ENGLISCH
ENGLISCH
DEUTSCH

1. the identity and contact details of the supplier of products and/or services and the contact details of the data protection officer.

 

The identity and contact details of the supplier of products and/or services (hereinafter in this Privacy Policy also referred to as "Supplier of Products and/or Services" or "Data Controller"):

 

Da Vinci Restaurant

Address: Kirchstraße 80, 67691 Hochspeyer, Germany.

Public telephone: +496305 8279 and +49 170 2002018

Sales tax identification number according to §27a Umsatzsteuergesetz: 19040 31265

 

1.1 The contact details of the Data Protection Officer ("DPO") can be found on this website as long as such DPO has been (is required to be) appointed.

 

2. purpose (and related legal basis) of the processing(s).

 

2.1 The data controller will process the personal data that you (hereinafter also referred to as "you" or the "customer" or the "data subject") as a customer (e.g.. name, surname, (delivery) address, telephone number, e-mail address) when ordering products and/or services via the Provider's application (also referred to in this Privacy Policy as the "Application" or the "Solution"), and which have been communicated by the Provider to the Data Controller, for all steps necessary for the conclusion of a contract with the Customer (as a result of a request by the Customer in this sense when using the Application) and in order to be able to process the contract with the Customer (the "Contract/Agreement").

 

2.2 Your electronic contact information provided in connection with the sale of a product or service may be used for direct marketing (unsolicited messages) regarding similar products or services. You may withdraw your consent at any time by using the unsubscribe link available prior to your order session or in the footer of any marketing email message you receive from us.

 

2.4 Without prejudice to the generality of the foregoing and for clarity, your (electronic contact) data may be used by the Data Controller and/or the supplier of products and/ or services to send you direct marketing messages (unsolicited messages for products and services not similar to those for which you have provided the personal data) as long as you have given your consent for this purpose. You may withdraw your consent at any time by accessing the link provided.

 

2.5 The Data Controller shall store and process your personal data to the extent and for the period provided for by the applicable legal provisions.

 

2.6 The Data Controller shall also process your personal data for other purposes for which you have given your unambiguous consent.

 

3. legal basis of the processing

 

The legal basis for the Processing is Article 6(1)(b) and (c) and, in particular, in the case of direct marketing, point (f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (referred to in this Information Notice as the "Regulation" or "GDPR"), namely:

 

(b) The processing is necessary for the performance of a contract to which the data subject is party or to take certain steps at the request of the data subject, prior to the conclusion of a contract;

 

(c) The processing is necessary to comply with a legal obligation to which the Data Controller is subject;

 

 ......................

 

(f) The processing is necessary for the purposes of legitimate interests pursued by the data controller or by third parties...".

 

To the extent permitted by applicable law, the processing of personal data for direct marketing purposes may be for legitimate purposes, taking into account that there is a relevant and appropriate relationship between the data subject and the data controller. The legitimate interests pursued by the data controller through direct marketing communications are mainly the possibility to keep the customer informed about the data controller's activities.

 

4. recipients or categories of recipients of the personal data.

 

4.1. send your data to different recipients and to different (third) countries, recipients who process the personal data for compatible, related and correlated purposes in order to fulfill the contract you have entered into with data controllers, namely: suppliers, printing service operators, POS billing operators, loyalty program operators, etc.

 

4.2 Without prejudice to the generality of the foregoing and for the sake of clarity, the following information will be communicated to the following categories of recipients for the following purposes:

 

4.2.1. your data, namely: surname, first name, email address, telephone number, delivery address (if relevant), together with the details of your order, electronically (except for the details of the payment card, if you have chosen an online payment process) will be sent through an email service operator (again) to the suppliers of products and / or services and to you back, via email, to process the order and to offer you the relevant information about the confirmation or rejection of the order or about the missed orders and about the delivery of your order.

 

4.2.2 Your data, namely: surname, first name, e-mail address, telephone number, delivery address (if relevant), together with the details of your order, electronically (except for the details of the payment card, if you have chosen an online payment process) will be sent back (again) to the suppliers of products and / or services and to you through an SMS messenger operator, by SMS, to process the order and to offer you the relevant information about the confirmation or rejection of the order or about the missed orders and about the delivery of your order.

 

4.2.3. the personal data will also be sent to be stored by the data storage providers

 

5. transfer of personal data to third countries or an international organization

 

5.1 A possible transfer or a series of transfers of personal data to a third country or an international organization may only take place under one of the following conditions:

 

(a) The data subject has expressly consented to the proposed transfer after being informed of the potential risks of such transfers to the data subject due to the lack of an adequacy decision and adequate safeguards;

 

(b) The transfer is necessary to perform a contract between the data subject and the data controller or to take pre-contractual measures initiated at the request of the data subject;

 

(c) The transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the data controller and another natural or legal person;

 

(d) The transfer is necessary for important reasons of public interest;

 

(e) The transfer is necessary for the establishment, exercise or defense of legal claims;

 

(f) The transfer is necessary to protect the vital interests of the data subject or other persons when the data subject is physically or legally incapable of giving consent;

 

(g) The existence of an adequacy decision pursuant to the regulation;

 

(h) the existence of adequate safeguards, including binding corporate rules in accordance with the Regulation;

 

5.2 The following data will be transferred to the following third countries:

 

5.2.1. last name, first name, email address, phone number, delivery address (if applicable) will be sent to Sendgrid Inc, located in Denver Colorado, USA to process the order and to send you the relevant notifications regarding the confirmation or rejection of an order or about missed orders and the delivery of your order.

 

5.2.2 Last name, first name, email address, phone number, shipping address (if applicable) will be sent to Peaberry Software Inc. d/b/a Customer IO located in New York, USA to process the order and to send you the relevant notifications regarding the confirmation or rejection of the order or about missed orders and the delivery of your order.

 

5.2.3 Last name, first name, email address, phone number, shipping address (if applicable) will be sent to Twilio Inc., of San Francisco, California- USA to process the order and to send you the relevant notifications regarding the confirmation or rejection of an order or about missed orders and the delivery of your order.

 

5.2.4 Last name, first name, email address, phone number and delivery address (if applicable), the IP address from which the order originates, will be sent to Amazon.com Inc. of Oregon - USA to be stored and/or to process the order and to send you the relevant notifications regarding the confirmation or rejection of an order or about missed orders and the delivery of your order.

 

5.2.5 If online payment is available and you choose to use this payment option, then the last name, first name, email address, phone number, shipping address (if applicable), IP address from which the order originated, cardholder name, bank card expiration date, bank card number, Cvv code (if necessary) will be sent to Speedly Inc. located in Durham, North Carolina, USA, for processing the order and to send you the relevant notifications regarding confirmation or rejection of an order or about missed orders and delivery of your order.

 

5.2.6 Third countries may be added and / or deleted by the Data Controller at any time, as the case may be.

 

6. the period for which the personal data will be stored / the criteria for determining this period.

 

The personal data will be stored for 1 year, but not less than the period provided for in the applicable legal provisions.

 

The personal data will be stored (mainly) in order to execute the contract and for fiscal and / or legal purposes and in addition thereto, in particular and without prejudice to the generality of the foregoing, the email address and telephone number (as the case may be) will be stored for direct marketing purposes.

 

7. obligation to provide the personal data and the possible consequences of not providing them

 

The provision of personal data is required by contract.

The data subject is obliged to provide the personal data.

 

Refusal to provide (certain) (personal) data will result (as a consequence of the failure to fulfill the obligation to provide corresponding data) in the inability to fully use the Application (and / or certain functions of the Application) and / or in the impossibility to order and / or purchase and / or pick up and / or deliver products and / or services, in which case the Data Controller is entitled not to process the order.

 

Without prejudice to the generality of the foregoing and for the sake of clarity:

 

(i) If the data regarding the location to which the Products must be delivered is not provided, the Products cannot be delivered;

 

ii) If the e-mail address is not provided, we will not be able to send you information about the confirmation or rejection of the order or about missed orders and / or other information regarding your order and communication with you will not be able to take place;

 

v) If the first name and last name are not provided, we do not have the minimum identification data to make a valid agreement with you and your order will not be processed, we will not be able to send you information on the confirmation or rejection of the order or about the missed orders

 

vi) If the IP addresses are not provided, no further investigation can be done to determine what happened and whether you have been a victim of a fraudulent order process (e.g., fake orders, pranks, or impersonation), so the order may not be accepted.

 

vii) If the phone number is not provided, the data controller may not contact you in a timely manner to obtain order-related clarifications or confirmations of the shipping address.

 

8. right of access of the data subject

 

8.1 The Data Subject shall have the right to obtain from the Data Controller confirmation as to whether his or her Personal Data are being processed and, should this be the case, access to the Personal Data and the following information:

 

(a) The purpose of the processing;

(b) the categories of personal data concerned;

 

(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;

 

(d) where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria by which this period will be determined;

(e) the existence of the right to obtain from the data controller the rectification or erasure of personal data or the restriction of the processing of personal data relating to the data subject, or to object to such processing;

 

(f) the right to lodge a complaint with a supervisory authority;

 

(g) If the personal data is not collected from the data subject, any available information about its source;

 

(h) the existence of automated decision-making, including profiling, referred to in the Regulation and, at least in such cases, meaningful information about the logic involved and the significance and envisaged consequences of such processing for the data subject.

 

8.2 In case of transfer of personal data to a third country or an international organization, the data subject shall have the right to be informed about the relevant safeguards in connection with the transfer.

 

8.3 The Controller shall provide a copy of the personal data to be processed. For additional copies requested by the Data Subject, the Data Controller may charge a reasonable fee based on administrative costs. If the Data Subject makes the request electronically and does not request otherwise, the information shall be provided in a commonly used electronic form.

 

8.4 The right to obtain a copy under paragraph 8.3 does not affect the rights and freedoms of others.

 

9. right to rectification

 

The data subject has the right to obtain from the data controller the rectification without undue delay of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by submitting a supplementary declaration.

 

10. right to erasure ('right to be forgotten')

 

10.1 The Data Subject shall have the right to obtain from the Data Controller the erasure of Personal Data concerning him or her without undue delay, and the Data Controller shall be obliged to erase the Personal Data without undue delay, if one of the following reasons applies:

 

(a) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

 

(b) The data subject withdraws the consent on which the processing is based, if the processing is based on the data subject's consent to process personal data for one or more specific purposes and there is no other legal ground for the processing;

 

(c) The data subject objects to the processing on grounds relating to his or her particular situation, in accordance with the Regulation, and there are no compelling legitimate grounds for the processing, or the data subject objects to the processing for direct marketing purposes and there is no other legal ground for the processing;

 

(d) the personal data have been processed unlawfully;

 

(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the data controller is subject;

 

(f) The Personal Data has been collected in connection with the provision of information society services to a child, in accordance with the Regulation.

 

10.2 If the Data Controller has disclosed the Personal Data and is required to erase the Personal Data pursuant to paragraph 10.1, the Data Controller shall, taking into account the available technology and implementation costs, take reasonable measures, including technical measures, to inform the Data Controllers that the Data Subject has requested such Data Controllers to erase the links to such Personal Data or to copy or replicate such Personal Data.

10.3 Paragraphs 10.1 and 10.2 shall not apply to the extent that processing is necessary:

 

(a) for the exercise of the right to freedom of expression and information;

 

(b) for compliance with a legal obligation requiring processing under Union or Member State law to which the Data Controller is subject or for the performance of a task carried out in the public interest or for the exercise of official authority vested in the Data Controller;

 

(c) for reasons of public interest in the field of public health, in accordance with the Regulation;

 

(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in accordance with the Regulation, where the right referred to in paragraph 10.1 is likely to make impossible or seriously prejudice the achievement of the purposes of such processing; or

 

(e) necessary for the establishment, exercise or defense of legal claims;

 

11. right to restriction of processing

11.1 The Data Subject shall have the right to obtain from the Data Controller a restriction of the Processing if one of the following conditions applies:

 

(a) The Data Subject disputes the accuracy of the Personal Data for a period enabling the Data Controller to verify the accuracy of the Personal Data;

 

(b) The processing is unlawful and the data subject objects to the erasure of the personal data and requests instead the restriction of its use;

 

(c) The data controller no longer needs the personal data for the purpose of processing, but they are needed by the data subject for the establishment, exercise or defense of legal claims;

 

(d) The data subject objects to the processing, in accordance with the Regulation, on grounds relating to his or her particular situation, until it can be ascertained whether the data controller's legitimate grounds override those of the data subject.

 

11.2 Where processing has been restricted in accordance with paragraph 11.1, such personal data shall be processed, with the exception of storage, only with the consent of the data subject, or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of substantial public interest of the Union or a Member State.

 

11.3 A data subject who has received a restriction on processing pursuant to paragraph 11.1 shall be informed by the Data Controller before the restriction on processing is lifted.

 

12. Notification obligation regarding rectification or erasure of personal data or restriction of processing.

 

The Data Controller shall notify any rectification or erasure of personal data or restriction of processing pursuant to paragraph 9, paragraph 10.1 and paragraph 11 to any recipient to whom the personal data have been disclosed, unless this proves impossible or requires a disproportionate effort. The Data Controller shall inform the Data Subject about these recipients if the Data Subject so requests.

 

13. Right to data portability

 

13.1 The Data Subject shall have the right to receive the Personal Data concerning him or her that he or she has provided to the Data Controller in a structured, commonly used and machine-readable format and shall have the right to freely transfer such data to another Data Controller without being prevented from doing so by the Controller to whom the Personal Data were originally provided, provided that:

 

(a) The processing is based on consent or on a contract; and

(b) The processing is automated.

13.2.When exercising the right to data portability under paragraph 13.1, the Data Subject shall have the right to have the Personal Data transferred directly from one Data Controller to another, where technically feasible.

 

13.3 The exercise of the right referred to in paragraph 13.1 of this Article shall be without prejudice to Article 17. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or for the exercise of official authority vested in the data controller.

 

13.4 The right to obtain a copy pursuant to paragraph 13.1 shall not affect the rights and freedoms of others.

 

14. right to object

 

14.1 The Data Subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of Personal Data concerning him or her or a third party for the legitimate interests of the Data Controller or a third party, including profiling based on these provisions. The Data Controller shall no longer process the personal data, except in the case where the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.

 

14.2 If personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of such data for this purpose, including profiling to the extent related to such direct marketing.

 

14.3 If the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes. In the event that the data subject opts out of the processing of personal data for direct marketing purposes separately and without connection to any other action, including by activating an acceptance button for the processing of personal data for direct marketing purposes, the latest personal data provided shall be processed for that purpose.

 

14.4.At the latest at the time of the first communication to the data subject, the right referred to in paragraphs 14.1 and 14.2. shall be expressly brought to the attention of the data subject and presented clearly and separately from other information.

 

14.5.In the context of the use of information society services and notwithstanding Directive 2002/58 / EC, the Data Subject may exercise his/her right to object in an automated manner, using technical specifications.

 

14.6 If personal data are processed in accordance with the Regulation, for scientific or historical research purposes or for statistical purposes, the data subject shall have the right to object, on grounds relating to his or her personal situation, to the processing of personal data, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

 

15. Automated individual decision-making, including profiling.

 

15.1 The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

 

15.2 Paragraph 15.1. shall not apply if the decision:

(a) is necessary for the conclusion or performance of a contract between the data subject and a data controller;

 

(b) is authorized by Union or Member State law to which the data controller is subject and which also lays down appropriate measures to protect the data subject; or

(c) is based on the explicit consent of the Data Subject.

 

15.3.In the cases referred to in paragraph 15.2 (a) and (c), the Data Controller shall take appropriate measures to protect the rights and freedoms of the Data Subject and his or her legitimate interests, at least the right to obtain human intervention by the Controller, to express his or her point of view and to challenge the decision.

 

16. the right to lodge a complaint with a supervisory authority

 

16.1 Without prejudice to any other administrative or judicial remedy, any data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of his personal data, infringes the Regulation.

 

16.2 The supervisory authority to which the complaint has been submitted shall inform the complainant of the progress and outcome of the complaint, including the possibility of a legal remedy pursuant to Article 17.

 

17. right to an effective remedy against a supervisory authority

 

17.1 Without prejudice to other administrative or extrajudicial remedies, any natural or legal person shall have the right to an effective remedy against a legally binding decision of a supervisory authority affecting him.

17.2 Without prejudice to other administrative or extrajudicial remedies, any data subject shall have the right to an effective remedy if the supervisory authority responsible under the Regulation does not deal with a complaint or does not inform the data subject within three months of the progress or the outcome of the complaint lodged in accordance with Article 16.

17.3 Proceedings against a supervisory authority shall be brought before the courts of the Member State in which the supervisory authority is established.

 

17.4 If proceedings are brought against a decision of a supervisory authority which has been preceded by an opinion or a decision of the Management Board under the consistency mechanism, the supervisory authority shall forward such opinion or decision to the court.

 

18. right to an effective remedy against a data controller or processor

 

18.1 Without prejudice to available administrative or extrajudicial remedies, including the right to lodge a complaint with a supervisory authority under the Regulation, any data subject shall have the right to an effective remedy if he or she considers that his or her rights have been infringed as a result of the processing of his or her personal data in breach of the Regulation.

 

18.2 Proceedings against a data controller or a processor shall be brought before the courts of the Member State in which the data controller or the processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the data subject is habitually resident, unless the data controller or processor is a public authority of a Member State acting in the exercise of its public powers.

 

19. representation of the data subjects

19.1 The data subject shall have the right to mandate a non-profit body, organization or association, duly constituted under the law of a Member State, having legitimate aims which are in the public interest and acting to protect the rights and freedoms of data subjects, in relation to the protection of his or her personal data, to lodge a complaint on his or her behalf, to exercise the rights referred to in Articles 16, 17 and 18 and to exercise the right to compensation referred to in the Regulation on his or her behalf, where provided for in the law of the Member States.

 

19.2 Member States may provide that any body, organization or association referred to in paragraph 19.1 of this Article, irrespective of the mandate of a data subject, shall have the right to lodge a complaint in that Member State with the competent supervisory authority referred to in paragraph 19.1, and to exercise the rights referred to in Articles 17 and 18, if it considers that the rights of a data subject under the Regulation, as a result of the processing, have been infringed.

 

20. Right to compensation and liability

 

20.1 Any person who has suffered material or non-material damage as a result of a breach of the Regulation shall be entitled to compensation from the Data Controller or the Processor for the damage suffered.

 

20.2 Any data controller involved in the processing shall be liable for damage caused by the processing in violation of this Regulation. The Processor shall be liable for damage caused by the Processing only if it has failed to comply with the obligations of the Regulation specifically addressed to Processors or if it has acted outside or against lawful instructions of the Data Controller.

 

20.3 The Data Controller or Processor shall be exempt from liability under paragraph 20.2 if it proves that it is in no way responsible for the event that caused the damage.

 

20.4 Where more than one Data Processor or both a Data Controller and a Processor are involved in the same Processing and where they are responsible, in accordance with paragraph 20.2. and 20.3, for damage caused by the Processing, each Data Controller or Processor shall be liable for the entire damage in order to ensure effective compensation of the Data Subject.

20.5 If a Data Controller or Processor has paid full compensation for the damage suffered in accordance with paragraph 20.4, such Data Controller or Processor shall be entitled to recover from the other Data Controllers involved in the same Processing the compensation corresponding to their share of responsibility, in accordance with the conditions set forth in paragraph 18.2.

20.6 Legal proceedings to exercise the right to compensation shall be conducted before the courts competent under the law of the Member State referred to in 18.2.

 

21. withdrawal of consent

 

Where the processing is based on: i) the data subject's consent to the processing of his or her personal data for one or more specific purposes; or ii) the data subject's consent to the processing of specific personal data for one or more specific purposes, unless Union or Member State law provides that the prohibition on the processing of specific personal data may not be withdrawn by the data subject,

 

The data subject shall have the right to withdraw consent at any time without affecting the lawfulness of the processing based on the consent prior to its withdrawal.

 

For the sake of clarity, the withdrawal of consent does not affect the processing of personal data, based on other legal bases.

 

22.cookie policy

 

[The Data Controller's web application may use "cookies."

 

Cookies are text files containing small amounts of information that are downloaded to your device when you visit and use the application. Cookies are then returned to the original URL or to another URL that recognizes that cookie on each subsequent visit. Cookies are useful because they allow a website to recognize a user's device. For more information about cookies, see: www.allaboutcookies.org and www.youronlinechoices.eu . A video about cookies can be found at www.google.co.uk/ goodtoknow/data-on-the-web/cookies.

 

Cookies do many different tasks, such as browsing efficiently between pages, saving your preferences, and generally providing a better user experience.

 

They can also help make ads you see online more relevant to you and your interests.

 

You can set and / or adjust your (browser) settings and preferences for cookies and disable cookies at any time. If you disable them, you may not be able to use certain parts / features of the Controller's web application.

 

We may collect anonymous information, including for statistical or research purposes.

 

We use the following categories in our web-based application:

 

Category 1 - Strictly Necessary Cookies.

These cookies are essential for you to navigate the Controller's web application and use its features, such as accessing secure areas. Without these cookies, services such as shopping carts or electronic billing cannot be provided.

 

Category 2 - Performance cookies.

 

These cookies collect information about how you use the web application of the responsible party, for example, which pages you access most often and whether they receive error messages from websites and / or the web application. These cookies do not collect information that identifies the visitor. All information collected by these cookies is aggregated and therefore anonymous. They are used only to improve the functioning of the website (s) and / or application of the responsible.

 

As third-party cookies in this category, we use Google Analytics, a service that transmits website traffic data to Google servers in the United States. The reports provided by Google Analytics help us understand website traffic and usage. Google Analytics does not identify individual users and does not link your IP address to any other data held by Google.

 

Google Analytics: For more information about Google Analytics cookies, please see Google's help pages and privacy policy:

 

Google Privacy Policy

 

Google Analytics help pages

 

Google has developed the opt-out browser add-on. If you want to disable Google Analytics, you can download and install the add-on for your web browser.

 

Category 3 - Functional cookies

 

These cookies allow the controller's web application to remember choices you have made while browsing and / or using the application (for example, your username, language, or the region you are in), and thus can provide you with enhanced, more personalized features.

 

These cookies can also be used to store changes you have made to text size, language, and other parts of web pages that can be customized.

 

The information these cookies collect does not identify you personally and cannot track your browsing activity on websites other than those of the Responsible Party.

 

To reliably check your order status on the screen in the application, in real time, and for easy reordering, your data may be stored on your device and serve a local cookie.

 

Category 4 - Targeting cookies or advertising cookies.

 

These cookies are usually third-party cookies. However, when a user visits the advertising network's own website, it is technically possible that they are first-party cookies. They are always persistent, but temporary cookies. These cookies may be linked to services provided by third parties. However, this is not always the case. These cookies contain a unique key that can be used to distinguish the browsing habits of individual users or that can be translated into a set of browsing habits or preferences using information stored elsewhere. In general, the privacy policy should indicate whether the cookie is used as part of an advertising network. Cookies may also be used to limit the frequency with which a user sees a particular ad on a website and to measure the effectiveness of a particular advertising campaign.

 

Examples include:

- Cookies placed by advertising networks to capture browsing habits in order to target relevant ads to the user. The website that the user visits does not necessarily display advertising, but this is often the case.

 

- Cookies placed by advertising networks in connection with a service implemented by the website to improve functionality, such as entering comments on a blog, adding a website to the user's social network, providing maps or website visitor counters.

 

By default, category 4 cookies are not provided in the ordering application and the URL of the original website. However, it may be possible to order online from other websites that provide or facilitate access to the online menu and web application. Therefore, always check the cookie policy of the visited website from which you initiated an online ordering session to find out whether category 4 cookies are delivered and in what way you can disable them, depending on the legal case.

 

23. processing of your personal data by the provider as a processor of suppliers of products and / or services.

 

The Provider may also process your personal data as a processor of the suppliers of products and / or services, including but not limited to the following purposes, in accordance with the agreements with the suppliers of products and / or services : i) storing data for the suppliers of products and / or services; ii) sending notifications to you regarding the confirmation or rejection of your order or about the missed orders and about the delivery of your order; iii) sending direct marketing communications to you; iii) collecting IP addresses to be used in case of litigation and / or payment fraud; iv) Sending your data to different recipients and to different (third) countries, recipients that process the personal data for compatible, related and correlated purposes to fulfill the contract you have entered into with the suppliers of products and / or services, namely: Delivery , printing, POS billing, loyalty programs, online payment processing, etc.

 

24. other

 

24.1 You have all the rights set forth in this Privacy Policy, as well as all other rights set forth in the applicable legal provisions on the processing of personal data.

24.2 Your rights mentioned in this Privacy Policy may be exercised in accordance with the Regulation and other applicable legal provisions.

 

24.3 Any requests and / or demands that you send to the Data Controller to exercise your rights may be sent in writing by registered mail to the headquarters of the Data Controller and / or online through the contact for or contact email of the Data Controller according to the indications on the website www.google-dich.de or the email of the Data Protection Officer, if one has been appointed, and / or through other means of communication provided by law.

 

24.4 The data subject may, in accordance with the above, free of charge, access and rectify or erase personal data, restrict the processing of personal data, data portability and exercise the right to object and also the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, but also in relation to the security breach of personal data.

 

24.5 The terms used in this Privacy Policy shall have the meaning ascribed to them in the Regulation, unless the context requires otherwise or it is otherwise prescribed herein.

 

24.6 Unless otherwise required by applicable law, the Provider reserves the right to update and amend the Privacy Policy from time to time without specific notice.