The provider (hereinafter also: „we“) collects, uses and stores your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act and the German Telemedia Act (Telemediengesetz). Personal data are details about personal or factual circumstances of a specific or identifiable natural person. Below we will inform you about the nature, scope and purpose of the collection and use of personal data by the provider.
1. Who is responsible for data processing and to whom can you contact?
You can reach our data protection officer via the e-mail address: email@example.com.
Any data subject can contact our data protection officer at any time with any questions or suggestions regarding data protection.
2. Which data are processed and from which sources do they come from?
We process personal data (Article 4 No. 1 GDPR), which we use as part of our activities as a catering company, e.g. received in reservation requests. The personal data processed by us includes the following personal data (name, address, e-mail addresses, possibly further data on reservations and communication contents). The data is obtained by contacting us.
3. For what purpose are the data processed and on which legal bases is the processing based?
We process personal data in accordance with Art. 6 I lit. 1 b) GDPR to provide our services as a hospitality company and to record and process your reservations. Furthermore, in accordance with Art. 6 I 1 lit. b) GDPR we process names and contact information of the contact persons of our suppliers in order to be able to communicate with them. We process personal data according to Art. 6 para. 1 a) GDPR in order to be able to draw your attention to our offers. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR. Also, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the above mentioned paragraphs are based on Art. Art. 6 I lit. f GDPR if processing is necessary for the legitimate interests of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the data subject prevail.
4. Eligible processing interests that are being pursued by the controller or a third party
Is the processing of personal data based on Article 6 I lit. f GDPR our legitimate interest lies in the conduct of our business and the associated communication with you (Recital 47 GDPR).
5. Data protection in applications and in the application process
The controller collects and processes the personal data of candidates for the purpose of processing the application process on the basis of Article 6 (1) (b) GDPR. The processing can also be done electronically. This is particularly the case if an applicant submits corresponding application documents to the controller by electronic means, for example by e-mail or via a web form available on the website. If the controller concludes a contract of employment with an applicant, the data transmitted will be stored for the purposes of the employment relationship in accordance with the law. If no employment contract is concluded with the candidate by the controller, the application documents will be automatically deleted two months after the announcement of the rejection decision, unless deletion precludes other legitimate interests of the controller. Other legitimate interest in this sense can be, for example, a burden of proof in a procedure under the General Equal Treatment Act (Allgemeines Gleichstellungsgesetz – AGG).
6. SSL encryption
Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as a website provider. You can recognize an encrypted connection by changing the address line of the browser from „http: //“ to „https: //“ and the lock symbol in your browser line. If SSL encryption is enabled, the data you submit to us cannot be read by third parties.
7. Server log files
We collect and store on the basis of Art. 6 para. 1 lit. f GDPR information on visiting our website in so-called server log files, which your browser automatically transmits to us. These are:
- shortened IP address
- browser type / version
- used operating system
- referrer URL (the previously visited page)
- date and time of the server request
- transmitted amount of data
- the requesting provider
These data are collected solely for statistical purposes. A combination of these data with other data sources is not carried out.
Our website uses on the basis of Art. 6 para. 1 lit. f GDPR so-called cookies. A cookie is a file that stores certain device-related information on users‘ access devices (PC, tablet, smartphone, etc.). When our website is called up by the user’s device, the server of our website receives cookies. The server can evaluate the information stored in the cookie in several ways. Cookies can be used to, for example, advertisements that can be adapted to the user behaviour recorded with the cookie, and statistical data from website usage can be recorded. You can allow or disable cookies via the settings in your browser. However, not all features of our website may be available if you disable cookies.
9. Duration of storage and routine deletion
We only process and store personal data for the period of time necessary to achieve the processing purpose or as provided for in laws or regulations governing the controller. If the purpose of the storage is omitted or if a legally prescribed retention period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
10. Google Analytics
We have activated the functionality IP anonymization. In case of activation of the IP anonymization, Google will shorten the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area before sending it to the USA. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On our behalf Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website provider.
Google will not associate your IP address with any other data held by Google.
Opposition to the data collection
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set which prevents the collection of your data on future visits to this website: disable Google Analytics
11. Using Script Libraries (Google Webfonts)
In order to present our content in a correct and graphically appealing way, we use on the basis of Art. 6 para. 1 lit. f GDPR on this website Script libraries and font libraries such as Google webfonts (https://www.google.com/webfonts/). Google webfonts are transferred to the cache of your browser to prevent multiple loading. If the browser does not support Google Web fonts or prohibits access, content will be displayed in a standard font.
The call of script libraries or font libraries automatically triggers a connection to the operator of the library. It is theoretically possible that operators of such libraries collect data.
12. Processing of card payments
On the basis of Art. 6 para. 1 lit. b) GDPR we offer the possibility of payment by credit cards or debit cards. When processing card payments, we work with service providers who provide us with the necessary hardware and software components to process your card data in a technically secure environment or handle incoming payment orders. The processing is carried out by afc Rechenzentrum GmbH, Bültbek 27-29, 22962 Siek, LAVEGO AG, Zielstattstr.10a, 81379 Munich, CardProcess GmbH, Wachhausstraße 4, 76227 Karlsruhe and BS PAYONE GmbH, Lyoner Straße 9, D -60528 Frankfurt / Main.
13. Is there an automated decision-making process?
We do not use automated decision-making processes under Art. 22 GDPR for initiating decisions on the establishment or carrying out of the business relationship, which would have legal consequences for the data subject or would have a similar significant negative impact on this person.
14. Documentation of given consent
If you have given us a consent under Art. 7 GDPR, § 7 of the German Unfair Competition Act (UWG) to contact you via email, then your consent is as follows:
 I agree to receive in the future by email information about offers of Ochsenbraterei Haberl OHG, Haberl Gastronomie e.K., Haberl Michaeligarten Gaststättenbetriebs GmbH and the Restaurant am Chinesischen Turm Haberl GmbH. The processing is carried out by the ox broiler Haberl OHG.
You can revoke a given consent at any time free of charge. A revocation can e.g. done by email or by post or by using the unsubscribe function in the respective email.
15. Rights of the persons concerned
The person concerned has gem. Art. 15 GDPR the right to obtain free information on request about the personal data stored about him as well as the purpose of the data processing. The person concerned has also gem. Articles 16, 17 and 18 GDPR the right to correct incorrect data and block and delete his personal data. In addition, under the conditions set out in Art. 20 GDPR, he is entitled to receive the personal data that has been stored concerning him in a structured, common and machine-readable format and to transmit this data to another person responsible without hindrance by the provider. In addition, the person affected gem. Art. 21 (1) GDPR shall be entitled to refuse personal data relating to the processing of personal data which, pursuant to Art. 6 para. 1 lit. e or f GDPR, for reasons that arise from its particular situation, object to this. The provider will fulfill the aforementioned rights of the data subject, as far as the legal requirements for the assertion of the rights are given. Any request for your personal data should be addressed to the e-mail address or address stated in the imprint of our website. Each interested party has the right to lodge a complaint with a data protection supervisory authority about the processing of data when using the website.