scroll down

Privacy policy

Status February 2022

Roland Kuffler GmbH, Residenzstraße 12, 80333 Munich, Germany and all associated companies (hereinafter: "Kuffler Group" or "we") appreciate your interest in our company and our products. Data protection is a core element of our activities. As a result, transparent handling in regard to the processing of personal data is a matter of concern to us.

As those responsible for data protection, we want you to feel secure when visiting our website with regard to the protection of your personal data. Because we take the protection of your personal data very seriously. Compliance with German and European data protection regulations is a matter of course for us.

We reserve the right to make changes to this privacy policy at any time. The privacy policy will be updated regularly and any changes will be automatically posted on our website.

In the following, we inform you about the processing of personal data when using our websites.

Table of contents

Name and address of the person responsible

The responsible person within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:

Roland Kuffler GmbH
Residenzstr. 12
80333 Munich
Germany
Tel.: ++49 89 290 705-0
Fax: ++49 89 294 076
E-mail: direkt  (at) kuffler [punkt] de
Websites: www.kuffler.de | www.hotel-muenchen-palace.de

Affiliated companies:

Haus Kuffler GmbH & Co KG
Kuffler Weinzelt GmbH
Kuffler Inn Design GmbH
Kuffler Catering Service GmbH & Co.KG
Kuffler Catering GmbH
Mangostin Asia Gastro u. Handelsgesellschaft mbH
Mangostin Asia Gastro u. Handelsgesellschaft mbH und Co. Betriebs KG
Kuffler Kurhaus Gastronomie GmbH & Co.KG
Kuffler AOF Restauration GmbH & Co.KG
Kuffler Airport Gastronomiegesellschaft mbH & Co.
Kuffler & Bucher GmbH & Co.KG
Kuffler CC Gastro GmbH
Haxnbauer GmbH

Contact details of the data protection officer

The data protection officer of the data controller is:

DataCo GmbH
Dachauer Street 65
80335 Munich
Germany
+49 89 7400 45840
www.dataguard.de

Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
The IP address of the calling computer;
Information about the browser type and version used;
The operating system of the user;
The country from which users are accessing;
Date and time of access
Any other websites from which the user's system accesses our website.

The data is stored by our host provider, who is an order processor in this respect. The IP addresses are completely anonymised with an 'x' after 7 days from the aforementioned collection.

2. purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

3. legal basis for the data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. f DS-GVO.

4. duration of the storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

The storage of data in the log files mentioned is possible for more than 7 days, but then only completely anonymised: In this case, the IP addresses are completely alienated so that an assignment of the calling user is no longer possible, see above. After 9 weeks at the latest, this data is deleted in its remaining quality in any case and in its entirety.

5. possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

Use of cookies

1. description and scope of data processing

Our website uses cookies that are stored in the internet browser or by the internet browser on the user's computer system. When a user calls up a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is stored and transmitted in the cookies:

Language settings
Log-in information
Cookie settings
Search terms
Other information necessary for the provision of the website

The user data collected in this way is pseudonymised by technical precautions. The data is not stored together with other personal data of the users.

We also use cookies on our website that enable an analysis of the user's surfing behaviour. The following data is stored and transmitted in the analysis cookies:

User behaviour on our website
Other information used for marketing purposes

2. purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.
The user data collected through technically necessary cookies are not used to create user profiles.

Analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.

3. legal basis for the data processing

The legal basis for the processing of personal data using analysis cookies is Art. 6 para. 1 p. 1 lit. a DSGVO.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 p. 1 lit. f DSGVO.

4. duration of storage, possibility of objection and elimination

Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

If you use a Safari browser from version 12.1, cookies are automatically deleted after seven days. This also applies to opt-out cookies, which are set to prevent tracking measures.

Use of Google Analytics

1. description and scope of data processing

For the purpose of demand-oriented design and continuous optimisation of our pages, we use Google Analytics on our website https://www.hotel-muenchen-palace.de/, a web analysis service of Google Inc.(https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudo-nymised usage profiles are created and cookies (see above) are used. The information generated by the cookie about your use of this website, such as

Browser type/version,
Operating system used,
Referrer URL (the previously visited page),
Host name of the accessing computer (IP address),
Time of the server request,

are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services associated with the use of the website and the internet for the purposes of market research and demand-oriented design of these internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.

Important in particular: The IP addresses are immediately anonymised so that an allocation of the user data concerning you is no longer possible per se with reasonable means in our opinion (IP masking). This happens on Google's servers in the USA at the latest, but usually before that.

Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics Help at the link: https://support.google.com/analytics/answer/6004245? .

2. legal basis of the data processing

The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 p. 1 lit. a DSGVO.

3. purpose of the data processing

With the tracking measures used under Google Analytics, we want to ensure a needs-based design and the ongoing optimisation of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.

4. duration of storage, possibility of objection and elimination

In this regard, we would like to refer you to the explanations above regarding other cookies, which also apply here.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

5. hazard warning 

It cannot be ruled out that your personal data will also be transferred to the USA. There is no adequacy decision for the USA according to Art. 45 (3) DS-GVO. Furthermore, there are no appropriate guarantees according to Art. 46 DS-GVO. We would like to point out that a data transfer without an adequacy decision and without suitable guarantees involves certain risks, which we would like to inform you about below:

Intelligence services in the USA use certain online identifiers (such as the IP address or unique identification numbers) as a starting point for monitoring individuals. In particular, it cannot be ruled out that these intelligence services have already collected information about you, with the help of which the data transmitted here can be traced back to you.
Providers of electronic communications services headquartered in the United States are subject to surveillance by U.S. intelligence agencies pursuant to 50 U.S. Code § 1881a ("FISA 702"). Accordingly, providers of electronic communications services headquartered in the U.S. have an obligation to provide personal information to U.S. authorities pursuant to 50 U.S. Code § 1881a. 

Even encryption of the data in the data centres of the electronic communications service provider cannot provide adequate protection, since an electronic communications service provider has a direct obligation to grant access to or surrender imported data in its possession or custody or under its control. This obligation may explicitly extend to the cryptographic keys without which the data cannot be read.

The fact that this is not merely a "theoretical danger" is demonstrated by the ECJ's judgment of 16 July 2020, C-311/18.

Google Adwords Conversion Tracking

In order to statistically record the use of our website and to evaluate it for the purpose of optimising our website for you, we also use Google Conversion Tracking. In this process, Google Adwords sets a cookie (see generally above) on your computer if you have accessed our website via a Google ad.

These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords client's website and the cookie has not yet expired at that time, Google and the client can recognise that the user clicked on the ad and was redirected to that page.

Each Adwords customer receives a different cookie. Cookies can therefore not be tracked via the websites of Adwords customers. The information obtained using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. The Adwords customers learn the total number of users who clicked on their ad and were redirected to a page marked with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.

If you do not wish to participate in the tracking procedure, you can also refuse the setting of a cookie required for this - for example, via a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser so that cookies from the domain "www.googleadservices.com" are blocked.

Online reservations (OpenTable)

1. description and scope of data processing

On our website you have the possibility to make table reservations for our restaurants. In order to facilitate the reservations, we integrate online reservation masks of the service "OpenTable" of the provider OpenTable Inc., 1 Montgomery St., Suite 700, San Francisco, CA 94014, USA, on our websites. The data for guests making reservations from Germany are processed by OpenTable GmbH, Zeil 109, Frankfurt 60313.

When using "OpenTable", the following personal data will be processed from you:

First name
Last name
E-mail address
Telephone number
Reason for the reservation (optional)
Special requests (optional)

You can find more information on the processing of your personal data by "OpenTable" and the corresponding objection options here: https://www.opentable.de/legal/privacy-policy 

2. purpose of the data processing

The processing of the personal data from the reservation mask serves us solely to process the reservation.

3. legal basis for the data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. b DS-GVO. The processing is necessary for the fulfilment of the contract.

4. duration of the storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the reservation has been cancelled or the restaurant visit has ended.

Online reservations Kuffler's wine tent

1. description and scope of data processing

On our website https://www.weinzelt.com/de/reservierung/ you have the possibility to send us online reservation requests by date, number of persons and time for the wine tent at the upcoming Oktoberfest.

The data to be entered there are, if you do not yet have a customer number (a customer number is not assigned via the website, but only after a reservation/hospitality has been made that may have an effect on costs):

When you make a reservation, the following personal data will be processed:

Company name (optionally two lines);
Salutation;
First name;
Last name;
Street, house number;
POSTCODE;
Place;
Land;
Telephone - landline;
Phone - mobile;
E-mail address;
Shipping address information;
According to your own wishes and considerations, you then enter a date from the given dates in the "Date request" field;
After entering the desired date (this field does not appear before), you will be asked to indicate the number of persons; this must be at least 2, see above;
Finally, you will be asked to agree to the General Terms and Conditions and other agreements, and you will be given the opportunity to indicate any further wishes in a free note field.
Date and time on which / at which you make the reservation.

If you already have a customer number, you will only be asked to enter your customer number and e-mail address before entering the technical reservation request.

2. purpose of the data processing

The processing of the personal data from the reservation mask serves us solely to process the reservation request. It has the downstream objective that you can experience and enjoy a complication-free visit to the wine tent at the reserved time and place in accordance with your further wishes, which you may have voluntarily communicated in advance.

3. legal basis for the data processing

The legal basis is Art. 6 para. 1 lit. b DSGVO, as both a reservation contract is concluded, i.e. corresponding processing is necessary for the fulfilment of a contract, and a further contract (hospitality contract) is targeted and prepared.

4. duration of the storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the reservation is cancelled or the restaurant visit has ended. If a catering contract is concluded, your data will be kept for billing and other questions in the follow-up.

Room booking (Preferred Hotel Group)

1. description and scope of data processing
On our website https://www.hotel-muenchen-palace.de/ you have the possibility to book hotel rooms. In order to facilitate the booking, we integrate online booking masks of the provider Preferred Hotel Group, Inc., 311 South Wacker DriveSuite 1900 Chicago, Illinois 60606, USA, on our website. 

When using the online booking mask, the following personal data will be processed from you:

First name
Last name
E-mail address
Telephone number
Address
Requests or special needs (optional)
Payment information

You can find more information on the processing of your personal data by the Preferred Hotel Group and the corresponding objection options here: https://preferredhotels.com/privacy-policy-all-languages 

2. purpose of the data processing

The processing of personal data from the online booking mask serves us solely to process the booking.

3. legal basis for the data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. b DS-GVO. The processing is necessary for the fulfilment of the contract.

4. duration of the storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the reservation has been cancelled or the hotel visit has ended.

Contact form cooking course mangostin

On our website https://www.mangostin.de/ there is a contact form which can be used for your electronic online booking enquiry, secured by bank data, for cooking courses offered by us with dates and titles. In the course of this, we collect the data that you enter in the input mask for your enquiry.

1. description and scope of data processing

On our website https://www.mangostin.de/ there is a contact form which can be used for your electronic online booking enquiry, secured by bank data, for cooking courses offered by us with dates and titles. In the course of this, we collect the data that you enter in the input mask for your enquiry.

In the course of your "enquiry" under the enquiry form, we collect the data you enter in the input mask there. This is the following data:

Selection from cooking courses offered (title, date);
Number of participants to be requested by you;
Salutation;
Last name;
Street / house number, postcode, town and telephone number;
Fax number;
E-mail address;
Credit card type
16-digit card number;
Validity of your card.
Personal communication

Automatically, i.e. without your active intervention, data is stored during the registration and any confirmation process (see below):

IP address of the calling computer.
Registration and
If applicable - i.e. in the case of confirmation, see below - time of confirmation.

The data marked with an asterisk "*" in the input mask described here are so-called mandatory fields, without which we are unfortunately unable to process any enquiries about vouchers for technical and organisational reasons relating to our operation.

In both cases, the data will only be forwarded to us. In this context, the data is not passed on to third parties. The data is used exclusively for processing the respective conversation.

2. legal basis for the data processing

The legal basis for the processing of data transmitted in the course of sending a request for a gift voucher is Art. 6 (1) lit. b DSGVO. If the e-mail contact is aimed at the preparation and/or conclusion of a contract.

3. purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the contact.

4. duration of the storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

For personal data sent by e-mail for general contact purposes, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

The data from the contact "enquiry" for cooking courses will be kept for as long as necessary from the content of the contact and the further communicative development.

Gift voucher

1. description and scope of data processing

On our website at https://www.hotel-muenchen-palace.de/de/geschenkgutscheine.html (corresponding link also at the bottom left of each of our pages under "Gift Vouchers") there is the possibility of procuring Hotel München Palace hotel vouchers as a gift for any occasion.

In the course of your "enquiry" under the enquiry form, we collect the data you enter in the input mask there. This is the following data:

Choice of how we contact you - email, phone, fax;
First name;
Last name;
Address
Company name
Industry
additional address line
E-mail address;
Telephone number
City
State / Province
Postcode
Country
According to your own wish and consideration - technically optional field - enter further "requirements / wishes" in a free note field.

Automatically, i.e. without your active intervention, data is stored during the registration and any confirmation process (see below):

IP address of the calling computer.
Registration and
If applicable - i.e. in the case of confirmation, see below - time of confirmation.

The data marked with an asterisk "*" in the input mask described here are so-called mandatory fields, without which we are unfortunately unable to process any enquiries about vouchers for technical and organisational reasons relating to our operation.

In both cases, the data will only be forwarded to us. In this context, the data is not passed on to third parties. The data is used exclusively for processing the respective conversation.

2. legal basis for the data processing

The legal basis for the processing of data transmitted in the course of sending a request for a gift voucher is Art. 6 (1) lit. b DSGVO. If the e-mail contact is aimed at the preparation and/or conclusion of a contract, e.g. for a hotel reservation.

3. purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the contact.

4. duration of the storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

For personal data sent by e-mail for general contact purposes, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

The data from the contact "enquiry" about hotel vouchers will be stored for as long as is necessary from the content of the contact and the further communicative development.

E-mail contact

1. description and scope of data processing

On our website, it is possible to contact us via the email addresses provided. In this case, the user's personal data transmitted with the email will be stored. The data is used exclusively for processing the conversation.

2. purpose of the data processing

In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

3. legal basis for the data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a DS-GVO if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f DS-GVO. 

If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DS-GVO.

4. duration of the storage

No sent form data is stored. Requests are sent directly by e-mail. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

5. possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time by sending an e-mail to the above-mentioned contact information. If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

Contact form

1. description and scope of data processing

Our website contains a contact form that can be used for electronic contact. If a user uses this option, the data entered in the input mask is transmitted to us and stored.

The following data is stored at the time the message is sent:

E-mail address
Name
First name
Telephone / mobile phone number (optional)
Date and time of contact
The message you wrote

For the processing of data, reference is made to this data protection declaration within the framework of the ???. 

2. purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the contact. In the event of contact being made, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the submission process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

3. legal basis for the data processing

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 p. 1 lit. f DS-GVO. If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) sentence 1 lit. b DS-GVO.

4. duration of the storage

No sent form data is stored. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent via the contact form, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

5. possibility of objection and removal

If you contact us via the contact form, you can object to the storage of your personal data at any time in accordance with Art. 21 DS-GVO. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

Subscribe to our newsletter

1. description and scope of data processing

You can subscribe to our newsletter on our website.

The following data is stored at the time the message is sent:

Salutation
E-mail address
Name
First name
Date and time of registration

2. purpose of the data processing

We use your data exclusively for sending the newsletter. Processing of the personal data you provide is necessary for the purpose of sending the newsletter.

The registration system with an additional confirmation message containing a link to the final registration (double opt-in) ensures that the newsletter or alert is explicitly desired by you.

3. legal basis for the data processing

The processing of personal data is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO.

4. duration of the storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Your email address will therefore be stored as long as the subscription is active and you have not revoked your consent to receive the newsletter.

5. possibility of objection and removal

Insofar as you no longer agree to the storage of data for this purpose and thus no longer wish to use our offer, you can unsubscribe from the newsletters at any time. For this purpose, you will find a corresponding link in each newsletter. The personal data you have provided will then be deleted.

Use of corporate presences in social media

We are active in social networks in order to inform you as users about our services and information offers. Publications about the company's presence may contain the following content: 

-Information about products 
-Information about services
-Information about the company's development
-Information about awards 
- Winning games 
- Advertising 
- Employee Acquisition

If you wish, you can communicate with us directly via the respective platform. Our social media channels thus complement our website and, if you prefer these platforms, offer you an alternative way of communicating.

1. overview of the social media presences we use

Below you will find an overview of our social media presences. There you will see that all offers on the website can be reached via an external link, because all social media channels can only be accessed by you as a visitor to the website via an external link. As soon as you call up the respective social media profile in the respective network, the terms and conditions and data processing guidelines of the respective operators apply there.

 
Kuffler Group
Roland Kuffler GmbH
https://www.facebook.com/KufflerGruppe/ 
https://twitter.com/KufflerGroup
https://www.youtube.com/user/KufflerTV 
https://de.linkedin.com/company/kuffler-group            

Mangostin Asia Restaurants
"Mangostin Asia" Gastronomie- und Handelsgesellschaft mbH & Co. Betriebs KG
https://www.facebook.com/Mangostinasia
https://www.pinterest.de/kuffler/mangostin-asia/
https://www.instagram.com/mangostin_asia/
https://www.tripadvisor.de/Restaurant_Review-g187309-d715496-Reviews-Mangostin_Asia-Munich_Upper_Bavaria_Bavaria.html
       
Haxnbauer in the Scholastic House
Roland Kuffler GmbH 
https://www.facebook.com/Haxnbauer
https://www.pinterest.de/kuffler/haxnbauer-im-skolastikahaus/
https://www.instagram.com/accounts/login/?next=/haxnbauer_/
https://www.tripadvisor.de/Restaurant_Review-g187309-d964386-Reviews-Haxnbauer-Munich_Upper_Bavaria_Bavaria.html
     
Seahouse in the English Garden
Roland Kuffler GmbH
https://www.facebook.com/seehaus.muenchen
https://www.pinterest.de/kuffler/seehaus-im-englischen-garten/
https://www.instagram.com/accounts/login/?next=/seehaus_im_englischen_garten/
https://www.tripadvisor.de/Restaurant_Review-g187309-d958072-Reviews-Seehaus_im_Englischen_Garten-Munich_Upper_Bavaria_Bavaria.html
     
Spatenhaus at the Opera
Roland Kuffler GmbH
https://www.facebook.com/spatenhausanderoper/
https://www.pinterest.de/kuffler/spatenhaus-an-der-oper/
https://www.instagram.com/accounts/login/?next=/spatenhausanderoper/
https://www.tripadvisor.de/Restaurant_Review-g187309-d896760-Reviews-Spatenhaus-Munich_Upper_Bavaria_Bavaria.html

Hotel Munich Palace
Roland Kuffler GmbH
https://www.facebook.com/hotel.muenchen.palace
https://twitter.com/KufflerGroup
https://www.pinterest.de/kuffler/hotel-m%C3%BCnchen-palace/
https://www.instagram.com/accounts/login/?next=/hotelmuenchenpalace/
https://www.tripadvisor.de/Hotel_Review-g187309-d217948-Reviews-Hotel_Muenchen_Palace-Munich_Upper_Bavaria_Bavaria.html

Kuffler wine tent
Kuffler Wine Tent GmbH
https://www.facebook.com/KufflersWeinzelt
https://www.instagram.com/accounts/login/?next=/kufflers_weinzelt/

Kuffler Catering
Kuffler Catering Service GmbH & Co KG
https://www.facebook.com/KufflerCatering/

Rosso Suite
Kuffler AOF Restauration GmbH & CoKG
https://www.facebook.com/RossoSuite/
https://www.tripadvisor.de/Restaurant_Review-g187337-d5826015-Reviews-Rosso_Suite-Frankfurt_Hesse.html
https://www.instagram.com/rosso_suite/

Opera Restaurant
Kuffler AOF Restauration GmbH & CoKG
https://www.facebook.com/OperaFrankfurt
https://www.instagram.com/restaurant_opera.frankfurt/
https://www.tripadvisor.de/Restaurant_Review-g187337-d718243-Reviews-Opera-Frankfurt_Hesse.html

DELI BROS
Kuffler & Bucher Gastronomie GmbH & CoKG
https://www.facebook.com/DeliBrosFFM
https://www.tripadvisor.de/Restaurant_Review-g187337-d5794388-Reviews-Deli_Bros-Frankfurt_Hesse.html

Goethe Bar
Kuffler & Bucher Gastronomie GmbH & CoKG
https://www.facebook.com/goethebarffm

Kuffler & Bucher Airport
Kuffler & Bucher Gastronomie GmbH & CoKG
https://www.facebook.com/KuBuAir
https://www.tripadvisor.de/Restaurant_Review-g187337-d2340121-Reviews-Kuffler_Bucher-Frankfurt_Hesse.html

Twitter
We use the platform and offers of Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. ( https://twitter.com) back. The data controller for persons living outside the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. We would like to point out that you use the Twitter short message service and its functions under your own responsibility. Information on what data is processed by Twitter and for what purposes can be found in Twitter's privacy policy: https://twitter.com/privacy.

Facebook and Instagram
All functions in the social media network Facebook and Instagram are offered by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. If you are logged in to Facebook or Instagram with your own profile and access our media channel, Facebook can assign your visit to your logged-in profile.

Facebook and we are joint controllers within the meaning of Article 26 of the GDPR. Facebook assumes primary responsibility under the GDPR for the processing of Insights Data as part of the joint responsibility and complies with all obligations under the GDPR with respect to the processing of Insights Data (including Articles 12 and 13 of the GDPR, Articles 15 to 22 of the GDPR and Articles 32 to 34 of the GDPR). Furthermore, Facebook makes the essence of this Page Insights Addendum available to data subjects (the corresponding "Page Insights Controller Addendum" can be found here: https://www.facebook.com/legal/terms/page_controller_addendum).

We would like to point out that you use this Facebook page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (especially commenting, sharing, rating).

For more information on the purposes of data processing by Facebook, please refer to the Facebook Data Policy: https://de-de.facebook.com/policy.php

Further information on Facebook's legitimate interests with regard to the processing of personal data can be found here: https://de-de.facebook.com/about/privacy/legal_bases

Pinterest
We use the technical platform and offers of Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland to publish images and graphics. We have no influence on the data collection and its further use by the social networks. We also have no effective means of control. Information on what data is processed by Pinterest and for what purposes can be found in Pinterest's privacy policy: 
https://policy.pinterest.com/de/privacy-policy

YouTube
We use the technical platform and services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (https://www.youtube.com) to provide video content. We have no influence on the collection of data and its further use by the social networks. We also have no effective means of control. Information on which data is processed by YouTube/Google and for which purposes can be found in the privacy policy of YouTube or Google: https://policies.google.com/privacy?hl=de&gl=de.

LinkedIn
We use the professional network of LinkedIn, Unlimited Company, Wilton Place, Dublin 2, Ireland to provide content. We have no influence on the collection of data and its further use by the social networks. Nor do we have any effective means of control. Information on which data is processed by the LinkedIn company and for which purposes can be found in the privacy policy of YouTube or LinkedIn: 
https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

2. purpose of the data processing

Our company website serves to inform users about our services. In doing so, every user is free to publish personal data through activities.

3. legal basis for the data processing

The legal basis for the processing of the data is Art. 6 para. 1 p. 1 lit. a DS-GVO if the user has given his consent.

The legal basis for the processing of your data in connection with the use of our company website is Art.6 para.1 p.1 lit. f DS-GVO.

4. duration of the storage

We store your activities and personal data published via our corporate website until you revoke your consent. In addition, we comply with the statutory retention periods.

5. possibility of objection and removal

You can object to the processing of your personal data that we collect in the course of your use of our company website at any time. To do so, send us an informal e-mail to the e-mail address stated in this data protection declaration. If the processing is based on your consent, you can revoke your consent at any time.

Software used

We use software for various purposes. The software used is listed below:

Use of Microsoft

1. scope of the processing of personal data

We use functionalities of Microsoft Corporation, One Microsoft Way, 98052, Redmond, Washington, USA and its representatives in the European Union Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland
(hereinafter: Microsoft) by using Microsoft Office 365.

Microsoft Office 365 allows us to organise our internal processes, especially by sending and receiving emails via Outlook or storing information in SharePoint or OneDrive. 

It cannot be ruled out that data is processed on Microsoft servers in the USA, which has not been recognised by the European Commission as a country with an adequate level of data protection. In order to ensure appropriate guarantees for the protection of the transfer and processing of personal data outside the EU, the transfer of data to and processing of data by Microsoft is carried out on the basis of appropriate guarantees in accordance with Art. 46 et seq. DS-GVO, in particular by concluding so-called standard data protection clauses according to Art. 46 (2) lit. c DS-GVO. A copy of the appropriate guarantees can be requested by sending an informal e-mail to the contact information above. Further information on the processing of data by Microsoft can be found here: https://privacy.microsoft.com/de-de/privacystatement

2. purpose of the data processing

We use Microsoft applications for communication, filing and internal organisation and administration. 

3. legal basis for the processing of personal data

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO. Our legitimate interest here lies in the purposes of data processing mentioned under 2.

4. duration of the storage

Your personal information will be retained for as long as is necessary to fulfil the purposes described in this privacy policy or as required by law, for example for tax and accounting purposes.

5. possibility of objection and removal

As a data subject, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f). This also applies to profiling based on these provisions. As the controller, we shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

You can object to the analysis of your personal data for advertising purposes here at Microsoft: http://choice.microsoft.com/de-DE/opt-out 

Further information on objection and removal options vis-à-vis
Microsoft can be found at: https://privacy.microsoft.com/de-de/privacystatement

Use of YouTube videos on our website

1. scope of the processing of personal data 
 
We use YouTube videos provided by Google Ireland Limited, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as: Google). We use YouTube to embed videos from YouTube on our online presence. When you visit our online presence, your browser establishes a connection with YouTube's servers. As a result, personal data can be saved and analysed, including 

the activity of the user (in particular which pages have been visited and which elements have been clicked on) as well as 
Device and browser information (in particular the IP address and the operating system). 

We have no influence on the content of YouTube's processing activities. If you are logged into your YouTube account during your visit, Google can assign your website visit to this account. Through interaction with YouTube, this corresponding information is transmitted directly to Google and stored there. 

You can obtain further information on the processing of data by Google here: https://policies.google.com/privacy?gl=DE&hl=de 

2. purpose of the data processing 
 
The use of videos on our website serves to improve user-friendliness and an appealing presentation of our online presence. 

3. legal basis for the processing of personal data 
 
The legal basis for the processing of the user's personal data is always the user's consent in accordance with Art. 6 para. 1 sentence 1 lit. a DS-GVO. Cookies are only set when you press "Play" or "Abspielen". 

4. duration of the storage 
 
Your personal information will be retained for as long as is necessary to fulfil the purposes described in this privacy policy or as required by law, for example for tax and accounting purposes. 

5. possibility of revocation and removal
 
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. 

You can prevent the collection as well as the processing of your personal data by Google by preventing third-party cookies from being stored on your computer, by using the "Do Not Track" function of a supporting browser, by deactivating the execution of script code in your browser or by installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser. 

You can deactivate the use of your personal data by Google using the following link: https://adssettings.google.de 

You can find further information on objection and removal options vis-à-vis Google at: https://policies.google.com/privacy?gl=DE&hl=de

6. hazard warning

It cannot be ruled out that your personal data will also be transferred to the USA. There is no adequacy decision for the USA according to Art. 45 (3) DS-GVO. Furthermore, there are no appropriate guarantees according to Art. 46 DS-GVO. We would like to point out that a data transfer without an adequacy decision and without suitable guarantees involves certain risks, which we would like to inform you about below:

Intelligence services in the USA use certain online identifiers (such as the IP address or unique identification numbers) as a starting point for monitoring individuals. In particular, it cannot be ruled out that these intelligence services have already collected information about you, with the help of which the data transmitted here can be traced back to you.
Providers of electronic communications services headquartered in the United States are subject to surveillance by U.S. intelligence agencies pursuant to 50 U.S. Code § 1881a ("FISA 702"). Accordingly, providers of electronic communications services headquartered in the U.S. have an obligation to provide personal information to U.S. authorities pursuant to 50 U.S. Code § 1881a. 

Even encryption of the data in the data centres of the electronic communications service provider cannot provide adequate protection, since an electronic communications service provider has a direct obligation to grant access to or surrender imported data in its possession or custody or under its control. This obligation may explicitly extend to the cryptographic keys without which the data cannot be read.

The fact that this is not merely a "theoretical danger" is demonstrated by the ECJ's judgment of 16 July 2020, C-311/18.

Raffles

1. description, purpose and scope of data processing
If you participate in one of our competitions, we will process your personal data for the purpose of conducting the competition. By confirming these conditions of participation, participants declare their consent to the collection, use and storage of the data for the above-mentioned purpose. Address data will only be collected from the winners and will only be used to send the prize. Otherwise, no personal data will be passed on to third parties. After the end of the competition, the notification of the winner and the transmission of the prize, the organiser will delete the personal data of all participants.

2. legal basis for the data processing
The processing of personal data is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO.

3. duration of the storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

General information on the rights of data subjects

If your personal data is processed, you are a "data subject" within the meaning of the GDPR. Subject to legal restrictions and exceptions to the contrary, you have the following rights vis-à-vis us as data controllers:

1. right of access Art. 15 DSGVO
You can request information about whether we process personal data about you. If this is the case, you have the right to information about this personal data as well as other information related to the processing.

2. right to rectification Art. 16 DSGVO
In the event that personal data about you is not (or is no longer) accurate or incomplete, you may request that this data be corrected and, if necessary, completed.

3. right to erasure or restriction Art. 17, 18 DSGVO
If the legal requirements are met, you can request the deletion of your personal data (Art. 17 DSGVO) or the restriction of the processing of this data (Art. 18 DSGVO).

4. right to data portability Art. 20 DSGVO
You have the right, under the conditions of Art. 20 DSGVO, to demand that we hand over to you the personal data concerning you that you have provided to us in a structured, common and machine-readable format. However, according to Art. 20 (3) sentence 2 DSGVO, this right is not available if the data processing serves the performance of public tasks.

5. right of objection Art. 21 GDPR
For reasons arising from your particular situation, you may also object to the processing of your personal data by us at any time. This right exists if your personal data is processed on the basis of Art. 6 para. 1 lit. e), f) DSGVO, for direct advertising, for scientific or historical research or for statistical purposes. If the legal requirements are met, we will subsequently no longer process your personal data. 

6. right to revoke the declaration of consent under data protection law
If you have consented to the processing of your data (Art. 6 para. 1 lit. a), you have the right to revoke your consent at any time. To do so, please send an email to direkt  (at) kuffler [punkt] de. The revocation is only effective for the future; this means that the revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

7. right of appeal to the supervisory authority
Without prejudice to any other administrative or judicial remedy, a data subject (you) has the right to lodge a complaint with a supervisory authority - in particular in the member state of your residence - if you consider that the processing of your personal data by us infringes the GDPR. Since several locations are conceivable, we offer you an official list of all data protection officers including their contact details. Please use the following link of the Federal Commissioner for Information and Data Protection, Bonn: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html. The supervisory authority to which the complaint was submitted will then inform you as the complainant about the status and the results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

top