims).

6.7. Processing of personal data after the above stated time periods shall be carried out by DISH only if it is necessary to fulfil the obligations arising from the laws that DISH complies with.

7. What are your other rights under GDPR (Articles 15 - 21)?

7.1. In connection with the processing of your personal data by DISH - as controller - you can contact DISH with the following requirements:

  • Access to data that you provided to DISH during reservation. If this right is exercised, DISH will confirm whether and which specific personal data are processed and, where applicable, will make available this data along with information about their processing.
  • Correction of personal data if they are inaccurate or incomplete. Only in case of up-to-date information, DISH can properly handle your booking or manage your member account.
  • Explanation and removal of defects (such as blocking, correcting, supplementing or deleting personal information) if you believe that DISH processes personal data in conflict with protection of your personal and private life or in conflict with legal regulations.
  • Deletion of personal data (the right to be forgotten) or limited processing if the data is no longer required for the given purposes or if DISH has no legitimate reason to process your personal data, including cases where you do not agree with further processing. In compliance with the above condition, DISH will wholly or partially discard your data.
  • Transferring automatically processed personal data obtained on the basis of the performance of contract or your consent provided to DISH to transfer the data to another entity when DISH passes your personal data to you or to another administrator of your choice in a commonly used format.

7.2. In addition to the above privileges, if you believe that your privacy rights (including those listed above) have been violated, you may lodge a complaint with the Office for Personal Data Protection.

8. Personal Data Security

8.1. DISH takes care of the safety of your personal data. The processing of personal data is in full compliance with the applicable law, including the GDPR. DISH places great emphasis on the technical and organizational security of the processed data.

8.2. All personal data in electronic form is stored in databases and systems accessible only to persons who need to immediately process the personal data for the purposes specified in this Policy, and only to the extent necessary. The access to the personal data is protected by password and firewall. Personal data security is regularly tested by DISH and DISH continuously improves its protection.

9. Contact

9.1. With any questions or comments about the processing of personal data or for the exercise of your rights under Article 7 of this Policy, you may write to DISH by e-mail to privacy@dish.cp to the Data Protection Officer (see Article 1.6).

10. Effective Date

10.1. This Personal Data Handling Policy is effective from 01. April 2022