The responsible party is Grape Hospitality OpCo GmbH, Landstraßer Hauptstraße 28, 1030 Vienna, Austria/ Tel.: +43 (1) 716710 / Email: firstname.lastname@example.org.
The protection of your personal data is of particular concern to us. Your personal data will therefore only be processed to the extent that this is permitted by law and necessary for the fulfilment of the respective purpose (provision of services, processing of contracts, fulfilment of legal obligations, sending of information material and advertising, sending of a newsletter, carrying out of customer analyses).
For the processing of your health data (allergies and special needs) we require your express consent, which you can revoke at any time. Please note that if you do not give your consent or revoke it during our contractual relationship, we will not be able to provide our services to the usual extent, whereupon you will use our services at your own risk.
To send you information about our company's services and products and for customer service contact purposes:
In doing so, we will use the following communication channels if you have provided them to us: Email, post and SMS.
In order to inform you about offers and services and to contact you for customer surveys, we need your express consent, which you can give in a "double-op-in" form. Without you providing us with the data mentioned in point 4 and giving your express consent, we will not be able to send you any information or contact you in this regard.
For the purpose of providing and improving services and personalising offers and services to better meet your needs (profiling):
This website uses the WordPress plugin Wordfence by Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA for security purposes. For this purpose, cookies are set in your browser (only when you log in to this website) and your IP address is collected, stored and transmitted to a Defiant server in the USA.
The provided DSGVO-compliant data processing agreement has been concluded. As a data processor, Wordfence complies with all requirements of the DSGVO. WordFence is used to increase the security of this website and thus also the security of the website users. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.
Profiling is the process by which the responsible person (controller or processor) collects and processes personal data for the purpose of providing and improving offers and services so that they can be better tailored to the needs of the customer. However, no decisions which may entail legal consequences or damages of any kind for the customer are made in automated form.
We may process the following data in our system: Name, gender, title, address, telephone number, email address, date of birth, comments and relationship to other profiles.
We may associate the following data related to your reservation with your profile: Previous reservations, future reservations, confirmations and notes. Personal data provided by you will be processed until you withdraw your consent. You can revoke your consent at any time, free of charge and without giving reasons, at the restaurant, by e-mail at: email@example.com or by telephone at +43 (1) 716710.
We have a legitimate interest in taking photographs at events for marketing purposes and publishing them on our website. If you do not agree to this, you can object at any time in the restaurant or by e-mail at firstname.lastname@example.org or by telephone on +43 (1) 716710.
In the interest of public safety, there may be video surveillance in the restaurant area. Videos will be stored in independent hard drives at each location and access will be granted to restaurant managers.
Recorded videos may be stored for a maximum of 72 hours.
Your personal data will not be shared with third parties except for
For the purpose of payment processing, your bank details will be passed on to electronic payment service providers.
If we engage a processor, we remain responsible for the protection of your personal data.
We therefore only engage external processors to perform activities that are necessary to provide our services, such as sending newsletters. These processors have undertaken to comply with the applicable data protection regulations towards us. An order processing contract has been concluded in accordance with Art 28 DSGVO.
Your personal data will be passed on to the following external data processors:
We primarily use processors within the European Union. We only use processors outside the European Union if (i) an adequacy decision has been issued by the European Commission for the third country in question or (ii) we refer to the European Commission's standard contractual clauses or (iii) appropriate safeguards, e.g. the EU/US Privacy Shield, are in place with the third country or (iv) we have agreed binding internal data protection rules with the processor.
Our websites used Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about the use of the websites by the users is usually transmitted to a Google server in the USA and stored there.
In the event that IP anonymisation is activated on our websites, however, Google will truncate the user's IP address beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymisation is active on our websites. On behalf of the operator of our websites, Google will use this information for the purpose of evaluating the use of the websites by users, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
For more information on Google's use of data for advertising purposes, settings and opt-out options, please visit Google's websites: https://www.google.com/intl/de/policies/privacy/partners/ ("Data use by Google when you use our partners' websites or apps"), http://www.google.com/policies/technologies/ads ("Data Use for Advertising Purposes"), http://www.google.de/settings/ads ("Manage Information Google Uses to Show You Ads") and http://www.google.com/ads/preferences/ ("Determine What Ads Google Shows You").
In order to receive the newsletter offered on our website, you can register via our form. In doing so, we use the so-called double opt-in procedure. Here, a confirmation email is first sent to your specified email address, with a request for confirmation. The registration only becomes effective when you click on the activation link contained in the confirmation email. We use your data transmitted to us exclusively for sending the newsletter, which may contain information or offers.
We use rapidmail to send our newsletter. Your data will therefore be transmitted to rapidmail GmbH. In doing so, rapidmail GmbH is prohibited from using your data for purposes other than sending the newsletter. The rapidmail GmbH is not permitted to pass on or sell your data. rapidmail is a German, certified newsletter software provider, which has been carefully selected in accordance with the requirements of the DSGVO and the BDSG.
You can revoke your consent to the storage of data and its use for newsletter dispatch at any time, e.g. via the unsubscribe link in the newsletter.
We process your personal data - as far as necessary - for the duration of the entire business relationship (from the initiation, processing to the termination of a contract as well as until the settlement of outstanding claims). After the contract has been fully processed, your data will be stored until the expiry of the warranty, limitation and compensation periods and statutory retention periods applicable to us, and beyond this until the end of any legal disputes in which the data is required as evidence.
We store data that you have provided to us for marketing and information purposes, such as for sending a newsletter, until you revoke your consent to this.
We use technical and organisational security measures to protect your personal data against accidental or intentional manipulation, loss or destruction and against access by unauthorised persons, in accordance with Article 32 of the General Data Protection Regulation. Our security measures are continuously improved in line with technical progress.
With regard to the processing of your data, you may exercise the following rights under the General Data Protection Regulation and the National Data Protection Act:
You may request confirmation from us as to whether and to what extent we are processing your data. This confirmation will include information about the purposes for which your data are processed, the categories of personal data processed, the recipients or categories of recipients of the personal data, the duration of the data processing.
You may at any time request that data relating to you which is inaccurate or incomplete be rectified and/or completed without undue delay.
You may request that we erase your personal data if we process it unlawfully, the processing unreasonably interferes with your legitimate interests in protecting yourself, the personal data is no longer necessary for the purposes for which it was collected, or you have withdrawn your consent. Please note that there may be reasons that prevent immediate deletion, such as in the case of statutory retention obligations.
You may request us to restrict the processing of your data if.
As of the restriction request, this data will only be processed with individual consent or for the assertion and enforcement of legal claims.
You may request that we provide you with your data that you have provided to us in a structured, commonly used and machine-readable format, provided that
You may object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is necessary for the purposes of protecting our legitimate interests or those of a third party. After the objection, your data will no longer be processed unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You may object to direct marketing at any time without giving reasons.
If you are of the opinion that we violate national or European data protection law when processing your data, you can contact us at any time. Of course, you also have the right to contact the competent data protection authority and, as of 25.05.2018, also the supervisory authority within the EU.
To assert any of the aforementioned rights against us, please use the following contact options:
If we are unable to determine your identity on the basis of the data available to us, it may be necessary for us to request additional information to determine your identity (e.g. photo ID). Inquiries in this regard serve to protect your rights and your privacy.