Privacy Policy
Thank you for having chosen to visit our website. We are committed to protecting the privacy and security of your personal information when you use our website. We would therefore like to take this opportunity to inform you about which personal data we collect about you when you visit our website and how we use it.
This Privacy Policy applies to the website of JH Gastronomie GmbH, which you can visit under the domain jan-hartwig.com as well as various other subdomains („our website“).
Who is responsible and how can I reach them?
Data Controller for the processing of personal data in terms of the EU General Data Protection Regulation (GDPR) is
JH Gastronomie GmbH
Luisenstraße 27
80333 München
Phone: (089) 23 70 86 58
E-Mail: info@jan-hartwig.com
Why this Privacy Policy?
This Privacy Policy complies with the legal requirements for transparency in the processing of personal data. This includes any type of information that relates to an identified or identifiable natural person. For example, information such as your name, age, address, telephone number, date of birth, email address, IP address or your actions you when visit a website. Information for which we cannot (or only with disproportionate effort) establish a link to your person, e.g. through anonymisation, is not personal data. The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.
Stored personal data is deleted as soon as the purpose of the processing has been achieved and there are no legitimate grounds for retaining the data. We inform you about the specific retention periods or criteria in each processing operation. Notwithstanding the foregoing, we may retain your personal information for the purpose of establishing, exercising or defending legal claims and in cases where we are required by law to retain such information.
Who receives my data?
We only disclose your personal information that we process on our website to third parties if this is necessary for fulfilling the purposes for which it is collected and if it is covered by the legal basis in the individual case (e.g. consent or safeguarding of legitimate interests). We may also disclose personal information to third parties in order to establish, exercise or defend legal claims. Possible recipients may then include, for example, law enforcement agencies, lawyers, auditors, courts, etc.
Insofar as we use service providers to operate our website, who process personal data on our behalf within the framework of order processing in accordance with Art. 28 GDPR, they may also be recipients of your personal data. Please refer to the overview of each processing operation for more information about the use of processors and web services.
Do you use cookies?
Cookies are small text files that we send to the browser on your personal device when you visit our website and which are stored there. As an alternative to using cookies, information can also be stored in your browser’s local memory. We cannot provide some of the features of our website without the use of cookies or local storage (technically essential cookies). Other cookies, in contrast, allow us to carry out various analyses. For example, they make it possible for us to recognise the browser you are using when you return to our website and to transmit various information to us (non-essential cookies). Among other things, cookies help us to make our website more user-friendly and efficient for you, for example by tracking how you use our website and remembering your preferred settings (e.g. country and language settings). If third parties process information using cookies, they collect the information directly through your browser. Cookies do not harm your personal device. Cookies cannot run any programs and do not contain any viruses.
We provide information about each of the services for which we use cookies in each processing operation. Detailed information about the cookies used can be found in the cookie settings or consent manager on this website.
What rights do I have?
Under the legal prerequisites of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:
- Information in accordance with Art. 15 GDPR about the data stored about you in the form of conclusive information about the details of the processing as well as a copy of your data;
- Correction in accordance with Art. 16 GDPR of incorrect or incomplete data that we hold;
- Deletion in accordance with Art. 17 GDPR of the data we hold, unless processing it is necessary for exercising the right to freedom of expression and information, for complying with a legal obligation, for reasons of public interest or for establishing, exercising or defending legal claims;
- Restriction on processing in accordance with Art. 18 GDPR insofar as the accuracy of the data is disputed, its processing is unlawful, we no longer need the data and you object to its deletion because you need it for asserting, exercising or defending legal claims or you have objected to its processing in accordance with Art. 21 GDPR.
- Data portability in accordance with Art. 20 GDPR, insofar as you have provided us with personal data within the framework of consent pursuant to Art. 6 (1) lit. (a) GDPR or on the basis of a contract pursuant to Art. 6 (1) lit. (b) GDPR and we have processed this data with the aid of automated procedures. You will receive your data in a structured, standardised and machine-readable format or we will transfer the data directly to another data controller where this is technically feasible.
- Objection in accordance with Art. 21 GDPR to the processing of your personal data, insofar as this is based on Art. 6 (1) (e), (f) GDPR and there are grounds for doing so that arise from your particular situation or the objection is directed at direct marketing. The right to object does not apply if there are overriding legitimate grounds for the processing or if the processing is necessary for asserting, exercising or defending legal claims. Whenever the right to object does not apply to individual processing operations, it is indicated accordingly.
- Revocation in accordance with Art. 7 (3) GDPR of the consent you have given with effect for the future.
- Appeal to a supervisory authority in accordance with Art. 77 GDPR if you believe that your personal data is being processed in breach of the GDPR. As a rule, you can contact the supervisory authority at your usual place of residence, work, or our company headquarters.
How do you process my data in detail?
We inform you in the following about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to furnish your data and the respective storage period. Automated decision-making in individual cases, including profiling, does not take place.
Provision of the website
Type and scope of processing
When you access and use our website, we collect the personal data that your browser automatically transfers to our server. The following information is temporarily stored in a log file:
- IP address of the querying computer
- Date and time of access
- Name and URL of the file retrieved
- Website from where access takes place (referring URL)
- Browser used and, if applicable, the operating system on your computer, the name of your access provider
We do not host our website ourselves. Instead, it is hosted by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR.
Purpose and legal basis
Processing takes place in order to protect our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of Art. 6 (1) (f) GDPR. The collection and storage of data in log files is essential for the operation of our website. A right to object to processing does not exist due to the exception under Art. 21 (1) GDPR. Insofar as the further storage of the log files is required by law, processing takes place on the basis of Art. 6 (1) (c) GDPR. There is no legal or contractual obligation to provide this data; however, it is technically impossible to access our website without providing it.
Retention Period
The aforementioned data is stored for the duration for which the website is displayed and, for technical reasons, for a maximum of 7 days.
Establishing Contact
Type and scope of processing
You have the option of contacting us by email or over a contact form, for example to request a „JAN experience“. In this case, data including your name and email address is processed in order to be able to process your enquiry. You can also voluntarily provide any additional information that you feel is necessary for processing your contact request.
We do not generally disclose such personal data to third parties.
Purpose and legal basis
When you contact us, your information is processed for the purpose of communicating with you and for processing your request. Insofar as your enquiry relates to an existing or intended contractual relationship with us, processing is carried out for the purpose of fulfilling the contract or a pre-contractual measure on the basis of Art. 6 (1) (b) GDPR. While there is no legal or contractual obligation for you to provide your data, we will not be able to process your request if you do not provide the information in the required fields. If you do not wish to provide this data, please contact us using other means.
Retention Period
If you use the contact form on the basis of your consent, we will store the data collected for each request for a period of three years from the date on which you complete your request or until you revoke your consent.
If you use the contact form in the context of a contractual relationship, we will store the data collected for each request for a period of three years after the end of the contractual relationship.
Online table reservation
Type and scope of processing
You can book a table in our restaurant using the online reservation tool on our website. You can also put your name on our waiting list. We use an external reservation tool from RESERViSiON GmbH, Seestr. 29, 64354 Reinheim, Germany for this purpose. We have entered into a data processing agreement with RESERViSiON GmbH in accordance with Art. 28 GDPR to ensure that your data is as secure with them as it is with us.
Your following personal data is collected and processed: Your email address, first name, last name and a telephone number. We also collect your credit card details for security reasons so that we can charge a cancellation fee in the event of a no-show or late cancellation.
Purpose and legal basis
Within the framework of online reservation, your name and contact details are processed on the basis of Art. 6 (1) (b) GDPR. This is necessary for performing a contract with you or for a pre-contractual measure. Your credit card details are processed on the basis of Art. 6 (1) (f) GDPR. This serves our legitimate interest in protecting ourselves effectively against the consequences of no-shows or last-minute cancellations. You have the right to object to your data being processed in this way. While there is no legal or contractual obligation for you to provide your data, we will not be able to process your reservation if you do not provide the information in the required fields. If you do not wish to provide this data, please contact us using other means.
Retention Period
We will delete your data as soon as the contract with you has been completed or at the latest after expiry of the retention periods required by tax and commercial law.
Placing orders in our online shop
Type and scope of processing
When you order goods or vouchers from our online shop, we process the personal data necessary for fulfilling your order. You can choose to order as a guest or create a permanent account. The information collected in the required fields during registration is identical in both cases and is needed to fulfil your order in our online shop. When you create a permanent account, we also collect a password that you choose. You can also voluntarily provide any additional information that you feel is necessary for fulfilling your order.
Your personal data will only be disclosed to third parties (e.g. shipping contractors/forwarding agents) and data processors in accordance with Art. 28 GDPR if it is necessary for fulfilling the order.
Purpose and legal basis
We process your personal data for the purpose of creating a customer account for fulfilling a contract with you in accordance with Art. 6 (1) (b) GDPR. There is a contractual obligation to provide your details in relation to the required fields as this information is necessary for us to identify you and fulfil the contract. There is no legal obligation on your part to provide the data. Without this information, it is not possible to place an order in our online shop and therefore to conclude a contract with us. You are under no obligation to provide any additional information that you voluntarily choose to provide. You can also place an order in our online shop without providing the voluntary information.
The additional processing of your password for the creation of your permanent customer account takes place for the purpose of providing the customer account and displaying your previous purchases as well as for the storage of data related to your purchases (e.g. storage of the billing address, various delivery addresses) on the basis of your consent pursuant to Art. 6 (1) (a) GDPR. By deleting your customer account, you can revoke your consent in accordance with Art. 7 (3) GDPR at any time with effect for the future.
Retention Period
If you place an order as a guest, we will store your personal information until your order is fulfilled (end of contract). If you create a permanent customer account, we will store the data relating to your purchases beyond the end of the contract until you revoke your consent (deletion of the customer account). In both cases, we will continue to retain your information if we are required to do so by law (e.g. tax or commercial law).
Payment processing with Stripe b}
We use the Stripe payment service to process your payment in our online shop. This service is provided by Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. If you use a payment method offered by Stripe, we will share the information you provide during the ordering process with Stripe along with information about your order (name, address, payment information, invoice amount, currency and transaction number). The legal basis for this is formed by Art. 6 (1) (b) GDPR, because your data needs to be processed for the payment and therefore for fulfilling your order. Your data will only be disclosed for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. Stripe does not use this information for any other purpose, including not for its own advertising purposes. You can find more information about Stripe’s privacy policy under https://stripe.com/en-gb-de/privacy.
Newsletter
Type and scope of processing
If you sign up to receive our newsletter on our website, we collect and store your email address along with the date you signed up and your IP address. You will then receive an email asking you to confirm your choice to sign-up for the newsletter (double opt-in).
To send the newsletter, we use the Mailchimp service provided by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308, USA, which processes your personal data on our behalf in accordance with Art. 28 GDPR. Your data will not be disclosed to third parties.
Purpose and legal basis
We process your data for the purpose of sending newsletters on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. By cancelling the newsletter, you can declare the revocation of your consent at any time with effect for the future in accordance with Art. 7 (3) GDPR at any time with effect for the future. While there is no legal or contractual obligation on your part to provide your data, the newsletter cannot be sent out without you providing your data.
Data transfer to the USA
Insofar as personal data is transferred to servers in the USA when using Mailchimp, this takes place on the basis of the EU Commission’s adequacy decision on the Data Privacy Framework pursuant to Art. 45 (1) GDPR. If necessary, we will ask you for your additional consent in accordance with Art. 49 (1) (a) GDPR.
Retention Period
After successful confirmation, we will store your details until you revoke your consent (by cancelling the newsletter) and for a maximum of 7 days for technical reasons.
Data processing in connection with employment applications
Type and scope of processing
We collect and process the personal data of job applicants. Such data processing may also take place electronically, for example, when application documents are sent to us by email.
Your details will only be kept on a candidate database beyond the current application process if you have given us your specific consent to do so.
Purpose and legal basis
Your data will be processed in connection with your application for the purpose of processing your application and deciding whether to enter into an employment relationship on the basis of Sec. 26 German Federal Data Protection Act (BDSG). In the event that your application documents are disclosed to third parties, in particular to companies affiliated with us, and your data is stored beyond the duration of the current application process, your data will be processed on the basis of Art. 6 (1) (1) (a) GDPR. While there is no legal or contractual obligation for you to provide your data, we will not be able to process your application if you do not provide the information.
Retention Period
We store the data collected for a period of six months from the date the position is filled.
Presence on social media platforms
We maintain fan pages or accounts or channels on the networks listed below to provide you with information and offering on social networks and to offer you other ways to contact us and find out about our services and offerings. Below, we tell you what data we process or the social network processes in connection with your access to and use of our fan pages/accounts.
Data we process from you
If you contact us via messenger or direct message through the relevant social network, we will generally process the username you use to contact us and store any other data you provide to the extent necessary to process or respond to your request.
The legal basis for this is formed by Art. 6 (1) (f) GDPR (processing is necessary to protect the legitimate interests of the controller).
(Static) user data we receive from the social networks
We receive automated statistics regarding our accounts through insights functionalities. The statistics include total page views, likes, details of page activity and post interactions, reach, video views and details of the male/female split of our fans/followers.
The statistics contain only aggregated data which cannot be traced back to individual persons. These statistics do not allow us to identify you.
Which of your data do the social networks process?
You do not have to be a member of the social network in question to view the content of our fan pages or accounts, and you do not need a user account for the social network in question.
Please note, however, that the social networks also collect and store information from website visitors who do not have a user account when they access the social network in question (e.g. technical data to display the website to you) and use cookies and similar technologies over which we have no control. For more details, please refer to the privacy policy of each social network (see relevant links above).
If you want to interact with the content on our fan pages/accounts, e.g. comment on, share or like our posts/articles and/or contact us using the messenger function, you first need to sign up to the particular social network beforehand and provide personal data.
We have no influence on the data processing performed by the social networks while you are using them. We understand that your data will be stored and processed in particular in connection with the provision of the particular social network’s services and for the analysis of user patterns (using cookies, pixels/web beacons and similar technologies), on the basis of which advertisements based on your interests are displayed both inside and outside the particular social network. It cannot be ruled out that the social networks may also store your data outside the EU/EEA and disclose it to third parties.
Information about, among the other things, the exact scope and purposes of the processing of your personal data, the retention period/deletion, as well as policies on the use of cookies and similar technologies in connection with signing up for and using the social networks, please refer to the privacy policies/cookie policies of the respective social networks. You will also find information there about your rights and how to object.
Instagram Page
When you visit our Instagram page, Instagram (Meta) records your IP address and further information in the form of cookies on your PC. As the operator of the Instagram pages, this information is used to provide us with statistical information on the use of the Instagram page. Instagram provides more detailed information on this under the following link (please note: clicking on the following link will take you to the website of the social network Facebook, which is also part of the Meta Group). The information provided via the link also applies equally to the social network Instagram): https://facebook.com/help/pages/insights.
We cannot draw conclusions about individual users from the statistical information transferred. We use this information solely to respond to user interests and to continually improve and maintain the quality of our online presence.
The only reason we collect your information on our fan page is to provide a potential platform for communication and interaction with us. This usually includes your name, message content, posting content and profile information that you provide „publicly.“
The processing of your personal data for the above-mentioned purposes is based on our legitimate business and communication interest in providing an information and communication channel pursuant to Art. 6 (1) (f) GDPR. If you, as a user, have given your consent for data processing to the respective social network provider, the legal basis for processing extends to Art. 6 (1) (a) and Art. 7 GDPR.
Our ability to access your data is limited because the actual processing of the data is carried out by the social network provider. Only the social network provider has a right to access to your data in full. As a result, only the provider can take appropriate and direct action to fulfil and enforce your user rights (requests for information, deletion requests, objections, etc.). The most effective way to enforce these rights is to contact the service provider directly.
We are jointly responsible with Instagram for the personal contents of the fan page. Data subject rights can be asserted with Meta Platforms Ireland Ltd. as well as with us.
The primary responsibility for the processing of Insights data under the GDPR rests with Instagram, which will comply with all of its obligations under the GDPR in relation to the processing of Insights data. Meta Platforms Ireland Ltd will provide data subjects with the essentials of the Page Insights supplement.
We do not make decisions about the processing of Insights data and the length of time cookies are stored on users‘ personal devices.
You can obtain more information directly from Instagram (additional agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.
Information about, among the other things, the exact scope and purposes of the processing of your personal data, the retention period/deletion, as well as policies on the use of cookies and similar technologies in connection with registration and use can be found in the Instagram privacy policy/cookie policy (note: clicking on the following link will take you to the website of the social network Facebook):
https://help.instagram.com/519522125107875/?helpref=uf_share (in German only)
This information can also be viewed in the help section of the Instagram website by clicking on the following link:
https://help.instagram.com/581066165581870?locale=en
Google Maps
Type and scope of processing
We use the map service from Google Maps to create directions. Google Maps is a service provided by Google Ireland Limited, and displays a map on our website.
When you access this content on our website, you connect to servers operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, where your IP address and possibly browser data such as your user agent are transferred. This information is processed solely for the purposes described above and to maintain the security and functionality of Google Maps.
Purpose and legal basis
The use of Google Maps is based on your consent pursuant to Art. 6 (1) (a) GDPR.
Data transfer to the USA
Insofar as personal data is transferred to servers in the USA when using Google Maps, this takes place on the basis of the EU Commission’s adequacy decision on the Data Privacy Framework pursuant to Art. 45 (1) GDPR. If necessary, we will ask you for your additional consent in accordance with Art. 49 (1) (a) GDPR.
Retention Period
We have no control over the actual retention period of the processed data, which is determined by Google Ireland Limited. For more information, please see the Google Maps Privacy Policy: https://policies.google.com/privacy