Privacy Policy

In order to deliver your orders quickly and reliably, we work with external shipping service providers Depending on the chosen shipping method and the logistics partner, processing of personal data passed on to the respective shipping service provider.

The transfer of this data takes place in accordance with Article 6 paragraph 1 letter b GDPR to Fulfillment of the contract (delivery of the ordered goods). In certain cases, processing may be based on a legitimate interest pursuant to Art. 6 (1) lit. f GDPR in particular for shipment tracking or to optimize shipping processes.

Our website is hosted on the servers of a hosting provider which provides the necessary technical infrastructure. This includes the storage and processing of website data, emails and databases as well as ensuring the availability and security of the website.

As part of the hosting, technical data are automatically recorded Server log files which may contain the following information:

• visitor's IP address
• Date and time of access
• Pages and files accessed
• Referrer URL (the previously visited page, if applicable)
• browser type, version and operating system
• Amount of data transferred and loading times

This data is used exclusively for technical monitoring, error analysis and security of the server infrastructure (e.g. to defend against attacks or to optimize server performance).

The processing of this data is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR at a stable, secure and efficient operation of our websiteThe server log files are stored for a limited period of time and then automatically deleted, unless security-relevant events require longer storage.

Our website uses a e-commerce systemto enable the sale of products and services. Depending on the platform, different functions are provided, such as product management, order processing, customer accounts and payment integration.

To protect our website and user data, we use security solutions that help unauthorized access, hacking attempts and malicious activities These systems analyze the traffic on our website, block suspicious activities and report security-related incidents.

The processing of this data is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR, to the integrity, availability and security of our website .

As part of these security measures, the following data may be processed:

• IP address and location information (to identify potential attackers)
• access attempts & login attempts (to detect brute force attacks)
• browser and system information (to analyze bot traffic and potential security threats)
• Failed login attempts & suspicious activities

This data is stored limited in time and is used exclusively for detection and defense against attacks utilized.

To communicate with our customers and interested parties, we offer various messenger and live chat services These enable a quick and direct contact via our website or external platforms.

The use of these messenger services is based on:

• Article 6 paragraph 1 letter b GDPR – if the communication to contract fulfillment or customer service necessary is.
• Art. 6 para. 1 lit. f GDPR – based on our legitimate interest on fast and efficient customer communication.
• Art. 6 para. 1 lit. a GDPR – if certain functions require a consent required (e.g. chatbots or message storage).

When using these services, personal data may be collected and processed, including:

• Name or username (depending on the platform)
• Phone number or email address (if provided)
• message content and transmitted files
• time of communication
• IP address and technical data (for web chats)

This data is not used for advertising purposes, but serve exclusively the processing of inquiries and support services.

To simplify table reservations, appointment bookings or event registrations we use different online reservation systems, which can be integrated directly into our website or linked as external booking platforms. These systems enable our guests and customers to View availability in real time and make bookings conveniently online.

The use of these reservation systems is based on:

• Article 6 paragraph 1 letter b GDPR – if the reservation is Fulfillment of the contract or provision of a requested service.
• Art. 6 para. 1 lit. f GDPR – based on our legitimate interestto provide efficient reservation options.
• Art. 6 para. 1 lit. a GDPR – provided that a consent is necessary, especially when using external systems with additional analysis or marketing functions.

What data is processed when making reservations?

Depending on the system used, the following personal data may be collected and processed:

• Name and contact details (email address, telephone number)
• Date, time and number of reserved persons
• Special requests or comments regarding the reservation
• IP address and technical data (for online reservations via embedded widgets or platforms)
• Payment details (if a reservation requires a deposit or prepayment)

This data is used exclusively for processing the reservation and will not be passed on to third parties unless this is necessary for technical provision of the booking function or for contract processing.

reservation via third-party platforms

If you make a reservation via a integrated third-party platform on our website or via an external link, the data processing will be carried out in accordance with the data protection guidelines of the respective providerDepending on the system used, data is processed on servers outside the EU.

Further information on data processing by the respective providers can be found in their privacy policies.

Opt-Out & Deletion

• If you would like to cancel a reservation or restrict the processing of your reservation data, you can contact us directly.
• Reservation data will only be stored for as long as is necessary to fulfill the booking purpose or to comply with legal retention requirements.

Our website uses Cookies and similar technologiesto improve the user experience, perform statistical analysis and provide personalized content or advertising. In this privacy policy we explain what types of cookies we use, what data is processed and how you can manage your cookie settings.

What are cookies?

Cookies are small text files that are stored on your device (computer, smartphone, tablet) when you visit a website. They contain information that allows the website to recognize your device on future visits. In addition to cookies, there are also similar technologies such as Local storage, pixel tags or web beacons, which can also be used for data storage or processing.

Types of cookies we use

Our website uses different types of cookies:

1. Necessary cookies (Essential Cookies)
   • These cookies are necessary for the basic functionality of the website and cannot be deactivated.
   • They store, for example, login data, shopping cart contents or language settings.
   • Legal basis: Legitimate interest pursuant to Art. 6 (1) lit. f GDPR.
2. Functional cookies
   • These cookies enable additional functionality such as storing user preferences.
   • Without these cookies, certain features may not work properly.
   • Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR.
3. analysis and statistics cookies
   • These cookies help us understand how visitors use our website by collecting anonymous usage statistics.
   • Examples: Google Analytics, Matomo, Hotjar.
   • Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR.
4. marketing and tracking cookies
   • These cookies are used to targeted advertising or create user profiles for personalized content.
   • They can be set by third parties (e.g. Google Ads, Facebook Pixel, Microsoft Ads).
   • Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR.

storage period and third-party cookies

Cookies are either Session cookies (are deleted after closing the browser) or persistent cookies (remain on the device for a predefined period of time). Third-party cookies come from external services that are integrated into our website.

The exact storage period depends on the respective cookie. A list of all cookies set, their function and storage period can be found in our cookie banner or browser settings . view

Consent and management of cookies

When you first visit our website, you will be presented with a Cookie banner asked to choose your preferences. Before your consent we set only necessary cookiesthat are necessary for the basic functionality of the website. Non-necessary cookies (e.g. for analysis or marketing) are only activated after your explicit consent. You can choose between:

• Accept all cookies
• Allow only necessary cookies
• Make individual cookie settings

You can change your cookie settings at any time via our cookie management tool Alternatively, you can change or revoke your consent in your Delete or block browser cookiesHowever, disabling certain cookies may limit the functionality of the website.

Objection to cookies and tracking technologies

If you do not have one analysis and marketing cookies If you want to allow this, you have the following options:

• Enable Do-Not-Track: Many browsers offer an option to reject tracking by default.
• Use ad blockers or privacy plugins: Extensions such as uBlock Origin or Privacy Badger block advertising and tracking scripts.
• Disable personalized advertising:
  • Google Ads: https://adssettings.google.com/
  • Facebook: https://www.facebook.com/adpreferences/ad_settings
  • Microsoft Ads: https://account.microsoft.com/privacy/ad-settings

Further information

For detailed information on the processing of cookies by third parties and the applicable privacy policies, you can consult their privacy policies:

• Google: https://policies.google.com/technologies/cookies
• Meta/Facebook: https://www.facebook.com/policies/cookies/
• Microsoft: https://privacy.microsoft.com/de-de/privacystatement

In order to optimize the loading times of our website and to ensure stable performance, we use so-called Content Delivery Networks (CDNs)A CDN is a network of servers that serves static content such as scripts, stylesheets or fonts from a geographically nearby server. This enables faster loading speed and better website availability.

When you visit our website, certain external libraries can be loaded from CDN servers. Your IP address is transmitted to the respective provider in order to make the file available. Depending on the service provider, additional technical information such as browser type, operating system or the page accessed may be processed.

If you do not want data to be transferred to third parties via CDNs, you can disable the use of external scripts in your browser or use browser extensions that block CDNs.

Our website uses Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables us to analyze the behavior of users on our website and thereby optimize our content and services.

Which data are processed?

Google Analytics 4 uses cookies and similar tracking technologies to collect information about the use of our website. The following data is processed, among others:

• Pages visited and interactions on the website
• time spent on individual pages
• Origin of the website visit (referrer, search engine, advertisement)
• device type, browser and operating system
• Anonymized IP address (shortened by IP anonymization)
• Location data (approximate geographic origin)
• language settings and technical information

In GA4, data collection takes place event-based and no longer session-based, allowing for more detailed analysis.

Purpose of data processing

We use Google Analytics to statistically record and evaluate the use of our website. This enables us to improve the user experience, optimize content and measure the success of advertising measures.

The data processing is based on our legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR to analyze user behavior. If consent is required (e.g. through a cookie banner), the processing is based on Art. 6 Para. 1 lit. a GDPR.

data transfer and storage

The data collected by Google Analytics is transferred to and stored on Google servers. Google may transfer this information to third parties if required to do so by law or if third parties process the data on Google's behalf.

Some of these servers are located in the USA or other third countries. Since the USA is considered an unsafe third country within the meaning of the GDPR, access to personal data by US authorities cannot be ruled out. To ensure security, we use standard contractual clauses (SCCs) of the EU Commission which requires Google to comply with European data protection standards.

Storage duration of the data

The data collected is stored in Google Analytics for a period of 2 to a maximum of 14 months stored, depending on the settings of our account. After this period, the data is automatically deleted.

right of objection and opt-out options

You can object to the use of Google Analytics at any time:

1. Settings in the cookie banner: If you refuse the use of analysis cookies, Google Analytics will not be activated.
2. Browser add-on for deactivation: You can use Google Analytics with a browser plug-in from Google deactivate:
   https://tools.google.com/dlpage/gaoptout?hl=de
3. Do-Not-Track setting: You can activate the “Do Not Track” setting in your browser to limit the analysis of your activities.

Your rights

According to the GDPR, you have the following rights with regard to your data:

• Right to information (Article 15 GDPR): You can request confirmation as to whether and which of your personal data is being processed.
• Right to rectification (Article 16 GDPR): If your data is incomplete or incorrect, you can request that it be corrected.
• Right to erasure (Article 17 GDPR): You can request the erasure of your personal data under certain conditions.
• Right to restriction of processing (Article 18 GDPR): You have the right to request restriction of the processing of your data.
• Right to object (Article 21 GDPR): You can object to the processing of your data if it is based on a legitimate interest.

To exercise these rights or for further information, please contact us using the contact details provided in the imprint.

Further information

You can find Google’s privacy policy here:
https://policies.google.com/privacy?hl=de

Our website uses fonts from Google Fonts, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, IrelandGoogle Fonts allows us to load fonts directly from Google servers and display them on our website.

Which data are processed?

When you load Google Fonts, a connection is established to Google's servers. Google can collect the following data:

• your The IP address,
• the website you are visiting,
• the browser and operating system used,
• as well as technical information on the display of fonts.

This data may be used by Google for analysis purposes. However, according to Google, no cookies are set or personal user profiles created.

Legal basis and purpose of use

Google Fonts are used to uniform and appealing presentation of our website This is a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. If a consent via a cookie banner is required, the processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR.

Data transfer to third countries

Since Google is a US company, the data collected may be stored on servers in the USA or other third countries Google uses EU standard contractual clauses (SCCs)to ensure an adequate level of data protection.

Further information about Google Fonts and Google’s privacy policy can be found here:
https://policies.google.com/privacy
https://developers.google.com/fonts/faq

Our website uses various map servicesto provide interactive maps and enable the display of geographic locations. These services are operated by third parties and may process personal data when loading the map.

Depending on the provider, the following information may be collected:

• your The IP address,
• the page called with the embedded map,
• Location data (if location sharing has been activated),
• technical information about your browser and device.

The use of these map services is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPRto provide you with a comfortable map display. If a consent required (e.g. when using cookies or active location sharing), the processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR.

Our website uses  Google reCAPTCHA , a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irelandto ensure that certain form entries are not misused by automated programs (bots).

reCAPTCHA analyzes the behavior of website visitors and helps us prevent spam and abuseVarious data is collected and transmitted to Google.

The use of reCAPTCHA is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR on the security of our website. If Google reCAPTCHA uses cookie or tracking technology, processing can only take place with your Consent pursuant to Art. 6 para. 1 lit. a GDPR respectively.

Our website uses the Google Tag Manager, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager enables us to management and implementation of tracking tags (e.g. for Google Analytics, Google Ads, Facebook Pixel or other tracking and analysis tools) without having to directly change the source code of the website.

Which data are processed?

The Google Tag Manager itself stores no personal data and sets no own cookiesIt only serves as a management tool for other tracking services that are integrated through it.

However, the tracking services loaded by Google Tag Manager may collect personal data, including:

• The IP address
• browser and device information
• Pages visited and interactions
• location data (if enabled)
• cookie IDs and user behavior

Whether and which data is collected depends on the services integrated via the Google Tag Manager (e.g. Google Analytics, Facebook Pixel, Google Ads). Details about these services can be found in the respective sections of this privacy policy.

Purpose and legal basis of data processing

The Google Tag Manager is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR on simple and efficient management of tracking and analysis tools.

If tracking tags are integrated, the require consent (e.g. Google Analytics, Facebook Pixel), the processing is only carried out on the basis of your Consent pursuant to Art. 6 para. 1 lit. a GDPRwhich you can give or refuse via our cookie banner.

Data transfer and transmission to third countries

Google can store data in Third countries, in particular the USA, transferTo ensure an appropriate level of data protection, Google uses EU standard contractual clauses (SCCs).

Further information on data processing by Google can be found in the Google Privacy Policy:
https://policies.google.com/privacy

How can you control tracking through Google Tag Manager?

If you do not want tracking tags to be executed via Google Tag Manager, you have the following options:

• Adjust cookie settings: You can manage your consent to certain tracking services through our cookie management tool.
• Enable Do-Not-Track: Many browsers offer an option to reject tracking requests by default.
• Use browser add-ons: Google offers a opt-out plugin for Google Analytics, which you can find here:
  https://tools.google.com/dlpage/gaoptout

The Google Tag Manager itself cannot be deactivated directly, as it does not store or process any data. If you want to block tracking tools completely, we recommend browser add-on or an ad blocker.

Our website uses translation servicesto provide content in different languages. These services are operated by third parties and may process personal data, in particular when automatic translation is invoked.

The following data can be recorded:

• The IP address
• website accessed
• browser and device settings
• language settings
• input data in forms (if applicable)

The processing is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR on a barrier-free, multilingual presentation of the website. If data is transferred to third parties, your Consent pursuant to Art. 6 para. 1 lit. a GDPR to be required.

We offer you the opportunity to subscribe to our newsletter in order to be regularly informed about news, offers and relevant information. Our newsletter will only be sent with your express consent in accordance with Art. 6 Paragraph 1 Letter a of GDPR. You can revoke your consent at any time by using the unsubscribe link in the respective email or by contacting us directly.

To send our newsletter, we work with external service providers who process your data on our behalf. Depending on the provider you choose, your personal data will be stored and processed in the systems described below.

Revocation and unsubscription from the newsletter

You can revoke your consent to receive our newsletter at any time. To do so, you can either "Unsubscribe" link at the end of each email or contact us directly. After unsubscribing, your data will be deleted unless there are statutory retention periods.

Our website may include content and features from social networks to enable you to better interact with our content. This may result in the transfer of personal data to the respective platforms. This happens in particular when you click on a social media button, view embedded content or visit our website with a logged-in social media account.

Depending on the platform, data such as your IP address, device information, pages accessed, date and time of visit and your user behavior processed. If you are logged into your social media account at the same time, the respective platform can assign the collected information to your user profile.

Data processing by social media services is generally carried out on the basis of our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in the presentation of appealing content and on the basis of your consent (Art. 6 Para. 1 lit. a GDPR), provided that you actively consent to the use of certain services.

If you do not want social media providers to collect data about you, you can log out of your social media account before visiting our website or Use your browser's tracking protection features.

Our website uses the Rank Math plugin for search engine optimization. This plugin collects and processes technical data (e.g. page information, meta data) to improve the SEO performance of our website. The data processing is based on our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR. Further information on how your data is handled can be found in the Rank Math Privacy Policy.

Our website is hosted on a server of hosting provider which provides the technical infrastructure for the operation and accessibility of the website. Depending on the hosting provider, personal data may be processed, in particular Ensuring server stability, error analysis and defense against attacks.

The processing of this data is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR on the safe and reliable operation of our website.

We take the protection of your personal data very seriously. As part of the payment processing in our online shop, we process your payment information in compliance with the statutory data protection regulations, in particular the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

What is a payment provider?

A payment provider (also known as a payment service provider, or PSP for short) is a service provider that handles the technical and secure processing of online payments. It provides interfaces between our online shop, your bank or your payment service provider (e.g. credit card company, PayPal, Sofortüberweisung) and ensures that payments are processed quickly, securely and reliably.

Why do we need a payment provider?

We work with specialized payment service providers so that you can pay for your purchases in our online shop easily and securely. These providers ensure:

• Secure payment processing: Your payment data is transmitted encrypted and processed according to the highest security standards.
• Diverse Payment Options: We can offer you various payment methods such as credit card, instant bank transfer or digital wallets.
• Fraud prevention: Providers conduct security checks to prevent misuse and fraudulent transactions.
• Legal and technical security: By working with regulated payment providers, we ensure that all transactions comply with applicable legal requirements.

credit check and fraud prevention (fraud control)

To minimize the risk of payment defaults and fraudulent activities, our payment providers and/or we ourselves may carry out a credit check or fraud prevention. The following measures may be applied:

• Credit check: If you choose a payment method with later payment (e.g. purchase on account), our payment provider or a commissioned credit agency can carry out a credit check. Data from external credit agencies (e.g. CRIF, KSV 1870) is used to assess your ability to pay.
• Fraud Control: To prevent fraud, our payment providers use automated systems to detect suspicious transactions. These systems analyze various factors, including IP addresses, unusual order patterns or device information.

These checks are carried out on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR in order to prevent payment defaults and fraud. If a credit check is negative, we reserve the right not to offer you certain payment methods.

Further details on the processing of your data by the respective payment providers can be found in the following sections.

Storage and deletion of payment data

We do not store complete payment data such as credit card numbers or bank details. This sensitive information is only processed and securely stored by our payment providers. Our system only stores the data that is required to process the payment and to comply with legal requirements.

This includes in particular billing data such as name, billing address, order information and payment status. Depending on the payment method, it may be necessary to store a transaction reference or a token provided by the payment provider to enable the payment to be assigned. In some cases, partial information, such as the last four digits of a credit card, may also be stored if this is necessary to identify a payment.

Invoice-related data is subject to statutory retention periods and is stored for up to seven years in accordance with tax law. We only store technical payment data, such as transaction IDs, for as long as is necessary for accounting purposes or to prevent fraud.

After the statutory deadlines have expired, the stored data is either deleted or anonymized so that it can no longer be assigned to a person.