Privacy policy

1. An overview of data protection

General

The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.

Data collection on our website

Who is responsible for the data collection on this website?

The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.

How do we collect your data?

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.

Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.

What rights do you have regarding your data?

You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.

Analytics and third-party tools

When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.

You can object to this analysis. We will inform you below about how to exercise your options in this regard.

Data can be processed within the partner companies
Data can be exchanged with affiliates for processing and storage. Affiliated companies are Mongos Gastro GmbH & EN Gastro GmbH.

2. General information and mandatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Notice concerning the party responsible for this website

The party responsible for processing data on this website is:

MONGO'S GASTRO GMBH
Rosastr. 6a45130 Essen
Germany

Telephone: +49 (0) 201 747560
Email: info@mongos.de

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Encrypted payments on this website

If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.

Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon in your browser line is visible.

In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.

Information, blocking, deletion

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.

Opposition to promotional emails

We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.

3. Data protection officer

Statutory data protection officer

We have appointed a data protection officer for our company.

MONGO'S GASTRO GMBH
Eike Hoffmann
Rosastr. 6a

45130 Essen
Germany

Telephone: +49 (0) 201 7475-21
Email: datenschutz@mongos.de

4. Data collection on our website

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 paragraph 1, letter f of DSGVO. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

These data will not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Contact form

Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

Processing of data (customer and contract data)

We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.

Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

Data transmitted when entering into a contract with online shops, retailers, and mail order

We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract, for example, to companies entrusted to deliver goods to your location or banks entrusted to process your payments. Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.

The basis for data processing is Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Data transferred when signing up for services and digital content

We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract with us, for example, to banks entrusted to process your payments.

Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.

The basis for data processing is Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Information on data transfer to the USA and other non-EU countries

Among other things, we use tools of companies domiciled in the United States or other from a data protection perspective non-secure non-EU countries. If these tools are active, your personal data may potentially be transferred to these non-EU countries and may be processed there. We must point out that in these countries, a data protection level that is comparable to that in the EU cannot be guaranteed. For instance, U.S. enterprises are under a mandate to release personal data to the security agencies and you as the data subject do not have any litigation options to defend yourself in court. Hence, it cannot be ruled out that U.S. agencies (e.g., the Secret Service) may process, analyze, and permanently archive your personal data for surveillance purposes. We have no control over these processing activities.

Booking tools Open Table & Bookatable

OpenTable

This site uses the booking service OpenTable for the reservation of tables in our restaurant. Provider is the OpenTable GmbH, Zeil 109, Frankfurt 60313, Germany. The use of Open Table takes place in the interest of an attractive presentation and bookability of the online offers specified by us on this website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO

More information on handling of user data can be found in the privacy policy of OpenTable: https://www.opentable.de/legal/privacy-policy. The cookie and personalized advertising policy can be found here: https://www.opentable.de/legal/cookie-policy.

Bookatable

This site uses booking service Bookatabele to book tables in our restaurant. Provider is the Bookatable GmbH & Co. KG, Deichstraße 48-50, 20459 Hamburg, Germany.

The privacy policy of Bookatable can be viewed via the following link: https://www.bookatable.com/de/datenschutz.

5. Social media

Share content via plugins (Facebook, Google+1, Twitter, etc.)

The content on our pages can be shared on other social networks like Facebook, Twitter, or Google+. This page uses the eRecht24 Safe Sharing Tool. This tool establishes direct contact between the networks and users only after users click on one of these buttons.

This tool does not automatically transfer user data to the operators of these platforms. If users are logged into one or more of the social networks, the Like, +1, and Share buttons for Facebook, Google+1, Twitter, etc. will display an information window in which the user can edit the text before it is sent.

Our users can share the content of this page on social networks without their providers creating profiles of users' surfing behavior.

Facebook plugins (Like & Share buttons)

Our website includes plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site. For an overview of Facebook plugins, see https://developers.facebook.com/docs/plugins/.

When you visit our site, a direct connection between your browser and the Facebook server is established via the plugin. This enables Facebook to receive information that you have visited our site from your IP address. If you click on the Facebook "Like button" while you are logged into your Facebook account, you can link the content of our site to your Facebook profile. This allows Facebook to associate visits to our site with your user account. Please note that, as the operator of this site, we have no knowledge of the content of the data transmitted to Facebook or of how Facebook uses these data. For more information, please see Facebook's privacy policy at https://de-de.facebook.com/policy.php.

If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.

6. Analytics and advertising

Google Analytics

This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

IP anonymization

We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Browser plugin

You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Objecting to the collection of data

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.

For more information about how Google Analytics handles user data, see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Outsourced data processing

We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic data collection by Google Analytics

This website uses Google Analytics' demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section "Refusal of data collection".

Google Analytics Remarketing

Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behavior on one device (e.g. your mobile phone), on other devices (such as a tablet or computer).

Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging.

To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.

You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/.

The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Art. 6 (1) (a) DSGVO. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing anonymous user behavior for promotional purposes.

For more information and the Google Privacy Policy, go to: https://www.google.com/policies/technologies/ads/.

Google Tag Manager

Google Tag Manager is a marketing tool from Google Inc. ("Google"), which enables a website's marketers to manage website tags via an interface. Tags are small code elements, which among other things are for measuring traffic and visitor behaviour on a website to determine the impact of online advertising and social channels, remarketing, to introduce orientation toward target groups, and for testing and optimising the website. The Tag Manager tool itself (which implements the tags) is a cookieless domain and does not collect any personal data.

The tool triggers other tags, which in turn may collect data under certain circumstances. The Google Tag Manager does not access this data. If deactivation occurs at domain or cookie level, it remains in use for all tracking tags, insofar as they are implemented with Google Tag Manager. For more information about Tag Manager data collection, please visit: http://www.google.com/policies/privacy/

Click here to opt out of Google Tag Manager data collection. .

Facebook Pixel

Our website measures conversions using visitor action pixels from Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook").

These allow the behavior of site visitors to be tracked after they click on a Facebook ad to reach the provider's website. This allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and their future optimization.

The data collected is anonymous to us as operators of this website and we cannot use it to draw any conclusions about our users' identities. However, the data are stored and processed by Facebook, which may make a connection to your Facebook profile and which may use the data for its own advertising purposes, as stipulated in the Facebook privacy policy. This will allow Facebook to display ads both on Facebook and on third-party sites. We have no control over how this data is used.

Check out Facebook's privacy policy to learn more about protecting your privacy: https://www.facebook.com/about/privacy/.

You can also deactivate the custom audiences remarketing feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You will first need to log into Facebook.

If you do not have a Facebook account, you can opt out of usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

Doubleclick

Doubleclick by Google is a service offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Doubleclick by Google uses cookies to present advertisements that are relevant to you. Your browser is assigned an anonymous identification number (ID). This number is used to monitor which ads appear in your browser and which ads have been viewed. The cookies do not contain personal information. DoubleClick cookies only allow Google and its partner sites to display ads that are relevant to you based on your previous visits to our website or others on the Internet. The information generated by the cookies is transmitted by Google to a server in the USA for analysis and is stored there. Google only transfers this data to third parties on the basis of statutory provisions or in the context of processing order data. Under no circumstances will Google match its data with other data collected by Google.

By using our website you agree to the processing of data relating to you and collected by Google, and to the processing of data as described above and for the purpose described above. You can prevent the storage of cookies by selecting the appropriate settings in your browser software. We wish to point out, however, that in this case you may not be able to use all of the functions of our websites. You can also prevent Google from collecting data generated by cookies and relating to your use of the website, and from the processing of this data by Google, by downloading and installing the browser plug-in available under the following link under the item DoubleClick Deactivation Extension: https://adssettings.google.com/anonymous?hl=en-GB&sig=ACi0TCigql3uTG8RvIWbqLmzLjQIjfwaEea3xFV5rKDiX-sCvvUBMHtp9-FRYqC2k2SiY85NU5gEm4Aq72X_PD9CEBM3159F2Q. Alternatively you can disable the Doubleclick cookies on the Digital Advertising Alliance page under the following link: hhttp://optout.aboutads.info/?c=2#!/.

Doubleclick Ad Exchange

Doubleclick Ad Exchange by Google is a service offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). DoubleClick Ad Exchange delivers banner ads to websites whenever users visit one of DoubleClick's partner websites. The ad server loads a cookie into the user's browser to record information about his or her surfing behaviour. This information includes search terms used for a product search. Since the ad server uses cookies to establish a connection, appropriate advertising is delivered the next time you visit the site. For this purpose, a third party DoubleClick cookie is also placed on the user's end device. More information about the DoubleClick cookie can be found on Google's web pages: https://policies.google.com/technologies/ads?hl=en

By using our website you agree to the processing of data relating to you and collected by Google, and to the processing of data as described above and for the purpose described above. You can prevent the storage of cookies by selecting the appropriate settings in your browser software. We wish to point out, however, that in this case you may not be able to use all of the functions of our websites. You can also prevent Google from collecting data generated by cookies and relating to your use of the website, and from the processing of this data by Google, by downloading and installing the browser plug-in available under the following link under the item DoubleClick Deactivation Extension: https://adssettings.google.com/anonymous?hl=en-GB&sig=ACi0TChtnZcuro6ZxoRD4JwO38hiqwHkZYr1F2D9BcXsboH9uIt1UI5Q-pD8UK9vBQGxyzcKcZVXNPCuOowmNWRpWvy9RAdbCpFZyFKWLA4nRlIaWQL15Lk. Alternatively you can disable the Doubleclick cookies on the Digital Advertising Alliance page under the following link: hhttp://optout.aboutads.info/?c=2#!/.

GA Audiences

On this website GA Audiences, a web analysis service from the provider Google, collects and stores data, from which user profiles are created by using pseudonyms. This technology shall enable users who have already visited our websites and online services to see targeted advertising from us on other external sites in the Google Partner Network. To this end, a cookie is placed on your computer that can analyse user behaviour when visiting the website and subsequently use it for targeted product recommendations and interest-based advertising. No personal data is stored or processed as a result of the placing of cookies. If you do not wish to receive interest-based advertising, you can disable Google's use of cookies for these purposes by following the instructions under https://adssettings.google.de/anonymous?hl=de&sig=ACi0TChBTZWkMHled4r8K1E5s8sDycLH4nlPH7nXV4fxJHzx7fFqWVOr3kAtHjejoe84wKPDUc3Ec8x5ZWa_ytQZQ4SPuZh3fEeFjXI-tdtgJcs41k9Rpps#display_optout.

You can permanently disable Google's use of cookies by amending the following link and cookie management settings accordingly: https://policies.google.com/technologies/managing?hl=en, https://policies.google.com/technologies/ads?hl=en. You can make changes to display preferences under https://adssettings.google.de/anonymous?sig=ACi0TCgmsgeSAEHFT2o2L-oTBsOxqUwH-8o6N6coNTwA7gv80WmsW6d7RfCY3gLlOPGzGRd0VEHhEaDmXmE_Z1n0Adsr4PXysr-aGSjy_Oy9NRlUGxn-f_0&hl=en

Alternatively, you can disable the use of cookies by third parties by visiting the deactivation website of the Network Advertising Initiative under http://optout.networkadvertising.org/?c=1#!/ and implementing the further information on opt-out described there.

7. Newsletter

Newsletter data

If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter. The data processed before we receive your request may still be legally processed.

The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.

e.sy Newslettertool

We use the e.sy Newslettertool software tool as part of sending our newsletter. The e.sy Newslettertool is a project of bgp e.media GmbH, headquartered in Germany (address: bgp e.media GmbH, Max-Planck-Ring 62a, 46049 Oberhausen), which is subject to German jurisdiction and data protection. For our newsletter, e.sy Newslettertool provides the software and infrastructure for creating, designing, sending and evaluating newsletters. Import of addresses, the contents of the sent newsletters and the order to send the newsletters is undertaken exclusively on behalf of the customer. Your data will not be disclosed under any circumstances. With regard to secure order processing of your personal data in the newsletter tool, there is a legally binding agreement for order data processing with bgp e.media GmbH.

Legal basis

Data processing is based on Art. 6 (1) (a) DSGVO. You may revoke your consent at any time. The data processed before we receive your request may still be legally processed.

Storage duration

The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted from our servers and those of bgp e.media. Data we have stored for other purposes (e.g. email addresses for the members area) remains unaffected.

Completion of an outsourced data processing contract

We have entered into a data processing agreement with bgp e.media, in which we require bgp e.media to protect the data of our customers and not to disclose said data to third parties.

Sendinblue

This website uses Sendinblue for the sending of newsletters. The provider is the Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Sendinblue services can, among other things, be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter are archived on Sendinblue’s servers in Germany.

Data analysis by Sendinblue

Sendinblue enables us to analyze our newsletter campaigns. For instance, it allows us to see whether a newsletter message has been opened and, if so, which links may have been clicked. This enables us to determine, which links drew an extraordinary number of clicks.

Moreover, we are also able to see whether once the e-mail was opened or a link was clicked, any previously defined actions were taken (conversion rate). This allows us to determine whether you have made a purchase after clicking on the newsletter.

Sendinblue also enables us to divide the subscribers to our newsletter into various categories (i.e., to “cluster” recipients). For instance, newsletter recipients can be categorized based on age, gender, or place of residence. This enables us to tailor our newsletter more effectively to the needs of the respective target groups.

If you do not want to permit an analysis by Sendinblue, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message. Moreover, you can also unsubscribe from the newsletter right on the website.

For detailed information on the functions of Sendinblue please follow this link: https://www.sendinblue.com/newsletter-software/.

Legal basis

The data is processed based on your consent (Art. 6(1)(a) GDPR). You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.

Storage period

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

For more details, please consult the Data Protection Regulations of Sendinblue at: https://de.sendinblue.com/datenschutz-uebersicht/.

Data processing

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

8. Hosting and Content Delivery Networks (CDN)

We are hosting the content of our website at the following provider:

Webflow

The provider is the Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter referred to as “Webflow”). When you visit our website, Webflow records various logfiles, including your IP address.

Webflow is a tool for the creation and hosting of websites.  Webflow stores cookies or other recognition technologies that are required for the depiction of the site, for the provision of certain website functions and to guarantee its security (necessary cookies).

For details, please consult the data privacy policy of Webflow: https://webflow.com/legal/eu-privacy-policy.

We use Webflow on the basis of Art.6(1)(f) GDPR. We have a legitimate interest in ensuring that our website is depicted as reliable as possible. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

The transfer of data to the United States is based on the standard contract clauses of the EU Commission. For details, please go to: https://webflow.com/legal/eu-privacy-policy.

Data processing

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

Cloudflare

We use the “Cloudflare” service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. (hereinafter referred to as “Cloudflare”).

Cloudflare offers a content delivery network with DNS that is available worldwide. As a result, the information transfer that occurs between your browser and our website is technically routed via Cloudflare’s network. This enables Cloudflare to analyze data transactions between your browser and our website and to work as a filter between our servers and potentially malicious data traffic from the Internet. In this context, Cloudflare may also use cookies or other technologies deployed to recognize Internet users, which shall, however, only be used for the herein described purpose.

The use of Cloudflare is based on our legitimate interest in a provision of our website offerings that is as error free and secure as possible (Art. 6(1)(f) GDPR).

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/.

For more information on Cloudflare’s security precautions and data privacy policies, please follow this link: https://www.cloudflare.com/privacypolicy/.

Amazon CloudFront CDN

We use the Content Delivery Network Amazon CloudFront CDN. The provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (hereinafter referred to as “Amazon”).

Amazon CloudFront CDN is a globally distributed Content Delivery Network. During these transactions, the information transfer between your browser and our website is technically routed via the Content Delivery Network. This enables us to boost the global availability and performance capabilities of our website.

The use of Amazon CloudFront CDN is based on our legitimate interest in keeping the presentation of our web services as error free and secure as possible (Art. 6(1)(f) GDPR).

The data transfer to the United States is based on the Standard Contract Clauses of the EU Commission.  You can find the details here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.

For more information on Amazon CloudFront CDN please follow this link: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf.

9. Plugins and tools

Webfont from Fast.Fonts.Net or Fonts.com

This site uses so-called "web fonts" provided by Monotype GmbH (fonts.com or fast.fonts.net) for the uniform presentation of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

To do this, your browser must establish a connection with the fonts.com server. Fonts.com is therefore aware that our web page has been accessed via your IP address. Fonts.com web fonts are used in the interest of a uniform and appealing presentation of our online offerings. This constitutes a justified interest within the meaning of Art. 6 para. (1)(f) GDPR (General Data Protection Regulation).

If your browser does not support web fonts, a standard font is used by your computer.

Further information about these web fonts can be found under https://www.fonts.com/info/legal and in the Fonts.com privacy policy: https://www.fonts.com/info/legal/privacy and in the Monotype GmbH privacy policy: https://www.monotype.com/legal/privacy-policy.

Tripadvisor and Yelp

Yelp plugins(Yelp Ireland Ltd. 70 Sir John Rogerson's Quay, Dublin 2, Ireland) and TripAdvisor plugins (TripAdvisor Inc., 141 Needham Street, Newton, MA 02464, USA) are integrated on our website.

Our site contains links that lead directly to Yelp as well as TripAdvisor and our rated store on these sites. The links are clearly marked by the logos and / or the name Yelp or TripAdvisor. When you visit our pages, the plugin establishes a direct connection between your browser and the server of the respective plugin providers. These companies receive the information that you have visited our site with your IP address. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by the companies mentioned.

To get information about Yelp's privacy policy visit: http://www.yelp.de/tos/privacy_policy.

To get information about TripAdvisor's privacy policy visit: https://www.tripadvisor.de/pages/privacy.html.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to determine whether data entered on this website (e.g., information entered into a contact form) is being provided by a human user or by an automated program. To determine this, reCAPTCHA analyzes the behavior of the website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g., IP address, time the website visitor spent on the site or cursor movements initiated by the user). The data tracked during such analyses are forwarded to Google.

reCAPTCHA analyses run entirely in the background. Website visitors are not alerted that an analysis is underway.

Data are stored and analyzed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the protection of the operator’s websites against abusive automated spying and against SPAM. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

For more information about Google reCAPTCHA please refer to the Google Data Privacy Declaration and Terms Of Use under the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.

Zapier

We have integrated Zapier on this website. The provider is Zapier Inc, Market St. #62411, San Francisco, CA 94104-5401, USA (hereinafter “Zapier”).

Zapier allows us to link and synchronize various functionalities, databases, and tools with our website. In this way, it is possible, for example, to automatically play out content that we publish on our website on our social media channels or to export content from marketing and analysis tools. Depending on the functionality, Zapier may also collect various personal data in the process.

The use of Zapier is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest on the most effective integration of the tools used. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://zapier.com/tos.

Data processing

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

10 Application

Description and scope of data processing

As part of their application, we offer users the opportunity to register on our website by providing personal data. The data is entered into an input screen, transmitted to us, and stored. This data is not transferred to third parties. The following data is collected during the registration process:

Personal data (first and last name, date of birth, address, graduation credential), communication data (telephone number, mobile phone number, fax number, email address), Report data (from third parties such as credit bureaus, or from public directories), Data on assessment and evaluation in the application procedure, Data on education (school, vocational training, civil/military service, studies, degree), Data on previous professional career, training and job references, Information on other qualifications (e.g., language skills, PC skills, volunteer activities), Application photos, Information on salary expectations, Application history

Legal basis for data processing and order data processing

The legal basis for processing data after the user registers for the newsletter is, if the user's consent to this has been obtained, Art. 6, Para. 1 lit. a) GDPR.

Purpose of the data processing

The data you provide will only be used to process your application for the advertised position. Only persons who are involved in the application process are informed of your personal data. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. We do not share your personal information with third parties, unless you have consented to the transfer of data or we are obliged by law and/or official or judicial orders to a data transfer. With an application an account is created in our career portal, where you can view and manage your application.

Duration of storage

Your data will be automatically deleted within 24 months after completion of the specific application procedure. This does not apply if statutory provisions preclude deletion, continued storage for the purpose of evidence is required, or you have expressly agreed to a longer storage duration.

Security

We take all necessary technical and organisational security measures to protect your personal data from loss or misuse. All data is transmitted in encrypted form and protected by appropriate technology.

11. Plug-ins and Tools

Adobe Fonts

In order to ensure the uniform depiction of certain fonts, this website uses fonts called Adobe Fonts provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you access pages of this website, your browser will automatically load the required fonts directly from the Adobe site to be able to display them correctly on your device. As a result, your browser will establish a connection with Adobe’s servers in the United States. Hence, Adobe learns that your IP address was used to access this website. According to the information provided by Adobe, no cookies will be stored in conjunction with the provision of the fonts.

Data are stored and analyzed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a uniform presentation of the font on the operator’s website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.adobe.com/de/privacy/eudatatransfers.html.

For more information about Adobe Fonts, please read the policies under: https://www.adobe.com/privacy/policies/adobe-fonts.html.

Adobe’s Data Privacy Declaration may be reviewed under: https://www.adobe.com/privacy/policy.html.

12. Competitions

Description and scope of data processing

From time to time we offer participation in competitions on our website. Registration is required to participate, with entry of the following data:

  • 1. Email address
  • 2. First and last name
  • 3. Postal address

The following data is also stored at the time the message is sent:

  • 1. The user's anonymised IP address
  • 2. Date and time of registration

We use this information to notify you of winning. You can find detailed information in our terms of participation for each competition.

If you participate in a competition on our website and enter your email address, we may subsequently use it for sending you a newsletter if you have given your consent. In such a case, only direct marketing of our own similar products or services will be sent via the newsletter.

Legal basis for data processing

The legal basis for processing data after the user registers for the competition is, if the user's consent to this has been obtained, Art. 6 Para. 1 lit. a) DSGVO.

Purpose of the data processing

The data you have transmitted will be used exclusively for participation in the competition, unless you have actively consented to its being stored for a longer period.

Only persons who are involved in the competition process are informed of your personal data. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. Your data will be used strictly for the intended purpose, and in this context may be passed on to third parties (for example, for the purpose of sending winnings).

Duration of storage

The data will be deleted as soon as it is no longer necessary for achieving the purpose of its collection, unless you have consented to its being stored for a longer period. For the personal data entered in the competition input screen, the achievement of the purpose is the end of the respective competition.

Personal data that was additionally collected during the sending procedure will be deleted at the latest after a period of seven days.

facebook raffleWe organize on our website facebook competitions.

The respective competitions are not affiliated with Facebook and are in no way sponsored, supported or organized by Facebook.

Participation in the raffle is only possible at the respective terms and conditions. By participating in the competition, the participant expressly acknowledges these terms and conditions. The organizer reserves the right to change, adapt or terminate the raffle at any time without prior notice and without giving reasons.

Insofar as personal data of participants are collected within the framework of a raffle, these are collected, processed and used by the organizer solely for the purpose of carrying out the action and can be published on our websites or on our facebook page. As part of the competition participation, a consent to the processing of the entered personal data is obtained.

If you participate in the raffle, data entered in this framework may also be transmitted to facebook. We point out that we as the provider of the pages are not aware of the content of the data transmitted and their use by Facebook. For more information, please refer to the Facebook Privacy Policy at https://de-de.facebook.com/policy.php.

13. Custom Services

Handling applicant data

We offer website visitors the opportunity to submit job applications to us (e.g., via e-mail, via postal services on by submitting the online job application form). Below, we will brief you on the scope, purpose and use of the personal data collected from you in conjunction with the application process. We assure you that the collection, processing, and use of your data will occur in compliance with the applicable data privacy rights and all other statutory provisions and that your data will always be treated as strictly confidential.

Scope and purpose of the collection of data

If you submit a job application to us, we will process any affiliated personal data (e.g., contact and communications data, application documents, notes taken during job interviews, etc.), if they are required to make a decision concerning the establishment or an employment relationship. The legal grounds for the aforementioned are § 26 BDSG according to German Law (Negotiation of an Employment Relationship), Art. 6(1)(b) GDPR (General Contract Negotiations) and – provided you have given us your consent – Art. 6(1)(a) GDPR. You may revoke any consent given at any time. Within our company, your personal data will only be shared with individuals who are involved in the processing of your job application.

If your job application should result in your recruitment, the data you have submitted will be archived on the grounds of § 26 BDSG and Art. 6(1)(b) GDPR for the purpose of implementing the employment relationship in our data processing system.

Data Archiving Period

If we are unable to make you a job offer or you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6(1)(f) GDPR) for up to 6 months from the end of the application procedure (rejection or withdrawal of the application). Afterwards the data will be deleted, and the physical application documents will be destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the expiry of the 6-month period (e.g., due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.

Longer storage may also take place if you have given your agreement (Article 6(1)(a) GDPR) or if statutory data retention requirements preclude the deletion.

Admission to the applicant pool

If we do not make you a job offer, you may be able to join our applicant pool. In case of admission, all documents and information from the application will be transferred to the applicant pool in order to contact you in case of suitable vacancies.

Admission to the applicant pool is based exclusively on your express agreement (Art. 6(1)(a) GDPR). The submission agreement is voluntary and has no relation to the ongoing application procedure. The affected person can revoke his agreement at any time. In this case, the data from the applicant pool will be irrevocably deleted, provided there are no legal reasons for storage.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been granted.