Last updated: June 2026

1. General Information

The protection of personal data is important to us. This Privacy Policy informs you which personal data is processed when using Esskompass, for what purposes this is done, on which legal bases the processing is based and what rights data subjects have.

This Privacy Policy applies to the use of the website www.esskompass.com, the mobile apps, customer app, merchant app, restaurant pages, ordering functions, merchant areas, contact forms, support functions, push notifications and other digital services of Esskompass.

Esskompass is an online ordering platform for restaurants, delivery services, snack bars and similar food service businesses. Esskompass mediates orders between end customers and participating restaurants. Personal data is processed in particular to provide the platform, registration, order processing, communication, payment processing, security and improvement of our services.

2. Controller

The controller responsible for data processing in connection with the Esskompass platform is:

Dikmen Solutions
Dorfstrasse 4
7214 Grüsch
Switzerland
UID: CHE-464.052.786
Email: info@esskompass.com
Privacy contact: datenschutz@esskompass.com
Phone: +41 78 258 29 05

Esskompass is a platform and brand of Dikmen Solutions.

3. Applicable Data Protection Law

Since Dikmen Solutions is based in Switzerland and Esskompass can also be used by users from Germany, the European Union and other countries, we take into account in particular the Swiss Data Protection Act (DSG) and, where applicable, the General Data Protection Regulation (GDPR).

The processing of personal data is carried out in accordance with the principles of lawfulness, transparency, purpose limitation, proportionality, data minimisation, accuracy, storage limitation and data security.

Where processing relates to persons habitually resident in the European Union or takes place there, we additionally take into account the applicable provisions of the GDPR as well as other relevant European and national data protection regulations.

4. Personal Data We Process

Depending on how the platform is used, the following categories of personal data may be processed in particular:

• Master data: name, first name, company, restaurant name, contact person, address, delivery address and billing address.
• Contact data: email address, telephone number, WhatsApp number and other contact details.
• Account data: username, customer account, merchant account, login data, password hash, roles, permissions, language setting and account status.
• Order data: shopping cart, ordered items, quantities, prices, delivery method, pickup or delivery, delivery time, order status, restaurant, customer notes and order history.
• Payment data: payment method, payment status, transaction numbers, payment providers, invoice data and billing-relevant information.
• Communication data: support requests, emails, contact form content, messages between customer and restaurant, chat content, WhatsApp messages, push notifications and internal processing notes.
• Technical data: IP address, device type, operating system, browser, app version, language, log data, session data, cookie IDs, device identifiers, Firebase token, push token and error logs.
• Usage data: page views, click behaviour, app usage, restaurant views, search queries, ordering behaviour, analytics events and technical interactions.
• Location data: delivery address and, if permitted by the user and technically enabled, approximate or precise location data for restaurant or delivery area search.
• Restaurant partner data: company data, UID, VAT ID, tax information, menus, prices, opening hours, images, logos, employee access, technical settings and, where required, bank or payout details.
• Review data: star ratings, review texts, time, restaurant reference and user identifier.
• Security data: login times, IP addresses, misuse and fraud indicators, blocking notes and technical security logs.

5. Purposes of Data Processing

We process personal data in particular for the following purposes:

• Provision and operation of the website, apps and platform functions.
• Registration, login and management of customer accounts.
• Registration, management and support of restaurant partners and merchant accounts.
• Mediation, forwarding and processing of orders.
• Transmission of orders to participating restaurants.
• Execution of delivery or pickup by restaurant partners.
• Payment processing, payment status checks, invoicing and accounting.
• Customer service, support and processing of requests.
• Communication with customers, restaurant partners, drivers or technical users.
• Sending push notifications, order status messages and important platform notices.
• WhatsApp communication, where used, approved or technically enabled by the user.
• Misuse detection, fraud prevention, security and protection of the platform.
• Error analysis, technical stability and improvement of the platform.
• Analysis of usage, where permitted or with consent.
• Marketing and advertising, where permitted or with consent.
• Management of restaurant profiles, menus, images, opening hours and services.
• Compliance with legal obligations, in particular tax, commercial and accounting obligations.

Processing is carried out only to the extent necessary for the respective purpose. Use for other purposes only takes place if there is a separate legal basis or consent for this.

6. Legal Bases for Processing

Where the GDPR applies, the processing of personal data is based in particular on Article 6(1) GDPR:

• Article 6(1)(a) GDPR – Consent: for example for optional push notifications, newsletters, marketing cookies, certain analytics or tracking services and voluntary communication.
• Article 6(1)(b) GDPR – Performance of a contract or pre-contractual measures: for example for registration, orders, payment processing, customer account, merchant account and restaurant partner services.
• Article 6(1)(c) GDPR – Legal obligation: for example for tax retention obligations, accounting, invoicing and statutory disclosure obligations.
• Article 6(1)(f) GDPR – Legitimate interest: for example for security, misuse prevention, technical stability, error analysis, support, direct communication within existing relationships and improvement of the platform. Legitimate interests include in particular the secure and stable operation of the platform, ensuring technical functionality, error analysis and correction, misuse and fraud prevention, enforcement of legal claims and the needs-based provision and improvement of the services.

Where Swiss data protection law applies, processing is carried out in accordance with the provisions of the Swiss Data Protection Act, in particular according to the principles of transparency, purpose limitation, proportionality and data security.

7. Registration, Login and User Account

When registering a customer account or merchant account, we process the data required to create and manage the account. This includes in particular name, email address, telephone number, password hash, language setting, account type, roles and technical login information.

Passwords are not stored in plain text. Technical security measures, logging and misuse checks may be used to secure accounts.

8. Social Login via Google, Facebook or Instagram

If login via Google, Facebook, Instagram or other social login providers is offered and used by the user, we may receive certain profile data from the respective provider. Depending on the provider and approval, this may include in particular name, email address, profile ID and, where applicable, profile picture.

The processing is carried out to enable simplified registration and login. The privacy policy and terms of use of the respective social login provider also apply to data processing by that provider.

Users should only use social login if they agree to the transfer of data by the respective provider.

9. Orders and Transfer to Restaurants

When a user places an order via Esskompass, the data required to process the order is transmitted to the respective restaurant. This includes in particular name, contact details, delivery address, order data, customer notes, payment status and, where applicable, further information required for delivery or pickup.

The respective restaurant uses this data for processing, preparation, delivery, pickup, communication, complaint handling and fulfilment of its own legal obligations.

Esskompass, as platform operator, is the responsible provider for the technical provision, forwarding and processing of orders.

Where restaurant partners process personal data independently – for example for processing and preparing the order, delivery or pickup, complaint handling, independent customer communication, their own accounting or fulfilment of their own legal obligations – they generally act as independent controllers.

10. Restaurant Partners and Their Own Privacy Policies

Restaurant partners may provide their own privacy policies, terms and conditions or other legal notices on their restaurant page. These additionally apply to data processing carried out by the respective restaurant partner on its own responsibility.

This concerns in particular order processing, delivery, pickup, customer contact, complaints, own accounting, own legal obligations and, where applicable, the restaurant’s own marketing or communication measures.

Users should also observe the privacy notices of the respective restaurant, where these are provided.

The Esskompass Privacy Policy applies to data processing for which Esskompass is responsible as platform operator, in particular the technical provision of the platform, forwarding of orders, central communication and technical services.

The restaurant partner’s privacy notices apply additionally to its own independent processing within the scope of order processing, delivery, pickup, complaints, own accounting and own customer communication.

11. Payment Processing

Depending on the restaurant, country and technical configuration, various payment methods may be offered, for example PayPal, credit card, bank transfer, payment upon delivery or payment upon pickup.

Payments may be processed directly through the restaurant, through external payment service providers or through Esskompass in the name and for the account of the respective restaurant. The specific payment role may vary depending on the configuration.

For online payments, payment data is regularly processed by external payment service providers. Esskompass does not store complete credit card data. Payment service providers may process in particular payment information, transaction data, fraud check data, invoice data, IP addresses and technical payment data.

The payment service providers used may include in particular PayPal, Stripe or other providers, insofar as they are offered in the respective ordering process and are active depending on the configuration and payment model. The privacy policy of the respective payment service provider also applies to processing by that provider.

Depending on the payment method, payment service providers may be independent controllers or processors. The exact role depends on the respective payment service provider and the specific payment integration.

12. Bank Transfer and Cash Payment

For bank transfers, payment and accounting-relevant data may be processed, in particular the payer’s name, bank details, payment reference, invoice number, payment amount and payment status.

For cash payment upon delivery or pickup, complete payment data is generally not processed through online payment providers. However, order status, payment status, restaurant data and accounting-relevant information may be stored on the platform.

13. Firebase, Google Services and App Functions

Esskompass may use services from Google and Firebase insofar as they are technically required, activated or used by the user. Firebase may be used in particular for analytics, push notifications, authentication, error analysis, app stability and technical infrastructure.

Possible Firebase and Google services include in particular:

• Firebase Analytics: analysis of app usage and improvement of the platform, where activated and permitted.
• Firebase Cloud Messaging: sending push notifications to users, restaurant partners, merchants, drivers or technical app users.
• Firebase Authentication: support for registration and login, where used.
• Firebase Crashlytics: error analysis and improvement of app stability, where activated.
• Firebase Remote Config: technical configuration of app functions, where used.

When using such services, technical data such as device identifiers, app instance IDs, push tokens, usage events, error reports, IP addresses and device information may be processed.

Where consent is required for analytics or marketing functions, processing only takes place after the relevant consent has been given.

Where these services are not technically required, they are only used if the necessary legal requirements are met, in particular where consent has been given. Data may be transferred to servers outside Switzerland, the EU or the EEA.

14. Push Notifications

Esskompass may use push notifications to inform users about order status, new orders, merchant notifications, driver or kitchen information, security messages or important platform notices.

For this purpose, device tokens, Firebase tokens, Apple Push Notification Service tokens, app instance IDs, device information and technical delivery information may be processed.

Push notifications may be sent via Firebase Cloud Messaging, Apple Push Notification Service or other technical services. Users can disable push notifications in their device or app settings.

Consent for push notifications can be withdrawn at any time with effect for the future, for example via the device settings or the app.

15. WhatsApp Communication and Meta WhatsApp Cloud API

If Esskompass offers or uses WhatsApp communication, communication may take place via WhatsApp or the Meta WhatsApp Cloud API. This may be used in particular for order information, support, notifications or other communication requested by the user.

When using WhatsApp, in particular telephone number, name, message content, order reference, timestamp, delivery status, technical metadata and communication history may be processed.

WhatsApp and Meta may carry out their own data processing in this context. The terms and privacy notices of WhatsApp or Meta also apply to this processing.

The use of WhatsApp is voluntary and does not require users to use this service. Users should only use WhatsApp if they agree to communication via this service. For particularly confidential matters or where possible, alternative contact channels, in particular email, are available.

16. Email, Contact Form, Support and Communication

If users contact us by email, contact form, support function, chat or other communication channels, we process the transmitted data to handle the request and for possible follow-up questions.

This may include name, email address, telephone number, message content, attachments, order reference, restaurant reference, timestamp and technical communication data.

Technical service providers or hosting providers may be used for sending and receiving emails. Communication data may be stored as long as this is necessary for processing, evidence, security or legal obligations.

17. SMS, OTP and Telephone Communication

Where SMS, OTP codes, telephone verification or telephone notifications are used, telephone number, verification code, delivery status, time, IP address, device data and technical logs may be processed.

External service providers may be used to send SMS or OTP codes. This only takes place insofar as it is necessary for registration, security, order processing or communication, or the user has given consent.

18. Cookies and Similar Technologies

Esskompass uses cookies and similar technologies to technically provide the website and platform, manage sessions, store language settings, enable shopping cart functions, recognise users, ensure security and, where permitted, analyse usage or carry out marketing measures.

We distinguish in particular:

• Technically necessary cookies: required for login, security, shopping cart, language setting, session management and basic functions.
• Analytics cookies: serve to improve the platform and are only used insofar as they are permitted or the required consent is available.
• Marketing cookies: serve advertising, reach measurement or campaign evaluation and are only used insofar as the required consent is available.
• Consent cookies: store the selected cookie and privacy settings.

Users can change their cookie settings, where available, via the website’s cookie management. Cookies can also be deleted or blocked via browser settings. If cookies are fully blocked, individual platform functions may be restricted.

Non-technically necessary cookies and comparable technologies are only set or used where consent has been given. Consent can be granted, refused or withdrawn via the platform’s cookie management.

19. Analytics, Tracking and Marketing

Esskompass may use analytics and marketing services insofar as these are activated and the legal requirements are met. These may include in particular Firebase Analytics, Google Analytics, Meta Pixel, Facebook Pixel, Google Ads Conversion Tracking or comparable services.

Analytics and marketing services may process information about page views, app usage, click behaviour, campaigns, device information, IP addresses, technical identifiers and usage events.

Where consent is required for such services, processing only takes place after prior consent. Consent that has been given can be withdrawn at any time with effect for the future.

Where analytics or marketing services are not technically necessary, they are only used after prior consent; without consent, no corresponding processing takes place via these services.

20. Meta, Facebook and Instagram

Where Esskompass uses services from Meta, Facebook or Instagram, this may relate in particular to social login, communication, advertising, analytics, page statistics or campaign measurement.

Depending on the service and usage, in particular profile information, technical data, usage events, device information, IP addresses, campaign data and interaction data may be processed.

The privacy policies of the respective providers also apply to processing by Meta, Facebook or Instagram. Where consent is required, the relevant services are only used after consent has been given.

21. Reviews and Public Content

Where the function is available, users may leave reviews, star ratings, comments or other content on the platform. Such content may be published together with the restaurant reference, time and, where applicable, a username or identifier.

Users should not publish sensitive data or confidential information in reviews or publicly visible content.

Esskompass may review, remove or restrict reviews and content if they are unlawful, abusive, offensive, misleading, manipulative or incompatible with the platform purpose.

22. Location Data

Esskompass may process delivery addresses and, where permitted by the user and technically enabled, location data to display nearby restaurants, check delivery areas, transfer delivery addresses or facilitate use of the app.

The sharing of precise location data is usually done via the device or app settings and can be disabled there at any time.

If location permission is not granted, certain location-based functions may be restricted.

23. Driver, Kitchen, POS and Merchant App

Where Esskompass provides merchant, kitchen, POS, driver or similar app functions, data from restaurant partners, employees, drivers or technical users may be processed. This includes in particular name, user account, role, permission, device information, order assignment, status messages, workflows and technical logs.

Where driver functions or delivery functions are used with location data, location data may be processed if this is technically enabled and the legal requirements are met. The specific use depends on the respective configuration and permissions.

24. Hosting, Server Logs and Technical Security

We use hosting, server and technical service providers to operate the platform. When accessing our website, apps or interfaces, technical access data may be processed.

This includes in particular IP address, date and time of access, pages or interfaces accessed, amount of data transferred, browser, operating system, device type, referrer, app version, status codes and technical error messages.

The processing is carried out for technical provision, security, error analysis, misuse prevention and stability of the platform.

Server and security logs are stored only as long as this is necessary for operation, security, error analysis or misuse prevention, generally for a reasonable period necessary to achieve the purpose.

25. Recipients of Personal Data

Depending on use and purpose, personal data may be transferred to the following recipients or categories of recipients:

• participating restaurants and restaurant partners, insofar as necessary for orders, delivery, pickup or communication;
• payment service providers, banks and billing service providers;
• hosting providers, server operators and technical service providers;
• IT maintenance and development service providers;
• analytics and consent management service providers;
• communication service providers for push, SMS and email;
• app stores and platform providers;
• Firebase, Google and other technical app services, where used;
• Meta, Facebook, Instagram and WhatsApp, where used or activated;
• email, SMS, OTP and communication service providers, where used;
• tax advisors, accounting, legal advisors, authorities, courts or other bodies, where legally required or necessary for legal enforcement;
• support, maintenance or IT service providers, insofar as they are used to provide services.

Disclosure only takes place insofar as it is necessary for the stated purposes, a legal basis exists, consent has been given or there is a legal obligation.

26. Processing on Behalf and Joint Controllership

Where we use service providers that process personal data on our behalf, we conclude corresponding data processing agreements or equivalent data protection agreements, where legally required.

For certain services or platform functions, independent controllership or joint controllership with third parties may exist, for example with payment service providers, social login providers, Meta services or restaurant partners. The respective allocation of roles depends on the specific service and the specific processing.

Restaurant partners are independently responsible for data processing that they carry out themselves outside the technical platform processing of Esskompass, in particular in connection with order processing, delivery, pickup, complaints, their own accounting or their own customer communication.

Where several parties jointly determine the purposes and means of processing, processing takes place within the framework of joint controllership in accordance with the respectively required agreements.

27. International Data Transfers

Personal data may be processed in countries outside Switzerland, the European Union or the European Economic Area, in particular when services of internationally active providers such as Google, Firebase, Meta, WhatsApp, PayPal, Stripe or other technical service providers are used.

Where legally required, such transfers are based on appropriate safeguards, for example adequacy decisions, standard contractual clauses, data protection agreements or other legally permitted mechanisms.

For data transfers to third countries, the level of data protection there may differ from that in Switzerland or the EU. Where required, we base such transfers on adequacy decisions or appropriate safeguards such as standard contractual clauses or other legally permitted mechanisms.

28. Storage Period

We store personal data only as long as it is necessary for the respective purposes, consent exists, statutory retention obligations apply or legitimate interests in storage exist.

In particular, the following principles apply:

• Customer account data is generally stored as long as the account exists.
• Order data is stored as long as necessary for orders, support, complaints, accounting, evidence and statutory retention obligations.
• Invoice and accounting data is stored in accordance with statutory retention obligations.
• Support and communication data is stored as long as necessary for processing, evidence or legal defence.
• Technical logs are stored for a limited period for security, error analysis and misuse prevention.
• Push tokens are stored as long as the app or account is active or until notifications are disabled.
• Marketing and tracking data is stored in accordance with consent, tool settings and legal requirements.
• Restaurant partner data is stored for the duration of the contractual relationship and thereafter insofar as legal obligations or legitimate interests exist.

Once the storage purpose no longer applies and there are no statutory retention obligations or legitimate interests, the data is deleted or anonymised.

29. Data Security

We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, disclosure or destruction.

These may include in particular SSL/TLS encryption, access restrictions, role and permission concepts, logging, security updates, backups, firewalls, server security and internal security processes.

Despite all security measures, data transmission over the internet can never be guaranteed to be completely risk-free.

30. Rights of Data Subjects

Data subjects have the following rights in particular in accordance with the applicable data protection law:

• right of access to processed personal data;
• right to rectification of inaccurate or incomplete data;
• right to deletion of personal data;
• right to restriction of processing;
• right to data portability, where applicable;
• right to object to certain processing;
• right to withdraw consent given with effect for the future;
• right to lodge a complaint with a competent data protection supervisory authority.

To exercise these rights, data subjects may contact us at datenschutz@esskompass.com.

The rights mentioned exist where the respectively applicable legal requirements are met; they may be restricted, for example, by statutory retention obligations or legitimate interests.

31. Withdrawal of Consent

If processing is based on consent, this consent can be withdrawn at any time with effect for the future. The lawfulness of processing up to the withdrawal remains unaffected.

Depending on the processing, withdrawal may be made via the platform, app settings, cookie settings, device settings or by email to datenschutz@esskompass.com.

32. Objection to Processing Based on Legitimate Interests

Where personal data is processed on the basis of legitimate interests, data subjects may object to the processing on grounds relating to their particular situation.

In the case of direct advertising, there is a right to object without giving specific reasons.

33. Account Deletion

Users can request deletion of their account via the app, where this function is available, or by email to info@esskompass.com or datenschutz@esskompass.com.

After receiving a deletion request, we will review it and delete or anonymise personal data insofar as no statutory retention obligations, open orders, payment claims, security interests or other legitimate reasons prevent complete deletion.

34. Data Protection of Children and Minors

Esskompass is not specifically aimed at children. Orders and use of the platform should generally only be carried out by adults or otherwise authorised persons. Use by minors should only take place insofar as this is permitted under the applicable law and, where required, authorised by legal guardians.

If we become aware that personal data of minors has been processed without the required authorisation, we will take appropriate measures.

35. Right to Lodge a Complaint with a Data Protection Supervisory Authority

Data subjects have the right to lodge a complaint with a competent data protection supervisory authority if they believe that the processing of their personal data violates applicable data protection law.

For Switzerland, the Federal Data Protection and Information Commissioner (FDPIC) may in particular be competent. For data subjects in the European Union or Germany, a data protection supervisory authority at the place of residence, workplace or place of the alleged infringement may be competent.

36. Changes to this Privacy Policy

We may update this Privacy Policy if legal, technical or organisational changes occur or if new services, functions or processing activities are introduced.

The current version is available on the Esskompass website. In the event of significant changes, we may additionally inform users in an appropriate manner.

We will communicate significant changes in an appropriate form where this is legally required or appropriate.

37. Authoritative Language

The German version of this Privacy Policy is authoritative. Translations into other languages are provided for clarity. In the event of discrepancies between translations and the German version, the German text shall prevail.