Privacy policy
Responsible
PRC Culinary GmbH
Mühlenstrasse 78-80
10243 Berlin
Telephone: +49 30 726213842
Email: office @ privateroofclubculinary.de
Represented by the owners and managing directors:
Hans-Ole Freudenberg and Robert Bruch
Company's data protection officer
Hans-Ole Freudenberg
hans @ privateroofclubculinary.de
We, PRC Culinary GmbH, take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with this data protection declaration and the statutory data protection regulations. Insofar as personal data is collected on this website (www.culinaryclub.de), it will only be used for the purpose for which you have entered it (e.g. registration for the newsletter). This data will not be passed on to third parties, unless ordered by the authorities, without your express consent.
Below we inform you as a user of our website about the handling of your data and provide you with an overview of the measures we have taken to protect personal data. You can revoke any given consent at any time with future effect.
Email newsletter
If you would like to receive the newsletter offered on our web shop, we need your name and email address. It is not necessary to provide further data. The processing of the data takes place on the basis of an expressly declared consent (Art. 6 Para. 1 lit. a GDPR).
You can revoke your consent to the storage of the data, the email address and its use for sending the newsletter at any time, for example via the link at the end of each newsletter to unsubscribe from the newsletter.
Cookies
Our web shop uses so-called cookies. These are small text files that are stored on your device using the browser. They do no harm.
We use cookies to make our offer user-friendly. Some cookies remain on your device until you delete them. They enable us to recognize your browser the next time you visit us.
If you do not want this, you can set up your browser so that it informs you about the setting of cookies and you only allow this in individual cases.
If cookies are deactivated, the functionality of our website may be restricted.
Further information on personal data
In addition to the above-mentioned data, which is obtained via the website, we present below what type of data is processed in our company, in what way and for what reasons.
Types of data processed
- Inventory data (e.g., names, addresses) - Contact details (e.g., email, telephone numbers). - Content data (e.g. text entries, photographs, videos).
Categories of data subjects
Interested parties, service providers & customers of Private Roof Club GmbH (in the following texts, all persons concerned are collectively referred to as "customers").
Purpose of processing
- Answering contact inquiries and communicating with customers. This can be done by email or by phone. - Safety measures. - Billing to customers - Marketing measures, such as Sending newsletters, Christmas cards, etc.
Explanation of terms
"Personal data" is all information that relates to an identified or identifiable natural person (hereinafter "data subject"); A natural person is considered to be identifiable if he or she can be identified directly or indirectly, in particular by assigning an identifier such as a name, an identification number, location data, or one or more special characteristics, which express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
“Processing” is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data. The term goes far and covers practically every handling of data. "Pseudonymization" means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person. “Profiling” means any kind of automated processing of personal data, which consists in the fact that this personal data is used to evaluate certain personal aspects related to a natural person, in particular aspects related to work performance, economic situation, health, personal Analyze or predict the preferences, interests, reliability, behavior, location or relocation of this natural person. The "person responsible" is the natural or legal person, public authority, agency or other body that alone or together with others decides on the purposes and means of processing personal data. "Processor" means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the person responsible.
Legal basis
In accordance with Art. 13 GDPR, we will inform you of the legal basis for our data processing. Unless the legal basis is mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 Para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and implementation of contractual measures as well as answering inquiries is Art. 6 Para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 Para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 Para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
Safety measures
In accordance with Art. 32 GDPR, we take appropriate technical considerations, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probability and severity of the risk to the rights and freedoms of natural persons and organizational measures to ensure a level of protection appropriate to the risk. The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling the physical access to the data, as well as the access, input, transfer, securing availability and their separation. Furthermore, we have set up procedures that guarantee the exercise of data subject rights, deletion of data and reaction to data threats. We also take the protection of personal data into account when developing or selecting hardware, software and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).
Cooperation between processors and third parties
If we disclose data to other people and companies (processors or third parties) as part of our processing, transmit them to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if the data is transmitted to third parties, such as payment service providers or providers of project management software in accordance with Art. 6 Para. 1 b GDPR for the fulfillment of the contract), you have consented, a legal obligation provides for this or based on our legitimate interests (e.g. when using agents, web hosts , Etc.). If we commission third parties to process data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.
Transfer of data to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done as part of the use of third-party services or disclosure or transmission of data to third parties, this will only take place if it happens to fulfill our (pre) contractual obligations, based on your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 ff. GDPR are met. I.e. the processing takes place e.g. on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
Rights of data subjects and duty to provide information
We are happy to meet our obligation to provide information. You have the right to free information about the personal data stored about you at any time (Art. 15 GDPR), its origin and recipient and the purpose of the data processing. You also have the right to have this data corrected (Art. 16 GDPR), blocked (Art. 18 GDPR) or deleted (Art. 17 GDPR). You also have a right to transfer the data (Art. 20 GDPR). Users of this website can exercise their right to object and object to the processing of their personal data at any time. If you assume that your data has been processed unlawfully, you can lodge a complaint with the responsible supervisory authority (Art. 77 GDPR). The responsible authority is the Berlin representative for data protection and freedom of information. You have the right to request confirmation as to whether the data in question are being processed and for information about this data and for further information and a copy of the data in accordance with Art.
Consent and right of withdrawal
The private roof CLub GmbH gives its consent to the establishment of a contact by the user. Inquire about our premises and services, we interpret this as consent, e.g. to send you an offer and to initiate communication by email or phone. You have the right to give consent in accordance with Revoke Art. 7 Para. 3 GDPR with effect for the future.
Right to object
You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection can in particular be made against processing for direct marketing purposes.
Storage obligations and deletion of data
The data processed by us is deleted in accordance with Art. 17 and 18 GDPR or its processing is restricted. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no statutory retention requirements to prevent deletion. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data will be blocked and not processed for other purposes. This applies e.g. for data that must be kept for commercial or tax reasons.
According to legal requirements in Germany, storage is carried out in particular for 10 years in accordance with §§ 147 Paragraph 1 AO, 257 Paragraph 1 No. 1 and 4, Paragraph 4 HGB (books, records, management reports, booking vouchers, trading books, more relevant for taxation Documents, etc.) and 6 years according to § 257 Paragraph 1 No. 2 and 3, Paragraph 4 HGB (commercial letters).
contact
When contacting us (e.g. by e-mail, telephone or via social media), the information provided by the user for processing the contact request and processing it in accordance with Art. 6 para. 1 lit. b) GDPR processed. The information provided by the users can be stored in a customer relationship management system (“CRM system”) or a comparable software tool.
We delete the requests if they are no longer necessary. We check the necessity every two years; The statutory archiving obligations also apply.
Data processing as a service provider after first contact
We process our customers' data as part of our contractual services for planning and implementing events. Data is passed on internally, if necessary, to ensure effective communication with the customer. Specifically, data is stored in the following internal departments: - in sales for preparing offers and sending them. - in the area of event management to plan and implement a booked event in detail. - in accounting to bill for a service rendered.
We process inventory data (e.g., customer master data such as names or addresses), contact data (e.g., email, telephone numbers), content data (e.g., text input, photographs, videos), contract data (e.g., subject matter of the contract, term), payment data (e.g., Bank details, payment history). We generally do not process special categories of personal data, unless these are components of a commissioned processing and are essential for the successful implementation of our services (e.g. ethnic information in order to be able to plan a corresponding menu (e.g. halal).
Those affected include our customers, prospective customers and their customers, users, website visitors or employees and third parties. The purpose of processing is to provide contractual services, billing and our event management. The legal basis for processing results from Art. 6 Para. 1 lit. b GDPR (contractual services), Art. 6 Para. 1 lit. f GDPR (analysis, statistics, optimization, security measures). We process data that are necessary for the establishment and fulfillment of the contractual services and point out the necessity of their specification. Disclosure to external parties only takes place if it is required in the context of an order. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client and the legal requirements for order processing in accordance with. Art. 28 GDPR and do not process the data for any other purpose than the order. You can find detailed information for specific purposes in the order above in the paragraph “Data processing as a service provider”
We delete the data after statutory warranty and comparable obligations have expired. the necessity of storing the data is checked every three years; in the case of statutory archiving obligations, deletion takes place after its expiration (6 years, in accordance with section 257 (1) HGB, 10 years, in accordance with section 147 (1) AO). In the case of data that has been disclosed to us by the client as part of an order, we delete the data in accordance with the specifications of the order, generally after the end of the order.
Data processing regarding contractual services
We process the data of our contractual partners and interested parties as well as other clients, customers or contractual partners (uniformly referred to as "contractual partner") in accordance with Art. b. GDPR, to provide you with our contractual or pre-contractual services. The data processed here, the type, scope, purpose and necessity of their processing are determined by the underlying contractual relationship. The processed data includes the master data of our contractual partners (e.g., names and addresses), contact details (e.g. email addresses and telephone numbers) as well as contract data (e.g., services used, contract content, contractual communication, names of contact persons) and payment data (e.g., Bank details, payment history). We generally do not process special categories of personal data, unless they are part of commissioned or contractual processing. We process data that are necessary for the establishment and fulfillment of the contractual services and point out the necessity of their specification, unless this is evident to the contractual partners. Disclosure to external persons or companies only takes place if it is required under a contract. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client and the legal requirements. The data will be deleted if the data is no longer required to fulfill contractual or statutory care obligations and to deal with any warranty and comparable obligations, with the necessity of storing the data being checked every three years; otherwise, the statutory retention requirements apply.
Administration, accounting, office organization and contact management
We process data in the context of administrative tasks as well as the organization of our company, financial accounting and compliance with legal obligations, such as archiving. We process the same data that we process as part of the provision of our contractual services. The basics are Art. 6 Para. 1 lit. c. GDPR, Art. 6 Para. 1 lit. f. GDPR. Customers, interested parties and business partners are affected by the processing. The purpose and our interest in processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide our services. The deletion of the data with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities.
We disclose or transmit data to the financial administration, consultants such as tax advisors or auditors, as well as other fee agencies and payment service providers. Furthermore, based on our business interests, we store information about suppliers, service providers and other business partners, e.g. for the purpose of contacting you later. We generally store this mostly company-related data permanently.
Statutory and business benefits
We process the data of our interested parties, customers or other persons in accordance with Art. 6 Para. 1 lit. b. GDPR, if we offer contractual services to them or act within the framework of an existing business relationship, e.g. towards customers, or are recipients of services and benefits. In addition, we process the data of data subjects in accordance with Art. 6 para. 1 lit. f. GDPR based on our legitimate interests, e.g. when it comes to administrative tasks. The data processed here, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. Basically, this includes inventory and master data of the persons (e.g., name, address, etc.), as well as the contact details (e.g., email address, telephone, etc.), the contract data (e.g., services used, content communicated and Information, names of contact persons) and, if we offer services or products that require payment, payment details (e.g., bank details, payment history, etc.).
We delete data that are no longer required to fulfill our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. In the case of business processing, we keep the data for as long as it may be relevant for the business transaction, as well as with regard to any warranty or liability obligations. The necessity of storing the data is checked every three years; otherwise, the statutory retention requirements apply.
Data protection information for applicants
We process applicant data only for the purpose and in the context of the application process in accordance with the legal requirements. The processing of the applicant data takes place to fulfill our (pre) contractual obligations in the context of the application process within the meaning of Art. 6 para. 1 lit. b. GDPR Art. 6 Para. 1 lit. f. GDPR if data processing becomes necessary for us, for example, as part of legal procedures (in Germany, § 26 BDSG also applies).
The application process requires applicants to provide us with the applicant data. The necessary applicant data are details of the person, postal and contact addresses and the documents belonging to the application, such as cover letter, curriculum vitae and the certificates. In addition, applicants can voluntarily provide us with additional information. By submitting the application to us, the applicants consent to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this data protection declaration. Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are voluntarily communicated within the application process, their processing is also carried out in accordance with Art. 9 Para. 2 lit. b GDPR (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are requested from applicants, their processing is also carried out in accordance with Art. 9 Para. 2 lit. a GDPR (e.g. health data if this is necessary for the exercise of a profession). Applicants can send us their applications by email or post. However, please note that emails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. We can therefore not assume any responsibility for the transmission path of the application between the sender and the receipt on our server and therefore recommend using postal dispatch instead. Because there is still the possibility for all applicants to send us the application by post. The data provided by the applicants can be processed by us in the event of a successful application for the purposes of the employment relationship. Otherwise, if the application for a job offer is unsuccessful, the applicant's data will be deleted. Applicant data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. The deletion takes place, subject to a justified revocation of the applicants, after a period of six months, so that we can answer any follow-up questions to the application and meet our obligations to provide evidence from the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.
Hosting services and email delivery
The hosting services we use serve to provide the following services: infrastructure services, computing capacity, storage space and database services, e-mail delivery, security services and technical maintenance services that we use for the purpose of operating this online offer.
In doing so, we (or our hosting service provider) process inventory data, contact data, content data, contract data, usage data and communication data from customers, interested parties and external service providers based on our legitimate interests in efficient and secure communication in all of our work processes in accordance with. Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of an order processing contract).