Scope
We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when you use our website. Personal data includes all data that can be used to identify you personally.
The controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data. The legal basis for data protection can be found, among others, in the General Data Protection Regulation (GDPR) and the Telecommunications Digital Services Data Protection Act (TDDDG).
Responsible provider for data processing on this website within the meaning of the GDPR:
Hotel Deutschherrenhof GmbH
Deutschherrenstraße 23
54492 Zeltingen-Rachtig
Tel.: +49 (0) 6532 / 9350
E-mail: info@deutschherrenhof.de
This Privacy Policy also applies to our following social media presences:
Facebook: https://www.facebook.com/Hotel.Deutschherrenhof/
Instagram: https://www.instagram.com/hoteldeutschherrenhof
Contact details of the Data Protection Officer:
ffp digital consulting GmbH
Gebäude 890
55483 Flughafen Hahn
E-mail: datenschutz@bodensteiner-gruppe.de
Data collection when visiting our website
The provider uses OVH GmbH, Oskar-Jäger-Str. 173/K6, 50825 Cologne, as its webspace provider. OVH collects data on every access to the website (so-called server log files) for statistical analysis for the purpose of operation, security, and optimization of the website.
The access data include:
- Website visited
- Date and time of access
- Amount of data transmitted
- Source/referrer from which you accessed the site
- Browser used and its version
- Operating system used
- IP address used (possibly anonymized)
The provider reserves the right to subsequently check the log data if there are concrete indications of unlawful use. No combination of this data with other data sources is made.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR, which permits the processing of data on the basis of legitimate interest in optimizing website operation and ensuring web security.
TLS Encryption
For security reasons and to protect the transmission of personal data and other confidential content (e.g. bookings or inquiries to the controller), this website uses TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser’s address bar.
Cookies
To make visiting our website attractive and to enable the use of certain functions, we use cookies on various pages. These are small text files stored on your device. Some of the cookies we use are deleted after the end of your browser session (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser the next time you visit (so-called persistent cookies).
When cookies are set, certain user information such as browser and location data and IP address values may be collected and processed individually. Persistent cookies are automatically deleted after a predefined period, which may differ depending on the cookie. You can find the duration of cookie storage in your browser’s cookie settings.
To manage your cookie settings, we use a cookie consent tool provided by our webspace provider, prointernet GmbH & Co. KG, Marktplatz 8, 56288 Kastellaun. This tool stores the individual settings you make for the services integrated into this website as well as log data such as your IP address. Processing is carried out based on a legal obligation in accordance with Art. 6 (1) sentence 1 (c) GDPR in conjunction with § 25 TDDDG.
In some cases, cookies simplify the ordering process by storing settings (e.g. remembering the contents of a virtual shopping cart for a later visit). If personal data is also processed through cookies we use, this processing takes place on the basis of Art. 6 (1) (a) GDPR in the case of consent, or on the basis of Art. 6 (1) (f) GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website and a user-friendly and efficient site experience.
Please note that you can configure your browser to inform you about the setting of cookies and to decide individually whether to accept them or to exclude acceptance in certain cases or in general. Each browser differs in how it manages cookie settings. You can find these instructions in your browser’s help menu.
Please note that rejecting cookies may limit the functionality of our website.
Contact
When contacting us (e.g. via contact form or e-mail), personal data is collected. The only mandatory field in our contact form is your e-mail address. Any additional data you provide is voluntary and is used to address you personally or to respond to your inquiry. This data is stored and used solely for the purpose of responding to your request or for contact and related technical administration.
The legal basis for processing this data is the performance of pre-contractual measures or fulfillment of a contract in accordance with Art. 6 (1) (b) GDPR. Providing your data is necessary; otherwise, we cannot respond to your request.
Your data will be deleted once your inquiry has been fully processed, provided there are no legal retention obligations. In the event that a contractual relationship is established, data retention is carried out according to the legal provisions of the German Commercial Code and the Fiscal Code.
Email Newsletter Delivery
If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular offers for similar goods or services from our range by email. The data processing is based on our legitimate interest in personalized direct advertising pursuant to Art. 6(1)(f) GDPR in conjunction with § 7(3) UWG. If you initially objected to the use of your email address for this purpose, no emails will be sent. You have the right to object to the use of your email address for advertising purposes at any time with effect for the future by notifying the controller mentioned above. You will only incur transmission costs according to the basic rates. Upon receipt of your objection, the use of your email address for advertising purposes will be stopped immediately.
If you register for our newsletter without a prior purchase of goods or services, you consent to the use of your personal data for this purpose by completing the newsletter registration form and subsequently activating the confirmation link (double opt-in procedure) pursuant to Art. 6(1)(a) GDPR. When registering for the newsletter, we store the IP address provided by your Internet service provider (ISP) as well as the date and time of registration to be able to trace possible misuse of your email address at a later time. The data collected during the newsletter registration process will be used exclusively for newsletter distribution. You may revoke your consent at any time with effect for the future and unsubscribe from the newsletter at any time via the link provided in the newsletter or by notifying the controller named above. After unsubscribing, your email address will be deleted from our mailing list without delay unless you have expressly consented to further use of your data or unless further use is legally permitted or required.
Our email newsletter is sent via the technical service provider Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin (Sendinblue), which we use as a processor within the meaning of Art. 4(8) GDPR. We have concluded a data processing agreement with Sendinblue in accordance with Art. 28 GDPR, obliging Sendinblue to protect our customers’ data and not to disclose it to third parties.
Further information can be found at: https://de.sendinblue.com/legal/privacypolicy/
Advertising by Postal Mail
If you have provided us with your postal address when purchasing goods or services, we reserve the right to send you regular offers for similar goods or services from our range by postal mail. The data processing is based on our legitimate interest in personalized direct advertising pursuant to Art. 6(1)(f) GDPR in conjunction with § 7(3) UWG. If you initially objected to the use of your postal address for this purpose, no postal mailings will be sent. You have the right to object to the use of your postal address for advertising purposes at any time with effect for the future by notifying the controller mentioned above. You will only incur transmission costs according to the basic rates. Upon receipt of your objection, the use of your postal address for advertising purposes will be stopped immediately.
Marketing for Deutschherrenhof GmbH is carried out by Bodensteiner GmbH, Bachstr. 3, 56841 Traben-Trarbach, which we use as a data processor pursuant to Art. 28 GDPR.
Data Processing in the Order Process
When purchasing vouchers via our website, personal data such as your email address, name, postal address, and telephone number are collected. Only your name, email address, and postal address are mandatory. All other information is voluntary and serves to simplify the processing of your order. These data are stored and used exclusively for the purpose of processing the voucher order, contacting you in connection with the order, and for the technical administration of the booking systems. The legal basis for processing this data is the performance of pre-contractual measures or the fulfillment of a contract pursuant to Art. 6(1)(b) GDPR. Providing your data is necessary for the conclusion of the contract.
In addition to the data you provide via the order form, further personal data are processed by the provider and its sub-processors and payment service providers during the ordering process. The order form is provided by Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA, which is loaded from the servers of:
Amazon.com Inc.
Fastly, Inc.
Cloudflare Inc.
Google LLC
Server log files are transmitted, which include, among other things, your IP address, the time of access, and the amount of data transmitted. This processing ensures proper display, functionality, and security of the ordering process. The legal basis for processing your personal data required for the ordering process is the performance of pre-contractual measures pursuant to Art. 6(1)(b) GDPR. The legal basis for processing your personal data for proper display, functionality, and security is our legitimate interest pursuant to Art. 6(1)(f) GDPR.
Your personal data collected during the ordering process may be transferred to and processed in the USA by the provider and its appointed processors. We have concluded a data processing agreement with the provider, obliging them to ensure the data protection compliance of such transfers of personal data to third countries or international organizations pursuant to Art. 44 et seq. GDPR.
Further information is available in the provider’s privacy policy: Stripe Privacy and Stripe Privacy Center.
Depending on the payment method chosen, transaction data such as name, bank details, credit card information, etc., are processed by one of the following payment service providers:
- Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland
- PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg
- Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden
The legal basis for processing these transaction data is contract fulfillment pursuant to Art. 6(1)(b) GDPR. The transaction data you provide to the respective payment provider are processed independently by that provider. We have no influence on the purposes and means of processing by the payment provider. Further information can be found in the respective privacy policies:
- Stripe:https://stripe.com/de/privacy
- PayPal:https://www.paypal.com/de/webapps/mpp/ua/privacy-full
- Klarna:https://www.klarna.com/de/datenschutz
Content Delivery Network (CDN) / Firstvoucher
For the provision of central scripts, fonts, and icons, we use the Content Delivery Network (CDN) as well as the technical service Firstvoucher from prointernet GmbH & Co. KG, Marktplatz 8, 56288 Kastellaun (prointernet). When the content provided by the aforementioned services is loaded into your browser, so-called log files are transmitted, which include, among other things, your IP address, the time of access, and the amount of data transmitted. This processing serves the proper presentation, function, and security of this website. The legal basis for processing is Art. 6 para. 1 lit. f GDPR (legitimate interest).
Further information is available at: https://www.prointernet.de/datenschutz
We have concluded a data processing agreement with prointernet GmbH & Co. KG pursuant to Art. 28 GDPR, under which prointernet is obliged to protect the data of our site visitors and not to disclose it to third parties.
Google Customer Reviews
We cooperate with Google within the framework of the “Google Customer Reviews” program. The controller for the processing of your personal data for the “Google Customer Reviews” program is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (Google). This program allows us to collect reviews from visitors. After your booking on our website, you will be asked whether you wish to participate in an email survey from Google. If you give your consent in accordance with Art. 6 para. 1 lit. a GDPR, we will transmit your email address to Google. You can decide whether to allow these processes and may revoke your consent at any time. If you consent to this processing, you will receive an email from Google Customer Reviews asking you to rate your purchase experience on our website.
The review you submit will then be combined with our other reviews and displayed in our Google Customer Reviews logo as well as in our Merchant Center dashboard. Additionally, your review will be used for Google Seller Ratings. In the context of using Google Customer Reviews, personal data may also be transferred to the servers of Google LLC in the USA. For the transfer of data from the EU to the USA, Google relies on so-called standard contractual clauses of the European Commission according to Art. 46 para. 2 lit. c GDPR, which are intended to ensure compliance with the European data protection level in the USA.
Further information on Google’s data protection can be found at: https://policies.google.com/privacy/frameworks?hl=de
Google Analytics & Tag Manager
This website uses the online analytics tool Google Analytics from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which is provided via the Google Tag Manager service. We use Google Analytics and Tag Manager to collect statistical evaluations of paid search engine advertising as well as user behavior on our website. Every interaction (downloads, page views, duration of visit, etc.) of the user with the website is evaluated. These functions are only active if you have consented to the use of Google Analytics and Tag Manager. In this context, your IP address, approximate location data, browser and device information, as well as possibly other data classified by Google as technically necessary, are transmitted to Google. The legality of this processing is based on Art. 6 para. 1 lit. a GDPR (consent).
You can revoke your consent at any time by deactivating the checkbox in the cookie consent tool.
We have concluded a data processing agreement with Google pursuant to Art. 28 GDPR, under which Google is obliged to protect the data of our site visitors and not to disclose it to third parties. In the context of using Google Analytics and Tag Manager, personal data may be transferred to the servers of Google LLC in the USA. For the transfer from the EU to the USA, Google relies on so-called standard contractual clauses of the European Commission according to Art. 46 para. 2 lit. c GDPR, which are intended to ensure compliance with the European data protection level in the USA.
The terms of use of Google can be viewed at: https://www.google.de/intl/de/policies/terms/regional.html, and the additional terms of use for Google Analytics can be found at: https://marketingplatform.google.com/about/analytics/terms/de/
Detailed information on data protection in connection with the use of Google Analytics can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245
Google Maps
This website uses the functions of Google Maps from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps allows us to embed maps. In this context, your IP address, location data, and possibly other data classified by Google as technically necessary are transmitted to Google. The display of Google Maps is provided via the web font service Google Fonts. Google Fonts provides a variety of fonts for this purpose. Your browser loads the required fonts into its cache to display texts and fonts correctly. For this purpose, the browser you use must connect to the servers of the web font provider, Google LLC. Log data such as your IP address, browser data, and the time of the request are also processed.
The legality of this processing is based on Art. 6(1)(a) GDPR (consent). You can decide whether to allow this processing. You can revoke your consent at any time by deactivating the checkbox in the cookie consent tool.
We have concluded a data processing agreement with Google according to Art. 28 GDPR, which obliges Google to protect the data of our website visitors and not to disclose it to third parties. In the context of using Google Maps, personal data may be transferred to Google LLC servers in the USA. For the transfer of data from the EU to the USA, Google relies on so-called Standard Contractual Clauses of the European Commission according to Art. 46(2)(c) GDPR, which are intended to ensure compliance with the European data protection level in the USA.
Google’s terms of use can be viewed at: https://www.google.de/intl/de/policies/terms/regional.html. Additional terms for Google Maps are available at: https://www.google.com/intl/de_US/help/terms_maps.html.
Detailed information about data protection in connection with the use of Google Maps can be found on Google’s website (“Google Privacy Policy”): https://www.google.de/intl/de/policies/privacy/
Google reCAPTCHA
This website uses the functions of Google reCAPTCHA from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google reCAPTCHA allows the verification of whether data input (e.g., in a contact form) is made by a human or an automated program.
In this context, your IP address, analytics data, and possibly other data classified by Google as technically necessary are transmitted to Google.
The legality of this processing is based on Art. 6(1)(a) GDPR (consent). You can decide whether to allow this processing. You can revoke your consent at any time by deactivating the checkbox in the cookie consent tool.
We have concluded a data processing agreement with Google according to Art. 28 GDPR, which obliges Google to protect the data of our website visitors and not to disclose it to third parties. In the context of using Google reCAPTCHA, personal data may be transferred to Google LLC servers in the USA. For the transfer of data from the EU to the USA, Google relies on so-called Standard Contractual Clauses of the European Commission according to Art. 46(2)(c) GDPR, which are intended to ensure compliance with the European data protection level in the USA.
Google’s terms of use can be viewed at: https://www.google.de/intl/de/policies/terms/regional.html.
Matomo
To optimize the design of our website according to user needs, we use the web analytics tool Matomo from InnoCraft Ltd, 7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand. Matomo creates pseudonymized user profiles for this purpose. Permanent cookies are stored on your device and read by us. In this way, we can recognize returning visitors and collect statistical data. We also use the Heatmap module. Matomo’s Heatmap service shows us the areas of our website where the mouse is moved most frequently or where users click most often. The aforementioned services are installed locally on the web server of our host, so no personal data is transferred to a third country. Processing is carried out according to Art. 6(1)(a) GDPR based on your consent. You can decide whether to allow this processing. You can revoke your consent at any time by deactivating the checkbox in the cookie consent tool.
Further information can be found here: https://matomo.org/privacy-policy/
Kurzurlaub
This website uses a widget from Super Urlaub GmbH, Werderstr. 74 d, 19055 Schwerin (Kurzurlaub), to display current hotel reviews on the website. Due to the servers used by Kurzurlaub, establishing a connection may result in the transmission of server log data to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Processing is based on Art. 6(1)(a) GDPR and your consent. You can decide whether to allow this processing. You can revoke your consent at any time by deactivating the checkbox in the cookie consent tool. For the transfer of data from the EU to the USA, Google relies on so-called Standard Contractual Clauses of the European Commission according to Art. 46(2)(c) GDPR, ensuring compliance with the European data protection level in the USA.
Google’s terms of use can be viewed at: https://www.google.de/intl/de/policies/terms/regional.html.
We have concluded a data processing agreement with Kurzurlaub according to Art. 28 GDPR, which obliges them to require Google to protect the data of our website visitors and not to disclose it to third parties.
Facebook Pixel
On our website, we use the Facebook Pixel service from Meta Platforms Inc., 1 Meta Wy, Menlo Park, CA 94025, USA for the purpose of analyzing, optimizing, and economically operating our online offering.
Facebook Pixel allows tracking the behavior of website visitors after they have been redirected to the website by clicking on a Facebook advertisement. This enables the evaluation of the effectiveness of Facebook ads for statistical and market research purposes and the optimization of future advertising campaigns. You can decide whether to allow this processing. Processing is based on your valid consent under Art. 6(1)(a) GDPR. You can revoke your consent at any time by deactivating the checkbox in the cookie consent tool.
The collected data is anonymous for us as website operators; we cannot identify individual users. However, the data is stored and processed by Meta, allowing a connection to the respective user profile. Meta can use the data for its own advertising purposes in accordance with the Facebook Data Use Policy, including serving ads on and off Facebook. This use of data cannot be influenced by us as the website operator.
Further information on privacy can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
You can also deactivate the “Custom Audiences” remarketing feature in the ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged into Facebook to do so.
We have concluded an agreement with Meta on joint responsibility according to Art. 26 GDPR. Further information can be found at: https://www.facebook.com/legal/terms/page_controller_addendum.
For the transfer of data from the EU to the USA, Meta relies on so-called Standard Contractual Clauses of the European Commission according to Art. 46(2)(c) GDPR, which ensure compliance with the European data protection level in the USA. Further information can be found at: https://de-de.facebook.com/legal/EU_data_transfer_addenDum
Applications for Job Postings via Email
On our website, we currently advertise vacant positions in a separate section, to which interested parties can apply via the provided email address. Participation in the application process requires applicants to provide all personal data necessary for a thorough and informed assessment and selection along with their email application. Required information includes general personal information (name, address, telephone or electronic contact details) as well as performance-specific evidence of the qualifications necessary for a position. If applicable, health-related information may also be required, which must be considered for labor and social law purposes in the interest of social protection.
Which elements an application must contain and in what form they should be submitted via email can be found in the respective job posting. After receipt of the application sent using the specified email address, applicant data will be stored and evaluated exclusively for the purpose of processing the application. For any follow-up questions arising during processing, we may use either the email address or telephone number provided by the applicant.
The legal basis for this processing, including contacting applicants for follow-up questions, is Art. 6(1)(b) GDPR, as the application process constitutes the initiation of an employment contract.
If special categories of personal data according to Art. 9(1) GDPR (e.g., health data such as information about severe disability) are requested from applicants during the process, processing is carried out in accordance with Art. 88 GDPR in conjunction with § 26(3) BDSG, to exercise rights and fulfill obligations arising from labor law and social security or social protection law. Cumulatively or alternatively, processing of special data categories may also rely on Art. 9(1)(h) GDPR, if used for health prevention, occupational medicine, assessment of the applicant’s ability to work, medical diagnostics, care or treatment in the health or social sector, or for the management of systems and services in the health or social sector.
If an applicant is not selected or withdraws their application early, all email-submitted data and related electronic correspondence, including the original application email, will be deleted no later than six months after notification. This period is based on our legitimate interest (Art. 6(1)(f) GDPR) in answering possible follow-up questions and complying with our reporting obligations under anti-discrimination regulations.
In the case of a successful application, the provided data will be further processed based on Art. 6(1)(b) GDPR, or in the case of special categories of personal data, based on Art. 88 GDPR in conjunction with § 26(3) BDSG, for purposes of carrying out the employment relationship.
The central HR management of Deutschherrenhof GmbH, as part of the Bodensteiner Group, is carried out by Bodensteiner GmbH, Bachstr. 3, 56841 Traben-Trarbach, which we use as a processor under Art. 28 GDPR.
Online Applications via the Applicant Portal
On our website, job seekers can also apply online via a dedicated form. Participation in the application process requires applicants to provide all personal data necessary for a thorough and informed assessment and selection via the form. Required information includes general personal data (name, address, telephone or electronic contact details) and performance-specific evidence of the qualifications necessary for a position. If applicable, health-related data may also be required, for labor and social law purposes.
When submitting the form, applicant data is transmitted encrypted according to the state of the art, stored by us, and evaluated exclusively for the purpose of processing the application. The legal basis for this processing is generally Art. 6(1)(b) GDPR, as the application process constitutes the initiation of an employment contract.
If special categories of personal data according to Art. 9(1) GDPR are requested, processing is carried out in accordance with Art. 88 GDPR in conjunction with § 26(3) BDSG, or alternatively under Art. 9(1)(h) GDPR for health or occupational medicine purposes, assessment of work ability, medical diagnostics, treatment, or management of health/social services systems.
If an applicant is not selected or withdraws, form-submitted data will be deleted no later than six months after notification, based on our legitimate interest to answer follow-up questions or meet reporting obligations under equal treatment law.
If the application is successful, data is further processed for employment purposes under Art. 6(1)(b) GDPR, or Art. 88 GDPR in conjunction with § 26(3) BDSG for special categories of data.
With your consent, your application documents may also be shared with the following companies of our group:
- Bodensteiner GmbH
- Vereinigte Kapselfabriken GmbH
- Nahetal Logistik GmbH
- Zirwes Transporte GmbH & Co. KG
- Deutschherrenhof GmbH
- Spektralwerk GmbH
- Arthur Müller GmbH & Co. KG
This processing is based on Art. 6(1)(a) GDPR, and consent may be revoked at any time with future effect.
The applicant portal is operated by Personio SE & Co. KG, Seidlstraße 3, 80335 Munich. We have concluded a data processing agreement with Personio SE & Co. KG in accordance with Art. 28 GDPR, which obliges them and their subcontractors to protect the data of our website visitors and not to pass it on to third parties. For data transfers to the USA, Personio SE & Co. KG relies on an adequacy decision pursuant to Art. 45 (3) GDPR and on so-called standard data protection clauses pursuant to Art. 46 (2) lit. c GDPR.
Data processing via social media
We are represented on the social media platforms
with a company page. This provides further opportunities to obtain information about the company and to exchange ideas.
We process information that you have provided to us via the social media platforms. Such information may include the username used, contact details, or a message. We only process this personal data in order to respond to your specific inquiry or to process your request. We carry out this processing for the purpose of initiating or executing a contract. The legal basis for data processing is Art. 6 (1) (b) GDPR.
When you visit or interact with a company page on a social media platform, your personal data may be processed. The information associated with a social media profile is also personal data. This also applies to messages and statements made using the profile, as well as information automatically collected during a visit to one of our company pages.
Visiting a Meta page (Facebook/Instagram)
When you visit one of our Meta company pages (Facebook and Instagram), which present the company itself or individual products and services from our range, certain information about you is processed. The controller responsible for this processing of personal data is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Dublin, D02x525, Ireland. Further information about the processing of personal data by Meta Platforms Ireland Ltd. can be found at:
Instagram: https://help.instagram.com/519522125107875/? maybe_redirect_pol=0
Facebook: https://de-de.facebook.com/policy.php
Meta Platform Ireland Ltd. provides the controller for the Meta platforms with anonymized statistics and insights that help to gain knowledge about the types of actions that people take on the site (known as “page insights”). These page insights are created on the basis of certain information about people who have visited the site. This processing of personal data is carried out by Meta Platform Ireland Ltd. and the controller as joint controllers. The processing serves the legitimate interest of evaluating the types of actions taken on their own pages and improving these pages based on these findings. The legal basis for this processing is Art. 6 (1) (f) GDPR. The controller cannot assign the information obtained via Page Insights to individual profiles on Meta platforms. An agreement has been reached with Meta Platform Ireland Ltd. on processing as joint controllers, which specifies the distribution of data protection obligations between the controller and Meta Platform Ireland Ltd. Details on the processing of personal data for the creation of Page Insights can be found at:
Facebook: https://www.facebook.com/legal/terms/information_about_page_insights_data
Instagram: https://www.facebook.com/help/instagram/788388387972460?helpref=faq_content
With regard to this data processing, you also have the option of asserting your rights as a data subject (see “Your rights”) against Facebook. Further information on this can be found in Facebook's privacy policy at: https://www.facebook.com/privacy/explanation.
Please note that, in accordance with the data protection regulations of Meta Platform Ireland Ltd, user data may also be processed by Meta Platforms Inc., One Hacker Way, Menlo Park, CA 94025, USA, or other third countries. For the transfer of data from the EU to the USA, Meta Platform Ireland Ltd relies on the European Commission's standard data protection clauses in accordance with Art. 46 (2) (c) GDPR, which are intended to ensure compliance with European data protection standards in the USA.
Further information is available at: https://de-de.facebook.com/legal/EU_data_transfer_addenDum
Contact via WhatsApp
As a further contact option, we have a company account with the instant messaging service WhatsApp Business from WhatsApp Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (WhatsApp). When you contact us via WhatsApp Business, we process the personal data you provide, such as your name, chat history, and phone number. The purpose of processing is customer service, support, and information about services. The personal data you provide will be stored and used exclusively for the purpose of responding to your request. The legal basis for the processing of this data is the implementation of pre-contractual measures or the fulfillment of the contract in accordance with Art. 6 (1) (b) GDPR.
Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal retention obligations to the contrary. In the event of the establishment of a contractual relationship, storage is governed by the legal provisions of the German Commercial Code and the German Fiscal Code.
Please note that when using WhatsApp, in addition to the data you provide to us, WhatsApp also processes and transfers metadata such as your IP address, your location, and your device name to the US. We have concluded a data processing agreement with WhatsApp in accordance with Art. 28 GDPR, which obliges WhatsApp to protect your data and not to disclose it to third parties. For the transfer of data from the EU to the US, WhatsApp refers to the European Commission's standard data protection clauses in accordance with Art. 46 (2) (c) GDPR, which are intended to ensure compliance with European data protection standards in the US. For more information, please refer to the WhatsApp Privacy Policy at: https://www.whatsapp.com/legal/privacy-policy-eea?lang=de_DE
Table Reservation
Description and Scope of Data Processing
Our website provides the option to reserve a table at our restaurant. If you make use of this option, the data entered in the input form will be transmitted to us. This data includes: first name, last name, email address, telephone number, reservation details (date, time, number of persons, restaurant), as well as optional information regarding special requests and the occasion.
If you make a table reservation via our website, this is carried out using the online reservation system of RESERViSiON GmbH, Seestr. 29, 64354 Reinheim, Germany. All order data entered by you is transmitted in encrypted form. RESERViSiON is committed to handling your transmitted data in compliance with data protection regulations. RESERViSiON takes all organizational and technical measures necessary to protect your data.
Further information can be found in the privacy policy of RESERViSiON.
We have concluded a data processing agreement with RESERViSiON GmbH in accordance with Art. 28 GDPR, obligating RESERViSiON to protect the data of visitors to our website and not to pass it on to third parties.
Data Subject Rights
Applicable data protection law grants you extensive rights as a data subject in relation to the processing of your personal data by the controller (rights to information and intervention), which we inform you about below:
Right of access under Art. 15 GDPR: You have the right to obtain information about your personal data processed by us, including the purposes of processing, categories of personal data processed, recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining this period, the existence of the right to rectification, erasure, restriction of processing, objection to processing, lodging a complaint with a supervisory authority, the source of your data if not collected from you, the existence of automated decision-making including profiling, and, where applicable, meaningful information about the logic involved and the significance and consequences of such processing for you, as well as your right to be informed about the safeguards under Art. 46 GDPR when your data is transferred to third countries.
Right to rectification under Art. 16 GDPR: You have the right to immediately request the correction of inaccurate personal data concerning you and/or the completion of incomplete data stored by us.
Right to erasure under Art. 17 GDPR: You have the right to request the deletion of your personal data if the conditions of Art. 17(1) GDPR are met. However, this right does not apply if processing is necessary for exercising the right of freedom of expression and information, compliance with a legal obligation, reasons of public interest, or for establishing, exercising, or defending legal claims.
Right to restriction of processing under Art. 18 GDPR: You have the right to request the restriction of processing of your personal data while the accuracy of disputed data is verified, if you object to the deletion of data due to unlawful processing, if you require your data to establish, exercise, or defend legal claims, after data is no longer needed for the original purpose, or if you have lodged an objection based on your particular situation while it is not yet clear whether our legitimate grounds prevail.
Right to notification under Art. 19 GDPR: If you exercise your rights to rectification, erasure, or restriction of processing, the controller must inform all recipients to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed of these recipients.
Right to data portability under Art. 20 GDPR: You have the right to receive your personal data provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller where technically feasible.
Right to withdraw consent under Art. 7(3) GDPR: You have the right to withdraw consent to processing at any time with effect for the future. Upon withdrawal, we will immediately delete the data, unless processing is based on another lawful ground. The legality of processing carried out before withdrawal is not affected.
Right to lodge a complaint under Art. 77 GDPR: If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, especially in the member state of your residence, workplace, or the place of the alleged infringement, without prejudice to other administrative or judicial remedies.
Withdrawal, changes, deletion, and access rights
If we process your personal data based on our legitimate interest under Art. 6(1)(f) GDPR, you have the right to object at any time for reasons arising from your particular situation, with effect for the future.
If you exercise your right to object under Art. 21 GDPR, we will cease processing the affected data, unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if processing is required for establishing, exercising, or defending legal claims.
If your personal data is processed under Art. 6(1)(f) GDPR in conjunction with §7(3) UWG for direct marketing, you may object at any time to such processing. If you exercise your objection under Art. 21 GDPR, we will stop processing your data for direct marketing purposes.
Duration of storage of personal data
We only store personal data as long as necessary. The storage duration is determined based on the legal basis, processing purpose, and, where applicable, the statutory retention period (e.g., commercial and tax law requirements).
For data processed on the basis of explicit consent (Art. 6(1)(a) GDPR), data is retained until consent is withdrawn. For data processed to initiate or perform a contract (Art. 6(1)(b) GDPR), data is deleted once the contract negotiation fails or the contract ends, unless there is a legitimate interest in retaining it (e.g., for defense or assertion of legal claims). Retention in such cases follows statutory limitation periods.
For data processed based on legitimate interest (Art. 6(1)(f) GDPR), data is stored until the data subject exercises their right to object (Art. 21 GDPR), unless compelling legitimate grounds override the interests, rights, and freedoms of the data subject, or if processing is necessary for legal claims. Data is deleted as soon as the legitimate interest ends or the purpose is achieved.
For direct marketing data under §7(3) UWG in conjunction with Art. 6(1)(f) GDPR, data is processed until the data subject exercises their objection right under Art. 21(2) GDPR.
Unless otherwise specified, personal data is deleted once it is no longer necessary for the purposes for which it was collected or otherwise processed.