Privacy
Table of Contents
1. Controller and Data Protection Officer
The controller within the meaning of the EU General Data Protection Regulation (GDPR) for the processing of your personal data when visiting this website is:
König Albert Gaststättenbetriebsgesellschaft mbH, Moritzburger Weg 67, 01109 Dresden, represented by Managing Director Olaf Kranz.
If you have any questions about data protection, please feel free to contact us. You can find our full contact details in our legal notice.
2. What personal data is processed and for what purposes?
2.1 Definitions
2.1.1 Personal Data
Data is considered personal if it can be used to establish a connection to a specific person – for example, by assigning it to an identification number or characteristics that express their identity – cf. Art. 4 No. 1 of the EU General Data Protection Regulation (GDPR). This includes, for example, the name, personalized email addresses, the law firm or residential address, or the telephone number.
2.1.2 Data Processing
According to Art. 4 No. 2 GDPR, processing refers to operations such as the collection, storage, retrieval, comparison, linking, editing, or transmission of personal data.
The following explains in detail which personal data we process for what purpose and on what legal basis.
2.2 Inquiries and Contact
If you contact us by email, phone, contact form, or other means, the personal data you provide (e.g., name, email address, phone number, message content) will be processed.
Purpose of processing: The processing is carried out to properly answer your inquiry and to be available for any follow-up questions.
Legal basis: Art. 6 para. 1 lit. b GDPR (pre-contractual measures) or Art. 6 para. 1 lit. f GDPR (legitimate interest in answering inquiries).
Storage period: The data will be deleted as soon as it is no longer required for the purposes for which it was collected, but no later than three years after the correspondence has ended.
2.3 Newsletter
2.3.1 Dispatch
When you order our newsletter, your email address and – if voluntarily provided – your first and last name, as well as your salutation, will be used and stored for email dispatch.
Purpose of processing: Sending the newsletter and corresponding with newsletter subscribers – for example, in case of delivery problems.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent) in conjunction with Section 7 para. 2 No. 3 UWG (German Act Against Unfair Competition).
2.3.2 Order Documentation
When placing an order, the IP address and host of the ordering party are stored. This is done for the purpose of proving the order on the basis of Art. 6 para. 1 lit. f GDPR.
2.3.3 Usage Analysis (Tracking)
To optimize the content of our newsletters and ensure a technically and visually flawless display on your device, they may contain a code that records whether, when, and by what means – program, type of device (desktop, smartphone, tablet) – you opened the newsletter and clicked on links; for this purpose, we also determine your IP address and any classification of our newsletter as spam.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), provided you have agreed to this analysis.
2.3.4 Engaged Service Provider: Brevo
The newsletter is sent via our commissioned service provider Brevo (formerly Sendinblue).
Brevo GmbH Köpenicker Straße 126 10179 Berlin, Germany
Brevo’s Privacy Policy: https://www.brevo.com/de/legal/privacypolicy/
Brevo processes the data on our behalf based on a data processing agreement in accordance with Art. 28 GDPR. Brevo’s servers are located in the European Union (Germany and France). Data is not passed on to third parties.
Revocation and Unsubscription: At the end of each newsletter, there is a link through which you can revoke your consent and unsubscribe from the newsletter at any time.
Storage period: The personal data processed for newsletter subscription will be deleted immediately, at the latest within one week, after unsubscribing from the newsletter or after revoking the consent given for processing.
2.4 WooCommerce Online Shop
On this website, we operate an online shop based on WooCommerce, a plugin for WordPress.
2.4.1 Processing of Order Data
When you place an order in our online shop, we process the following personal data:
Mandatory information:
- First and last name
- Email address
- Billing address (street, house number, postal code, city, country)
- If delivery address differs: Delivery address
- If applicable, phone number (for order inquiries)
Optional information:
- Company data (company name, VAT ID)
- Additional order notes
Order history:
- Order number and order date
- Products ordered and quantities
- Prices and total amount
- Payment status
- Shipping status
2.4.2 Purpose and Legal Basis
Your personal data is processed for the fulfillment of the purchase contract, in particular for:
- Processing and fulfilling your order
- Communication about the order (order confirmation, shipping notification)
- Invoicing
- Payment processing
- Delivery of ordered goods
- Handling complaints and warranty claims
Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment)
Insofar as we have obtained your consent for processing (e.g., for newsletter registration during the ordering process), the legal basis is Art. 6 para. 1 lit. a GDPR.
Processing for the fulfillment of tax and commercial law retention obligations is based on Art. 6 para. 1 lit. c GDPR.
2.4.3 Payment Service Providers
We use the following payment service providers for payment processing:
- PayPal: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
If you select one of these payment methods, your payment data will be transmitted directly to the respective payment service provider. Processing is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment).
2.4.4 Customer Account
You have the option to create a customer account. The following additional data will be processed:
- Username
- Password (stored encrypted)
- Order history
- Saved addresses
The creation of a customer account is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can delete your customer account at any time.
2.4.5 Shipping Service Providers
We work with the following shipping service providers for the delivery of ordered goods:
- DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn
We transmit your name and delivery address to the respective shipping service provider to enable delivery. The legal basis is Art. 6 para. 1 lit. b GDPR (contract fulfillment).
2.4.6 Cookies in the Shop
The WooCommerce shop uses the following cookies:
Name | Purpose | Duration | Type |
woocommerce_cart_hash | Stores information about the shopping cart | Session | Essential |
woocommerce_items_in_cart | Stores information about items in the shopping cart | Session | Essential |
wp_woocommerce_session_[hash] | Contains a unique identifier for your session | 2 days | Essential |
woocommerce_recently_viewed | Stores recently viewed products | Session | Functional |
These cookies are technically necessary for the operation of the shop. The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest) in conjunction with Section 25 para. 2 No. 2 TTDSG (German Telecommunications-Telemedia Data Protection Act).
2.4.7 Storage Period
Your order data will be stored for the duration of the statutory retention periods:
- Commercial law retention obligation (Section 257 HGB): 10 years for booking vouchers, invoices
- Tax law retention obligation (Section 147 AO): 10 years for tax-relevant documents
After these periods expire, the data will be deleted, unless you have explicitly consented to further use.
Customer account data will be deleted if you delete your account or after 3 years of inactivity.
2.5 Data Processing when Accessing the Website
When you access our website, the following data is automatically transmitted and processed by your internet browser to our web server.
2.5.1 Log files
The following are stored in log files for our website:
- the IP address of the requesting computer
- date and time of access
- identification data of the browser and operating system used
- the requested URL
- the website from which access was made (referrer URL)
Purpose of processing: The log files serve to ensure system stability, error analysis, and system security. Processing is carried out for the purpose of enabling website use (establishing a connection).
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the technically flawless presentation and optimization of the website).
Storage period: The log files are automatically deleted after 7 days at the latest.
No comparison with other data sets or transfer to third parties, even in extracts, takes place.
2.5.2 Cookies
Cookies are set on our website. Cookies are small text files that are stored on your device and saved by your browser.
Technically necessary cookies (WordPress):
Name | Provider | Function | Type | Duration |
wordpress_[hash] | WordPress (self-hosted) | Session cookie for authenticating logged-in users | HTTP | Session |
wordpress_logged_in_[hash] | WordPress (self-hosted) | Stores login status | HTTP | Session |
wp-settings-{time}-[UID] | WordPress (self-hosted) | Stores user settings for the WordPress interface | HTTP | 1 year |
PHPSESSID | WordPress (self-hosted) | Session identification | HTTP | Session
|
Consent Management (Borlabs Cookie):
Name | Provider | Function | Type | Duration |
borlabs-cookie | Borlabs Cookie (self-hosted) | Stores your consent or rejection of the use of cookies or third-country transfers | HTML | 1 year |
Legal basis: Section 25 para. 2 No. 2 TTDSG (technically necessary cookies) and Art. 6 para. 1 lit. f GDPR (legitimate interest in the flawless operation of the website).
2.6 Consent Management with Borlabs Cookie
To manage cookie consents and to fulfill the information obligations according to GDPR and TTDSG, we use the Borlabs Cookie Banner.
How it works:
When you first visit the website, a cookie banner will be displayed, through which you can give or deny your consent to various cookie categories:
- Essential: Technically necessary cookies for the operation of the website
- Statistics: Cookies for anonymous usage analysis
- Marketing: Cookies for marketing purposes (currently not in use)
- External Media: Cookies for embedding external content (e.g., YouTube, reCAPTCHA)
Stored data:
Borlabs Cookie stores the following information locally in your browser:
- Your cookie consents (which cookie groups you have accepted/rejected)
- Timestamp of consent
- Unique Consent ID
- Cookie banner version
Legal basis: Processing is based on Art. 6 para. 1 lit. c GDPR (legal obligation to obtain consent) in conjunction with Section 25 TTDSG.
Storage period: The Borlabs cookie is stored for 1 year. After this period, you will be asked for your consent again.
Data Protection: Borlabs Cookie is a self-hosted solution. All data is stored exclusively locally on your device. No data is transmitted to third parties or to Borlabs GmbH.
You can change or revoke your consents at any time via the privacy settings on our website.
2.7 Google reCAPTCHA
To protect against spam and misuse, we use Google reCAPTCHA on this website. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Purpose of processing:
reCAPTCHA serves to determine whether data entry on our website (e.g., in contact forms, registrations, or orders) is performed by a human or by an automated program (bot). This protects our website and your data from spam, misuse, and automated attacks.
Scope of data processing:
When using reCAPTCHA, the following data is transmitted to Google:
- User’s IP address
- Referrer URL (previously visited page)
- Date and time of visit
- Information about the operating system and browser
- Mouse movements and click behavior
- Cookies (if available)
- Interaction data with the reCAPTCHA widget
Google uses this information to evaluate whether you are a human or a bot.
Legal basis:
Processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG. Consent is obtained via the Borlabs Cookie Banner and can be revoked at any time.
Insofar as the use of reCAPTCHA is necessary to protect against misuse and to ensure the functionality of our website, processing also takes place on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.
Data transfer to third countries:
Google also processes data in the USA. For transfers to the USA, Google has submitted to the EU-US Data Privacy Framework. In addition, we have concluded standard contractual clauses with Google in accordance with Art. 46 para. 2 lit. c GDPR.
Storage period:
The data collected by reCAPTCHA is stored and processed by Google in accordance with Google’s privacy policy. The exact storage period depends on the respective purpose of the data processing.
Objection:
You can prevent data processing by reCAPTCHA by revoking your consent via the cookie banner. Please note that in this case, not all functions of the website may be fully usable.
Further information:
Google’s Privacy Policy: https://policies.google.com/privacy
reCAPTCHA Terms of Use: https://policies.google.com/terms
2.8 DVB Tool
We use the DVB tool on this website.
Purpose of processing:
The DVB tool provides connection information from DVB AG.
To better plan the accessibility of our practice rooms, we integrate a connection information service from DVB on our website. The provider is Dresden Verkehrsbetriebe AG, Trachenberger Straße 40, 01129 Dresden.
When using the connection information service, your IP address may be transmitted to DVB AG. Details on how DVB AG handles personal data can be found at https://www.dvb.de/de-de/meta/datenschutz.
3. Purpose Limitation of Personal Data Processing
Any processing of personal data is carried out only for the purposes stated in this privacy policy and to the extent necessary to achieve the respective purpose or to fulfill legal requirements.
Personal data will neither be unlawfully published by us nor unlawfully disclosed to third parties. Transfers of personal data to government institutions and authorities only occur within the framework of mandatory legal provisions or if disclosure is necessary for legal or criminal prosecution in the event of attacks on the network infrastructure.
4. Retention and Deletion of Personal Data
4.1 Inquiries and Contact
The personal data of inquirers will be irrevocably deleted as soon as it is no longer required for the purposes for which it was processed or if you request it. Inquiries are retained for a maximum of three years after the correspondence has ended. After that, inquiries are irrevocably deleted, unless longer storage becomes necessary in connection with the inquiry (e.g., with regard to any legal dispute).
4.2 Newsletter
The personal data processed for newsletter subscription will be deleted immediately, at the latest within one week, after unsubscribing from the newsletter or after revoking the consent given for processing.
4.3 WooCommerce Shop
Your order data will be stored for the duration of the statutory retention periods:
- Commercial law retention obligation (Section 257 HGB): 10 years for booking vouchers, invoices
- Tax law retention obligation (Section 147 AO): 10 years for tax-relevant documents
After these periods expire, the data will be deleted, unless you have explicitly consented to further use.
Customer account data will be deleted if you delete your account or after 3 years of inactivity.
4.4 Website Data
All stored personal data and pseudonymized usage data will be deleted immediately and irrevocably as soon as they are no longer required for the purposes for which they were processed or you request their deletion, unless we are obliged to retain them due to legal provisions.
4.5 Statutory Retention Periods
The aforementioned retention periods are extended if we are obliged to retain data for a longer period due to legal provisions. Upon expiry of the legally prescribed retention periods, the stored personal data will be irrevocably deleted.
5. Security
We implement technical and organizational security measures to protect your personal data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. The security measures are continuously adapted in line with technological developments.
For security reasons and to protect the transmission of confidential content, our website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address bar of the browser changes from “http://” to “https://” and by the lock symbol in your browser bar.
6. Links to Websites of Other Providers
Our website may contain links to websites of other providers. This privacy policy applies exclusively to our website. We have no influence on and do not control whether other providers comply with the applicable data protection regulations.
7. Topicality of the Privacy Policy
We reserve the right to amend the privacy policy at any time with effect for the future, if necessary, in particular to adapt it to further developments of the website or the implementation of new technologies.
8. What rights do data subjects have?
You have the following rights:
8.1 Right of Access (Art. 15 GDPR)
You have the right to receive information about the personal data we process.
8.2 Right to Rectification (Art. 16 GDPR)
You have the right to request the rectification of inaccurate or the completion of incomplete personal data.
8.3 Right to Erasure (Art. 17 GDPR)
You have the right to request the erasure of your personal data, provided that the legal requirements are met. However, the right to erasure does not apply insofar as processing is necessary:
- for compliance with a legal obligation
- for the establishment, exercise, or defense of legal claims
8.4 Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request the restriction of the processing of your personal data.
8.5 Right to Data Portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format, provided that the processing is based on Art. 6 para. 1 lit. a or lit. b GDPR and the processing is carried out by automated means.
8.6 Right to Withdraw Consent (Art. 7 para. 3 GDPR)
If the legal basis for processing is Art. 6 para. 1 lit. a GDPR (consent), you have the right to withdraw your consent at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
8.7 Right to Object (Art. 21 GDPR)
If the legal basis for processing is Art. 6 para. 1 lit. e or lit. f GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation.
8.8 Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)
You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR.
The supervisory authority responsible for us is:
The State Commissioner for Data Protection and Freedom of Information Saxony
Saxon Commissioner for Data Protection and Transparency
Devrientstraße 5
01067 Dresden
Phone: 0351 / 85471-101
Email: post@sdtb.sachsen.de
Website: https://www.datenschutz.sachsen.de
Contact for exercising your rights
To exercise your rights and for questions or complaints regarding the use of your personal data, you can contact us:
König Albert Gaststättenbetriebs GmbH
Moritzburger Weg 67
01109 Dresden
Tel. (0351) 804 48 83