Data protection

logo cafe bistro harzkristall glasmanufaktur derenburg

PRIVACY POLICY

With this privacy policy, we would like to inform you about the type, scope and purpose of the processing of personal data (hereinafter also referred to as "data"). Personal data is all data that has a personal reference to you, e.g. name, address, e-mail address or your user behavior. The privacy policy applies to all data processing operations carried out by us, both in the context of our core activities and for the online media we provide.

Responsible for data processing is:

Café & Bistro Harzkristall | Björn Rosenberg (Managing Director) | Im Freien Felde 5A | 38895 Derenburg | Germany | Phone 039453 68014


info@cafe-harzkristall.de | www.cafe-harzkristall.de

Processing your data as part of the core activity of our company

If you are our customer or business partner or are interested in our services, the type, scope and purpose of the processing of your data depends on the contractual or pre-contractual relationship existing between us. In this sense, the data processed by us includes all data that is or has been provided by you for the purpose of using the contractual or pre-contractual services and that is required to process your request or the contract concluded between us. Unless otherwise stated in the further information in this privacy policy, the processing of your data and its disclosure to third parties is limited to the data that is necessary and expedient to answer your inquiries and/or to fulfill the contract concluded between you and us, to protect our rights and to fulfill legal obligations. We will inform you which data is required for this before or during data collection. Insofar as we use third-party providers to provide our services, the data protection notices of the respective third-party providers apply.

Data concerned:

  • Inventory data (e.g. names, addresses)
  • Payment data (e.g. bank details, invoices)
  • Contact details (e.g. e-mail address, telephone number, postal address)
  • Contract data (e.g. subject matter of the contract, duration of the contract)

Data subjects: Interested parties, business and contractual partners
Processing purpose: Processing of contractual services, communication and answering contact requests, office and organizational procedures

Legal basis: Fulfillment of contract and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legal obligation, Art. 6 para. 1 lit. c GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

Your rights under the GDPR

According to the GDPR, you are entitled to the rights listed below, which you can assert at any time with the controller named in section 1 of this data protection declaration:

Right to information: You have the right to request information from us as to whether and which of your data we process.

Right to rectification: You have the right to request the rectification of inaccurate data or the completion of incomplete data.

Right to erasure: You have the right to request the erasure of your data.

Right to restriction: In certain cases, you have the right to request that we only process your data to a limited extent.

Right to data portability: You have the right to request that we transfer your data to you or another controller in a structured, commonly used and machine-readable format.

Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. The supervisory authority of your usual place of residence, your workplace or our company headquarters is responsible.

Right of withdrawal

You have the right to withdraw your consent to data processing at any time.

You have the right to object at any time to the processing of your data, which we base on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. If you make use of your right to object, we ask you to explain the reasons. We will then no longer process your personal data unless we can prove to you that there are compelling legitimate grounds for data processing that outweigh your interests and rights.

Irrespective of the above, you have the right to object at any time to the processing of your personal data for the purposes of advertising and data analysis.

Please address your objection to the contact address of the controller given above.

When do we delete your data?

We delete your data when we no longer need it or when you instruct us to do so. This means that - unless otherwise stated in the individual data protection notices in this privacy policy - we will delete your data,

if the purpose of the data processing has ceased to exist and thus the respective legal basis stated in the individual data protection notices no longer exists, e.g. after termination of the contractual or membership relationship existing between us (Art. 6 para. 1 lit. a GDPR) or

after our legitimate interest in the further processing or storage of your data ceases to apply (Art. 6 para. 1 lit. f GDPR),

if you exercise your right of revocation and no other legal basis for processing within the meaning of Art. 6 para. 1 lit. b-f GDPR applies,

if you exercise your right to object and there are no compelling legitimate grounds for erasure.

However, if we still need to retain (certain parts of) your data for other purposes, for example because tax retention periods (usually 6 years for business correspondence or 10 years for accounting documents) or the assertion, exercise or defense of legal claims arising from contractual relationships (up to four years) make this necessary or the data is needed to protect the rights of another natural or legal person, we will only delete (the part of) your data after these periods have expired. Until the expiry of these periods, however, we restrict the processing of this data to these purposes (fulfillment of retention obligations).

Contact us

If you contact us via e-mail, social media, telephone, fax, post, our contact form or in any other way and provide us with personal data such as your name, telephone number or e-mail address or provide further information about yourself or your request, we will process this data to answer your inquiry within the framework of the pre-contractual or contractual relationship existing between us.

Data concerned:

  • Inventory data (e.g. names, addresses)
  • Contact details (e.g. e-mail address, telephone number, postal address)
  • Content data (texts, photos, videos)
  • Contract data (e.g. subject matter of the contract, duration of the contract)

Affected persons: Interested parties, customers, business and contractual partners

Purpose of processing: Communication and answering contact requests, office and organizational procedures

Legal basis: Fulfillment of contract and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

Payment service provider

In accordance with our legal obligations or due to our legitimate interests in efficient, secure and customer-oriented payment processing, persons who have concluded a contract or other legal relationship with us may use banks and credit institutions as well as other payment service providers for payment. The payment service providers offered by us process inventory data in this context, including name, address or bank data such as account/credit card number, passwords, TANs, verification numbers as well as information on the concluded contract and information on the recipient of the payment.

The data collected in this context is required to enable the payment service provider to process the payment. Only the payment service provider commissioned by us collects and processes this personal data. At no time do we receive information about your account or credit card details. We are informed by our payment service provider whether our customers' payment has been received or not. It is possible that our payment service providers may forward our customers' data to credit reference agencies in order to check the identity and creditworthiness of the payer. In this respect, we refer to the privacy policy and general terms and conditions (GTC) of our payment service providers.

The general terms and conditions and data protection provisions of the respective payment service provider apply. You will find this information on the website of the relevant service provider or in the transaction application.

For further information and for the assertion of your rights regarding revocation and information, please refer to the provisions of the respective service provider.

Data concerned:

  • Inventory data (e.g. name, address)
  • Usage data (e.g. websites visited, interest in certain topics, times of access)
  • Payment data (e.g. bank details, invoices, payment history)
  • Transaction data (e.g. term, customer category, subject matter of contract)
  • Communication and metadata (e.g. IP address, information on the device or computer system)

Purpose of processing: Effective, secure and customer-oriented payment offers (service) and processing of payments in accordance with contractual agreements

Legal basis: Performance of contract and fulfillment of pre-contractual requests, Art. 6 para. 1 lit. b GDPR, legitimate interests, Art. 6 para. 1 lit. f GDPR

Revocation options: You can revoke your consent to the use of your personal data at any time by contacting the respective payment service provider. Despite revocation, the payment service provider may still be entitled to process, use and transmit the personal data that is absolutely necessary for contractual payment processing. With regard to the storage and timely deletion of personal data, we refer to the respective data protection provisions of the payment service provider.

We use the following payment service provider:

BAMBORA
#200 -1803 Douglas St. Victoria, British Columbia Canada, V8T 5C3 BAMBORA is a registered ISO of TD Bank, Toronto ON, Canada and Wells Fargo Bank N.A., Concord CA, USA.

Online advertising

We use services to display internet advertising. The services we use collect certain user data via a cookie or pixel. This includes, in particular, the information from which website you came to our website (so-called referrer), which pages of our website you accessed, how long you visited our pages and what interactions you made there. In addition, data on the browser, computer system and device type you use is collected. In addition, demographic information, such as age or gender, can also be collected as pseudonymous values via such a service. If you have consented to the collection of your location data, this may also be processed, depending on the provider. In order to collect and store this data, the respective service places a cookie or a so-called counting pixel on the end device you are using, which also collects the IP address assigned to you. However, this is shortened using a so-called IP masking procedure so that the IP address can no longer be assigned to your visit to our website. In principle, no clear data such as names or e-mail addresses are stored when the respective service is used. This is only the case if you are a member of a social network that offers one of the services listed below and merges your profile with the aforementioned data.

The data is analyzed by the service we use in order to produce a report with statistical statements about the number of visitors generated by the advertising and the success of the advertising measure. Among other things, the reports show the total number of users who were redirected to our website via our advertisements. The reports also contain information on the users' end devices and browsers, the locations at which the users were located and the times at which the advertisement was clicked. However, the reports do not contain any information that could be used to personally identify you as a user of our website.
We would like to point out that, depending on the location of the service provider, the data collected via the service may be transferred and processed outside the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR may not be complied with and that the enforcement of your rights may be difficult or impossible.

Data concerned:

  • Usage data (e.g. access times, websites clicked on)
  • Communication data (e.g. information about the device used, IP address)

Affected persons: Users of our online services

Purpose of processing: Reach measurement, success monitoring of campaigns, remarketing and interest-based and behavior-based marketing

Legal basis: If we have asked for your consent before using the respective service, this is the legal basis, Art. 6 para. 1 lit. a GDPR. Otherwise, we use the respective service on the basis of our legitimate interest in directing visitor flows to our website, analyzing these visitor flows in order to be able to continuously improve the functions, offers and user experience, Art. 6 para. 1 lit. f GDPR.

We use the following service providers for online advertising:

Google Ads
Service provider: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Registered office in Europe: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland Website: https://ads.google.com/home/ Privacy Policy: http://www.google.de/intl/de/policies/privacy

Advertising by e-mail, post or telephone

We process personal data for our advertising communication by e-mail, post or telephone. You can object to receiving our advertising measures at any time or withdraw your consent to receiving our advertising communication at any time. We may store your data for up to 4 years after your objection/revocation in order to be able to prove in case of doubt that your consent was given. We will not use your data for any further purposes after your objection/revocation. If you want us to delete your data before then, we will do so after you have confirmed to us that you originally gave us your consent.

Data concerned:

  • Contact details (e.g. e-mail, telephone number, postal address)
  • Inventory data (e.g. names, addresses)

Affected persons: Communication partner

Purpose of processing: Direct advertising measures (marketing) by e-mail, post or telephone

Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

Web analysis and statistics

We use web analysis services to record and statistically evaluate the flow of visitors to our website. Among other things, such services collect data about the website from which you came to our website (so-called referrers), which pages of our website you accessed, how long you visited our pages and what interactions you made there. In addition, data on the browser, computer system and device type you are using is collected. In addition, demographic information, such as age or gender, can also be collected as pseudonymous values via such a service. If you have consented to the collection of your location data, this may also be processed, depending on the provider.
In order to collect and store this data, the web analysis service we use generally places a cookie on the end device you are using, which also collects the IP address assigned to you. However, this is shortened using a so-called IP masking procedure so that the IP address can no longer be assigned to your visit to our website. No other clear data such as names or e-mail addresses are stored. Neither we nor the service we use know the identity of visitors to our website.

We would like to point out that, depending on the country of domicile of the service provider named below, the data collected via the service may be transferred and processed outside the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR will not be complied with and that the enforcement of your rights will be difficult or impossible.

Data concerned:

  • Usage data (e.g. access times, websites clicked on)
  • Communication data (e.g. information about the device used, IP address)

Affected persons: Users of our online services

Purpose of processing: Reach measurement, success monitoring of campaigns, remarketing and interest-based and behavior-based marketing

Legal basis: If we have asked for your consent before using the respective service, this is the legal basis, Art. 6 para. 1 lit. a GDPR. In addition, we use the respective service on the basis of our legitimate interest in analyzing the flow of visitors to our website in order to continuously improve the functions, offers and user experience, Art. 6 para. 1 lit. f GDPR.

We use the following web analysis services:

Google Analytics
Service provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Registered office within the EU: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland Website: https://marketingplatform.google.com/intl/de/about/analytics/ Privacy policy: https://policies.google.com/privacy?hl=de Opt-out option: If you do not want your data to be used by Google Analytics, you can set a so-called opt-out plugin, which prevents data from being collected from you on our website in the future. You can obtain this plugin here: https://tools.google.com/dlpage/gaoptout?hl=de

Our online presence on social networks

We operate online presences within the social networks listed below. If you visit one of these sites, the data listed below will be collected and processed by the respective provider. As a rule, this data is collected for advertising and market research purposes and usage profiles are created. Data can be stored in the user profiles regardless of the device you use. This is particularly the case if you are a member of the respective platform and are logged in to it. The usage profiles can be used by the providers to show you interest-based advertising. You have the right to object to the creation of user profiles. To exercise this right, you must contact the respective provider.
If you have an account with one of the providers listed below and are logged in there when you visit our website, the respective provider may collect data about your usage behavior on our website. To prevent your data from being linked in this way, you can log out of the provider's service before visiting our website.

You can find out for what purpose and to what extent data is collected by the provider in the respective data protection declarations of the providers provided below.
We would like to point out that, depending on the country of domicile of the provider named below, the data collected via its platform may be transferred and processed outside the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR will not be complied with and that the enforcement of your rights will be difficult or impossible.

Data concerned:

  • Inventory and contact data (e.g. name, address, telephone number, e-mail address)
  • Content data (e.g. posts, photos, videos)
  • Usage data (e.g. access times, websites clicked on)
  • Communication data (e.g. information about the device used, IP address).

Processing purpose: Communication and marketing, tracking and analysis of user behavior

Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, legitimate interests Art. 6 para. 1 lit. f GDPR

Possibilities of objection: For the respective opt-out options, please refer to the information provided by the providers linked below.

We maintain online presences on the following social networks:

Facebook
Service provider: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA Registered office in the EU: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland Website: https://www.facebook.com/ Privacy policy: https://www.facebook.com/about/privacy/ Privacy policy for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data

Instagram
Service provider: Instagram Inc, 1601 Willow Road, Menlo Park CA 94025, USA Parent company: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA Registered office in the EU: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland Website: https://www.instagram.com/ Privacy policy: http://instagram.com/about/legal/privacy

Pinterest
Service provider: Pinterest Inc, 635 High Street, Palo Alto, CA 94301, USA Registered office in the EU: Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland Website: https://www.pinterest.de/ Privacy Policy: https://about.pinterest.com/de/privacy-policy

Messenger services

We communicate via messenger services. Messenger services are chat programs that can be used to send text messages as well as image or video files between users in real time via the Internet. Messenger services can also be used to send emoticons, electronic greeting cards and contacts. In order for messages to be transmitted, the participants must be connected to a computer program (called a client) via a network such as the Internet, either directly or via a server. As a rule, messages can also be sent when the other party is not online - the message is then temporarily stored by the service server and delivered to the recipient later when they are available again. Finally, these services can also be used for screen transmission and online games.

If the service uses end-to-end encryption for the content sent (texts, attachments), only the selected communication partners, but not third parties or the service provider itself, can view the message. In this respect, we recommend regularly installing updates for the service to ensure that the content is encrypted. However, the service provider has the option of accessing the metadata of the communication. This includes the time and (depending on the settings) location of the communication as well as the device you are using.

We would like to point out that, depending on the country of domicile of the provider named below, the data collected via its platform may be transferred and processed outside the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR will not be complied with and that the enforcement of your rights will be difficult or impossible.

Data concerned:

  • Inventory and contact data (e.g. name, telephone number, e-mail address)
  • Content data (e.g. posts, photos, videos)
  • Usage data (e.g. access times, websites clicked on)
  • Communication data (e.g. information about the device used, IP address)

Processing purpose: Communication and marketing

Legal basis: If we have asked you for your consent before using the respective service, this is the legal basis, Art. 6 para. 1 lit. a GDPR. In this respect, we clarify that we will not transmit your contact data to the service provider for the first time without your consent. If we communicate with you in the context of a contract initiation or in the context of an existing contractual relationship via one of the following services, the legal basis is the fulfillment or preparation of the contract, Art. 6 para. 1 lit. b GDPR. In addition, we rely on our legitimate interests in fast and efficient communication and meeting the needs of our communication partners in the communication of the following services, Art. 6 para. 1 lit. f GDPR.

Options to object: You can revoke the consent you have given us to use the following service at any time. You can also object to communication via the messenger service at any time.

We use the following messenger services:

Facebook Messenger
Service provider: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA Registered office in the EU: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland Website: https://www.facebook.com Privacy Policy: https://www.facebook.com/about/privacy

Security measures

We also take state-of-the-art technical and organizational security measures to comply with the provisions of data protection laws and to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties.

Up-to-dateness and amendment of this privacy policy

This privacy policy is currently valid and is dated February 1, 2022. Due to changes in legal or regulatory requirements, it may be necessary to adapt this privacy policy.

Cookies