Elisabeth-Abegg-Straße 1, 10557 Berlin, Germany mail@zollpackhof.de
Follow us:

Privacy Policy

1. Privacy at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is all data that can be used to identify you personally. Detailed information on data protection can be found in our privacy policy listed below this text. This information is provided in accordance with the General Data Protection Regulation (GDPR) , the Telecommunications Digital Services Data Protection Act (TDDDG) , and the Digital Services Act (DDG) .

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the "Information on the Responsible Party" section of this privacy policy.

How do we collect your data?

Your data is collected, on the one hand, when you provide it to us. This may, for example, be data you enter in a contact form.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This primarily concerns technical data (e.g. B. Internet browser, operating system, time of page access). This data is collected on the basis of your consent (Section 25 (1) TDDDG) or, if absolutely necessary, on the basis of our legitimate interest in the technical functionality of the website in accordance with Article 6 (1) (f) GDPR .

What do we use your data for?

Some of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior (e.g. e.g. via Google Analytics).

What rights do you have regarding your data?

You have the right to obtain information about the origin, recipient, and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time with effect for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances.

Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time with any questions about this or other issues relating to data protection.

Analysis tools and third-party tools

When you visit this website, your browsing behavior may be statistically analyzed. This is done primarily with the help of analysis programs such as Google Analytics 4 or services such as Google Tag Manager or DoubleClick.

The use of these tools is – if necessary – based on your consent (Section 25 (1) TDDDG i. V. m. Art. 6 Para. 1 lit. a GDPR) . Further details on these services can be found later in this privacy policy.

Note: Your consent to cookies and tracking technologies is obtained via our cookie banner. You can change or revoke your selection there at any time.


2. Hosting

We host our website at:

Strato AG
Otto-Ostrowski-Straße 710249 Berlin

When you visit our website, Strato records various log files including your IP address.

Legal basis:

  • Art. 6 (1) (f) GDPR (legitimate interest in secure and reliable provision)
  • For data requiring consent: Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG

Further information can be found in Strato’s privacy policy:
https://www.strato.de/datenschutz/

We have a legitimate interest in presenting our website as reliably as possible. If consent has been requested, processing will be carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.


3. General information and mandatory information

Data protection

The protection of your personal data is important to us. We treat your data confidentially and in accordance with the statutory data protection regulations – in particular the General Data Protection Regulation (GDPR) , the Telecommunications Digital Services Data Protection Act (TDDDG) , and the Digital Services Act (DDG) – as well as this privacy policy.

When you visit this website, personal data is collected. Personal data is information that can be used to identify you personally. This privacy policy explains what data we collect, for what purpose, and on what legal basis.

Please note that data transmission over the Internet (e.g. B. when communicating via email) may have security gaps . Absolutely complete protection against access by third parties is technically impossible .

Note on the responsible body

Responsible body within the meaning of the GDPR:
Zollpackhof Gastronomie GmbH Elisabeth-Abegg-Straße 11 0557 Berlin Telephone: 030 330 997 20 Email: mail@zollpackhof.de

The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

Storage period

Unless a more specific storage period is specified in this privacy policy, we will only store your personal data for as long as it is necessary for the respective processing purposes .

Once the purpose of processing no longer applies, the data will be deleted unless statutory retention periods prevent this (e.g. B. commercial or tax law deadlines according to Art. 6 (1) (c) GDPR). In this case, deletion will occur after the respective deadlines have expired.

If you revoke your consent or make a legitimate request for deletion , your data will be deleted unless there is another legal basis for further storage.

Legal basis for data processing on this website

If you have consented to the processing of personal data, this will be done on the basis of Art. 6 (1) (a) GDPR or – in the case of special categories of personal data – on Art. 9 (2) (a) GDPR .

If the data processing is based on your express consent to transfer to a third country (e.g. B. USA), it is additionally carried out on the basis of Art. 49 (1) (a) GDPR .

If you consent to the storage of information on your device or to accessing it (e.g. B. through cookies or device fingerprinting), data processing will also be carried out on the basis of Section 25 Paragraph 1 TDDDG .

Consent can be revoked at any time.

If data processing is carried out to fulfill a contract or to carry out pre-contractual measures, this is done on the basis ofArt. 6 (1) (b) GDPR .

If processing is necessary to fulfill a legal obligation, it is carried out in accordance with Art. 6 (1) (c) GDPR .

In other cases, data processing may be based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR .

We will inform you about the relevant legal basis in each individual case within the framework of this data protection declaration.

Note on data transfer to the USA and other third countries

We use services from providers in third countries on our website (e.g. (e.g., the USA) or other third countries that do not have secure data protection regulations. If these services are active, your personal data may be transferred to these third countries and processed there.

For certain US providers certified under the EU-US Data Privacy Framework (DPF) , an adequate level of data protection is recognized by the EU Commission . In these cases, the transfer is based on the EU Commission's adequacy decision of July 10, 2023, pursuant to Art. 45 GDPR .

For US service providers that are not DPF-certified, data transfer is based on your express consent in accordance with Art. 49 (1) (a) GDPR . Please note that in these cases, a level of data protection comparable to that in the EU cannot be guaranteed. US authorities may, under certain circumstances, gain access to your data without you having any effective legal remedies.

A current list of certified US companies can be found here:
https://www.dataprivacyframework.gov/s/

We would like to point out that in some third countries, including the USA, there is no level of protection comparable to EU data protection law. US companies may be required to disclose personal data to government authorities without you, as the data subject, being able to take effective legal action. It cannot therefore be ruled out that US authorities (e.g., intelligence agencies) may process, evaluate, and permanently store your data on US servers for surveillance purposes. We have no influence over these processing activities.

Revocation of your consent to data processing

Many data processing operations only take place with your express consent. You can revoke your consent at any time. The legality of the data processing carried out up to the time of revocation remains unaffected.

Right to object to data collection in special cases and to direct advertising

Objection to data processing for specific reasons
If data processing is based on Art. 6 (1) (e) or (f) GDPR, you have the right to object to processing at any time for reasons related to your particular situation. This also applies to profiling based on these provisions.

We will then no longer process your personal data unless there are compelling legitimate grounds for the processing that outweigh your interests, or the processing serves to assert, exercise or defend legal claims (Art. 21 (1) GDPR).

Objection to direct marketing:
If your personal data is processed for direct marketing purposes, you have the right to object to processing for this purpose at any time. This also applies to profiling insofar as it is related to such direct marketing (Article 21 (2) GDPR). After an objection, your data will no longer be used for advertising purposes.

Objection to advertising emails and other direct advertising

The use of the contact information published in the context of the imprint obligation to send unsolicited advertising or information materials is hereby prohibited. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, particularly through spam emails.

According to Art. 21 (2) GDPR, you have the right to object to the processing of your personal data for direct marketing purposes at any time. This also applies to related profiling. After you object, your data may no longer be processed for advertising purposes.

If direct advertising is carried out via electronic communication channels (e.g. If we send you information (e.g., email, SMS), this is done exclusively on the basis of your express consent in accordance with Art. 6 (1) (a) GDPR in conjunction with Section 25 (1) TDDDG. This consent can be revoked at any time.

If you are already a customer, we reserve the right to send you information about our offers and events by post to the address you provided. This processing is based on our legitimate interest in direct marketing pursuant to Art. 6 (1) (f) GDPR .

object to the use of your address for this purpose at any time if your interests outweigh our legitimate interest in advertising. The objection can be made without any formalities – e.g. E.g. by email to mail@zollpackhof.de.

 

Right to lodge a complaint with the competent supervisory authority

If you believe that the processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR .
The complaint may be lodged, in particular, with the supervisory authority of your habitual residence, place of work, or place of the alleged violation .

Right to data portability

Pursuant to Art. 20 GDPR, you have the right to receive personal data that we process automatically based on your consent or for the performance of a contract in a structured, common, and machine-readable format .
If technically feasible, you also have the right to request direct transmission to another controller .

Right to information, rectification, erasure and restriction of processing

Within the framework of the applicable legal provisions, you have the right at any time to:

  • Information in accordance with Art. 15 GDPR about your personal data stored by us, its origin, recipient and the purpose of processing,
  • Correction of incorrect or incomplete data according to Art. 16 GDPR ,
  • Deletion of your personal data in accordance with Art. 17 GDPR , unless there is a legal obligation to retain data or another legitimate processing purpose,
  • and the right to restriction of processing pursuant to Art. 18 GDPR .

The right to restriction of processing exists in particular in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. You have the right to request that the processing of your personal data be restricted while we verify your claim.
  • If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you require it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deleted.
  • If you have lodged an objection pursuant to Art. 21 (1) GDPR, your interests must be weighed against ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.
  • If you have restricted the processing of your personal data, this data may – with the exception of its storage – only be processed with your consent or for the establishment, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the browser's address line changing from "http://" to "https://" and by the lock symbol in your browser's address bar.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. This also explicitly applies to payment transactions on our website, for example, if you wish to purchase a voucher for our restaurant.


4. Data collection on this website

Cookies

Our website uses so-called "cookies." Cookies are small data packets and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g., cookies for processing payment services).

Cookies serve various functions. Some cookies are technically necessary because certain website features wouldn't work without them (e.g., the shopping cart function or displaying videos). Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies that are required to carry out electronic communication, to provide certain functions you have requested (e.g., for the shopping cart function), or to optimize the website (e.g., cookies for measuring web audiences) (necessary cookies) are stored on the basis of Art. 6 (1) (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically error-free and optimized provision of its services.

We only use cookies that are not necessary, particularly those used for analysis or advertising, with your consent. This processing is based on Art. 6 (1) (a) GDPR in conjunction with Section 25 (1) TTDSG (German Data Protection Act) . You can revoke your consent at any time.

You can prevent cookies from being saved by selecting the appropriate settings in your browser. You can also delete previously saved cookies at any time. However, this may limit the functionality of our website.

To find out exactly which cookies are used on this website and which third-party providers are involved, please refer to our privacy policy and the cookie banner.

Server log files

The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits. This includes:

  • Browser type and version
  • operating system used
  • Referrer URL (the previously visited page)
  • Hostname of the accessing computer
  • Time of server request
  • IP address (in anonymized form, where possible)

This data will not be merged with other data sources.

The data is collected on the basis of Art. 6 (1) (f) GDPR , as the website operator has a legitimate interest in the technically error-free presentation and optimization of the website.

Contact form

If you send us inquiries via the contact form, we will process the personal data you enter (e.g. name, email address, telephone number) for the purpose of processing your inquiry and to contact you in case of follow-up questions.

If you use the contact form, for example, to reserve a table in our beer garden or to inquire about an event, we will process your data (name, email address, telephone number, and company name if applicable) for the purpose of processing the reservation or responding to your inquiry.

The processing takes place

  • on the basis of Art. 6 (1) (b) GDPR , if your request is related to the performance of the contract or pre-contractual measures,
  • otherwise on the basis of Art. 6 (1) (f) GDPR (legitimate interest in processing the request)
  • or based on your consent (Art. 6 (1) (a) GDPR) , provided this was explicitly requested. You can revoke your consent at any time.

We will store the data until the purpose no longer applies, you request deletion, or revoke your consent. Statutory retention periods remain unaffected.

Inquiry by email, telephone or fax

If you contact us by email, telephone or fax, we will store and process your personal data (e.g. name, email, telephone number, content) to process your request.

The legal basis is the same as for the contact form:
Art. 6 (1) (b), (f) or (a) GDPR depending on the purpose and consent.

The data will remain stored until you request deletion, revoke your consent, or the purpose no longer applies. Statutory retention periods remain in effect.

Reservations and reservation requests

We use TheFork (La Fourchette SAS, 70 rue Saint-Lazare, 75009 Paris, France) as a service provider for table reservations.

When you click "Reserve a table," you will be redirected to TheFork's website, where you will enter your contact details and, if applicable, payment details. Reservations made outside of our website will also be processed by TheFork.

By agreeing to be redirected to TheFork websites when making a reservation on our website, you agree that the data collected during your visit to our website will be forwarded to TheFork.

Further information on data protection at TheFork can be found at: https://www.thefork.de/legal.

Registration form

We offer a registration form on our website that you can use for electronic registration. The data you enter in the input form will be transmitted to us and stored.

Our registration form collects the following data:

  • Title, first name, last name
  • Function, company / organization
  • Institute / Department
  • Address
  • Telephone number
  • E-mail address
  • IP address
  • Date and time of registration

We obtain your consent for data processing (Art. 6 (1) (a) GDPR) and refer to this privacy policy. Your data will not be shared with third parties.

You can revoke your consent at any time.

Online shop

If you place an order in our online shop, we require the following personal data to fulfill the contract:

  • E-mail address
  • Salutation
  • name
  • address
  • Telephone number
  • Payment information

We also process this data to process the order after cancellation or return and to investigate any claims. We also store your data so that you can view your order history on our website.

Processing is based on Art. 6 (1) (b) GDPR (performance of contract) and (f) GDPR (legitimate interest in managing order history). We also store data to fulfill legal obligations (Art. 6 (1) (c) GDPR), such as tax retention periods.

For delivery purposes, we will pass on your address information to our shipping or logistics service provider. This transfer is solely for the purpose of fulfilling the contract.

In addition, we store the time of your data transmission and your IP address based on our legitimate interest (Art. 6 (1) (f) GDPR) to protect against misuse and for system security.

Payment methods and credit check:

If you select a payment provider on our payment page, this provider will also receive your personal data, such as your name, address, and bank details. Our bank will also receive your bank details if an electronic payment is received. The legal basis for processing your personal data for payment purposes is Art. 6 (1) (b) and (f) GDPR.

  • Credit card: When you pay with your credit card on our website, your credit card provider will receive information that you have placed an order with us. Your credit card provider may conduct a credit check. For more information, please visit your credit card provider's website.
  • PayPal: If you pay on our website with PayPal (PayPal (Europe) S.à rl et Cie, SCA 22-24 Boulevard Royal, L-2449 Luxembourg), PayPal will receive your payment data for payment processing and may conduct a credit check. Information about this can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#rAnnex.
  • Klarna: If you pay on our website using a service provided by Klarna (Klarna Bank AB (publ) Sveavägen 46, 111 34 Stockholm, Sweden) (instant bank transfer), Klarna will receive your personal data, such as your name, address, and bank account details. Klarna may conduct a credit check. Further information can be found at: https://www.klarna.com/de/kundenservice/identitaets-bonitaetspruefung/wieso-fuehrt-klarna-eine-identitaets-und-bonitaetspruefung-durch/
  • Prepayment: If you pay in advance on our website, our bank will receive your bank details for payment processing.

Invoice: Registered existing customers can select the "Purchase on account" payment option on our website. This means that our house bank receives your bank details for payment processing when you make a transfer to us. We would like to draw your attention to the fact that in this case we carry out a credit risk assessment based on mathematical-statistical procedures with the credit agency SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden (scoring). For this purpose, your personal data required for the credit check (last name, first name, date of birth) will be transferred to the credit agency, whereby your address details will also be taken into account. The processing is therefore carried out for the purpose of the credit check to avoid payment default and on the legal basis of Art. 6 (1) Sentence 1 (b) GDPR and Art. 6 (1) Sentence 1 (f) GDPR. Based on this information, a statistical probability of a credit default and thus your ability to pay is calculated. If the credit check is positive, ordering on account is possible. If the credit check is negative, our shop system will not offer you payment by invoice. The decision is therefore made without any verification of your interest in purchasing on account or any other influence on the decision-making process by one of our employees. To the extent that certain probability values are taken into account in the automated decision, these are based on a scientifically recognized mathematical-statistical procedure. You can object to the transmission of this data to the credit agency at any time; however, in this case, ordering on account via our website will no longer be possible. The scope of the scoring is limited solely to whether an order can also be placed on account. We use the scoring solely to protect ourselves against possible payment defaults.


5. Newsletter

Newsletter data

If you would like to subscribe to our newsletter, we require your email address and information that allows us to verify that you are the owner of the provided email address and that you agree to receive the newsletter. We collect further data only on a voluntary basis.

We use this data exclusively for sending the newsletter and do not pass it on to third parties.

The data entered in the newsletter registration form will be processed exclusively on the basis of your voluntary, informed, and express consent in accordance with Art. 6 (1) (a) GDPR. This consent also includes the storage of your email address and its use for sending the newsletter.

You can revoke your consent at any time without giving reasons, with effect for the future – for example, via the "unsubscribe" link in the newsletter or by sending a message to mail@zollpackhof.de. The legality of the processing carried out up to the time of revocation remains unaffected.

The data will be stored until you unsubscribe or until the purpose no longer applies and will then be deleted, unless there are legal retention obligations.

We reserve the right to block or delete email addresses from our newsletter distribution list within the scope of our legitimate interest (Art. 6 (1) (f) GDPR), for example, to prevent misuse or spam. Data stored by us for other purposes remains unaffected.

Blacklist

After you unsubscribe, your email address may be saved on a blacklist to prevent future unsolicited mailings. This data will be used exclusively for this purpose, will not be linked to any other data, and will be stored for as long as necessary.

This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). Storage in the blacklist is not time-limited. You have the right to object to storage in the blacklist at any time if your legitimate interests outweigh them (Art. 21 GDPR).

 

 

Newsletter & double opt-in procedure

If you subscribe to our newsletter, we will process your email address and – if provided – other voluntary information solely for the purpose of regularly sending our newsletter.

Registration is done using the so-called double opt-in process : After registering, you will receive an email asking you to confirm your registration. Only after this confirmation will your email address be added to our mailing list.

The legal basis for sending is your express consent in accordance with Art. 6 (1) (a) GDPR and – if end device information is processed or stored – additionally Section 25 (1) TDDDG .

You can unsubscribe from the newsletter at any time using the unsubscribe link in every email or by sending an email to mail@zollpackhof.de . Your consent remains valid until revoked.

Your rights and further information according to GDPR and DDG

As a user, you have the right under the GDPR and the Digital Services Act to:

  • Information about the personal data stored by us
  • Correction or deletion of your data
  • Restriction of processing
  • Data portability
  • Objection to the processing of your data
  • Complaint to a data protection supervisory authority

Further information on how we handle your data and data protection when sending our newsletter can be found in our privacy policy


6. Plugins and Tools

Google Fonts (local hosting)

We use Google Fonts on our website to ensure consistent font display. These fonts are installed locally on our server, so no connection to Google servers is established and no personal data is transferred to Google. For more information about Google Fonts, see the Google Fonts FAQ and Google's privacy policy .

Font Awesome

This site uses Font Awesome to consistently display fonts and icons. The provider is Fonticons, Inc., 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA.

When you visit a page, your browser loads the required fonts into your browser cache in order to display text, fonts and symbols correctly. For this purpose, the browser you use must establish a connection to the Font Awesome servers. This means that Font Awesome knows that this website was accessed via your IP address. Font Awesome is used on the basis of Art. 6 (1) (f) GDPR. We have a legitimate interest in the uniform presentation of the typeface on our website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 TD DDG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

If your browser does not support Font Awesome, a default font from your computer will be used.

For more information about Font Awesome, please see Font Awesome’s privacy policy: https://fontawesome.com/privacy.

Google Analytics 4

We use Google Analytics 4 to analyze and improve the use of our website.

Google Analytics 4 is a web analytics and tracking service provided by Google LLC ("Google"). Google Analytics 4 may use so-called "cookies" if we enable the cookie function. Google Analytics 4 also uses an anonymized user and client ID generated by our website or app, as well as Google signals to identify users.

The anonymized user ID is assigned to a logged-in user after they have been uniquely identified. The user ID allows users to be identified regardless of the device they use. For example, if users access the website or app on both smartphones and tablets, we can use the user ID to analyze user paths in a holistic overview of the data.

The client ID is a unique, randomly generated string that acts as a pseudonymized identifier and anonymously identifies a browser instance. It is stored in browser cookies so that subsequent visits to the same website can be assigned to the same user.

Google Signals are session data from websites and apps that Google links to users who are logged into their Google Account and have enabled personalized advertising. Linking data with these logged-in users enables cross-device reporting, cross-device remarketing, and the export of cross-device usage results (so-called "conversions") to Google Ads.

The data processed by Google Analytics 4 is personal data within the meaning of Art. 4 (1) GDPR. Google Analytics 4 collects personal data, among other things, in the form of user characteristics and event data. The latter are automatically recorded events (user activities, number of sessions, clicking on ads, which ads are viewed, removal or deletion of login data, website or app crashes, conclusion or cancellation of subscriptions, clicking on links, scrolling behavior, ending of watched videos, etc.), events optimized for analytics (page views, scrolls, clicking on external links, website searches, playing videos, file downloads, etc.), recommended events (purchase process on the website, travel offers, games), and user-defined events (events that are neither automatically recorded nor recommended). Session data is also recorded, such as multiple page views, events (see above), social interactions, and e-commerce transactions.

User properties are attributes of users who interact with your app or website. They are used to describe user segments such as language preference or geographic location. Some user properties are automatically logged in Google Analytics 4.

The information generated by the cookie, the user ID and Google signals about your use of this website is usually transferred to a Google server in the USA and stored there. If IP anonymization is activated, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google uses this information to evaluate your use of the website, to compile reports on website activity, to make predictions about your future web behavior and to provide the website operator with other services relating to website activity and internet usage. The user ID data collected on one website or app cannot be shared or combined with data from another website or app. However, data about devices and activities from different sessions on a website or app can be merged and combined using the user ID or Google signals. Collecting and combining data is suitable for creating user profiles about you.

The legal basis for the processing of data using Google Analytics 4 is your express consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG.

You can revoke your consent to the processing of your personal data through the use of Google Analytics 4 at any time by changing your cookie settings accordingly. You can also notify us of your revocation by post, telephone, or email.

You can also prevent cookies from being saved by selecting the appropriate settings in your browser; however, please note that if you do this, you may not be able to use all of the features of this website to their full extent. Furthermore, you can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link:

tools.google.com/dlpage/gaoptout

We use Google Analytics with the extension "_anonymizeIp()." This shortens IP addresses (so-called IP masking).

Eventim

We use Eventim, an online platform for event and ticket management, for our website. The Eventim provider is CTS EVENTIM AG & Co. KGaA, Contrescarpe 75-A, 28195 Bremen.

Eventim processes your personal data if you book tickets for events, etc., on our website. When you register for an event, you will be redirected to the Eventim website.

Eventim collects your personal data and then transmits it to us as the event organizer. To register for an event with Eventim, you must provide Eventim with the following personal data:

  • Name first Name
  • E-mail address
  • Payment information
  • Location
  • Ticket type
  • Event ID
  • IP address
  • Characteristics of the access device and/or browser

As the event organizer, we receive this data from Eventim for the purpose of preparing and following up on the booked event, as well as to inform participants before and after the event via email. Processing is based on Art. 6 (1) (b) GDPR (performance of contract) and Art. 6 (1) (f) GDPR (legitimate interest).

Please note that Eventim stores personal data on servers in the USA. Eventim has committed to complying with the Standard Contractual Clauses (EU) 2016/679 to ensure adequate data protection during data transfer. However, a residual risk exists due to US legislation.

Eventim has implemented extensive technical and organizational measures to protect your data. Further information can be found in Eventim's privacy policy at: https://www.eventim.de/help/data-protection/


7. Data protection declaration regarding video surveillance in our restaurant and event room

Our publicly accessible indoor areas (restaurant and event room) are video monitored for security reasons and to protect against theft and vandalism.

The processing is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR i. V. m. § 4 BDSG. The recordings will be made after a maximum of [e.g. B. 72 hours] are automatically deleted unless they are required for the purpose of preserving evidence.

Further information on video surveillance (including details of the controller, storage period, recipients and your rights as a data subject) can be found in our detailed data protection declaration on video surveillance in this document .


8. Data processing in the application process

We offer you the opportunity to apply to us – for example, by email, by post via a contact form on our website, or via digital communication channels such as WhatsApp. Below, we inform you about the scope, purpose, and legal basis for processing your personal data in connection with your application.

Types of data processed

If you send us an application, we will process the following data in particular, provided you send it to us:

  • Identification data (e.g.  Last name, first name, date of birth)
  • Contact details (e.g.  Address, email address, telephone number)
  • Application documents (e.g.  CV, certificates, cover letter)
  • Communication content from job interviews or correspondence
  • Metadata (e.g.  IP address, timestamp for online applications)

Purposes and legal bases

Your data will be processed to carry out and process the application process. The legal basis for this is:

  • Section 26 paragraph 1 BDSG i. V. m. Art. 88 GDPR – to decide on the establishment of an employment relationship
  • Art. 6 (1) (b) GDPR – for the implementation of pre-contractual measures
  • Art. 6 (1) (a) GDPR – with explicit consent (e.g. B. for longer storage or WhatsApp communication)
  • Art. 6 (1) (f) GDPR – to protect legitimate interests, e.g. B. for legal defense in the event of a dispute

WhatsApp communication

We offer you the opportunity to communicate with us via WhatsApp as part of the application process. Use is voluntary.
Please note that WhatsApp is a service provided by WhatsApp Ireland Limited (meta-company). Communication via WhatsApp may involve risks (e.g., B. Access by third parties or metadata processing by WhatsApp).
The use of WhatsApp for advertising or communication only takes place with your express consent in accordance with Art. 6 (1) (a) GDPR , Section 25 (1) TDDDG (access to device information, if necessary). You can revoke your consent at any time with future effect.

Applications via external job platforms and social networks

We also publish job advertisements and receive applications via external platforms and social networks. These include, in particular:

If you apply for a position with us via one of these platforms, we will receive your application data either:

  • directly via an application function on the respective platform,
  • or by forwarding to our email address, our application form or by linking to our website.

Please note that the respective platform acts as an independent controller within the meaning of the GDPR. The privacy policies of the respective providers also apply, particularly with regard to the processing of usage, tracking, and metadata. We have no influence on the data processing by the platforms .

As soon as we receive your application, the principles for processing, transfer and storage described in point 8 of this data protection declaration apply.

Recipient of the data (internal sharing)

Within our company, only people involved in the selection and recruitment process (e.g. B. Human Resources Department, Specialist Department, Management ) . Data will only be passed on to other departments for the specific application process.

Data transfer

As a general rule, data will not be passed on to third parties unless you have consented or there is a legal obligation to do so. Data will not be transferred to a third country.

Storage period

  • If your application is successful, your data will be further processed for the purpose of carrying out the employment relationship in accordance with Section 26 (1) BDSG and Article 6 (1) (b) GDPR.
  • If your application is rejected or withdrawn, we will store your data for up to 6 months after completion of the procedure to protect our legitimate interests (e.g. B. Obligations to provide evidence in lawsuits under the AGG).
  • If you agree to longer storage (e.g. B. for an applicant pool), we will store your data in accordance with your consent.
  • Legal retention obligations (e.g. B. from the HGB, AO) may require longer storage .

Rights of those affected

You have the right at any time to:

  • Information about the data stored about you (Art. 15 GDPR)
  • Correction of incorrect data (Art. 16 GDPR)
  • Deletion (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)

Furthermore, you can revoke your consent at any time (Article 7 (3) GDPR). This revocation does not affect the legality of the processing carried out up to that point.

supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority, in particular with the authority responsible for you in your federal state or with the supervisory authority responsible for us.

As of: 01 July 2025