Data protection

Generally

As the operator of this website and as a company, we come into contact with your personal data. This means all data that says something about you and with which you can be identified. In this privacy policy, we would like to explain to you how, for what purpose and on what legal basis we process your data.


The person responsible for data processing on this website and in our company is:

RSE Gastro GmbH Am Gewerbepark 4 90552 Röthenbach ad Pegnitz

Phone: 0911227845 E-Mail: hello@daspaul.com


Data protection officer:

Daniela Jänsch
dj@daspaul.com

Named on April 24, 2024


General information


SSL or TLS encryption

When you enter your data on websites, place online orders or send emails over the Internet, you must always expect that unauthorized third parties will access your data. There is no complete protection against such access. However, we do everything we can to protect your data as best as possible and to close security gaps as far as we can.

An important protection mechanism is the SSL or TLS encryption of our website, which ensures that data that you send to us cannot be read by third parties. You can recognize the encryption by the lock icon in front of the Internet address entered in your browser and by the fact that our Internet address begins with https:// and not with http://.


Encrypted payment transactions

Payment data, such as account or credit card numbers, are particularly in need of protection. This is why we only process payments using common payment methods via an encrypted SSL or TLS connection.


How long do we store your data?

At some points in this privacy policy we inform you how long we or the companies that process your data on our behalf store your data. If such information is missing, we store your data until the purpose of the data processing no longer applies, you object to the data processing or you withdraw your consent to the data processing.


However, in the event of an objection or revocation, we may continue to process your data if at least one of the following conditions is met:


We have compelling legitimate grounds for continuing the processing which override your interests, rights and freedoms (only if you object to the processing; if the objection is directed against direct marketing, we cannot provide legitimate grounds).


The data processing is necessary to assert, exercise or defend legal claims (does not apply if your objection is directed against direct marketing).


We are legally obliged to retain your data.


In this case, we will delete your data as soon as the requirement(s) no longer apply.


Data transfer to the USA

We also use tools on our website from companies that transmit your data to the USA, store it there and possibly process it further. This is particularly important for you because your data does not enjoy the same level of protection in the USA as it does within the EU, where the General Data Protection Regulation (GDPR) applies. For example, US companies are obliged to release personal data to security authorities without you as the data subject being able to take legal action against this. It is therefore possible that US authorities (e.g. secret services) process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.



Your rights


Objection to data processing

IF YOU READ IN THIS PRIVACY POLICY THAT WE HAVE LEGITIMATE INTERESTS IN PROCESSING YOUR DATA AND THEREFORE BASE THIS ON ARTICLE 6, PARAGRAPH 1, SENTENCE 1, LIT. F) OF THE GDPR, YOU HAVE THE RIGHT TO OBJECT TO IT ACCORDING TO ARTICLE 21 OF THE GDPR. THIS ALSO APPLIES TO PROFILING THAT IS CARRIED OUT ON THE BASIS OF THE ABOVE-MENTIONED PROVISION. THE CONDITION IS THAT YOU GIVE REASONS FOR THE OBJECTION THAT ARISE FROM YOUR PARTICULAR SITUATION. NO REASONS ARE NECESSARY IF THE OBJECTION IS DIRECTED TO THE USE OF YOUR DATA FOR DIRECT MARKETING.

THE CONSEQUENCE OF THE OBJECTION IS THAT WE ARE NO LONGER PERMITTED TO PROCESS YOUR DATA. THIS ONLY DOES NOT APPLY IF ONE OF THE FOLLOWING CONDITIONS APPLIES:


  • WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS. THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.


THE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS DIRECTLY TO DIRECT MARKETING OR TO PROFILING RELATED TO IT.



Further rights


Revocation of your consent to data processing

Many data processing operations are carried out on the basis of your consent. You give this, for example, by ticking the appropriate box on online forms before sending the form or by allowing certain cookies when you visit our website. You can revoke your consent at any time without giving reasons (Art. 7 Para. 3 GDPR). From the time of revocation, we are no longer permitted to process your data. The only exception: we are legally obliged to keep the data for a certain period of time. Such retention periods exist in particular in tax and commercial law.


Right to complain to the competent supervisory authority

If you believe that we are violating the General Data Protection Regulation (GDPR), you have the right to complain to a supervisory authority under Art. 77 GDPR. You can contact a supervisory authority in the member state of your residence, your place of work or the place where the alleged violation occurred. The right to complain exists in addition to administrative or judicial remedies.


Right to data portability

We must hand over data that we process automatically on the basis of your consent or in fulfillment of a contract to you or a third party in a common machine-readable format if you request this. We can only transfer the data to another responsible party if this is technically possible.


Right to data information, deletion and correction

According to Art. 15 GDPR, you have the right to receive information free of charge about which personal data we have stored about you, where the data comes from, to whom we transmit the data and for what purpose it is stored. If the data is incorrect, you have the right to rectification (Art. 16 GDPR); under the conditions of Art. 17 GDPR, you can request that we delete the data.


Right to restriction of processing

In certain situations, you can request that we restrict the processing of your data in accordance with Art. 18 GDPR. The data may then only be processed as follows - apart from storage:

  • with your consent to assert, exercise or defend legal claims to protect the rights of another natural or legal person for reasons of important public interest of the European Union or a Member State


The right to restrict processing exists in the following situations:

  • You have disputed the accuracy of your personal data stored by us and we need time to check this. This right exists for the duration of the review.The processing of your personal data is unlawful or was unlawful in the past. Here you have the alternative right to have the data deleted.We no longer need your personal data, but you need it to exercise, defend or assert legal claims. Here you have the alternative right to have the data deleted.You have lodged an objection in accordance with Art. 21 Para. 1 GDPR and now your interests and ours must be weighed against each other. This right exists as long as the result of the balancing has not yet been determined.



Hosting and

Content Delivery Networks (CDN)


Externes Hosting

Our website is hosted on a server of the following Internet service provider (hoster):


Amazon Web Services (AWS) Germany GmbH Krausenstr. 38 10117 Berlin


Has a contract for data processing been concluded with the hoster? Yes


How do we process your data?

The host stores all data from our website. This includes all personal data that is collected automatically or through your input. This can include in particular: your IP address, pages accessed, names, contact details and queries as well as meta and communication data. When processing data, Amazon Web Services (AWS) Germany GmbH adheres to our instructions and only processes the data to the extent that this is necessary to fulfill its obligation to provide services to us.


On what legal basis do we process your data?

Since we address potential customers and maintain contact with existing customers via our website, the data processing by our host serves to initiate and fulfill the contract and is therefore based on Art. 6 Para. 1 lit. b) GDPR. In addition, it is our legitimate interest as a company to provide a professional Internet offering that meets the necessary requirements for security, speed and efficiency. In this respect, we also process your data on the basis of Art. 6 Para. 1 lit. f) GDPR.



Data collection on this website


Use of cookies

Our website places cookies on your device. These are small text files that serve different purposes. Some cookies are technically necessary for the website to function at all (necessary cookies). Others are required to be able to carry out certain actions or functions on the site (functional cookies). For example, without cookies it would not be possible to use the advantages of a shopping cart in an online shop. Still other cookies are used to analyze user behavior or optimize advertising measures. If we use third-party services on our website, e.g. to process payment transactions, these companies can also leave cookies on your device when you visit the website (so-called third-party cookies).


How do we process your data?

Session cookies are only stored on your device for the duration of a session. As soon as you close the browser, they disappear automatically. Permanent cookies, on the other hand, remain on your device if you do not delete them yourself. This can, for example, lead to your user behavior being analyzed permanently. You can influence how it handles cookies via the settings in your browser:


  • Do you want to be informed when cookies are set? Do you want to exclude cookies generally or in certain cases? Do you want cookies to be automatically deleted when you close your browser?


If you deactivate or do not allow cookies, the functionality of the website may be limited.

If we use cookies from other companies or for analysis purposes, we will inform you about this in this privacy policy. We will also ask for your consent when you visit our website.


On what legal basis do we process your data?

We have a legitimate interest in ensuring that our online offerings can be used by visitors without technical problems and that all the desired functions are available to them. Necessary and functional cookies are therefore stored on your device on the basis of Art. 6 Paragraph 1 Letter f) GDPR. We use all other cookies on the basis of Art. 6 Paragraph 1 Letter a) GDPR, provided that you give us your consent. You can revoke this consent at any time with effect for the future. If you have consented to the placement of necessary and functional cookies when asked for consent, these cookies will also be stored exclusively on the basis of your consent.



Cookie consent with Usercentrics

What is Usercentrics? Consent management platform (CMP) for collecting, processing and forwarding GDPR-compliant consents


Who processes your data? Usercentrics GmbH, Rosental 4, 80331 Munich, Germany


Where can you find more information about data protection at Usercentrics? https://usercentrics.com/de/datenschutzerklaerung/


How do we process your data?

We use the consent management platform Usercentrics to obtain your consent to store cookies on your device and to document it in compliance with data protection regulations. When you visit our website and close the Usercentrics cookie window requesting your consent, the following data is transmitted to the company:

  • Your consent(s) or the revocation of your consent(s)Your IP addressInformation about your browserInformation about your deviceThe time of your visit to the website

In addition, Usercentrics stores a cookie in your browser in order to be able to assign the consent granted or its revocation to your browser. All data collected is stored until the cookies are no longer needed, you delete the Usercentrics cookie or you ask us to delete the data. This only does not apply if we are legally obliged to retain the data.


On what legal basis do we process your data?

We are legally obliged to obtain the consent of our website visitors for the use of certain cookies. In order to fulfil this obligation, we use Usercentrics. The legal basis for data processing is therefore Art. 6 Para. 1 lit. c) GDPR.



Server log files

Server log files record all requests and accesses to our website and record error messages. They also contain personal data, in particular your IP address. However, this is anonymized by the provider after a short time so that we cannot assign the data to you personally. The data is automatically transmitted from your browser to our provider.


How do we process your data?

Our provider stores the server log files in order to be able to track the activities on our website and to identify errors. The files contain the following data:


  • Browser type and versionOperating system usedReferrer URLHost name of the accessing computerTime of the server requestIP address (possibly anonymized)


We do not combine this data with other data, but use it solely for statistical evaluation and to improve our website.


On what legal basis do we process your data?

We have a legitimate interest in ensuring that our website runs error-free. It is also our legitimate interest to obtain an anonymized overview of access to our website. The data processing is therefore lawful in accordance with Art. 6 Para. 1 lit. f) GDPR.



contact form

You can send us a message using the contact form on this website.


How do we process your data?

We save your message and the information from the form in order to process your request, including follow-up questions. This also applies to the contact details provided. We will not pass the data on to other people without your consent.


How long do we store your data?

We will delete your data as soon as one of the following occurs:


  • Your request has been finally processed.You request that we delete the data.You revoke your consent to storage.


This only does not apply if we are legally obliged to retain the data.


On what legal basis do we process your data?

If your request is related to our contractual relationship or serves to carry out pre-contractual measures, we process your data on the basis of Art. 6 Para. 1 lit. b) GDPR. In all other cases, it is our legitimate interest to process requests addressed to us effectively. The legal basis for data processing is therefore Art. 6 Para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 Para. 1 lit. a) GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.



Inquiry by email, telephone or fax

You can send us a message by email or fax or call us.


How do we process your data?

We save your message as well as your contact details or the telephone number you provided in order to process your request, including follow-up questions. We will not pass the data on to other people without your consent.


How long do we store your data?

We will delete your data as soon as one of the following occurs:


  • Your request has been finally processed.You request that we delete the data.You revoke your consent to storage.


This only does not apply if we are legally obliged to retain the data.


On what legal basis do we process your data?

If your request is related to our contractual relationship or serves to carry out pre-contractual measures, we process your data on the basis of Art. 6 Para. 1 lit. b) GDPR. In all other cases, it is our legitimate interest to process requests addressed to us effectively. The legal basis for data processing is therefore Art. 6 Para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 Para. 1 lit. a) GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.


Request via chatbot: DialogShift chat application on our website

You can contact us via chatbot. Our website uses the chat application of DialogShift GmbH, Rheinsberger Str. 76/77, 10115 Berlin. This application processes and stores data for the purpose of web analysis, to operate the chat application and to answer inquiries.


How do we process your data?

To operate the chat function, the chat texts are saved and a cookie with a unique ID is set - this is used to recognize you as a customer. A cookie is a small text file that is stored locally in the cache on your device. Using this cookie, our application recognizes the device and can call up past chat logs.


How long do we store your data?

This cookie is stored for 90 days from the last use. You can deactivate the storage of cookies in your browser settings. However, the chat function cannot be carried out without the use of cookies.


The possible disclosure of, for example, a name, email address or telephone number is voluntary and with the consent to temporarily use and store this data for the purpose of establishing contact until the end of the contact. This personal data is deleted after 90 days.


On what legal basis do we process your data?

The legal basis for data processing is Art. 6 (1) (f) GDPR based on our legitimate interest in effective customer service, for statistical analysis of usage behavior and for optimization purposes of our offers.

DialogShift offers further information on the collection and use of data as well as your rights and options for protecting your privacy at: https://www.dialogshift.com/datenschutz.



Social-Media-Plugins


Use of social media plugins


Which social media plugins do we use?

Instagram

What is Instagram? Social Network


Who processes your data? Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland


Where can you find more information about data protection at Instagram? https://instagram.com/about/legal/privacy/


On what basis do we transfer your data to the USA and other third countries?

Based on standard contractual clauses and adequacy decisions of the European Commission (see https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381)



Analysis tools and advertising

We use the following tools to analyze the behavior of our website visitors and show them advertising.


Google Analytics

What is Google Analytics? Tool for analyzing user behavior from Google Ireland Ltd.


Who processes your data? Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland


Where can you find more information about data protection at Google Analytics? https://support.google.com/analytics/answer/6004245?hl=de


On what basis do we transfer your data to the USA?

Based on the standard contractual clauses of the European Commission (https://privacy.google.com/businesses/compliance)


How can you prevent data collection?

Among other things, with a browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=de


How do we process your data?

We are always interested in optimizing our web offering for visitors to our website and placing advertising in the best possible way. Google Analytics helps us with this, a tool that analyzes user behavior and provides us with the necessary data basis for adjustments. The tool provides us with information about the origin of our visitors, their page views and the length of time they spend on the pages, as well as the operating system they use.


Standard processing

To collect the data, Google Analytics uses cookies, device fingerprinting or other technologies to recognize users. The data is transmitted to Google servers in the USA and, using the IP address also recorded, is compiled into a profile that can be assigned to you or your device.


You can prevent Google from processing your data by installing a browser plug-in that Google itself provides: https://tools.google.com/dlpage/gaoptout?hl=de.


How long do we store your data?

According to Google's own information, data stored at user and event level that is linked to cookies, user identifications (e.g. user IDs) or advertising IDs is deleted or anonymized according to ## No information ## (see https://support.google.com/analytics/answer/7667196?hl=de).


On what legal basis do we process your data?

As a website operator, we have a legitimate interest in analyzing user behavior for the purpose of optimizing our website and the advertising placed there. The data processing is therefore lawful according to Art. 6 Para. 1 lit. f) GDPR. In the event that you have, for example, consented to the storage of cookies or otherwise consented to data processing by Google Analytics, Art. 6 Para. 1 lit. a) GDPR is the sole legal basis. You can revoke your consent at any time with effect for the future.


Google Ads

What is Google Ads? Online advertising program from Google Ireland Ltd.


Who processes your data? Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland


Where can you find more information about data protection at Google Ads? https://policies.google.com/privacy?hl=de&gl=de


On what basis do we transfer your data to the USA? Google adheres to the standard contractual clauses of the European Commission (https://privacy.google.com/businesses/compliance)


How do we process your data?

We use Google Ads. Google's advertising program enables us to display advertisements in the Google search engine or on third-party websites when visitors to our website enter certain search terms into Google (keyword targeting). We can also place targeted advertisements based on the user data available to Google (e.g. location data and interests) (target group targeting). We evaluate the collected data quantitatively, for example by analyzing which search terms led to the display of our advertisements and how many ads led to corresponding clicks.


On what legal basis do we process your data?

As a website operator, we have a legitimate interest in placing and evaluating advertisements. The data processing is therefore lawful according to Art. 6 Para. 1 lit. f) GDPR. In the event that you have, for example, consented to the storage of cookies or otherwise consented to data processing by Google, Art. 6 Para. 1 lit. a) GDPR is the sole legal basis. You can revoke your consent at any time with effect for the future.


Google Analytics Remarketing

What is Google Analytics Remarketing? Tool for personalized advertising from Google Ireland Ltd.


Who processes your data? Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland


Where can you find more information about data protection with Google Analytics Remarketing? https://www.google.de/intl/de/policies/privacy/ and https://policies.google.com/technologies/ads


On what basis do we transfer your data to the USA? Google adheres to the standard contractual clauses of the European Commission (https://privacy.google.com/businesses/compliance)


How can you prevent data processing? By objecting to personalized advertising in your Google account or on this page: https://www.google.com/settings/ads/onweb/


How do we process your data?

We are always interested in placing our advertising in the best possible way. The remarketing function of Google Analytics helps us with this.


Standard processing

Remarketing means that we analyze your behavior on our website in order to assign you to a specific advertising target group and then show you suitable advertising messages when you visit other websites. In addition, we link the advertising target groups with cross-device functions from Google. This enables us to display interest-based, personalized advertising messages that have been tailored to you based on your usage and surfing behavior on one device (e.g. your mobile phone) on another device (e.g. a tablet or PC).


Object to personalized advertising

You can adjust the advertising settings in your Google account. To do so, click on the following link and log in: https://adssettings.google.com/authenticated. Outside of your Google account, you can object to personalized advertising at the following link: https://www.google.com/settings/ads/onweb/ (the setting then only applies to the device and browser currently being used).


On what legal basis do we process your data?

As website operators, we have a legitimate interest in the effective marketing of our services and products. Data processing is therefore lawful according to Art. 6 Para. 1 lit. f) GDPR. In the event that you have, for example, consented to the storage of cookies or otherwise consented to data processing by Google Analytics Remarketing, Art. 6 Para. 1 lit. a) GDPR is the sole legal basis. You can revoke your consent at any time with effect for the future.



Plugins und Tools


Google Web Fonts (lokales Hosting)

We use fonts from the US company Google on our website. We have installed the fonts locally so that no connection to Google's servers is established when you visit our website.


Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.



eCommerce and payment providers


Customer and contract data


How do we process your data?

Use of the online booking tool DIRS21 from TourOnline AG

Our online presence uses the online booking tool DIRS21 (hereinafter "OBT") of the company to enable online bookings of accommodation services and other travel services, as well as to process inquiries.


TourOnline AG

Borsigstraße 26

73249 Alders

Germany

(www.dirs21.de, hereinafter “TOAG”)


Within the framework of the OBT, TOAG processes the data as the responsible party.


The information and provisions on data protection can be found in the TOAG data protection declaration for the OBT, which you can access at any time from the OBT or view at www.dirs21.de/datenschutz.


If we conclude a contract with you, we require certain personal data from you. We only collect, process and use this data to the extent that it is necessary to establish our legal relationship, to shape its content or to change it. If you can only use our services via our website or if the services are billed via the website, we also collect usage data if this is necessary to enable you to use our services or to bill for the service used.


How long do we store your data?

We will store your data until our legal relationship ends, unless we are legally obliged to keep the data for a longer period.


On what legal basis do we process your data?

We store your data in order to fulfil the contract with you or to carry out pre-contractual measures. The basis for data processing is therefore Art. 6 Para. 1 lit. b) GDPR.


Further information on data protection at DIRS21 can be found at: https://www.dirs21.de/datenschutzerklaerung-ibe


Data transfer when using services and digital content


How do we process your data?

To process the payment, we transmit your data to a payment service or the credit institution responsible for processing the payment. We only pass on data that is absolutely necessary for the payment process. If we want to pass on additional data, we will obtain your consent.


On what legal basis do we process your data?

We pass on your data in order to fulfil the contract we have concluded with you. The basis for data processing is therefore Art. 6 Para. 1 lit. b) GDPR. If you have consented to the transfer of your data, the data processing is based on Art. 6 Para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.



Payment services

So that you can conveniently pay for your purchases on our website, we use the services of payment services, i.e. external companies that process payments for us. You can find out which ones these are in the list at the end of this section.


How do we process your data?

For the payment process, you must provide certain personal data, such as your name, bank account details or credit card number. We pass this data on to the respective payment service. The respective contract and data protection provisions of the respective services apply to the transaction itself.


On what legal basis do we process your data?

We pass on your data in order to fulfil the contract that we have concluded with you. The basis for data processing is therefore Art. 6 Para. 1 lit. b) GDPR. In addition, we have a legitimate interest in processing purchases as quickly, conveniently and securely as possible. The legal basis is therefore also Art. 6 Para. 1 lit. f) GDPR. If you have consented to the transfer of your data, the data processing is based on Art. 6 Para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.


Which payment services do we use?


PayPal

What is PayPal? Online payment service


Who processes your data? PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg


Where can you find more information about data protection at PayPal? https://www.paypal.com/de/webapps/mpp/ua/privacy-full


On what basis do we transfer your data to the USA? PayPal adheres to the standard contractual clauses of the European Commission (see https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full)



This GDPR-compliant privacy policy was created with the intelligent data protection generator of the PRIVE data protection software.


Share by: