WE Gastronomie GmbH always considers the management of personal data as a privilege and is committed to ensuring their protection in full compliance with correctness, lawfulness and transparency.

This privacy policy provides an overview of how, for what purpose and to what extent we process personal data as part of our online offering. In addition, we would like to use this privacy policy to inform data subjects about their rights.

Personal data is data with which you are personally identified or identifiable. With regard to the technical terms used, we would like to refer directly to Art. 4 of the General Data Protection Regulation (GDPR).

Responsibility

WE Gastronomie GmbH

Schwanthalerstrasse 36

80336 Munich

Managing Director:

Dipl. Kaufm. (Univ.) Alexander Egger

Phone: +49 89 / 55 11 13 330

Fax: +49 89 / 55 11 13 335

E-mail: servus@muenchner-stubn.de Internet: www.muenchner-stubn.de

Imprint: https://www.muenchner-stubn.de/de/impressum

Data Protection Officer:

Ulrich Tetzner

E-mail: datenschutz@muenchner-stubn.de

Type of data processed, purpose of processing and data subjects:

The use of this website is generally possible without providing any personal data. The collection of personal data serves to provide our services and to optimize and protect our website. With your consent, we also use your input to respond to your messages or contact requests (by email, telephone, via our contact form or via social media platforms) and process them accordingly. Your details and contact data may be stored in a customer relationship management system or similar organizational form.

We also process contract data, payment data of customers and interested parties, applicants and business partners, suppliers or external service providers for the provision of contractual services as well as data for the processing of an application procedure. We also use data for service matters, customer care and for marketing and advertising purposes.

You will find more detailed information about our data processing in detail below.

Deletion of data

Inquiries and other personal data are deleted if they are no longer required. Their necessity is reviewed every two years. In addition, the statutory archiving obligations apply.

Security measures

Your personal data is stored in such a way that it is not accessible to third parties as far as technically and economically possible. When communicating by e-mail, we cannot guarantee complete data security and confidentiality.

If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject. The processing of personal data is always carried out in accordance with the General Data Protection Regulation and country-specific data protection regulations.

Taking into account the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the company shall implement appropriate technical and organizational measures to ensure and to be able to demonstrate that processing is carried out in accordance with this Regulation. These measures shall be reviewed and updated as necessary. Provided that this is proportionate to the processing activities, the measures shall include the implementation of appropriate data protection measures by the controller (Art. 24 GDPR). Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including, inter alia, the following (Art. 32 (1) GDPR)

a) the pseudonymization and encryption of personal data;

(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of the systems and services relating to the processing;

c) the ability to quickly restore the availability of and access to personal data in the event of a physical or technical incident;

(d) a process for regularly reviewing, assessing and evaluating the effectiveness of the technical and organizational measures for ensuring the security of the processing.

When assessing the appropriate level of protection, particular account must be taken of the risks associated with the processing – in particular through destruction, loss or alteration, whether accidental or unlawful, or unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed (Art. 32 para. 2 GDPR).

Compliance with approved codes of conduct pursuant to Article 40 or an approved certification procedure pursuant to Article 42 may be used as a factor to demonstrate compliance with the requirements referred to in paragraph 1 of this Article (Article 32(3) GDPR).

The controller and the processor shall take steps to ensure that natural persons under their authority who have access to personal data process such data only on instructions from the controller, unless they are obliged to do so under Union or Member State law (Art. 32 (4) GDPR).

Rights of the data subjects

Below you can find out more about your rights regarding the processing of your personal data.

Right to information

In accordance with Art. 15 GDPR, the data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning him or her is being processed. If the processing of personal data is applicable, the person has the right to receive information about the individual information.

Right of withdrawal

Consent given to the collection, processing and storage of data can be revoked at any time with effect for the future (pursuant to Art. 7 para. 3 GDPR). This can be done by sending an email to servus@muenchner-stubn.de or by calling +49 89 / 55 11 13 330.

Right of objection

In accordance with Art. 21 GDPR, you can object to the future processing of your data at any time. This can be done by sending an email to servus@muenchner-stubn.de or by calling +49 89 / 55 11 13 330.

Right to lodge a complaint with the competent supervisory authority

In the event of breaches of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR. The state data protection officer of the federal state in which the company is based is always responsible for this.

Contractual services

The data collected from you will only be passed on to third parties (in accordance with Art. 6 GDPR) by us when initiating a contract, to fulfill contractual obligations and to ensure a smooth process, in particular to process a concluded contract (e.g. passing on name and address to a delivery service), if this is necessary or if storage is required for other legal reasons.

The data will only be stored for the purpose that you specify when entering the data and will only be used to the extent that you have consented to its use. Data will only be stored for the time necessary to fulfill our contractual obligations or the intended purpose or as required by law. The use of data is also necessary for the performance of a contract as described above if credit information is obtained in order to protect our legitimate interests.

Such a credit check requires the transfer of personal data to third parties and provides information on the probability of a payment default. It can contain probability values that are calculated on a scientific basis and include address data, among other things, in their calculation. These probability values are referred to as score values.

Your personal data will not be passed on to third parties for purposes other than those listed in the previous section, except for the purposes of credit assessment, contract and payment processing.

You have the right to receive information about the stored data concerning you from all bodies that collect data in order to provide credit information.

Administration, office organization, contact management and accounting

The data collected from you will only be passed on to third parties (in accordance with Art. 6 GDPR) within the scope of administrative tasks, for office organization, contact management and financial accounting (e.g. passing on your name and address to a delivery service), if this is necessary or if storage is required for other legal reasons.

The data will only be stored for the purpose that you specify when entering the data and will only be used to the extent that you have consented to its use. Data will only be stored for the time necessary to fulfill our contractual obligations or the intended purpose or as required by law. The use of data is also necessary for the performance of a contract as described above if credit information is obtained in order to protect our legitimate interests.

Such a credit check requires the transfer of personal data to third parties and provides information on the probability of a payment default. It can contain probability values that are calculated on a scientific basis and include address data, among other things, in their calculation. These probability values are referred to as score values.

Your personal data will not be passed on to third parties for purposes other than those listed in the previous section, except for the purposes of credit assessment, contract and payment processing.

In addition, for business reasons, we store information on contact persons, organizers or other business partners permanently.

External payment service providers

In order to be able to process necessary payment transactions, both by contractual partners and by us, efficiently and securely, we use external payment service providers in accordance with Art. 6 para. 1 lit. b. GDPR. GDPR, we use external payment service providers. The terms and conditions and data protection declarations of the respective service provider apply.

Application procedure

The processed data of applicants is only processed and stored for the purpose of handling the respective application procedure. Electronic processing is possible, for example if the application documents are sent to the controller by email. If a contractual relationship is established, the controller reserves the right to use the transmitted data for further processing and to store it in accordance with the statutory provisions. If no employment contract is concluded with the applicant, the data will be deleted directly after notification of the rejection in order to protect the applicant, provided that no other legitimate interests of the data controller conflict with the deletion. If there is an interest in a future employment relationship, the explicit consent of the applicant will be obtained in advance in order to process and permanently store the application data accordingly.

Cooperation with processors and third parties

In the event of disclosure, transmission or other access to processed data by other service providers or companies, processors or third parties, this will only take place on the basis of legal permission, your consent, for contract fulfillment in accordance with Art. 6 para. 1 lit. b GDPR, due to legal obligations or our legitimate interests.

If third parties are commissioned to process data, this is done in accordance with Art. 28 GDPR by means of an order processing contract. The terms and conditions and data protection guidelines of the respective processor apply.

Transfers to third countries

If we transfer personal data to service providers outside the European Union (EU) and the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contractual clauses) are in place. In addition to contractual or other legal authorizations, we only process data ourselves or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled.

Integration of third-party services and content

It is possible that third-party content, such as maps from Google Maps or graphics from other websites, may be integrated into this website. This always presupposes that the providers of this content process the IP address of the user. Without the IP address, they would not be able to send the content to the respective user’s browser. The IP address is therefore required to display this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence over whether the third-party providers store the IP address, e.g. for statistical purposes.

Hosting and collection of access data

An order processing contract exists with our hosting provider in accordance with our legitimate interests and for the secure provision of our online offer (Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR).

The following data is collected, processed and stored when you access our website or open individual files:

– IP address

– Website from which the file was accessed

– Name of the file

– Date and time of retrieval

– Amount of data transferred, message about the success of the retrieval (so-called weblock)

This data is used exclusively in anonymized form for statistical purposes.

Cookies

Cookies, i.e. text files that are stored on your computer, are used on our website. Persistent cookies recognize that your PC has already had a connection to a website, session cookies store the last offers viewed. Third parties, in particular our partner companies, are not permitted to obtain, process or use personal data by means of cookies via our website. Session cookies are deleted at the end of the session. The use of cookies in the form selected by us does not result in any disadvantages for you.

You can generally accept or exclude the setting, i.e. saving, of cookies by changing your browser settings. Please note that if you exclude cookies, you may not be able to use all the features of our website.

Contact us

If data is entered by you as part of a contact or order form on our homepage or collected in any other way as part of such a form, we will only use this data to process inquiries that we receive via the form. This data will be deleted within a period of 6 months after processing, unless there are further retention obligations.

When using the contact form on our website, your IP address may be stored on the basis of our legitimate interests in accordance with Article 6(1) sentence 1(f) GDPR. This is done for security reasons in order to know the identity of the author in the event of illegal content.

Otherwise, we will only pass on the data collected from you to third parties (e.g. passing on your name and address to a delivery service) to fulfill our contractual obligations and to ensure a smooth process, in particular to process a concluded contract, if this is necessary or if storage is required for other legal reasons.

The data will only be stored for the purpose that you specify when entering the data and will only be used to the extent that you have consented to its use. Data will only be stored for the time necessary to fulfill our contractual obligations or the intended purpose or as required by law. The use of data is also necessary for the performance of a contract as described above if credit information is obtained in order to protect our legitimate interests.

Such a credit check requires the transfer of personal data to third parties and provides information on the probability of a payment default. It can contain probability values that are calculated on a scientific basis and include address data, among other things, in their calculation. These probability values are referred to as score values.

Your personal data will not be passed on to third parties for purposes other than those listed in this section “2. Use of the data collected”, except for the purposes of credit assessment, contract and payment processing.

You have the right to receive information about the stored data concerning you from all bodies that collect data in order to provide credit information.

Comments and contributions

If you leave comments or other contributions on our pages, your IP address may be stored in accordance with Art. 6 GDPR on the basis of our legitimate interests. This is done for security reasons in order to know the identity of the author in the event of unlawful content, as we can be prosecuted for this.

If users leave comments or other contributions, their IP addresses may be stored on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR. GDPR may be stored. This is done for our security in the event that someone leaves illegal and criminally relevant content in comments or other contributions. In this case, we ourselves may be prosecuted for the comment or post and are therefore interested in the identity of the author.

The data provided here will be stored by us until the user objects.

Reservation requests via reservation platforms

The data collected from you will only be passed on to third parties by us to fulfill our contractual obligations and to ensure a smooth process, in particular for the execution of a concluded contract, if this is necessary or the storage is required for other legal reasons.

The data will only be stored for the purpose that you specify when entering the data and will only be used to the extent that you have consented to its use. Data will only be stored for the time necessary to fulfill our contractual obligations or the intended purpose or as required by law. The use of data is also necessary for the performance of a contract as described above if credit information is obtained in order to protect our legitimate interests.

Such a credit check requires the transfer of personal data to third parties and provides information on the probability of a payment default. It can contain probability values that are calculated on a scientific basis and include address data, among other things, in their calculation. These probability values are referred to as score values.

Your personal data will not be passed on to third parties for purposes other than those listed in the previous section, except for the purposes of credit assessment, contract and payment processing.

In addition, the terms and conditions and privacy policy of the respective service provider apply.

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, to improve our website. Google Analytics also uses “cookies” to help the website analyze how users use the site. The information generated by the cookie is generally transferred to Google servers located in the USA, where the data is stored. Google will use this information for the purpose of evaluating your use of the website, compiling an overview of website usage and providing other services to the website operator. The IP address transmitted by your browser will not be merged with other Google data.

If you do not want the data generated by the cookie, including your IP address, to be transmitted to Google, you can download and install a browser add-on under the following link:(http://tools.google.com/dlpage/gaoptout?hl=de) to download and install a browser add-on that prevents the transmission of the generated data.

General information on Google Analytics can be found at http://www.google.com/intl/de/analytics/index.html, information on data protection at: http://www.google.com/intl/de/policies/privacy

Google Maps

We use the city maps of “Google Maps” from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include, in particular, IP addresses and location data of users, which, however, are not collected without consent (usually via the settings of mobile devices and smartphones). The data may be processed in the USA. You can find more information about Google LLC’s privacy policy here: https://www.google.com/policies/privacy/

Further details on the possible opt-out procedure can be found here: https://adssettings.google.com/authenticated

Use of Facebook social plugins

Plugins of the social network Facebook, provider Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our pages. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our site. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection law. You can find more information here: https://www.facebook.com/about/privacyshield

When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook “Like” button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook’s privacy policy at http://de-de.facebook.com/policy.php.

If you do not want Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.

Instagram:

A social plugin of the Instagram service of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Instagram”) is used on this website. You can recognize the Instagram plugin by the Instagram button on our site. If you click on the Instagram button while you are logged into your Instagram account, you can link the content of our pages to your Instagram profile. This allows Instagram to associate your visit to our pages with your user account. We have no control over what data the Instagram plugin collects and how it is used by Instagram. Further information can be found in Instagram’s privacy policy: https://instagram.com/about/legal/privacy
Google +1:

Our pages use Google +1 functions. The provider is Google LLC. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Collection and dissemination of information: You can use the Google +1 button to publish information worldwide. You and other users receive personalized content from Google and our partners via the Google +1 button. Google stores both the information that you have given +1 for a content and information about the page that you viewed when you clicked +1. Your +1s can be displayed as references together with your profile name and your photo in Google services, such as in search results or in your Google profile, or in other places on websites and advertisements on the Internet. Google records information about your +1 activities in order to improve Google services for you and others. To be able to use the Google +1 button, you need a globally visible, public Google profile, which must contain at least the name chosen for the profile. This name is used in all Google services. In some cases, this name can also replace another name that you have used when sharing content via your Google account. The identity of your Google profile can be displayed to users who know your e-mail address or have other identifying information about you.

Use of the information collected: In addition to the uses described above, the information you provide will be used in accordance with the applicable Google privacy policy. Google may publish summarized statistics about the +1 activities of users or pass them on to users and partners, such as publishers, advertisers or associated websites.

You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/

YouTube

We integrate the content of the “YouTube” platform of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/. There is the possibility of an opt-out procedure. You can find more information here: https://adssettings.google.com/authenticated

Newsletter

The newsletter is sent by the service provider

“CleverReach GmbH & Co. KG”

in Mühlenstr. 43

26180 Rastede/Germany;

Sales tax identification number: DE230180364

Commercial register: Oldenburg Local Court / HRA 4020

Represented by:

CleverReach Verwaltungs GmbH | HRB 210079 Oldenburg (Oldb.)

Mühlenstr. 43

26180 Rastede/Germany

Managing Director:

Christian Schmidt, Jens Klibingat & Konrad Frerichs

By subscribing to our newsletter, you agree to our privacy policy. You will only receive newsletters from us on the basis of your consent or legal permission. We inform you about promotions, events and services of our company in the form of our newsletter.

For your security, we use a so-called double opt-in procedure to confirm your newsletter registration in accordance with legal regulations. All you need to do is enter your e-mail address. You will receive a confirmation e-mail after your registration. This is necessary to prevent a third party e-mail address from being registered. In accordance with legal regulations, this registration process is logged accordingly in order to be able to prove your registration. This includes storing the time of registration and confirmation as well as your IP address. Any changes are also logged and stored by our chosen mailing service provider.

You can, of course, unsubscribe from our newsletter at any time. You will find the option to unsubscribe in the form of a link at the end of every newsletter you receive. In order to be able to prove a previously given consent to receive the newsletter, we reserve the right to store the unsubscribed e-mail address due to our legitimate interests. The processing of your data is limited to the purpose of a possible defense against claims. An individual request for deletion is always possible, provided that the former consent is confirmed at the same time.

The service provider is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR and an order processing contract pursuant to Art. 28 para. 3 sentence 1 GDPR.

The data protection provisions of CleverReach GmbH & Co. KG apply: https://www.cleverreach.com/de/datenschutz/

You can find more information on the data security of the selected shipping service provider here: https://www.cleverreach.com/de/datensicherheit/

The newsletter service provider is entitled to use the data of the newsletter recipients in anonymized form, i.e. without the possibility of assignment, to optimize and further develop its services or for statistical purposes. Under no circumstances will the recipients of the newsletter be contacted by the newsletter service provider itself for advertising purposes or other matters, nor will the data be passed on to third parties by the service provider.

Redeeming a gift voucher

When a voucher is redeemed at WE Gastronomie GmbH after purchase from the provider Snapticket c/o Intero Operations & Services GmbH(http://www.snapticket.de/), the data is used exclusively for tax traceability. The use is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

Online presence in social media

We operate our online presence on social platforms to inform our “fans”, guests and interested parties about our services, offers, events and news in and around Munich and to communicate with them. The data processing and terms and conditions of the respective operators apply.

If you contact us by sending a message via the respective platform or a post on the respective network, we will process your data unless otherwise stated in our privacy policy.