Zum Inhalt springen
PRIVACY POLICY (English, GDPR‑Compliant)
This document can be placed at /privacy-policy or /datenschutz.
Last updated: [insert date]
This Privacy Policy explains how we collect, use, store, and protect personal data when you visit our website, use our online services, join our membership programs, or interact with our restaurant.
We comply with the EU General Data Protection Regulation (GDPR) and applicable German privacy laws.
1. Controller & Group Structure
The data controller for all customer-facing services in Germany is:
[Restaurant Name]
[Restaurant Address]
Germany
Email: [contact email]
We operate within a multi-location group consisting of:
  • Restaurant Operations – Germany (customer service, reservations, loyalty programs)
  • IT Hub – Georgia (technical support, server operations, CRM administration)
  • Holding Company – Netherlands (group administration)
Personal data may be processed by other group entities only for the purposes described in this Policy.
2. What Personal Data We Collect
We may collect the following categories of data:
2.1 Data you provide
  • Name
  • Email address
  • Phone number
  • Reservation information
  • Order and payment details
  • Delivery address (if applicable)
  • Messages sent through forms
  • Membership application details
2.2 Membership programs
For Kollegensclub and FounderClub membership programs, we may also collect:
  • NFC card ID
  • Membership start/end dates
  • Visit frequency
  • Participation in tasting events
  • Program activity and eligibility
2.3 Technical data
When using our website, QR codes, or online ordering system:
  • IP address
  • Browser type and version
  • Device information
  • Access time and date
  • Referrer URLs
  • Anonymous analytics data
No sensitive categories of data are collected.
3. How We Use Personal Data
We process personal data only for lawful purposes, including:
3.1 Restaurant operations
  • Managing reservations
  • Processing online and in‑house orders
  • Providing customer support
  • Handling vouchers and promotions
3.2 Membership programs
To manage Kollegensclub, FounderClub, and promotional vouchers:
  • Creating customer profiles
  • Assigning and verifying NFC cards
  • Applying discounts and membership benefits
  • Sending hospitality‑style reminder emails
  • Communicating updates regarding the program
3.3 Service improvement
  • Website performance and analytics
  • Menu improvements
  • Operational optimization
3.4 Legal obligations
  • Accounting
  • Tax records
  • Fraud prevention
We do not sell personal data to third parties.
4. Legal Basis
Under GDPR, our legal bases include:
  • Art. 6(1)(b) — contract performance (orders, reservations, membership)
  • Art. 6(1)(a) — consent (marketing emails)
  • Art. 6(1)(f) — legitimate interest (service improvement, security)
  • Art. 6(1)(c) — legal obligations (tax, accounting)
5. Data Sharing
We share data only where necessary:
  • Within the restaurant group (Germany, Georgia, Netherlands)
  • Service providers supporting our IT systems (Odoo hosting, email services)
  • Legal authorities where required by law
All processors operate under GDPR‑compliant agreements.
No personal data is shared with advertisers or social networks for profiling.
6. NFC Cards & Membership Programs
For programs using NFC cards (Kollegensclub, FounderClub):
  • Each card contains a unique NFC ID
  • We link the NFC ID to your customer profile
  • When you tap the card, the system verifies your eligibility
  • We track usage to provide benefits and prevent misuse
No location tracking or behavioural profiling is performed.
7. Cookies & Analytics
Our website may use:
  • essential cookies (required for functionality)
  • analytics cookies (anonymized, no behavioural advertising)
Visitors are informed via a cookie banner where required.
8. Data Retention
We retain data only for as long as necessary:
  • Customer profiles: as long as active
  • Membership data: duration of membership + required legal retention
  • Orders and invoices: per German tax regulations
  • Technical logs: short‑term operational use
Data is securely deleted or anonymized after retention periods.
9. Your Rights (GDPR)
You have the right to:
  • access your data
  • correct inaccurate data
  • delete your data (“right to erasure”)
  • restrict processing
  • object to processing
  • withdraw consent (e.g., marketing emails)
  • request data portability
To exercise your rights, contact us via the Contact page.
10. Security
We use technical and organizational measures to protect personal data, including:
  • encrypted communications (HTTPS)
  • secure servers and firewalls
  • access control
  • staff confidentiality obligations
  • NFC anti-misuse protections
Despite best efforts, no system is guaranteed fully secure.
11. Changes to This Policy
We may update this Privacy Policy to reflect changes in technology, operations, or legal requirements.
The current version published on our website applies.
12. Contact
For privacy inquiries, please contact:
[Restaurant Name]
[Address]
Germany
Email: [Contact Email]