Datenschutz | Böckmann’s Restaurant Hamburg

3. Purposes and legal bases of data processing 3.1. Informational use of the website

You can visit our website without providing any personal information. If you use our website for informational purposes only, i.e., without making a reservation, submitting an inquiry, or otherwise providing us with personal information, we do not process any personal data, with the exception of the data that your browser transmits to enable you to visit the website and information transmitted to us via cookies.

3.1.1. Technical provision of the website

For the purpose of the technical provision of the website, our system (i.e. the web server) automatically collects information from your browser each time the website is accessed.

The temporary storage of your IP address by our system is necessary to enable the delivery of the website to your computer. For this purpose, the user's IP address must necessarily be stored for the duration of the session.

The IP address is stored in the log files to ensure the functionality of our website. This data also helps us optimize the website and guarantee the security of our IT systems (e.g., attack detection). Furthermore, the data is analyzed for marketing purposes in connection with the tools mentioned in section 3.1.3.

The following information is collected:

IP address, anonymized/shortened;
Browser type/version (e.g., Firefox 59.0.2 (64-bit));
Browser language (e.g., German);
Operating system used (e.g., Windows 10);
Inner resolution of the browser window;
Screen resolution;
Javascript activation;
Java On/Off;
Color depth;
Time of access.

3.1.2. Cookiebot

On our website, we use the consent manager "Cookiebot" from Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark ("Cybot"). Cookiebot is a solution that allows us to obtain your consent for certain data processing activities that require consent (e.g., analysis, etc.). With the help of Cookiebot, we inform you about the individual cookies and tools we use and allow you to choose which ones you categorically accept or reject. This enables you to make an informed decision about the sharing of your data and allows us to use cookies and tools in a data protection-compliant, transparent, and documented manner.

The consent manager places a cookie on your device to record your decision. This cookie contains some personal data. The data is processed exclusively within the European Union. This data includes the following information:

IP address of the end user in anonymized form (the last three digits are set to '0')
Date and time of consent.
User agent of the end user's browser.
The URL from which the consent was sent.
An anonymous, random and encrypted key.
The consent status of the end user, which serves as proof of consent.

Further information and the privacy policy of Cybot/Cookiebot can be found at: https://www.cookiebot.com/de/privacy-policy/.

We process your personal data for the technical provision of our website on the basis of the following legal grounds:

to fulfill a legal obligation to which we are subject pursuant to Art. 6 para. 1 lit. c GDPR in conjunction with the other provisions of the GDPR, insofar as we are obliged to document and be able to prove your decision on consent to data processing for cookies and other similar tools,
to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, in order to be able to technically provide you with functions of the website.

3.1.3. Google Tag Manager On our website, we use Google Tag Manager, a service provided by Google Inc., Gordon House, Barrow Street, Dublin, Ireland (“Google”). Google Tag Manager is a solution that allows marketers to manage website tags via a single interface. The Google Tag Manager service itself (which implements the tags) is a cookie-less domain and does not collect any personally identifiable information. Google Tag Manager triggers other tags, which may in turn collect data. Google Tag Manager does not access this data. If deactivation has been performed at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.

3.1.4. Google Maps

Our website uses Google Maps, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Dublin 4, Ireland).

Parkway, Mountain View, CA 94043, USA) (“Google”). Google Maps is a web service for displaying interactive maps to visually represent geographic information. Using this service allows us to show you the location of our restaurant and makes it easier for you to find us. Data processing is carried out to display the map and thus the marked location.

To enhance the protection of your data when visiting our website, Google Maps is integrated in a limited way, using only an HTML link. This ensures that no connection is established with Google's servers and your data is not transmitted to Google when you access our website. Only when you click on the link and thereby give your consent to the data transfer will your browser establish a direct connection to Google's servers, allowing you to plan your route to us. Functionally, the integration of Google Maps is equivalent to a hyperlink, meaning that neither we nor Google collect any data from you on our website.

For information on the purpose and scope of data collection and the further processing and use of data by Google, as well as your related rights and privacy settings, please refer to Google's privacy policy at https://www.google.de/intl/de/policies/, https://www.google.com/policies/privacy/partners/?hl=de and https://privacy.google.com/intl/de/businesses/mapscontrollerterms/nt

3.2 Active Use of the Website In addition to simply browsing our website, you can also actively use it to download information, subscribe to a newsletter or register for an event, or contact us. In addition to the processing of your personal data described above for purely informational use, we will then also process further personal data from you, which we need, for example, to process your order.

3.2.1 User requests

To process your inquiries to us, for example via our email address, to answer them specifically, and to send you the requested information, documents, etc., we process the personal data you provide in this context. This includes your contact details, so that we can send you a reply or ask any necessary follow-up questions, as well as any other information you provide us with in this regard. Depending on your information, the subject of the inquiry, and what is appropriate, we may contact you electronically, by telephone, or by mail.

We process your personal data to answer user inquiries, requests for information, etc., on the basis of the following legal grounds:

to protect our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR; our legitimate interest lies in the proper handling and execution of customer inquiries;
If the request aims at concluding a contract, the additional legal basis is Art. 6 para. 1 lit. b GDPR.

3.2.3 Submitting an application

We process your personal data as part of your application, provided you make it available to us. The application documents may contain special categories of personal data.

Processing of personal data

The applicant data typically includes the following:

First and Last Name
If applicable, your academic degree
Date and place of birth
Contact details (address, email, telephone and/or mobile number)
Application documents (cover letter, CV, certificates)
Language skills
skills

We also process the data that you send us when contacting us via email.

We base our decisions in the application process on the personal data you provide, in accordance with legal requirements. For example, we use your professional qualifications to decide whether to consider you for the shortlist or a personal impression gained during an interview to determine whether to offer you the position you have applied for.

We process your personal data on the basis of the following legal grounds:

Data processing for the decision on the establishment of an employment relationship, Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 sentence 1 BDSG-new.

Processing of special categories of personal data

According to Article 9 of the GDPR, special categories of personal data are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs (e.g., information about religious affiliation/denomination), or trade union membership, as well as the processing of biometric data for unique identification (e.g., photos), health data (e.g., information about the degree of disability), or data concerning a person's sex life or sexual orientation. If your CV contains special categories of personal data, we do not intentionally collect them.

We expressly ask you not to send us such data.

If, as part of your application documents and contrary to our explicit request, you voluntarily provide us with special categories of personal data pursuant to Article 9(1) GDPR (e.g., your photo or information about your religious affiliation/denomination), we will store this data based on your consent pursuant to Article 88(1) GDPR in conjunction with Section 26(3) Sentence 2 of the German Federal Data Protection Act (BDSG-neu). This also applies if you provide us with further special categories of personal data during the course of the application process. By voluntarily submitting this data, you consent to its storage within the scope of the application process.

We generally do not consider these special categories of personal data in our selection process, unless we are legally obligated to do so. For example, in some job postings, people with disabilities may be given preferential treatment in accordance with applicable laws. In these cases, providing this information is always voluntary and requires your explicit consent, which you give by voluntarily submitting this data.

We process your special categories of personal data on the following legal grounds:

pursuant to Art. 9 para. 1 GDPR based on your consent pursuant to Art. 88 para. 1 GDPR in conjunction with § 26 para. 3 sentence 2 BDSG-new.

3.2.4 Compliance with legal regulations

We also process your personal data to fulfill other legal obligations. These may apply to us, among other things, in connection with processing your reservation, your orders, or business communication. This includes, in particular, retention periods under commercial, trade, or tax law.

We process your personal data on the basis of the following legal grounds:

to fulfill a legal obligation to which we are subject pursuant to Art. 6 para. 1 lit. c GDPR in conjunction with commercial, trade, or tax law, insofar as we are obliged to record and retain your data.

3.2.5 Enforcement of rights

We also process your personal data to assert our rights and enforce our legal claims. We also process your personal data to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary for the prevention or prosecution of criminal offenses.

We process your personal data for this purpose on the basis of the following legal grounds:

to protect our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, insofar as we assert legal claims or defend ourselves in legal disputes or prevent or investigate criminal offenses.

5. Categories of Recipients Initially, only our employees have access to your personal data. Your data will only be disclosed to third parties if this is legally permitted or required, or if you have given your consent. We also share your data with the service providers we use to the extent necessary to provide our services. We limit the disclosure of data to what is necessary to provide our services to you. In some cases, our service providers receive your data as data processors and are then strictly bound by our instructions when handling your data. In other cases, the recipients act independently with the data we transmit to them.

Below we list the categories of recipients of your data:

Affiliated companies within the corporate group, insofar as they act as data processors for us and, for example, provide IT services or insofar as this is necessary for the provision of our services;
Companies that assist us in processing reservations;
Payment service providers and banks to collect outstanding payments from accounts or to pay out refund amounts;
Suppliers and courier services for the delivery of goods;
IT service providers who, among other things, store data, assist with the administration and maintenance of systems, provide functions on the website, as well as document archivists and shredders;
Debt collection agencies and legal advisors assist in enforcing our claims;
public bodies and institutions to the extent that we are legally obligated to do so.

Furthermore, we may share your personal data within our Europe-wide group of companies, for example with subsidiaries that require this data to fulfill our contractual and legal obligations or based on our legitimate interests. This may involve economic, administrative, or other internal business purposes; this only applies insofar as your interests or fundamental rights and freedoms, which require the protection of personal data, do not override these interests.

6. Third-country transfer

When using Google Maps, we transfer your IP address, or your shortened IP address, to countries outside the European Union, including the USA and Australia.

The data transfer to the USA is based on the European Commission's Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Privacy Shield. Google LLC is certified under the Privacy Shield framework.

Furthermore, we do not transfer your personal data to countries outside the EU or the EEA or to international organizations.

7. Storage duration

7.1 Informational use of the website

When you use our website for purely informational purposes, we initially store your personal data on our servers only for the duration of your visit. Once you leave our website, this personal data is deleted immediately.

We store your consent decision made via Cookiebot for up to 12 months.

7.2 Active use of the website

When you actively use our website, we initially store your personal data for the duration of processing your inquiry or for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.

Your reservation details will be stored by Bookatable for 3 years after your last reservation.

In addition, we will store your personal data until the statute of limitations expires for any legal claims arising from our relationship with you, in order to use it as evidence if necessary. The limitation period is generally between 1 and 3 years, but can also be up to 30 years.

Once the statute of limitations expires, we delete your personal data unless there is a legal obligation to retain it, for example, under the German Commercial Code (Sections 238, 257 Paragraph 4 HGB) or the German Fiscal Code (Section 147 Paragraphs 3, 4 AO). These retention periods can range from two to ten years. During this time, the data will only be processed again in the event of an audit by the tax authorities.

8. Your rights as a data subject

If your personal data is being processed, you are a "data subject" within the meaning of the GDPR. You have the following rights against us as the data controller:

Right to Information: You can request information about whether we process personal data concerning you. If this is the case, you have the right to access this personal data and further information related to the processing (Art. 15 GDPR). Please note that this right to information may be restricted or excluded in certain cases.
Right to rectification: In the event that personal data concerning you is (no longer) accurate or incomplete, you can request rectification and, where applicable, completion of this data (Art. 16 GDPR).
Right to erasure or restriction of processing: If the legal requirements are met, you can request the erasure of your personal data (Art. 17 GDPR) or the restriction of the processing of this data (Art. 18 GDPR). However, the right to erasure under Art. 17 para. 1 and 2 GDPR does not apply, among other things, if the processing of personal data is necessary for compliance with a legal obligation (Art. 17 para. 3 lit. b GDPR).
Right to object: For reasons arising from your particular situation, you can also object to the processing of your personal data by us at any time (Art. 21 GDPR). Provided the legal requirements are met, we will subsequently no longer process your personal data.
Right to data portability: You are entitled, under the conditions of Art. 20 GDPR, to request from us that we provide you with the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format.
Right to withdraw your consent under data protection law: You have the right to withdraw your consent at any time. The withdrawal is only effective for the future; that is, the withdrawal does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
Right to lodge a complaint with a supervisory authority. Without prejudice to any other administrative or judicial remedy, you (the data subject) have the right to lodge a complaint with a supervisory authority – in particular in the Member State of your habitual residence – if you believe that our processing of your personal data infringes the GDPR.

The supervisory authority responsible for us is:

The Hessian Commissioner for Data Protection and Freedom of Information

PO Box 3163

65021 Wiesbaden

Telephone: 49 611 1408 – 0

Fax: 49 611 1408 – 611

E-Mail: poststelle@datenschutz.hessen.de

However, we recommend that you always address any complaints to our data protection officer first.

Your requests to exercise your rights should, if possible, be submitted in writing to the address given above under point 1 or directly to our data protection officer.

Right to object (Article 21 GDPR)

You have the right to object at any time to the processing of your data based on Article 6(1)(f) GDPR (data processing based on legitimate interests) or Article 6(1)(e) GDPR (data processing in the public interest), if there are grounds relating to your particular situation. This also applies to profiling based on these provisions within the meaning of Article 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

In certain cases, we also process your personal data for direct marketing purposes. If you do not wish to receive advertising, you have the right to object at any time; this also applies to profiling insofar as it is related to such direct marketing. We will respect this objection for the future.

We will no longer process your data for direct marketing purposes if you object to processing for these purposes.

The objection can be made informally and should preferably be addressed to the address mentioned under point 1.

9. Scope of your obligations to provide data

You are generally not obliged to provide us with your personal data. However, if you choose not to, we will be unable to provide you with our website, answer your inquiries, send you information, etc., or enter into a contract with you.

10. Profiling / Automated Decision Making

We do not carry out profiling and do not use purely automated decision-making processes in accordance with Article 22 GDPR.

11. Changes

We reserve the right to amend this privacy policy at any time. Any changes will be announced by publishing the amended privacy policy on our website. Unless otherwise specified, such changes will take effect immediately. Please therefore check this privacy policy regularly to view the most up-to-date version.

Privacy Policy

Here's how to reach us

Opening hours

Contact us