Data protection

This text is translated automatically and can contain spelling mistakes. Please visit the german site if your are unsure

I. Name and address of the person responsible

The person responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

SVAAdish Hoheluft GmbH
Ms. Ravneet Kaur Muhar
Hoheluftchaussee 125
20253 Hamburg
germany
Email: info@svaadish
Site: www.svaadish.de

There is no obligation to appoint a data protection officer. Data protection inquiries can be sent to the e-mail address info@svaadish.de be directed.

II. General information about data processing

1. Scope of processing of personal data

In principle, we only process our users' personal data to the extent necessary to provide a functional website and our content and services. Details of the individual processing operations, their scope, purpose and legal basis can be found when describing the respective processing in this privacy policy.

2. Legal basis for processing personal data

The processing of our users' personal data is based on the following legal bases.

  • Insofar as we obtain consent from the data subject for processing personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
  • When processing personal data that is necessary to fulfill a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
  • Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
  • If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 (1) (f) GDPR serves as the legal basis for processing.

3. Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by European or national legislators in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted when a storage period prescribed by the above standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.

III. Provision of the website and creation of log files

1. Description and scope of data processing

Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected here:

  • Information about the browser type and version used
  • The user's operating system
  • The user's Internet service provider
  • The user's IP address
  • date and time of access
  • Websites from which the user's system accesses our website
  • Websites that are accessed by the user's system via our website

The data is also stored in our system's log files. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f DSGVO.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. To do this, the user's IP address must be stored for the duration of the session.

They are stored in log files to ensure the functionality of the website. We also use the data to optimize the website and ensure the security of our information technology systems. There is no evaluation of the data for marketing purposes in this context.

These purposes also include our legitimate interest in data processing in accordance with Article 6 (1) (f) GDPR.

4. Duration of storage, right of objection and removal

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible after anonymization of the data. In this case, the IP addresses of the users are deleted or distorted so that it is no longer possible to assign the calling client.

The collection of data to provide the website and the storage of data in log files is absolutely necessary for the operation of the website. There is therefore no option for the user to object.

IV. Use of technically necessary cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, cookies can be stored on the user's operating system. These cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again. Some elements of our website require that the calling browser can be identified even after a page change.

We use the following cookies:

  • borlabsCookie: Saves the user's settings for cookie behavior

2. Legal basis for data processing

The legal basis for processing personal data using technically necessary cookies is Art. 6 para. 1 lit. f DSGVO.

3. Purpose of data processing

The purpose of using technically necessary cookies is to enable the use of websites for. Some functions of our website cannot be offered without the use of cookies. For this, it is necessary that the browser is recognized even after a page change.

The user data collected through technically necessary cookies is not used to create user profiles.

The purposes mentioned above also include our legitimate interest in processing personal data in accordance with Article 6 (1) (f) GDPR.

4. Duration of storage, right of objection and removal

Cookies are stored on the user's computer and transmitted from it to our site. As a user, you therefore also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

V. Use of technically unnecessary cookies/plug-ins

1. Description and scope of data processing

In addition to the technically necessary cookies, we use other cookies/plugins on our site to make the use of the site more convenient and to provide access to video and social media platforms.

We use the following cookies/plugins:

If users agree to the setting of such a cookie/plugin, a connection is established to the provider servers, some of which are located in third countries (e.g. the USA). As a result, the provider receives the information that the user has accessed the corresponding subpage of our website. In addition, further data may be transmitted to the provider. Details can be found in the respective privacy policies of the providers (see above).

There is currently no adequacy decision by the EU Commission for the transfer to the USA. This means that without further protective measures, the user's data does not enjoy as high a level of protection as is the case within the EU. Authorities, for example, may have access to the user's personal data.

2. Legal basis for data processing

We only use the cookies mentioned above with the user's prior express consent. The legal basis is Article 6 (1) (a) GDPR. This also applies to any transfer to third countries.

3. Purpose of data processing

The purpose of using the above-mentioned cookies/plugins is to be able to display third-party content on the site.

4. Duration of storage, right of objection and removal

Cookies are stored on the user's computer and transmitted from it to our site. As a user, you therefore also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

 VI. Registration and online ordering

1. Description and scope of data processing

You can order online on our website as a guest or by appointment in advance. When ordering, the data entered in the input mask is sent to us and stored. This data is:

  • First name
  • surname
  • firm
  • email address
  • phone number
  • address
  • gender

This data is used exclusively to fulfill the contract and may be transmitted to third parties insofar as this is necessary to fulfill the contract (see section X).

2. Legal basis for data processing

The legal basis for processing data to carry out pre-contractual measures and to fulfill a contract to which the user is a party is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

The purpose of data processing is the fulfilment of contracts. Without the data provided, it is not possible to execute and process contracts.

4. Duration of storage, right of objection and removal

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

VII. Newsletter

1. Description and scope of data processing

You can subscribe to a free newsletter on our website. Your email address will be sent to us when you sign up for the newsletter.

As part of the registration process, your consent is obtained to process the data and reference is made to this privacy policy.

2. Legal basis for data processing

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a DSGVO, if the user has given his consent.

3. Purpose of data processing

The purpose of collecting the user's email address is to deliver the newsletter.

4. Duration of storage, right of objection and removal

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address is therefore stored as long as the subscription to the newsletter is active.

The subscription to the newsletter can be cancelled by the affected user at any time. For this purpose, there is a corresponding link in every newsletter.

VIII. Email contact

1. Description and scope of data processing

You can contact us via the email address provided. In this case, the user's personal data transmitted with the email will be stored and processed to answer the email request.

2. Legal basis for data processing

The legal basis for processing data transmitted in the course of sending an email is Art. 6 para. 1 lit. f DSGVO. If the email contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b DSGVO.

3. Purpose of data processing

The sole purpose of processing personal data is to process the contact. This is also the necessary legitimate interest in processing the data.

4. Duration of storage, right of objection and removal

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has finally been clarified.

If you have been contacted by e-mail, you can object to the storage of personal data at any time. In such a case, the conversation cannot be continued. In this case, all personal data stored in the course of contacting us will be deleted.

IX. Table reservation

1. Description and scope of data processing

Users can reserve a table on our website. The following information is required to make a reservation:

  • First name, last name
  • email address
  • phone number

In addition, additional data (occasion, special request) can be provided as an option.

2. Legal basis for data processing

The legal basis for processing the data is Article 6 (1) (b) GDPR.

3. Purpose of data processing

The purpose of processing personal data is to make the reservation.

4. Duration of storage, right of objection and removal

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

X. Transfer to third parties

In some cases, it is necessary to transfer the user's personal data to third parties.

Transmission to service providers (order processing):
If service providers provide services on our behalf that are necessary to provide services (e.g. table reservation); as part of this so-called processing on behalf of (Art. 28 GDPR), we ensure the protection of your data through strict contractual regulations, technical and organizational measures and additional controls.

Transfer to payment provider:
In order to give the user the option to pay online when ordering, personal data is transmitted to payment providers (Paypal (Europe) S.à.r.l. et Cie, S.C.A., Mollie B.V.). Data transmission is based on Art. 6 para. 1 lit. b DSGVO.

Transfer to a third country or to an international organization:
If a service provider is located in a third country, appropriate measures (in particular use of EU standard contractual clauses and, if applicable, further protective measures) ensure that the user's rights as a data subject are protected, unless consent has been given in accordance with Art. 49 (1) (a) GDPR.

XI. Rights of the person concerned

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:

1. Right to information

You can request confirmation from the person responsible as to whether personal data concerning you is being processed by the person responsible.

If there is such processing, you can request the following information from the person responsible:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data that are processed;

(3) the recipients or categories of recipients to whom the personal data concerning you has been or is still being disclosed;

(4) the planned duration of storage of personal data concerning you or, if specific information is not possible, criteria for determining the storage period;

(5) the existence of a right to correct or delete personal data concerning you, a right to restrict processing by the person responsible or a right to object to this processing;

(6) the right to lodge a complaint with a supervisory authority;

(7) all available information about the origin of the data if the personal data is not collected from the data subject;

(8) the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) GDPR and — at least in these cases — meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is being transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees in accordance with Article 46 GDPR in connection with the transfer.

2. Right to rectification

You have the right to correct and/or complete the data controller if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.

3. Right to restrict processing

You can request that the processing of personal data concerning you be restricted under the following conditions:

(1) if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to verify the accuracy of the personal data;

(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;

(3) the person responsible no longer needs the personal data for processing purposes, but you need them to assert, exercise or defend legal claims, or

(4) if you have filed an objection to processing in accordance with Article 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data — apart from storage — may only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the person responsible before the restriction is lifted.

4. Right to deletion

a) Obligation to delete

You can request that the person responsible delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:

(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

(2) You withdraw your consent on which processing was based in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR, and there is no other legal basis for processing.

(3) You object to processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for processing, or you object to processing in accordance with Article 21 (2) GDPR.

(4) The personal data concerning you was processed unlawfully.

(5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.

(6) The personal data concerning you was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.

b) Information to third parties

If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Article 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform data controllers who process the personal data that you, as a data subject, have deleted all links to this personal data or copies or replications of this personal data from them have requested personal data.

c) Exemptions

The right to deletion does not exist insofar as processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) to fulfill a legal obligation which requires processing under Union or Member State law to which the controller is subject, or to perform a task which is in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR, insofar as the right referred to in section a) is likely to make impossible or seriously impair the achievement of the objectives of this processing, or

(5) to assert, exercise or defend legal claims.

5. Right to be informed

If you have asserted the right to correct, delete or restrict processing against the person responsible, the controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right vis-à-vis the person responsible to be informed about these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the person responsible, in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided

(1) processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR, and

(2) processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected as a result.

The right to data portability does not apply to processing of personal data that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible.

7. Right of objection

For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data concerning you, which is carried out on the basis of Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller will no longer process your personal data unless he can prove compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

Notwithstanding Directive 2002/58/EC, you have the option to exercise your right of objection in connection with the use of information society services by means of automated procedures using technical specifications.

8. Right to withdraw the declaration of consent under data protection law

You have the right to withdraw your data protection consent at any time. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the withdrawal.

9. Automated decision in individual cases, including profiling

You have the right not to be subject to a decision based exclusively on automated processing — including profiling — which has legal effect on you or significantly affects you in a similar way. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the person responsible,

(2) is permitted by Union or Member State legislation to which the controller is subject and that legislation contains appropriate measures to protect your rights and freedoms and your legitimate interests, or

(3) is made with your express consent.

However, these decisions must not be based on special categories of personal data under Article 9 (1) GDPR, unless Article 9 (2) lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to protect the rights and freedoms and your legitimate interests, including at least the right to obtain the action of a person from the controller, to express his own position and to challenge the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.