PRIVACY POLICY

We use various third-party services on our website. Below we explain in detail which services are involved, what we use them for and what data is collected.

​

​

4.1 aleno

​

To enable us to accept and manage online reservation requests via our website, we use the restaurant management system aleno, which is offered by aleno AG, based in Switzerland. The use of aleno enables us to collect personal information about our guests (“guest data”) electronically. The guest data is the following information:

​

• First name and surname

• Telephone number and email address

• Number of people, time and date of the desired visit

• Home address (optional)

• Company name (optional)

​

The collection of guest data enables us to process your reservation request and ensure that the table you have requested is reserved in your name and that we can contact you if necessary. The legal basis for the use of aleno for the electronic recording of reservations is the protection of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR.

​

The guest data collected by us is not automatically deleted after the reservation has been made, but is used to create a personal guest profile. You have the right to request the deletion of your guest data at any time. If the deletion takes place before the date of the reservation, the corresponding reservation will be automatically canceled.

​

​

4.1.1 Collection of credit card information for reservations

Online reservation requests are only binding once we have confirmed the table, date and time by e-mail or telephone. In order to ensure that we do not suffer any loss in the event of an unexcused no-show, we reserve the right to request a credit card as a guarantee of payment. We collect the following information (“payment information”):

​

• Name of the issuer of the credit card

• Name of the holder of the credit card

• Expiry date of the credit card

• Credit card number and verification code

​

If you enter your payment information when making an online reservation request, the information is automatically anonymized by aleno. This means that the payment information is not personal data within the meaning of the Federal Act on Data Protection (FADP) or the EU General Data Protection Regulation (GDPR). The payment information is also transmitted directly to the hosting provider of aleno AG. For this reason, we do not have access to the anonymized payment information and do not store it on our system.

​

​

4.1.2 Creation of guest profiles

​

The guest data collected for the purpose of accepting and making an online reservation is used by us to create a personal profile for our guests in the aleno restaurant management system (“guest profile”). This enables us to use the guest data to personalize our services. After your visit to our restaurant, we reserve the right to add further personal data to the guest profile to enable us to personalize our services (“profile data”). This profile data includes the following information:

​

Personal data to individualize guests, including preferred language, allergies and special requests, birthday, customer category and status. Information about past restaurant visits, including time and date of the visit, length of stay, number of guests, type and location of the table, amount spent and any no-shows. Consolidated information on all previous restaurant visits, including total number of visits, total amount spent and total number of no-shows.

​

The creation of a guest profile and the collection of profile data enables us to tailor our services to you and thus ensure that you feel at home with us and that we can respond to your individual wishes. The legal basis for the use of aleno to create a guest profile is the protection of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. The guest data and profile data contained in the guest profile are deleted or anonymized as soon as they are no longer used for their original purpose. You have the right to request the deletion of your guest profile and the guest data and profile data it contains at any time.

​

​

4.1.3 Responsibility and further information

​

When collecting and processing guest data, payment information and profile data in connection with the use of the restaurant management system aleno, we are considered the controller within the meaning of Art. 4 (7) GDPR, who decides on the purposes and means of processing the personal data collected and is responsible for ensuring and fulfilling the rights of the data subjects.

​

The guest data, payment information and profile data are transmitted to aleno AG after they have been collected and processed by aleno AG. aleno AG is to be qualified as a processor within the meaning of Art. 4 No. 8 GDPR, which processes personal data on behalf of the controller. For this reason, we have concluded a contract with aleno AG for commissioned data processing and thus fully implement the requirements of the GDPR when using aleno.

​

Further information on the collection and handling of your personal data in in connection with the use of aleno can be found in aleno AG's privacy policy, which can be accessed via the following link: https://www.aleno.me/de/ppa. 

​

​

4.2 Google Fonts

We use Google Fonts on our website. These are the “Google Fonts” from Google Inc (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

You do not need to log in or enter a password to use Google fonts. No cookies are stored in your browser either. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you therefore do not need to worry that your Google account data will be transmitted to Google while you are using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will take a closer look at exactly how the data is stored.

 

4.2.1 What data is stored by Google regarding fonts?

When you visit our website, the fonts are reloaded via a Google server. This external call transmits data to the Google server. In this way, Google also recognizes that you or your IP address is visiting our website. The Google Fonts API was developed to reduce the use, storage and collection of end user data to what is necessary for the proper provision of fonts. 

Google Fonts stores CSS and font requests securely at Google and is therefore protected. The collected usage figures allow Google to determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google fonts. This data is published in the Google Fonts BigQuery database. Entrepreneurs and developers use the Google BigQuery web service to analyze and move large amounts of data.

However, it should be noted that every Google Font request also automatically transmits information such as language settings, IP address, browser version, browser screen resolution and browser name to the Google servers. It is not clear whether this data is also stored or whether it is clearly communicated by Google.

 

4.2.2 How long and where the data is stored?

Google stores requests for CSS assets for one day on your servers, which are mainly located outside the EU. This allows us to use the fonts with the help of a Google stylesheet. A stylesheet is a format template that can be used to quickly and easily change the design or font of a website, for example.
The font files are stored by Google for one year. Google's aim is to fundamentally improve the loading time of websites. If millions of websites refer to the same fonts, they are cached after the first visit and immediately reappear on all other websites visited later. Sometimes Google updates font files to reduce the file size, increase language coverage and improve the design.

 

4.2.3 How can I delete my data or prevent data storage?

The data that Google stores for one day or one year cannot simply be deleted. The data is automatically transmitted to Google when the page is accessed. To delete this data prematurely, you must contact Google support at https://support.google.com/?hl=de&tid=111184367. In this case, you can only prevent data storage if you do not visit our site.

You can find out more about Google Fonts and other questions at https://developers.google.com/fonts/faq?tid=111184367. Although Google addresses data protection issues there, it does not provide any really detailed information about data storage.

You can also find out which data is generally collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/.

 

4.3 Embedded social media elements

We integrate elements of social media services on our website to display images, videos and texts.

When you visit pages that display these elements, data is transferred from your browser to the respective social media service and stored there. We have no access to this data.

The following links will take you to the pages of the respective social media services, where it is explained how they handle your data:

​

 

• Instagram privacy policy: https://help.instagram.com/519522125107875 

• The Google privacy policy applies to YouTube: https://policies.google.com/privacy?hl=de 

• Facebook privacy policy: https://www.facebook.com/about/privacy

 

 
4.3.1 Facebook

On this website, we use functions of Facebook, a social media network of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. You can find out which functions (social plug-ins) Facebook provides at https://developers.facebook.com/docs/plugins/. Information may be transmitted to Facebook when you visit our website. If you have a Facebook account, Facebook can assign this data to your personal account. If you do not wish this to happen, please log out of Facebook. The privacy policy, what information Facebook collects and how they use it can be found at https://www.facebook.com/policy.php.

 

4.3.2 Instagram

We have integrated Instagram functions on our website. Instagram is a social media platform of the company Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Facebook Inc. since 2012 and is a Facebook product. Embedding Instagram content on our website is called embedding. This allows us to show you content such as buttons, photos or videos from Instagram directly on our website. When you visit web pages on our website that have an Instagram function integrated, data is transmitted to Instagram, stored and processed. Instagram uses the same systems and technologies as Facebook. Your data is therefore processed across all Facebook companies.

In the following, we want to give you a more detailed insight into why Instagram collects data, what data is involved and how you can largely control data processing. Since Instagram belongs to Facebook Inc., we obtain our information from the Instagram guidelines on the one hand, but also from the Facebook data guidelines themselves on the other.

 

4.3.2.1 What data is stored by Instagram?

When you visit one of our pages that has Instagram functions (such as Instagram images or plug-ins), your browser automatically connects to Instagram's servers. In the process, data is sent to Instagram, stored and processed. This happens regardless of whether you have an Instagram account or not. This includes information about our website, your computer, purchases made, advertisements you see and how you use our services. The date and time of your interaction with Instagram are also stored. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook distinguishes between customer data and event data. We assume that this is exactly the case with Instagram. Customer data includes, for example, name, address, telephone number and IP address. This customer data is only transmitted to Instagram once it has been “hashed”. Hashing means that a data record is converted into a character string. This allows the contact data to be encrypted. The “event data” mentioned above is also transmitted. By “event data”, Facebook - and consequently Instagram - means data about your user behavior. Contact data may also be combined with event data. The contact data collected is compared with the data that Instagram already has about you.

The collected data is transmitted to Facebook via small text files (cookies), which are usually set in your browser. Depending on the Instagram functions used and whether you have an Instagram account yourself, different amounts of data are stored.

We assume that Instagram processes data in the same way as Facebook. This means that if you have an Instagram account or have visited www.instagram.com, Instagram has at least set a cookie. If this is the case, your browser sends information to Instagram via the cookie as soon as you come into contact with an Instagram function. This data is deleted or anonymized after 90 days at the latest (after reconciliation). Although we have looked closely at Instagram's data processing, we cannot say exactly what data Instagram collects and stores.

 

4.3.2.2 How long and where the data is stored?

Instagram shares the information received between the Facebook companies with external partners and with people you connect with worldwide. Data processing is carried out in compliance with our own data policy. For security reasons, among others, your data is distributed on Facebook servers around the world. Most of these servers are located in the USA.

 

4.3.2.3 How can I delete my data or prevent data storage?

Thanks to the General Data Protection Regulation, you have the right to access, portability, rectification and erasure of your data. You can manage your data in the Instagram settings. If you want to completely delete your data on Instagram, you must permanently delete your Instagram account.

As mentioned above, Instagram stores your data primarily via cookies. You can manage, deactivate or delete these cookies in your browser. You can also set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.

Instagram is a subsidiary of Facebook Inc. and Facebook is an active participant in the EU-U.S. Privacy Shield Framework. This framework ensures correct data transfer between the USA and the European Union. You can find out more at https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG. We have tried to provide you with the most important information about data processing by Instagram. You can find out more about Instagram's data policy at https://help.instagram.com/519522125107875. 

 

4.3.3 Facebook pixel

On this website, we use the Facebook Pixel from Facebook, a social media network of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
The code implemented on this page can evaluate the behavior of visitors who have come to this website from a Facebook advertisement. This can be used to improve Facebook ads and this data is collected and stored by Facebook. The data collected cannot be viewed by us, but can only be used in the context of ad placements. Cookies are also set through the use of the Facebook pixel code.

By using the Facebook pixel, the visit to this website is communicated to Facebook so that visitors can see suitable ads on Facebook. If you have a Facebook account and are logged in, your visit to this website will be assigned to your Facebook user account.

You can find out how the Facebook pixel is used for advertising campaigns at https://www.facebook.com/business/learn/facebook-ads-pixel. 

You can change your settings for advertisements on Facebook at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen, provided you are logged into Facebook. You can manage your preferences for usage-based online advertising at http://www.youronlinechoices.com/de/praferenzmanagement/. You can deactivate or activate many providers at once or make the settings for individual providers.

You can find more information about Facebook's data policy at https://www.facebook.com/policy.php.