YesFresh Logo

Privacy Policy

Legal Notice

As YesFresh is a German brand, the German version of the privacy policy is the legally binding document. This English translation is provided as a courtesy for our international partners and users. In case of discrepancies, the German version shall prevail.

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data are all data with which you can be personally identified.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the address line of the browser from "http://" to "https://" and by the lock symbol in your browser line.

Data Collection on this Website

Who is responsible for data collection?
Data processing on this website is carried out by the website operator. The responsible party according to data protection laws is:
Abdali's Mönchengladbach GmbH
Tomper Weg 57, 41169 Mönchengladbach, Germany
E-mail: info@yesfresh.de
Further details can be found in the Imprint.

Data Protection Officer

There is currently no legal obligation to appoint a Data Protection Officer.

How do we collect your data?
On the one hand, your data are collected by you communicating them to us. This may, for example, be data that you communicate to us as part of a contact request (e.g., via our forms).

Other data are collected automatically by the IT system (web hosting) when you visit the website. These are primarily technical data (e.g. internet browser, operating system, or time of page access). These data are collected automatically as soon as you enter this website.

2. Data Minimization & Special Features

We take the protection of your data seriously and have developed this website according to the principle of data minimization ("Privacy by Design"). We currently do not use any analysis tools or tracking technologies:

  • Tracker-Free: We do not use analytics tools, marketing cookies, or other non-essential tracking technologies. We only use a technically necessary session-based mechanism for form security and abuse prevention. A consent management system for marketing or analytics purposes is therefore currently not required.
  • Local Media & Fonts: All used web fonts and image media are loaded locally from our web server. This means no automatic data transfer to third-party servers takes place.
  • Privacy-Focused Protection: To protect our forms, we rely on a combination of local honeypot fields and technically necessary session mechanisms for abuse prevention instead of data-driven external CAPTCHA services.

3. Google Web Fonts (Local Hosting)

This site uses locally hosted fonts that were originally provided by Google for the uniform display of text. To protect your privacy, we have installed these fonts on our own server. When you access our pages, the required fonts are loaded by your browser into its browser cache in order to display text and fonts correctly.

Since the fonts are installed locally, no connection to Google's servers takes place. Therefore, no data (such as your IP address) is transmitted to Google. The use of locally hosted fonts serves our legitimate interest in a uniform and attractive presentation of our online offerings pursuant to Art. 6 para. 1 lit. f GDPR.

4. Contact & Forms

If you contact us via our catering, franchise, or other contact forms, we process the master data, contact data, and request data you enter. This may include, in particular, your name, company, email address, phone number, location reference, date and delivery details, investment details, and the content of your message.

Processing is based on Art. 6 para. 1 lit. b GDPR where your request relates to the initiation or performance of a contract or to pre-contractual measures. In all other cases, processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the structured handling of inquiries, communication with interested parties, and the prevention of abusive form use.

If you provide an email address in a catering or franchise form, we may also send you an automatic confirmation of receipt by email. This is based on Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in transparent and reliable communication regarding the receipt of your request.

Recipients of your data are internally only those employees responsible for the request. Externally, data is disclosed only to technical service providers we use for hosting, mail transport, and system security, insofar as this is necessary for operating the website and handling your request. Where legally required, this is done on the basis of a data processing agreement pursuant to Art. 28 GDPR.

Technical dispatch and security logs for forms do not contain message content. They are processed solely for troubleshooting, system security, and abuse prevention and are deleted regularly, no later than after 30 days.

We generally store the data you submit via our forms for up to 12 months after your request has been conclusively processed, unless statutory retention obligations or another legitimate reason require longer storage. If your request leads to a contractual relationship, the applicable commercial and tax retention obligations also apply. The same applies accordingly if you contact us directly by email.

5. Job Applications (§ 26 BDSG)

If you apply for a position via our online application form, we process the data you provide (name, contact details, desired position, professional experience, cover letter) exclusively for the purpose of conducting the application process. The legal basis is § 26 para. 1 BDSG (data processing for employment purposes) in conjunction with Art. 88 GDPR.

Your applicant data will be deleted after the conclusion of the application process, provided there are no statutory retention obligations. In the event of a rejection, the data will be deleted no later than six months after notification, to allow for any claims under the General Equal Treatment Act (AGG). Data will not be passed on to third parties.

6. Google Maps (User-Initiated)

Google Maps is not embedded on our website via plugin, script, or iframe. We only provide external links to Google Maps. Only when you actively click such a link do you leave our website and establish a connection to Google's servers. In that case, your IP address and other technically necessary connection data may be transmitted to Google. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The legal basis for providing the external map link is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in a user-friendly presentation of route information for our locations. Any subsequent data processing by Google is carried out under Google's own responsibility. For more information, please refer to Google's privacy policy at policies.google.com/privacy.

7. Hosting

We host our website with united-domains AG, Gautinger Straße 10, 82319 Starnberg, Germany. Our hosting provider processes personal data on our behalf to the extent necessary for the technical operation of the website.

Server Log Files

The provider of the website automatically collects and stores information in so-called server log files, which your browser transmits automatically. This includes, in particular, your IP address, date and time of access, requested file, referrer URL, browser type, and operating system. Processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the secure, stable, and technically error-free provision of the website and in detecting and preventing misuse.

8. Session Cookie & Technically Necessary Storage

When you submit one of our forms, a technically necessary session cookie is set so that requests from the same browser session can be recognized for abuse prevention and rate limiting. This cookie does not contain advertising or profiling information and is deleted automatically at the end of the browser session.

The legal basis for this storage operation is Art. 6 para. 1 lit. f GDPR and, where access to information on your device is concerned, Section 25 (2) no. 2 TDDDG, insofar as the storage or access is strictly necessary to provide the digital service you explicitly requested.

9. External Links

When you click on external links, you leave our website. The operators of the linked pages are solely responsible for data processing on those pages.

10. Your Rights as a Data Subject

You have the following rights regarding your personal data:

  • Right to information (Art. 15 GDPR): You may request information about the personal data we process about you.
  • Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17 GDPR): You may request the deletion of your data, provided no statutory retention obligations apply.
  • Right to restriction of processing (Art. 18 GDPR): You may request that processing of your data be restricted.
  • Right to data portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used format.
  • Right to object (Art. 21 GDPR): You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 lit. f GDPR (legitimate interest).
  • Right to withdraw consent: Where you have given consent to the processing of your data, you may withdraw it at any time with effect for the future.

To exercise your rights, please contact us at: info@yesfresh.de

Right to Lodge a Complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Postfach 20 04 44, 40102 Düsseldorf, Germany
Phone: +49 211 38424-0
E-mail: poststelle@ldi.nrw.de
Website: www.ldi.nrw.de