Privacy Policy
1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection regulations is:
Bolzanino GmbH
Giselastraße 10
80802 Munich
Germany
Email: info@bolzanino.com
Phone: +49 152 29500947
2. General information on data processing
We generally only process personal data of our users to the extent necessary to provide a functional website as well as our content and services. The processing of personal data of our users is regularly only carried out with the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by statutory provisions.
3. Legal basis for processing
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1)(a) GDPR serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Where the processing of personal data is necessary to fulfil a legal obligation, Art. 6 (1)(c) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1)(f) GDPR serves as the legal basis for the processing.
4. Hosting and content delivery
Vercel
This website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel is a cloud hosting provider that provides the technical infrastructure for operating our website.
When visiting our website, information is automatically collected by the hosting provider (so-called server log files). This includes:
- the page or URL requested
- date and time of access
- the amount of data transferred
- notification of successful retrieval
- browser type and version
- the user's operating system
- referrer URL (the previously visited page)
- the IP address of the requesting computer
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. To do so, the user's IP address must remain stored for the duration of the session.
The legal basis for the data processing is Art. 6 (1)(f) GDPR. Our legitimate interest lies in providing and ensuring the functionality of our website.
Data transfer to the USA
Vercel processes data, among other things, in the USA. Vercel participates in the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA intended to ensure an adequate level of data protection for data transfers to the USA. The EU Commission issued an adequacy decision for this framework on 10 July 2023.
In addition, we have entered into a data processing agreement with Vercel pursuant to Art. 28 GDPR, which ensures that the processing of personal data complies with data protection requirements.
Further information can be found in the Vercel privacy policy.
5. Reservation widget (resmio)
This website integrates the online-based reservation application ("reservation widget") of resmio GmbH, Katzwanger Straße 150, 90461 Nuremberg, Germany. In this context, resmio acts as our partner. The widget enables users of this website to reserve a table at this restaurant. To provide the service (here: the table reservation and, if applicable, contact regarding any follow-up questions about the reservation), personal data of the person making the reservation (first and last name, email address, phone number as well as any additional information explicitly requested by the restaurateur for the reservation request) is collected, stored and processed by our partner resmio on the basis of consent pursuant to Art. 6 (1) sentence 1 lit. f GDPR. You can object to the collection and storage of data at any time by sending an email to info@bolzanino.com. We will then delete your personal data from the system.
6. SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the browser's address line changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
7. Cookies
Our website uses cookies. Cookies are small text files stored in or by the internet browser on a user's computer system.
Strictly necessary cookies
We only use strictly necessary cookies. These are required for the operation of the website and cannot be switched off in our systems. They are usually set in response to actions you take, such as setting your language preference.
Specifically, we use the following strictly necessary cookies:
- NEXT_LOCALE — stores your chosen language setting (German/English). Lifetime: session. Provider: first-party.
The legal basis for using strictly necessary cookies is Art. 6 (1)(f) GDPR in conjunction with § 25 (2) No. 2 TTDSG. Our legitimate interest is to provide a functional and user-friendly website.
Further information can be found in our cookie policy.
8. Contact by email
If you contact us by email, the data you provide (e.g. your email address, possibly your name and phone number) will be stored by us to answer your questions. We will delete the data arising in this context after storage is no longer necessary or restrict processing if statutory retention obligations apply.
The legal basis is Art. 6 (1)(f) GDPR (legitimate interest in answering inquiries) or Art. 6 (1)(b) GDPR, insofar as the inquiry is aimed at concluding a contract.
9. External links (Instagram)
Our website contains a link to our Instagram profile. When you click this link, you will be redirected to the website of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The mere act of linking does not transfer any data to Instagram/Meta as long as you do not click the link. Meta's privacy terms only apply once you open the Instagram website. You can find more information in the Instagram/Meta privacy policy.
10. Rights of data subjects
As a data subject, you have the following rights:
- Right of access (Art. 15 GDPR): You have the right to request confirmation as to whether personal data is being processed. If this is the case, you have the right to information about this personal data and the information specified in Art. 15 GDPR.
- Right to rectification (Art. 16 GDPR): You have the right to request the immediate rectification of inaccurate personal data or the completion of incomplete personal data.
- Right to erasure (Art. 17 GDPR): You have the right to request the erasure of your personal data if one of the reasons stated in Art. 17 GDPR applies.
- Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of the processing of your personal data if one of the prerequisites in Art. 18 GDPR is met.
- Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used and machine-readable format.
- Right to object (Art. 21 GDPR): You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data if the processing is based on Art. 6 (1)(e) or (f) GDPR.
- Right to withdraw consent (Art. 7 (3) GDPR): You have the right to withdraw consent given at any time with effect for the future.
11. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data violates the GDPR.
The supervisory authority responsible for us is:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach, Germany
www.lda.bayern.de
12. Changes to this privacy policy
We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or in order to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.