Data protection
Information on data processing in accordance with Art. 13, 14 GDPR
We are pleased that you are visiting our homepage and thank you for your interest in our restaurant. Handling the data of our customers and interested parties is a matter of trust. The trust placed in us is very important to us and therefore we are committed to handling your data with care and protecting it from misuse.
To ensure that you feel safe and comfortable when visiting our website, we take the protection of your personal data and its confidential treatment very seriously. We therefore act in accordance with the applicable legislation on the protection of personal data and data security. With this information on data protection, we would therefore like to inform you about when we store which data and how we use it – naturally in compliance with the applicable legislation.
In particular, GRACE Berlin complies with the EU General Data Protection Regulation and the current German Federal Data Protection Act (BDSG). When using the Internet, we are guided by the Telemedia Act (TMG) of the Federal Republic of Germany to protect your personal data. In the following, we explain what information we collect during your visit to our website and how it is used.
Overview
Name and address of the person responsible
Name and address of the data protection officer
General information on data processing
Provision of the website and creation of log files
Use of analysis and tracking tools
Social media, plugins and tools
Right to lodge a complaint with a supervisory authority
Name and address of the person responsible
The controller within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is the:
Hotel Zoo Berlin Betriebs GmbH, Kurfürstendamm 25, 10719 Berlin;
Phone: +49 (0) 30 884 37 0, Mail: datenschutz@grace-berlin.com
Name and address of the data protection officer
The data protection officer of the controller is
Andreas Thurmann, DataSolution LUD GmbH, Isarstr. 13, D-14974 Ludwigsfelde
Phone: +49 (0) 3378 202513, Mail: mail@ds-lud.de
General information on data processing
Scope of the processing of personal data
We collect and use our users “personal data only to the extent necessary to provide a functional website and our content and services. The collection and use of our users” personal data only takes place regularly with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation (statutory provisions) to which our restaurant is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
Data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
Contact form/e-mail contact
Description and scope of data processing
There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are Name, telephone, e-mail, date, time, number of persons, subject, your request/message.
Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.
Legal basis for data processing
The legal basis for the processing of the data is initially our legitimate interest in data processing in the context of contacting the inquirer. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is in the context of a business initiation relationship or contractual relationship.
Purpose of data processing
The data received will be used exclusively for processing the conversation. The processing of personal data when contacting us by e-mail serves solely to process the request.
Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
If the contact is a pre-contractual relationship (offer or reservation request), the transmitted data may also be stored in our software and used to execute the contract. If no contractual relationship is established, we will delete the data after one year at the end of the year.
Right of objection and revocation
You have the option to object to the processing of your data at any time. For this purpose, we have provided the e-mail address datenschutz@grace-berlin.com for this purpose. We would like to point out that in the event of an objection, the conversation cannot be continued or we cannot create any offers etc.
All personal data stored in the course of contacting us will be deleted in this case.
Table reservation
Description and scope of data processing
On our website, you have the option of reserving a table for our restaurants. If you as a user make use of this option, the data entered in the input mask will be transmitted to us. These data are First name, surname, e-mail address, telephone number, details of the table reservation (day, time, number of people, restaurant) and optional details of special requests and occasion.
If you make a table reservation from our website, this is done via the online reservation system of OpenTable GmbH, Schumannstr. 27, 70325 Frankfurt, Germany. All order data entered by you is transmitted in encrypted form. OpenTable has undertaken to handle your transmitted data in accordance with data protection regulations. OpenTable takes all organizational and technical measures to protect your data.
Your data at OpenTable is stored in the United Kingdom. We would like to point out that your data may also be stored by OpenTable in third countries, such as the USA, as part of the reservation process. You can find out more about this in OpenTable’s privacy policy.
Legal basis for data processing
The legal basis for processing the data is initially our legitimate interest in data processing and the existence of the user’s consent by accepting our conditions for data processing.
Purpose of data processing
The data will be used by us exclusively for the table reservation. If you wish OpenTable to make further use of your data, OpenTable will obtain a separate declaration of consent.
Duration of storage
The data will be deleted as soon as it is no longer required for the purpose for which it was collected.
Right of objection and revocation
You have the option to object to the use of your data at any time. For this purpose, we have provided the e-mail address datenschutz@grace-berlin.com for this purpose.
Newsletter service
Description and scope of data processing
In order to inform our guests regularly about promotions and special offers, we would like to use the e-mail addresses that we receive as part of the booking or stay for our newsletter service. For this purpose, we store this data (e-mail address, title, first name, surname) in our newsletter tool “sitepackage”.
When we send newsletters, this is done via the online newsletter tool of wigital GmbH, Wall 42, D-24103 Kiel, Germany. wigital has committed itself to handling your transmitted data in accordance with data protection regulations and takes all organizational and technical measures to protect your data. Find out more in wigital’s privacy policy.
No further data will be passed on to third parties in this context.
Legal basis for data processing
The legal basis for the processing is our legitimate interest and consent pursuant to Art. 6 para. 1 lit. a, f; 7 GDPR in conjunction with Section 7 para. 3 UWG (Act against Unfair Competition).
Purpose of data processing
We process personal data solely for the purpose of sending individual newsletters.
Duration of storage
The data will be deleted as soon as you unsubscribe from the newsletter service.
Right of objection and revocation
As a recipient, you have the option to object to the processing of your data at any time. You can unsubscribe from the newsletter service with each newsletter. In addition, we have the e-mail address datenschutz@grace-berlin.com e-mail address. Please let us know your e-mail address here.
Provision of the website and creation of log files
Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
- Information about the browser type and version used
- The user’s operating system
- The IP address of the user
- Date and time of access
- Websites from which the user’s system accesses our website
- Websites that are accessed by the user’s system via our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. Personal user profiles cannot be created. The stored data is only evaluated for statistical purposes.
Legal basis for data processing
The legal basis for the temporary storage of data and log files is the processing for the protection of our legitimate interest.
Purpose of data processing
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
Data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.
Our legitimate interest in data processing also lies in these purposes.
Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.
Possibility of objection and removal
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.
Use of cookies and scripts
Description and scope of data processing
Cookies are small files that enable us to store specific information relating to you, the user, on your PC while you are visiting one of our websites. Cookies help us to determine the frequency of use and the number of users of our website, as well as to make our services as convenient and efficient as possible for you.
We use so-called “session cookies”, which are only stored temporarily for the duration of your use of our website. The session cookies are stored on your data carrier in order to ensure certain settings and functionalities on our websites via your browser. The cookies we use are deleted again at the end of the browser session, i.e. after you close your browser.
We also use cookies on our website that enable an analysis of the user’s surfing behavior. The following data can be transmitted in this way: Search terms entered, frequency of page views, use of website functions. The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the user. When accessing our website, the user is informed about the use of cookies for analysis purposes and their consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this privacy policy.
Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is our legitimate interest in data processing.
The legal basis for the processing of personal data using cookies for analysis purposes is the consent of the user.
Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change. The user data collected by technically necessary cookies is not used to create user profiles.
Analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.
Duration of storage, objection and removal options
Cookies are stored on the user’s computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
It is also possible to use our offers without cookies and scripts. You can deactivate the storage of cookies and scripts in your browser, restrict them to certain websites or set your browser so that it notifies you as soon as a cookie is sent. You can also delete cookies from your PC’s hard disk at any time.
Script blocker in your browser
You can install browser add-ons to block scripts. NoScript for Firefox and ScriptSafe for Google Chrome are examples of such browser extensions. These not only block all types of JavaScript, they also block selected trackers, Java, Flash and other plugins on websites.
If you are concerned about third-party cookies, you can reject them and still receive the cookies that allow our website to function properly.
This allows you to reject cookies in any of the main browsers:
Mozilla Firefox: Link
Google Chrome: Link
Internet Explorer: Link
Safari: Link
Please note, however, that in these cases you must expect a limited display of the page and limited user guidance.
Use of analysis and tracking tools
In order to make our website as pleasant and convenient as possible for you as a user, we occasionally use the services of external service providers. Below you have the opportunity to find out about the data protection provisions on the use and application of the services and functions used in order to exercise your rights with these service providers.
Use of Google Analytics, Google DoubleClick cookies, Google Convers Tracking and Google Remarketing
Our website may use Google Analytics, Google DoubleClick cookies, Google Convers Tracking and Google Remarketing. These are services provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
This website uses Google Analytics, a web analysis service of Google Inc (“Google”). Google Analytics uses so-called “cookies”, text files which are stored on the user’s computer and which enable the use of the website to be analyzed. The information generated by the cookie about the use of this website by users is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, the IP address of Google users within member states of the European Union or in other contracting states of the Agreement on the European Economic Area will be shortened beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. IP anonymization is active on this website. Google will use this information on behalf of the operator of this website for the purpose of evaluating the use of the website by users, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Users may refuse the use of cookies by selecting the appropriate settings on their browser, however please note that if you do this you may not be able to use the full functionality of this website. Users can also prevent Google from collecting the data generated by the cookie and relating to their use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under this link. As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent Google Analytics from collecting data within this website in the future. This will place an opt-out cookie on your device. If you delete your cookies, you must click this link again.
Deactivation of Google advertising
(http://www.google.com/privacy_ads.html) or on the deactivation page of the network advertising initiative(http://www.networkadvertising.org/managing/opt_out.asp)
Google-Tag-Manager
This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which may in turn collect data. Google Tag Manager does not access this data. If deactivation has been carried out at the domain or cookie level, it remains in effect for all tracking tags implemented via Google Tag Manager.
Social media, plugins and tools
Our website uses social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugin is marked with a Facebook logo and can be activated directly by the user.
We have no influence on data collection and further processing by Facebook. Furthermore, it is not clear to us to what extent, where and for how long the data is stored, to what extent Facebook complies with existing deletion obligations, which evaluations and links are made with the data and to whom the data is passed on. If you would like to prevent Facebook from processing personal data that you have transmitted to us, please contact us by other means.
Further information on this can be found in Facebook’s privacy policy. If you do not want Facebook to be able to associate your visit to our pages with your user account, please log out of your respective user account!
Facebook fan page
On our Facebook fan page at: https://www.facebook.com/GraceRestaurantAndBar/ we use plugins from the provider Facebook.com, which are provided by the company Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304 in the USA.
By using the fan page, data is forwarded to the Facebook servers, which contain information about your visits to our fan page. For logged-in users, this means that the usage data is assigned to their personal Facebook account. As soon as you actively use the Facebook plugin as a logged-in Facebook user, e.g. by clicking on the “Facebook” logo or using the comment function, this data is transferred to your Facebook account and published. You can only avoid this by logging out of your Facebook account beforehand.
We do not know exactly what data Facebook stores and uses. As a user of the fan page, you must therefore expect that Facebook will also store your actions on the fan page in full.
In addition, the General Terms of Use of Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland apply.
The legal basis for this data processing is Art. 6 para. 1 lit. a, f) GDPR.
Each person depicted as well as other third parties have the possibility to object to the publication of their personal data (photos) at any time. For this purpose, we have provided the e-mail address datenschutz@grace-berlin.com for this purpose. The right to object applies in particular to the publication of images for the future.
It can always happen that we inadvertently publish images of people without their consent. If publication is not desired, we will immediately do everything in our power to comply with your rights. In the case of group photos, we reserve the right to distort faces.
Our website and our fan page: https://www.instagram.com/grace_bln/ uses social plugins (“plugins”) of the social network Instagram, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.
This may include, for example, content such as images, videos or texts and buttons with which you can express your liking of content, subscribe to the authors of the content or our posts. If you are a member of the Instagram platform, Instagram can assign access to the above-mentioned content and functions to your profiles.
We use a tool (widget) on our website InstaWidget to add a photo gallery from Instagram to our websites. The embed code is generated with a simple step by username or hashtag.
The legal basis for this data processing is Art. 6 para. 1 lit. a, f) GDPR.
Every person depicted as well as other third parties have the possibility to object to the publication of their personal data (photos) at any time. For this purpose, we have provided the e-mail address datenschutz@grace-berlin.com for this purpose. The right to object applies in particular to the publication of images for the future.
It can always happen that we inadvertently publish images of people without their consent. If publication is not desired, we will immediately do everything in our power to comply with your rights. In the case of group photos, we reserve the right to distort faces.
You can find more information on how Instagram handles user data in Instagram’s privacy policy.
Use of Google Maps
Description and scope of data processing
This website uses Google Maps API, a map service of Google Inc (“Google”), to display an interactive map and to create directions. Google Maps is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
By using Google Maps, information about your use of this website (including your IP address) may be transmitted to a Google server in the USA and stored there. Google may transfer the information obtained through Maps to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
Under no circumstances will Google associate your IP address with other Google data. Nevertheless, it is technically possible that Google could identify at least individual users on the basis of the data received. It is possible that personal data and personality profiles of users of the website could be processed by Google for other purposes over which we have and can have no influence.
Legal basis for data processing
The legal basis for the use of Google Maps is our legitimate interest in data processing.
Purpose of data processing
The purpose of using Google Maps is to show the user our location on the website and to give him the opportunity to determine different routes via the services of Google Maps.
Duration of storage, objection and removal options
You have the option of deactivating the Google Maps service and thus preventing the transfer of data to Google by deactivating JavaScript in your browser. However, we would like to point out that in this case you will not be able to use the map display on our website.
Protection of minors
This service is mainly aimed at adults. We do not currently market specific areas for children. Accordingly, we do not knowingly collect age verification information, nor do we knowingly collect personally identifiable information from children under the age of 16. However, we advise all visitors to our website under the age of 16 not to disclose or provide any personal information through our service. In the event that we become aware that a child under the age of 16 has provided us with personal information, we will delete the child’s personal information from our files to the extent technically feasible.
Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
You have a right to information about the personal data stored about you, about the purposes of processing, about any transfers to other bodies and about the duration of storage.
If data is incorrect or no longer required for the purposes for which it was collected, you can request that it be rectified, erased or processing restricted. Where provided for in the processing procedures, you can also view your data yourself and correct it if necessary.
If your particular personal situation gives rise to reasons against the processing of your personal data, you can object to this if the processing is based on a legitimate interest. The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for the purposes of direct marketing or profiling, the personal data concerning you will no longer be processed for these purposes.
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
If you have any questions about your rights and how to exercise them, please contact the controller or the data protection officer.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, as a data subject you have the right to lodge a complaint with a supervisory authority for data protection, in particular in the Member State of your habitual residence or place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection law.
The supervisory authority to which the complaint is submitted will inform you of the status and outcome of your complaint, including the possibility of a judicial remedy.
You can find more information on the website of the Federal Commissioner for Data Protection and Freedom of Information. Follow the link.
Security
GRACE Berlin uses technical and organizational security measures in accordance with Art. 32 GDPR to protect your data managed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological developments. Access to this data is only possible for a few authorized persons and persons who are obliged to provide special data protection and who are involved in the technical, administrative or editorial management of data.
Status | June 2021
