GDPR
EU General Data Protection Regulation
We attach great importance to data protection. Your personal data is collected and processed in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR). We collect and process your personal data in order to offer you the above-mentioned portal. This statement describes how and for what purpose your data is collected and used, and what choices you have in relation to your personal data. By using this website, you consent to the collection, use, and transfer of your data in accordance with this privacy policy.
Responsible body
The responsible body for the collection, processing, and use of your personal data within the meaning of the GDPR is:
Ali Ayhan
Otto-Hahn-Straße 15 A
31303 Burgdorf
Phone: +49 5136 972 60 13
Email: info@hotel-restaurant-ayhan.de
If you wish to object to the collection, processing, or use of your data by us in accordance with these data protection provisions, either in whole or for individual measures, you can address your objection to the responsible body mentioned above. You can save and print this privacy policy at any time.
Data processing when using the website
Access data
We collect information about you when you use this website. We automatically collect information about your usage behavior and your interaction with us and record data about your computer or mobile device. We collect, store, and use data about every access to our online offering (so-called server log files). Access data includes the name and URL of the file accessed, the date and time of access, the amount of data transferred, notification of successful access (HTTP response code), browser type and browser version, operating system, referrer URL (i.e., the previously visited page), IP address, and the requesting provider. We use this log data without assigning it to your person or otherwise creating a profile for statistical evaluations for the purpose of operating, securing, and optimizing our online offering, but also for anonymous recording of the number of visitors to our website (traffic) and the extent and type of use of our website and services, as well as for billing purposes to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalized and location-based content, analyze data traffic, find and fix errors, and improve our services. We reserve the right to review the log data retrospectively if there are concrete indications of legitimate suspicion of illegal use. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision of services or billing, e.g., if you use one of our offers. After canceling the order process or after receipt of payment, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if we have concrete suspicion of a criminal offense in connection with the use of our website. In addition, we store the date of your last visit (e.g., when registering, logging in, clicking on links, etc.) as part of your account.
Email contacts
When you contact us (e.g., via contact form or email), we store your information for the purpose of processing your inquiry and in case follow-up questions arise. We only store and use further personal data if you consent to this or if this is legally permissible without specific consent.
Legal basis General Data Protection Regulation
In accordance with the provisions of the General Data Protection Regulation (GDPR) applicable from May 25, 2018, we inform you that consent to the sending of email addresses is based on Art. 6 (1) lit. a, 7 GDPR and § 7 (2) No. 3, resp. (3) UWG. The use of the MailChimp mailing service, the performance of statistical surveys and analyses, and the logging of the registration process are based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our interest is in the use of a user-friendly and secure newsletter system that serves both our business interests and meets the expectations of users.
We would also like to point out that you can object to the future processing of your personal data at any time in accordance with the legal requirements of Art. 21 GDPR. In particular, you can object to the processing for direct marketing purposes.
Your rights as a data subject
Under applicable law, you have various rights regarding your personal data. If you wish to exercise these rights, please send your request by email or post to the address given in section 1, clearly identifying yourself.
Below you will find an overview of your rights.
Right to confirmation and information
You have the right to obtain confirmation from us at any time as to whether personal data concerning you is being processed. If this is the case, you have the right to obtain information from us free of charge about the personal data stored about you, together with a copy of this data. You also have the right to the following information:
1. the purposes of the processing;
2. the categories of personal
data being processed;
3. the recipients or categories of recipients
to whom the data is disclosed,
in particular recipients in third countries
or international organizations;
4. if possible, the planned duration
for which the personal data will be stored,
or, if this is not possible,
5. the criteria used to determine that period;
6. the existence of the right to rectify
or erase personal data concerning you
or to
restrict processing
by the controller or a
right to object to such processing;
7. the existence of the right to lodge a complaint
with a supervisory authority;
8. if the personal data
is not collected from you,
all available information
about the origin of the data;
9. the existence of automated decision-making
including profiling pursuant to Article 22
paragraphs 1 and 4 GDPR and
– at least in these cases –
meaningful information about
the logic involved and the
scope and intended
effects of such
processing for you.
If personal data is transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.
Right to rectification
You have the right to request that we rectify any inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
Right to erasure (“right to be forgotten”)
You have the right to request that we erase personal data concerning you without undue delay, and we are obliged to erase personal data without undue delay if one of the following reasons applies:
1. The personal data is no longer necessary for the purposes
for which it was collected or
otherwise processed.
2.
2. You withdraw your consent
on which the processing was based in accordance with Article
6(1)(a) or
Article 9(2)(a) of the GDPR,
and there is no other
legal basis for the processing.
3. You object to the processing pursuant to Article 21(1) of the GDPR
and there are no overriding legitimate
grounds for the processing,
or you object to the processing pursuant to Article 21(2) of the GDPR
.
4. The personal data has been processed unlawfully.
5. The personal data must be erased for reasons relating to your particular situation.
5. The erasure of the personal data
is necessary for compliance with a legal obligation
under Union or Member State law
to which we are subject.
6. The personal data has been
collected in relation to the offer of
information society services referred to in Article 8
(1) of the GDPR.
If we have made the personal data public and are obliged to erase it, we shall, taking into account the available technology and the implementation costs, take reasonable steps, including technical measures, to inform data controllers who process the personal data that you have requested the erasure of all links to this personal data or of copies or replications of this personal data.
Right to restriction of processing
You have the right to request that we restrict processing if one of the following conditions applies:
1. the accuracy of the personal
data is contested by you,
for a period enabling us to
verify the accuracy of the personal data,
2. the processing is unlawful
and you have refused to have the personal data deleted
and instead requested the restriction of
the use of the personal data;
3. we no longer need the personal data for the purposes
of processing,
but you need the data to assert,
exercise, or defend legal claims, or
4. you have objected to the processing pursuant to Article 21
(1) GDPR,
as long as it is not yet clear whether the legitimate
reasons of our company outweigh yours.
Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided that
1. the processing is based on consent
pursuant to Article 6(1)(a) GDPR
or Article 9(2)(a) GDPR
or on a contract pursuant to Article 6
(1)(b) GDPR and
2. the processing is carried out using automated procedures.
When exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from us to another controller, insofar as this is technically feasible.
Automated decisions, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Right to withdraw consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is unlawful.
Data security
We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities. Your personal data is transmitted to us in encrypted form. This applies to your orders and also to the customer login. We use the SSL (Secure Socket Layer) encryption system, but would like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. It is not possible to completely protect data from access by third parties. To secure your data, we maintain technical and organizational security measures, which we continually adapt to the state of the art. We also do not guarantee that our offer will be available at certain times; disruptions, interruptions, or failures cannot be ruled out. The servers we use are regularly and carefully backed up.
Automated decision-making
Automated decision-making based on the personal data collected does not take place.
Transfer of data to third parties,
no data transfer to
non-EU countries
As a matter of principle, we only use your personal data within our company. If and to the extent that we engage third parties in the performance of contracts (such as logistics service providers), they only receive personal data to the extent that the transfer is necessary for the corresponding service.
In the event that we outsource certain parts of data processing (“contract processing”), we contractually oblige contract processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.
Data will not be transferred to entities or persons outside the EU, except in the cases specified in section 2.3 of this statement, and no such transfer is planned.
Integration of third-party services and content
It may happen that third-party content, such as videos from YouTube, map material from Google Maps, RSS feeds, or graphics from other websites, is integrated into this online offering. This always requires that the providers of this content (hereinafter referred to as “third-party providers”) perceive the IP address of the users. Without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is therefore necessary for the display of this content. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. However, we have no influence on whether third-party providers store the IP address for statistical purposes, for example. To the extent that we are aware of this, we inform users accordingly.
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on users' computers to help the website analyze how users use the site. The information generated by the cookie about the use of this website by users is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, the IP address of users within member states of the European Union or in other signatory states to the Agreement on the European Economic Area will be truncated beforehand. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate the use of the website by users, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator. We would like to point out that on this website, Google Analytics has been extended by the code “gat._anonymizeIp();” to ensure anonymous collection of IP addresses (so-called IP masking). We also use Google Analytics to evaluate data from AdWords and the DoubleClick cookie for statistical purposes. If you do not want this, you can deactivate it via the Ads Preferences Manager. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software settings accordingly; however, this offer points out to users that in this case they may not be able to use all functions of this website to their full extent. Users can also prevent Google from collecting the data generated by the cookie and relating to their use of the website (including their IP address) and from processing this data by downloading and installing the browser plug-in available at the following link:
https:// tools.google.com/dlpage/gaoptout?hl=en
As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent Google Analytics from collecting data within this website in the future. An opt-out cookie will be stored on your device. If you delete your cookies, you will need to click this link again.
Use of Facebook social plugins
Our website uses social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are marked with a Facebook logo or the addition “Facebook Social Plugin”. When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the website. For the purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, please refer to Facebook's privacy policy.
https://www.facebook.com/policy.php
An overview of Facebook plugins can be found here:
http://developers.facebook.com/docs/plugins
If you do not want Facebook to collect data about you via our website, you must log out of Facebook before visiting our website.
Use of WhatsApp social plugins
By clicking on the WhatsApp social media buttons on our website, plugins from WhatsApp Inc., 650 Castro Street, Suite 120-219 Mountain View, California, 94041, United States of America (hereinafter: WhatsApp) are loaded or a WhatsApp plugin installed in your browser is called up. If you have JavaScript enabled in your browser and have not installed a JavaScript blocker, your browser may transmit personal data to WhatsApp. We do not know what data WhatsApp links to the data it receives and for what purposes WhatsApp uses this data. WhatsApp belongs to Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA (hereinafter: Facebook), so it cannot be ruled out that your personal data may also be transferred to Facebook or its subsidiary Facebook Ireland Ltd., Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland. To prevent the execution of JavaScript code from WhatsApp altogether, you can install a JavaScript blocker (e.g., http://www.noscript.net or www.ghostery.com). Information on data protection from the WhatsApp provider is available at the following link:
https://faq.whatsapp.com/general/26000112/?eea=1/
Use of Google+ plugins
This website uses the +1 button from google.com, which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The button is marked with the addition / logo “+1”. When a page of our website is accessed that has such a button, the browser establishes a direct connection to Google's servers. The button is transmitted directly from Google to the browser and integrated into the website. By integrating the buttons, Google receives information that the corresponding page of the website has been accessed. If the visitor to the respective website is logged in to Google at the time of their visit, Google can assign the visit to the user's Google account. If the button is clicked, the corresponding information is transmitted directly from the browser to Google and stored there. The purpose and scope of the data collection and the further processing and use of the data by Google, as well as the user's rights in this regard and setting options for protecting their privacy, can be found in Google's privacy policy.
https://policies.google.com/privacy?hl=de
If the user does not want Google to collect data about them via the visited website, they must log out of Google before visiting these web pages.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims. If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing. You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest. The user has the right to request information free of charge about the personal data stored about them. In addition, the user has the right to have incorrect data corrected, blocked, and deleted, unless there is a legal obligation to retain such data.