Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 Thank you for visiting our website and for your interest in our restaurant. In the following, we explain how we process your personal data when you use our website. Personal data means any information relating to an identified or identifiable natural person.

1.2 The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

Restaurant Rhodos
Owner: Kamiran Abdullah
August-Hinrichs-Str. 12
26215 Wiefelstede
Germany
Phone: +49 1573 2115507
E-mail: restaurant-rhodos@web.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 If you use our website for informational purposes only, without registering or otherwise providing us with information, we only collect the data that your browser automatically transmits to our server (so-called "server log files"). These include:

  • the page you visited
  • date and time of access
  • the amount of data transferred
  • the referring website from which you accessed our website
  • the browser used
  • the operating system used
  • your IP address, possibly in abbreviated form

The processing is carried out on the basis of Article 6(1)(f) GDPR, as we have a legitimate interest in ensuring the technical stability and functionality of our website. This data is not passed on to third parties. However, we reserve the right to review the server log files retrospectively if there are concrete indications of unlawful use.

2.2 To protect the transmission of your data, we use SSL/TLS encryption. You can recognize an encrypted connection by the "https://" prefix and the padlock symbol in your browser's address bar.

3) Hosting

We use an external hosting provider to host and display our website. Any data collected through the use of this website is processed on the provider's servers. We have concluded a data processing agreement with the hosting provider to ensure the protection of your personal data and to prevent unauthorized disclosure to third parties.

4) Cookies

Our website uses cookies, which are small text files stored on your device. Some cookies are automatically deleted after you close your browser (session cookies), while others remain stored on your device for a longer period and enable us, for example, to remember your website preferences (persistent cookies).

If personal data is processed through cookies, the processing is based on Article 6(1)(b) GDPR (performance of a contract), Article 6(1)(a) GDPR (your consent), or Article 6(1)(f) GDPR (our legitimate interest in providing a functional and user-friendly website), depending on the purpose.

You can configure your browser to notify you whenever cookies are set, allow cookies only in individual cases, or generally reject cookies. Please note that disabling cookies may limit the functionality of our website.

5) Contact

If you contact us by phone, email, or via our contact form, we process the personal data you provide solely for the purpose of handling and responding to your inquiry.

The legal basis for this processing is our legitimate interest in responding to your request in accordance with Article 6(1)(f) GDPR. If your inquiry relates to the initiation or performance of a contract (for example, a table reservation or an event request), the additional legal basis is Article 6(1)(b) GDPR. Your data will be deleted once your request has been fully resolved, provided there are no statutory retention obligations.

6) Table Reservations via Dish

In addition to telephone reservations, we offer you the possibility of making table reservations using the online reservation system "Dish". The data you provide during the reservation process (such as your name, contact details, preferred reservation date and time, and the number of guests) will be transmitted to and processed by the provider of the reservation system for the purpose of managing your reservation.

The processing is based on Article 6(1)(b) GDPR, as it is necessary for handling your reservation request. Where required, we have concluded a data processing agreement with the reservation service provider to ensure the protection of your personal data.

Payment for your order or restaurant visit is made exclusively on-site at the restaurant. No online payment processing takes place through our website or the reservation system. Therefore, no payment data is transmitted to payment service providers.

7) Rights of the Data Subject

7.1 Under the GDPR, you have the following rights regarding the processing of your personal data:

  • Right of access (Article 15 GDPR)
  • Right to rectification (Article 16 GDPR)
  • Right to erasure (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to notification (Article 19 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to withdraw consent at any time (Article 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

7.2 Right to Object

If we process your personal data based on our legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to object at any time to such processing on grounds relating to your particular situation.

If you object, we will stop processing the affected data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time. Once you object, we will cease processing your personal data for such marketing purposes.

8) Storage Period of Personal Data

The storage period for personal data depends on the respective legal basis, the purpose of processing, and, where applicable, statutory retention periods (such as those required under commercial or tax law).

Personal data processed on the basis of your consent pursuant to Article 6(1)(a) GDPR will be stored until you withdraw your consent.

If statutory retention periods apply to data processed for the performance of a contract or pre-contractual measures pursuant to Article 6(1)(b) GDPR, such data will be routinely deleted after the applicable retention periods have expired, unless further storage is necessary for the performance of the contract.

Personal data processed on the basis of Article 6(1)(f) GDPR will be stored until you exercise your right to object under Article 21 GDPR, unless we can demonstrate compelling legitimate grounds for continuing the processing.

In all other cases, personal data will be deleted as soon as the purpose for which it was collected no longer applies.

```