top of page

Data protection

Privacy Policy

This privacy policy provides information about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online offering and the associated websites, features, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering"). Regarding the terminology used, such as "processing" or "controller," we refer to the definitions provided in Article 4 of the General Data Protection Regulation (GDPR).

 

Controller: Sabrina Fenzl
Dachauer Str. 11, 85229 Markt Indersdorf

 

Types of Processed Data:

  • Inventory Data (e.g., names, addresses)

  • Contact Data (e.g., email addresses, phone numbers)

  • Content Data (e.g., text entries, photographs, videos)

  • Usage Data (e.g., visited websites, interest in content, access times)

  • Meta/Communication Data (e.g., device information, IP addresses)

 

Purpose of Processing:

  • Provision of the online offering, its functions, and content

  • Response to contact inquiries and communication with users

  • Security measures

  • Reach measurement/marketing

 

Definitions Used:

  • Personal Data refers to any information that relates to an identified or identifiable natural person (hereinafter referred to as the "data subject"). A natural person is considered identifiable if they can be directly or indirectly identified, particularly by reference to an identifier such as a name, identification number, location data, online identifier (e.g., cookie), or one or more specific characteristics that reflect the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

  • Processing refers to any operation or set of operations performed on personal data, whether or not by automated means. This term is broad and encompasses practically any handling of data.

  • The Controller is the natural or legal person, authority, institution, or other body that alone or jointly with others determines the purposes and means of processing personal data.

 

Applicable Legal Bases:

In accordance with Article 13 of the GDPR, we inform you of the legal bases for our data processing activities. If the legal basis is not specified in this privacy policy, the following applies:

  • The legal basis for obtaining consent is Article 6 (1) lit. a and Article 7 of the GDPR.

  • The legal basis for processing to fulfill our services and perform contractual measures, as well as for responding to inquiries, is Article 6 (1) lit. b of the GDPR.

  • The legal basis for processing to fulfill our legal obligations is Article 6 (1) lit. c of the GDPR.

  • The legal basis for processing to safeguard our legitimate interests is Article 6 (1) lit. f of the GDPR.

  • In cases where vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) lit. d of the GDPR serves as the legal basis.

 

Security Measures

We kindly ask that you regularly review the contents of our privacy policy. We will update the privacy policy as soon as changes in our data processing activities make this necessary. We will inform you when such changes require any action on your part (e.g., consent) or any other individual notification.

 

Collaboration with Processors and Third Parties

If, within the scope of our processing activities, we disclose data to other persons and entities (processors or third parties), transmit it to them, or grant them access to the data, this will only occur on the basis of a legal authorization (e.g., if the data transfer to third parties, such as payment service providers, is necessary for the performance of a contract according to Article 6(1) lit. b GDPR), your consent, a legal obligation, or on the basis of our legitimate interests (e.g., when using contractors, web hosting services, etc.).

If we engage third parties to process data based on a so-called "Data Processing Agreement," this will be done in accordance with Article 28 of the GDPR.

 

Transfers to Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if, within the scope of using third-party services or disclosing/transmitting data to third parties, this occurs, it will only be done if necessary to fulfill our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we will process or allow the processing of data in a third country only when the specific requirements of Articles 44 et seq. of the GDPR are met. This means that processing will occur, for example, based on special guarantees, such as the officially recognized determination of an adequate level of data protection equivalent to that of the EU (e.g., for the USA through the "Privacy Shield") or by adhering to officially recognized specific contractual obligations (so-called "Standard Contractual Clauses").

 

Rights of Data Subjects

Right to Access

You have the right to request confirmation as to whether your data is being processed, and to obtain information about that data, along with additional details and a copy of the data, in accordance with Article 15 of the GDPR.

 

Right to Rectification

In accordance with Article 16 of the GDPR, you have the right to request the completion of your data or the correction of any inaccurate data concerning you.

 

Right to Erasure

Under Article 17 of the GDPR, you have the right to request the immediate deletion of your data, or alternatively, under Article 18 of the GDPR, to request a restriction on the processing of your data.

 

Right to Data Portability

You have the right to request that the data you have provided to us be transmitted to you in accordance with Article 20 of the GDPR, and to request the transfer of this data to other controllers.

 

Right to Lodge a Complaint

Furthermore, under Article 77 of the GDPR, you have the right to lodge a complaint with the competent supervisory authority.

 

Right to Withdraw Consent

You have the right to withdraw any consents you have given, in accordance with Article 7(3) of the GDPR, with effect for the future.

 

Right to Object

You may object at any time to the future processing of your data, in accordance with Article 21 of the GDPR. The objection can particularly be made against processing for the purpose of direct marketing.

 

Cookies and Right to Object to Direct Marketing

Cookies are small files that are stored on users' computers. Various pieces of information can be stored within these cookies. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. Temporary cookies, also known as "session cookies" or "transient cookies," are cookies that are deleted once a user leaves an online offering and closes their browser. For example, a cookie might store the contents of a shopping cart in an online store or the login status. "Permanent" or "persistent" cookies are those that remain stored even after the browser is closed. For instance, a login status may be retained if a user visits the site after several days. Likewise, such cookies can store the interests of the users, which are used for reach measurement or marketing purposes. "Third-party cookies" refer to cookies offered by providers other than the controller who operates the online offering (if only the controller's cookies are used, these are referred to as "first-party cookies").

We may use both temporary and permanent cookies and will provide information about this in our privacy policy.

If users do not want cookies to be stored on their computers, they are asked to disable the corresponding option in their browser settings. Stored cookies can be deleted in the browser’s system settings. Excluding cookies may lead to restrictions in the functionality of this online offering.

A general objection to the use of cookies for online marketing purposes can be made through a variety of services, especially in the case of tracking, via the U.S. website http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by disabling them in the browser settings. Please note that this may result in certain features of this online offering being unavailable.

 

Data Deletion

The data we process will be deleted or its processing restricted in accordance with Articles 17 and 18 GDPR. Unless explicitly stated otherwise in this privacy policy, the data stored by us will be deleted as soon as they are no longer necessary for the purpose for which they were collected, and no legal retention periods prevent deletion. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax law reasons.

In accordance with legal provisions in Germany, storage takes place for up to 10 years in accordance with §§ 147(1) AO, 257(1) No. 1 and 4, (4) HGB (books, records, management reports, booking documents, trade books, and taxation-related documents, etc.) and for 6 years in accordance with § 257(1) No. 2 and 3, (4) HGB (business correspondence).

According to legal provisions in Austria, storage takes place for 7 years in accordance with § 132(1) BAO (accounting documents, vouchers/invoices, accounts, vouchers, business papers, income and expenditure statements, etc.), for 22 years in relation to real estate, and for 10 years for documents related to electronically provided services, telecommunications, broadcasting, and television services provided to non-business customers in EU member states, and for which the Mini-One-Stop-Shop (MOSS) is used.

 

Business-Related Processing

In addition, we process:

  • Contract data (e.g., contract subject, term, customer category).

  • Payment data (e.g., bank details, payment history)
    for our customers, prospects, and business partners to provide contractual services, service and customer care, marketing, advertising, and market research.

 

Hosting

The hosting services we use provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, as well as technical maintenance services, which we use for the operation of this online service.

In this context, we or our hosting provider process personal data such as inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, prospective customers, and visitors to this online service based on our legitimate interests in the efficient and secure provision of this online service in accordance with Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

 

Collection of Access Data and Log Files

We or our hosting provider collect data about every access to the server on which this service is located (so-called server log files) based on our legitimate interests under Art. 6(1)(f) GDPR. The access data includes the name of the retrieved website, file, date and time of the retrieval, the amount of data transferred, message about successful retrieval, browser type and version, the user’s operating system, referring URL (the previously visited page), IP address, and the requesting provider.

Logfile information is stored for security reasons (e.g., to investigate abuse or fraud) for a maximum of 7 days and then deleted. Data that needs to be retained for evidentiary purposes are excluded from deletion until the respective incident is fully clarified.

 

Provision of Contractual Services

We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and providing services in accordance with Art. 6(1)(b) GDPR. The entries marked as mandatory in online forms are necessary for concluding the contract.

As part of the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as the user's interest in protection against misuse and unauthorized use. This data is not passed on to third parties unless required for the enforcement of our claims or if there is a legal obligation to do so according to Art. 6(1)(c) GDPR.

We process usage data (e.g., the visited pages of our online service, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, to display product recommendations to the user based on the services they have previously used.

Data is deleted after the statutory warranty and comparable obligations have expired. The necessity of data retention is reviewed every three years; in the case of legal archiving obligations, the data is deleted after the retention period has expired. Data in any customer account remains until the account is deleted.

 

Administration, Accounting, Office Organization, Contact Management

We process data as part of administrative tasks, the organization of our operations, accounting, and compliance with legal obligations, such as archiving. In this context, we process the same data that we process in the provision of our contractual services. The legal bases for processing are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Affected by the processing are customers, prospective customers, business partners, and website visitors. The purpose and our interest in the processing lie in administration, accounting, office organization, data archiving—tasks that serve to maintain our business activities, fulfill our obligations, and provide our services. The deletion of data regarding contractual services and contractual communication is in accordance with the details mentioned in these processing activities.

 

We disclose or transmit data to tax authorities, consultants such as tax advisors or auditors, as well as other fee-collecting agencies and payment service providers.

Furthermore, based on our business interests, we store information about suppliers, event organizers, and other business partners, e.g., for future contact. These predominantly business-related data are generally stored permanently.

 

Contacting Us

When users contact us (e.g., via contact forms, email, phone, or social media), the user's information is processed to handle the contact request and its execution in accordance with Art. 6(1)(b) GDPR. The user's information may be stored in a customer relationship management system ("CRM system") or a similar query organization.

We delete inquiries once they are no longer required. We review the necessity of retention every two years; statutory archiving obligations also apply.

 

Comments and Contributions

When users leave comments or other contributions, their IP addresses may be stored for 7 days based on our legitimate interests under Art. 6(1)(f) GDPR. This is for our security, in case someone leaves unlawful content in comments and contributions (e.g., insults, prohibited political propaganda, etc.). In such cases, we may be held accountable for the comment or contribution and are therefore interested in identifying the author.

Furthermore, we reserve the right, based on our legitimate interests under Art. 6(1)(f) GDPR, to process user information for spam detection.

 

Online Presence on Social Media

We maintain online presences within social networks and platforms to communicate with customers, prospects, and users active there and inform them about our services. When visiting the respective networks and platforms, the terms of use and the data processing policies of the respective operators apply.

Unless otherwise specified in our privacy policy, we process user data when they communicate with us within social networks and platforms, e.g., by posting content on our online presences or sending us messages.

 

Integration of Third-Party Services and Content

We incorporate third-party content or service offerings within our online service based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online service in accordance with Art. 6(1)(f) GDPR) to include their content and services, such as videos or fonts (collectively referred to as “content”).

This always requires that the third-party providers of this content perceive the user's IP address, as they would not be able to send the content to their browser without the IP address. Therefore, the IP address is necessary for displaying this content. We strive to use only content where the respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These "pixel tags" allow information such as visitor traffic on the pages of this website to be analyzed. The pseudonymous information may also be stored in cookies on the user's device and may contain technical information about the browser and operating system, referring websites, visit times, and additional data about the use of our online service, as well as being linked with information from other sources.

 

YouTube

We embed videos from the "YouTube" platform, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

 

Use of Facebook Social Plugins

Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online service in accordance with Art. 6(1)(f) GDPR), we use social plugins ("plugins") of the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins may display interactive elements or content (e.g., videos, graphics, or text posts) and are identifiable by one of the Facebook logos (a white “f” on a blue tile, the terms "Like," "Gefällt mir," or a "thumbs up" symbol) or are marked with the addition "Facebook Social Plugin." The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield Agreement, providing a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

When a user accesses a feature of this online service that contains such a plugin, their device establishes a direct connection with Facebook’s servers. The content of the plugin is directly transmitted from Facebook to the user’s device and integrated into the online service. Data processed in this way can be used to create usage profiles of the users. Therefore, we have no influence on the extent of the data that Facebook collects through this plugin and inform users accordingly based on our knowledge.

By embedding the plugins, Facebook receives the information that a user has accessed the corresponding page of the online service. If the user is logged into Facebook, Facebook can assign the visit to their Facebook account. If users interact with the plugins, such as pressing the Like button or leaving a comment, the corresponding information is directly transmitted from their device to Facebook and stored there. Even if a user is not a Facebook member, it is still possible for Facebook to detect and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.

The purpose and scope of data collection, as well as the further processing and use of the data by Facebook, and the related rights and privacy settings, can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about them through this online service and link it to their stored member data on Facebook, they must log out of Facebook before using our online service and delete their cookies. Further settings and objections to the use of data for advertising purposes can be made in Facebook’s profile settings: https://www.facebook.com/settings?tab=ads or on the U.S. page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings apply independently of the platform, meaning they are applied across all devices, including desktops or mobile devices.

 

Instagram

Within our online service, we may integrate features and content from the Instagram service, provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. This may include content such as images, videos, or texts, and buttons that allow users to express their approval of the content, follow the authors of the content, or subscribe to our posts. If users are members of the Instagram platform, Instagram can associate the access to the aforementioned content and features with the user’s profiles on Instagram. Instagram’s privacy policy: http://instagram.com/about/legal/privacy/.

Created with the Privacy Policy Generator by RA Dr. Thomas Schwenke.

MICHELIN 2024_1 Star_Vertical_Black.png
Gusto 7+Pfannen.png
Varta_Diamanten_edited_edited.png
topchefs.png
SchlemmerAtlas Top50 2024.png
mind-markt-indersdorf_150x180_dark_de.png
Hinterglas-mind.png

Newsletter

Thank you for registering!

Logo Final schwarz_edited.png

Dachauer Straße 11, 85229 Markt Indersdorf

reservierung@mind-dining.de

+49 (0)8136/46 990 22

  • Instagram
  • Facebook

Opening hours

Thursday

Friday

 

Saturday

18:00 - 01:00
12:00 - 15:00
18:00 - 01:00
18:00 - 01:00

Reservations are requested

Privacy Policy | Imprint

bottom of page