Data protection statement

Protezione dei dati personali.

Your data is safe with us

Data protection statement

FR L'Osteria SE
Otl-Aicher-Str. 60
80807 Munich

The protection of your personal data is a very important concern as the operators of this website. We to this end treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this data protection statement.

The use of our website is usually possible without providing personal information. Insofar as personal data is collected on our part (such as name, address or e-mail address); this is as far as possible always performed on a voluntary basis. This data will not be passed on to a third party without your express consent.

We point out that data transmission over the Internet (e.g. when communicating via e-mail) may exhibit security gaps. A complete protection of data against access by third parties is not possible.

Privacy Policy

This privacy notice, provided in accordance with Article 13 et seq. of the GDPR, fulfills the obligation to provide information regarding the collection of personal data on our website.

1. NAME AND CONTACT INFORMATION OF THE DATA CONTROLLER:
FR L'Osteria SE
Otl-Aicher-Straße 60
80807 Munich (hereinafter “FR L'Osteria,” “we,” “us”).

However, the data controller may vary depending on the job opening to which you are applying. Accordingly, a franchise partner or a joint venture of FR L'Osteria SE may also be the data controller under data protection law. A list of these partner companies can be found here.

2. CONTACT INFORMATION FOR THE DATA PROTECTION OFFICER:
Holzhofer Consulting GmbH
Martin Holzhofer
Lochhamer Str. 31
82152 Planegg
Tel.: (0 89) 1 25 01 56 00
E-Mail: datenschutzbeauftragter-fr-losteria@holzhofer-consulting.de

If you wish to exercise your data subject rights in accordance with Section 8 of our Privacy Policy, please use the contact information below so that we can process your request as quickly as possible:

feedback@losteria.de

+49 (0) 89 3 89 89 89 0

3. Purposes for which personal data will be processed, as well as the legal basis for the processing

3.1. Processing of access data

For technical reasons, we process a limited amount of data (so-called connection data) every time our website is accessed. This data is technically necessary to establish and maintain a connection between your device and our servers. This data is processed in the web server’s main memory for the duration of the connection.

The following data or categories of data are collected in this process:

IP address
MAC address
Source port of the requesting device or a gateway (e.g., firewall or proxy)
Timestamp (date and time) of the request
Amount of data transferred
Operating system used
Indication of whether the request was successful (via HTTP error code)
Notification of why a request may have failed (via HTTP error code)
Referrer URL (website from which our main page or subpages were accessed)
User-Agent (browser type used to access our website, along with version)
Width and height of the display screen
Language settings of your browser

The IP address, timestamp, HTTP error code, referrer, and user agent are automatically logged when you visit our website to ensure its functionality and security. Furthermore, the logs are used to optimize the website. Your IP address is processed in the logs only in truncated form and is therefore anonymized. We cannot create user profiles containing personal data using this information.

The processing is technically necessary for the operation of the website and is therefore carried out on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. A balancing of interests was conducted and concluded that the processing is necessary to safeguard our legitimate interests, and that these interests outweigh your interests, fundamental rights, and freedoms that require the protection of personal data.

3.2. Cookies and Related Technologies

3.2.1. General Information

This website uses cookies and related technologies (e.g., scripts) in certain cases. Cookies do not harm your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective, and secure. These are small text files that are stored on your device and saved by your browser, for example, to “remember” information about you, such as your language settings or login information. Some of these cookies are set by us and are referred to as first-party cookies. We also use third-party cookies and related technologies, which originate from a domain other than that of the website you are visiting.

We generally distinguish between the following categories:

Technically necessary cookies and related technologies
Functional cookies and related technologies
Performance cookies and related technologies
Cookies and related technologies for marketing purposes
Social media cookies and related technologies

For more information about each category, as well as the option to opt out of any category (except those required for technical reasons), please visit the “Privacy Settings” page at the following link:

PRIVACY SETTINGS

3.2.2. Technically Necessary Cookies and Related Technologies

Most of the cookies we use are so-called “session cookies.” They are automatically deleted at the end of your visit. Such cookies are strictly necessary for the technical operation of the website and to provide the service requested by the user, and therefore cannot be disabled.

Processing is based on legitimate interest pursuant to Article 6(1)(f) of the GDPR. A balancing of interests was conducted and concluded that the processing is necessary to safeguard our legitimate interests, and that these interests outweigh your interests, fundamental rights, and freedoms that require the protection of personal data.

3.2.3. Cookies requiring consent, such as analytics and tracking cookies, as well as related technologies (e.g., tracking scripts)

Our website also incorporates third-party advertising, marketing, and analytics tools. These are not technically necessary for the operation of the website, but are used, for example, to track user behavior, display targeted advertisements, or enable analysis of how our website is used (e.g., Google Analytics, Facebook Pixel, or Pinterest Conversion Tracking).
These services only become active after you have expressly given your consent via the consent banner.

You can find an overview of all third-party services integrated into the website, as well as detailed information about each of these services, in Section 10.

3.3. Data processing related to our contact form

When you contact us via the contact form at losteria.net/de/kontakt/, the information you provide will generally be stored only for the purposes specified in the contact form, in particular to process and respond to your inquiry, as well as for any follow-up inquiries.

The following data or categories of data are collected and processed in this context:

Title
First Name
Last Name
Email Address
Country
Subject
Message

In order to effectively respond to your inquiry, it may be necessary for us to share your data with franchisees or joint venture partners of FR L`Osteria SE.

The legal basis for the processing of your data is our legitimate interest pursuant to Article 6(1)(f) of the GDPR. A balancing of interests was conducted and concluded that the interests of the data subjects do not outweigh our interests in processing the data. In this case, we have a legitimate interest in responding to your inquiry, for which the processing of the data and data categories mentioned here is necessary.

3.4. Customer Satisfaction Surveys (Feedback)

On our website at losteria.net/de/feedback/, you have the opportunity to provide personal feedback about your restaurant visit.

To do so, we ask for information such as the date and time of your visit, as well as a personal rating in the categories of Food & Beverages, Service, and Atmosphere. You may submit your review anonymously. In this case, we will not process any personal data.

The following additional information may be provided on a voluntary basis:

First Name
Last Name
Email Address

In this case, the processing is based on Article 6(1)(a) of the GDPR, i.e., your voluntary and informed consent.v

3.5. Newsletter Subscription

If you’d like to stay informed about new products or other interesting topics (such as regular giveaways, specials, and promotions in our restaurants or online), we invite you to subscribe to our newsletter.

You can subscribe to our newsletter by filling out the corresponding registration form at losteria.net/de/ueber-uns/newsletter/ or by checking the appropriate box on various forms (e.g., the reservation form). You will then receive an activation link at the email address you provided, which you must click to complete the registration (known as the double opt-in process).

Your subscription to the newsletter will only become active once you click the activation link. If you do not click the link, your data will be automatically deleted after 30 days. This ensures that no third party has misused your personal data.

The following data or categories of data are collected and processed in this context:

Email address

The following information may also be provided on a voluntary basis:

First name
Last name

The legal basis for the processing is Article 6(1)(a) of the GDPR, i.e., your explicit and voluntary consent in combination with the double opt-in procedure.

You may withdraw your consent at any time without providing a reason. You have several options available to do so:

You can unsubscribe by clicking the “Unsubscribe” button, which can be found in every newsletter.
You can send an informal email requesting to unsubscribe to office@losteria.de.

We use the email marketing tool SendGrid, provided by SendGrid Inc., 1801 California Street, Suite 500, Boulder, CO 80202, United States, for sending newsletters and managing newsletter campaigns.

3.6. Accepting and Managing Reservations

You can reserve a table at our restaurants on our website at losteria.net/de/reservieren/.

In order to complete and manage your reservation, we generally need the following data or categories of data from you:

Reservation details (date, time, number of guests)
First name
Last name
Email address
Phone number

The following information may also be provided on a voluntary basis:

Street
Zip Code
City
Comments
Special requests (e.g., dog, wheelchair, stroller)

The data collected during the reservation process will be processed exclusively for the purpose described above. This processing is based on Article 6(1)(b) of the GDPR, i.e., to fulfill the reservation contract with you.

We use the reservation tool provided by Aleno AG, Aegertenstrasse 6, 8003 Zurich, to accept and manage reservations.

4. Automated decision-making, including profiling

FR L’Osteria SE does not engage in automated individual decision-making, including profiling, as defined in Article 22(1) and (4) of the GDPR.

5. Transfer of data to a third country

Data transfers to countries outside the EU and the European Economic Area (“third countries”) occur in connection with the administration, development, and operation of IT systems. Such transfers are made only on the basis of:

an adequacy decision by the European Commission within the meaning of Article 45 of the GDPR.
an approved certification mechanism pursuant to Article 42 of the GDPR, together with legally binding and enforceable commitments by the controller or processor in the third country.
Standard data protection clauses adopted by the Commission in accordance with the examination procedure under Article 93(2) of the GDPR.

Currently, when you use our website, personal data is transferred to third countries through the use of third-party services in the following cases:

Transfer of data to Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Transfer of data to Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.
Transfer of data to Pinterest Inc., 505 Brannan Street, San Francisco, CA 94107, USA.
Transfer of data to TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.
Transfer of data to Civic Computing Limited, 12 South Charlotte Street, Edinburgh, Scotland, UK.
Transfer of data to Sendgrid Inc, 1801 California Street Suite 500 Boulder, CO 80202 USA.
Transfer of data to Aleno AG, Aegertenstrasse 6, 8003 Zurich.

The websites and logs are hosted exclusively on servers located in the EU, primarily in Germany..

6. Categories of data recipients

To process personal data for the purposes described here, we engage the following categories of recipients as processors within the meaning of Article 28 of the GDPR:

Server providers for hosting our websites
IT service providers for maintaining our IT infrastructure
Providers of marketing and analytics services (e.g., Google and Facebook)
Service providers for reservation software (Aleno)
Service providers for email marketing tools (Sendgrid)
Other processors within the meaning of Art. 28 GDPR in the context of data processing

These service providers process information about you on our behalf and in accordance with our instructions, and are contractually obligated to comply with applicable data protection laws.

Other recipients include franchisees or joint venture partners of FR L`Osteria SE. You can find a list of these companies here.

Your data may also be disclosed to the extent that we are legally required to do so.

7. Retention period and criteria for determining the duration

Personal data is generally retained only for as long as necessary to fulfill the purposes stated here, or as required by the retention periods prescribed by law. Once the respective purpose no longer applies or the retention periods have expired, the data will be deleted in accordance with legal requirements.

For marketing communications, we store your data until you object to its use, revoke your consent, or such communications are no longer legally permissible. We store your other data for as long as we need it to fulfill the specific purpose (e.g., for contract fulfillment or processing) and delete it once the purpose no longer applies.

In this case, all connection data is automatically deleted from the web server’s memory shortly after the connection ends. The anonymized access logs are retained for 30 days. In the event that parts of the access logs are required for the purpose of preserving evidence, these are exempt from deletion until the respective incident has been fully resolved.

8. Information about your rights as a data subject

FR L’Osteria SE is responsible for the processing of your data, unless otherwise indicated.

You may at any time request information from us (Art. 15 GDPR) regarding the data we have stored about you and request its correction (Art. 16 GDPR) in the event of errors. Furthermore, you may request the restriction of processing (Art. 18 GDPR), the portability (Art. 20 GDPR) of the data you have provided to us in a machine-readable format, or the erasure of your data (Art. 17 GDPR)—provided it is no longer needed.

In addition, you have the right at any time to object to the use of your data based on public or legitimate interests (Art. 21 GDPR).

To the extent that we process your data based on consent you have provided, you may revoke this consent at any time with future effect (Art. 7(3) GDPR). Upon receipt of your withdrawal, we will no longer process your data for the purposes specified in the consent.

If you wish to exercise your data subject rights, please direct your request to:

FR L’Osteria SE

Otl-Aicher-Straße 60

80807 Munich

feedback@losteria.de

9. Right to file a complaint with a supervisory authority

In addition, pursuant to Article 77(1) of the GDPR, you may lodge a complaint with a supervisory authority at any time. The competent authority for us is generally the

Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach, P.O. Box 1349, 91504 Ansbach, Email: poststelle@lda.bayern.de, Phone: +49 (0) 981 180093-0.

Alternatively, you may contact the supervisory authority with local jurisdiction over you.

10. Privacy Notice for All Third-Party Services Integrated into This Website

10.1. Privacy Notice Regarding the Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). Google Analytics uses “cookies,” which are text files stored on your computer that enable an analysis of your use of the website. The following information, among other things, may be collected:

Browser type/version,
operating system used,
referrer URL (the previously visited page),
hostname of the accessing computer (IP address),
time of the server request,
location data
purchase activities
click path

The data generated regarding your use of this website is generally transmitted to a Google server in the United States and stored there. The European Commission has issued an adequacy decision for the United States pursuant to Article 46(3) of the GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data transfers to recipients in the United States that are certified under the DPF, the level of data protection is therefore considered adequate. Google has obtained DPF certification and is thus committed to complying with European data protection principles.

According to Google, the IP address transmitted by your browser as part of Google Analytics is not combined with other data held by Google. We have also added the “anonymizeIP” code to Google Analytics on this website.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator. You can prevent the storage of cookies by adjusting your browser settings accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.

The storage of and access to information on the end user’s device are based on informed consent pursuant to Section 25(1) of the German Telemedia Act (TTDSG). The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Article 6(1)(a) of the General Data Protection Regulation (GDPR). You provide the relevant consents via the consent banner.

For more information on how Google Analytics handles user data, please refer to Google’s Privacy Policy: support.google.com/analytics/answer/6004245

10.2. Privacy Notice Regarding the Use of Google Tag Manager

This website uses Google Tag Manager from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). This service allows website tags to be managed via a user interface. This application manages JavaScript and HTML tags used to implement tracking and analytics tools, among other things. Data processing serves the purpose of designing and optimizing our website to meet user needs. Google Tag Manager only implements tags. This means that no cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If deactivation has been performed at the domain or cookie level, it remains in effect for all tracking tags, provided they are implemented using Google Tag Manager.

However, Google Tag Manager collects your IP address, which may be transmitted to a Google server in the United States and stored there. The European Commission has issued an adequacy decision for the United States pursuant to Article 46(3) of the GDPR, which covers the EU-US Data Privacy Framework (DPF). For data exports to recipients in the United States that are certified under the DPF, the level of data protection is therefore considered adequate. Google has obtained DPF certification and is thus committed to complying with European data protection principles.

The storage of and access to information on the end user’s device are based on informed consent pursuant to Section 25(1) of the German Telemedia Act (TTDSG). The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Article 6(1)(a) of the GDPR. You provide the relevant consents via the consent banner.

For more information about Google Tag Manager, please visit: www.google.de/tagmanager/use-policy.html

10.3. Privacy Notice Regarding the Use of DoubleClick.net by Google

This website uses the online marketing tool DoubleClick by Google. DoubleClick uses cookies to display ads relevant to users, improve campaign performance reports, or prevent users from seeing the same ads multiple times. Using a cookie ID, Google tracks which ads are displayed in which browser and can thus prevent them from being shown multiple times. In addition, DoubleClick can use cookie IDs to track so-called conversions related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later visits the advertiser’s website using the same browser and makes a purchase there. According to Google, DoubleClick cookies do not contain any personally identifiable information.

Due to the marketing tools used, your browser automatically establishes a direct connection to Google’s server. We have no influence over the scope and further use of the data collected by Google through the use of this tool and therefore inform you to the best of our knowledge: Through the integration of DoubleClick, Google receives the information that you have accessed the relevant part of our website or clicked on one of our ads. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider may obtain and store your IP address.

In addition, the DoubleClick Floodlight cookies we use allow us to track whether you perform certain actions on our website after viewing or clicking on one of our display or video ads on Google or another platform via DoubleClick (conversion tracking). DoubleClick uses this cookie to track the content you have interacted with on our websites so that it can later send you targeted advertisements.

For more information about DoubleClick by Google, please visit support.google.com/campaignmanager/answer/9015629

10.4. Privacy Notice Regarding the Use of Google Maps

This website uses Google Maps to display interactive maps and generate directions. Google Maps is a mapping service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

When you use Google Maps, information about your use of this website—including your IP address and the (starting) address entered as part of the route planner function—may be transferred to Google in the United States. The European Commission has issued an adequacy decision for the United States pursuant to Article 46(3) of the GDPR, which applies to the EU-US Data Privacy Framework (DPF). Accordingly, the level of data protection is considered adequate for data transfers to recipients in the United States that are certified under the DPF. Google has obtained DPF certification and is therefore committed to complying with European data protection principles.

When you visit a page on our website that includes Google Maps, your browser establishes a direct connection to Google’s servers. The map content is transmitted directly from Google to your browser and integrated into the webpage. Therefore, we have no control over the scope of the data collected by Google in this manner. To the best of our knowledge, this includes at least the following data:

Date and time of the visit to the relevant website,
Internet address or URL of the website visited,
IP address, (starting) address entered during route planning.

We have no control over Google’s further processing and use of the data and therefore cannot accept any responsibility for this.

If you do not want Google to collect, process, or use data about you via our website, you can disable JavaScript in your browser settings. However, in this case, you will not be able to use the map display.

The storage of and access to information on the end user’s device are based on informed consent pursuant to Section 25(1) of the German Telemedia Act (TTDSG). The legal basis for any further processing of your personal data is your voluntary and informed consent pursuant to Article 6(1)(a) of the General Data Protection Regulation (GDPR). You provide the relevant consents via the consent banner.

For further information on the purpose and scope of data collection and the further processing and use of the data by Google, please refer to Google’s privacy policy at policies.google.com/privacy

10.5. Privacy Notice Regarding the Use of Google AdSense

This website uses Google AdSense. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for displaying advertisements.

Google AdSense uses cookies. These are files that, when stored on your computer, allow Google to analyze data regarding your use of our website. In addition, Google AdSense uses web beacons—invisible graphics—that enable Google to analyze clicks on this website, traffic to this site, and similar information.

The information collected via cookies and web beacons, your IP address, and the delivery of advertising formats are generally transmitted to a Google server in the United States and stored there. The European Commission has issued an adequacy decision for the United States pursuant to Article 46(3) of the GDPR, which covers the EU-US Data Privacy Framework (DPF). Accordingly, the level of data protection is considered adequate for data exports to recipients in the United States that are certified under the DPF. Google has obtained DPF certification and is therefore committed to complying with European data protection principles.

According to Google, it will not link your IP address with any other data it has stored.

By adjusting the settings in your web browser, you can prevent the aforementioned cookies from being stored on your computer. However, this may result in your inability to use the content of this website to the same extent.

10.6. Privacy Notice Regarding the Use of Facebook Pixel and Facebook Custom Audience

We use a so-called “Facebook Pixel” on our website, provided by the social network Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). The Facebook Pixel allows us to track user behavior after they click on a Facebook ad. With the help of the Facebook Pixel, we can track how our marketing efforts on Facebook are received and, if necessary, implement optimization measures. To this end, interest-based advertisements (“Facebook Ads”) are displayed to users of our website when they visit the social network Facebook or other websites that also use this method. Accordingly, we also use the Facebook Pixel to display the Facebook Ads we place only to those Facebook users who have shown an interest in our online offering or who exhibit certain characteristics (e.g., interests in specific topics or products, determined based on the websites they have visited), which we transmit to Facebook (so-called Facebook “Custom Audiences” or “Lookalike Audiences”).

The Facebook Pixel causes your browser to automatically establish a direct connection to Facebook’s server. We have no control over the scope or further use of the data collected by Facebook through the use of this tool and therefore provide you with the following information based on our current understanding:

By integrating the Facebook Pixel, Facebook receives information that you have clicked on one of our ads or visited the corresponding page on our website. If you are registered with a Facebook service, Facebook can associate the visit with your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider may obtain and store your IP address and other identifying characteristics.

In addition, we have enabled what is known as Enhanced Matching. Enhanced Matching allows us to send hashed customer information (such as names and email addresses) to Meta, along with our Meta Pixel events, in order to optimize our Meta ads. This allows us to attribute more conversions, expand our “Custom Audience,” and ultimately reach more users. To protect your data, hash values are generated from the information collected on the website before it is transmitted to Meta.

Your data is generally transferred to the servers of Meta Platforms Inc. in the United States. For the United States, there is an adequacy decision by the European Commission pursuant to Article 46(3) of the GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the United States that are certified under the DPF, the level of data protection is therefore considered adequate. Meta has obtained DPF certification and is thus committed to complying with European data protection principles.

The processing of data by Facebook takes place in accordance with Facebook’s Data Use Policy. You can also find specific information and details about the Facebook Pixel and how it works in Facebook’s Help Center.

10.7. Privacy Notice Regarding the Use of Facebook Connect

If a “Facebook Connect” button is displayed on this website, you have the option to log in to our website using your Facebook account credentials. In addition, information about your activities on our website may be automatically shared with your Facebook profile via Facebook Connect. In this regard, when you activate the button, you are given the option to explicitly consent to access to your Facebook user data as well as to consent to the publication of information and activities on your Facebook profile. The use of additional data (e.g., contacting you via your email address) occurs only with prior explicit consent. Please note that Facebook receives information about the application or website via Facebook Connect, including details of the actions you perform. To personalize the connection process, Facebook may in some cases receive a limited amount of information even before the application or website is authorized.

Your data is generally transferred to the servers of Meta Platforms Inc. in the United States. The European Commission has issued an adequacy decision for the United States pursuant to Article 46(3) of the GDPR, which applies to the EU-US Data Privacy Framework (DPF). For data exports to recipients in the United States that are certified under the DPF, the level of data protection is therefore considered adequate. Meta has obtained DPF certification and is thus committed to complying with European data protection principles.

The storage of and access to information on the end user’s terminal device are based on informed consent pursuant to Section 25(1) of the German Telemedia Act (TTDSG). The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Article 6(1)(a) of the GDPR. You provide the relevant consents via the consent banner.

For information on the purpose and scope of data collection, as well as the further processing and use of data by Facebook, and your related rights and privacy settings, please refer to Meta’s Privacy Policy

For more information on data collection: www.facebook.com/help/186325668085084

10.8. Privacy Notice Regarding the Use of Pinterest Retargeting Pixels

This website incorporates a pixel (“Pinterest Tag”) from the social network Pinterest (Pinterest Inc., 505 Brannan Street, San Francisco, CA 94107, USA). This pixel enables information about website visitors’ browsing behavior to be collected, stored, and analyzed in pseudonymized form. The information can be linked to the user’s identity with the help of additional information that Pinterest has stored about the user, for example, based on the user’s ownership of an account on the social network “Pinterest.” Pinterest analyzes browsing behavior using an algorithm and can subsequently display targeted product recommendations as personalized advertising banners on the user’s Pinterest account. Pinterest may also combine the information collected via the pixel with other information that Pinterest has collected via other websites and/or in connection with the use of the social network “Pinterest,” thereby creating pseudonymized user profiles. Under no circumstances, however, may the collected information be used to personally identify visitors to this website.

For more information on data protection at Pinterest, please visit policy.pinterest.com/de/privacy-policy

10.9. Privacy Notice Regarding the Use of the Pinterest Conversion Tracker

Our website also uses the “Pinterest Tag” conversion tracking technology provided by the social network Pinterest (Pinterest Inc., 505 Brannan Street, San Francisco, CA 94107, USA). If you have arrived at our website via a pin on Pinterest, we place a cookie on your computer that interacts with a “tag”—in the form of JavaScript code—also implemented by Pinterest. These cookies expire after 180 days and are not used for personal identification.

If the user is redirected from a pin on Pinterest to pages on this website and the cookie has not yet expired, the tag records certain predefined user actions and can track them (e.g., completed transactions, leads, search queries on the website, visits to product pages). When such an action is performed, your browser sends an HTTP request via the Pinterest tag from the cookie to the Pinterest server, which allows certain information about the action (including the type of action, time, and browser type of the device) to be tracked.

This data transmission allows Pinterest to generate statistics on user behavior on our website following a redirect from a Pinterest pin, which we use to optimize our services.

In addition, we have enabled what is known as Enhanced Matching. Enhanced Matching allows us to attribute conversion data to the users responsible for the conversion, ultimately enabling us to reach more users. To do this, encrypted email addresses are sent to Pinterest to attribute website events when no Pinterest cookie is present. To protect your data, a JavaScript tag encrypts all unencrypted email address values in the browser using SHA-256 before they are transmitted to Pinterest. The encryption process converts the value into a short string that cannot be read by humans. When the tag transmits an email address value to the Pinterest server, Pinterest checks whether the value is linked to an existing Pinterest account for attribution purposes. Pinterest deletes the email address value once the attribution is complete.

If you do not wish to participate in tracking, you can disable the Pinterest Tag conversion tracking cookie in your web browser’s user settings. You will then not be included in the conversion tracking statistics.

The storage of and access to information on the end user’s device are based on informed consent pursuant to Section 25(1) of the German Telemedia Act (TTDSG). The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Article 6(1)(a) of the GDPR. You provide the relevant consent via the consent banner.

For more information on data protection at Pinterest, please visit policy.pinterest.com/de/privacy-policy

10.10. Privacy Notice Regarding the Use of TikTok Pixel

This website uses the so-called “TikTok Pixel” from the social network TikTok, which is operated by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok”).

This is a code that we have implemented on our website. When you visit our website, this code establishes a connection with the TikTok servers to track and analyze your behavior on our website, thereby enabling the display of interest-based and personalized product recommendations on TikTok. The information collected and processed in a pseudonymized manner generally includes the device ID, device type, timestamp, operating system used, and IP address. This information can be linked to the user’s identity with the help of additional information that TikTok has stored about the user, for example, based on the user’s ownership of an account on the “TikTok” social network. TikTok may also combine the information collected via the pixel with other information that TikTok has collected via other websites and/or in connection with the use of the “TikTok” social network, thereby creating pseudonymized user profiles. Under no circumstances may the collected information be used to personally identify visitors to this website.

The TikTok Pixel also allows us to track the effectiveness of ads on TikTok. If a user is redirected from an ad on TikTok to pages on this website and the cookies have not yet expired, the pixel records and tracks certain user actions that we have predefined (e.g., completed transactions, leads, website searches, visits to product pages). When such an action is performed, your browser sends an HTTP request via the TikTok Pixel from the cookie to TikTok’s server, transmitting specific information about the action. This transmission allows TikTok to generate statistics on user behavior on our website following a redirect from a TikTok ad, which we use to optimize our offerings.

In addition, we have enabled what is known as Advanced Matching. Advanced Matching allows us to send customer information (such as email addresses, phone numbers, and customer IDs) to TikTok in conjunction with our TikTok pixel events, in order to better match website events with individuals on TikTok. This allows us to attribute more conversions, reach more users, and ultimately optimize our TikTok campaigns. To protect your data, it is encrypted in your browser using an industry-standard hash algorithm (SHA-256) before being transmitted to TikTok’s servers.

The storage of and access to information on the end user’s device are based on informed consent pursuant to Section 25(1) of the German Telemedia Data Protection Act (TTDSG). The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Article 6(1)(a) of the General Data Protection Regulation (GDPR). You provide the relevant consents via the consent banner.

For more information on TikTok’s privacy policy, please visit www.tiktok.com/legal/new-privacy-policy

November 10. Privacy Notice Regarding the Use of Civic Cookie Control

We collect consent and user input regarding the use of third-party services requiring consent on our website using the “Cookie Control” consent management tool provided by Civic Computing Limited, 12 South Charlotte Street, Edinburgh, Scotland, EH2 4AX.

Cookie Control is used to obtain consent for the storage of cookies and related technologies in a manner that complies with the law and to ensure that this consent can be revoked. Furthermore, consent is documented for legal record-keeping purposes, and the setting of cookies and related technologies is technically managed. To this end, Cookie Control stores information about the categories of cookies and related technologies used by the website and whether users have granted or revoked their consent to the use of each category. This enables us, among other things, to prevent cookies and related technologies from being set in the user’s browser if consent has not been granted.

Cookie Control uses cookies to store information; these cookies typically last for one year, allowing us to save the preferences of returning visitors. In this context, log files are also created that record, among other things, your IP address.

Since the cookies used by Cookie Control serve solely to manage your consent and are therefore technically necessary to provide the telemedia service you have expressly requested, consent via a consent banner is not required in this case (see Section 25(2)(2) of the German Telemedia Act (TTDSG)).

For more information about data protection at Civic, please visit www.civicuk.com/privacy