1. Controller
The controller responsible for data processing on this website within the meaning of the GDPR is:
[Legal entity name, e.g. OLAM Restaurant GmbH]
Reinickendorfer Straße 102, 13347 Berlin, Germany
Phone: +49 178 2478889
Email: [email protected]
2. Data Protection Officer
[If you are legally required to appoint a Data Protection Officer (DPO), provide their contact details here. If no DPO is required, state that and direct enquiries to the controller above.]
3. Your Rights
You have the following rights regarding your personal data. To exercise them, contact us using the details above.
- Right of access (Art. 15 GDPR) — to obtain confirmation of, and a copy of, the data we hold about you.
- Right to rectification (Art. 16 GDPR) — to have inaccurate data corrected.
- Right to erasure (Art. 17 GDPR) — to have your data deleted, subject to statutory retention obligations.
- Right to restriction of processing (Art. 18 GDPR).
- Right to data portability (Art. 20 GDPR).
- Right to object (Art. 21 GDPR) — to processing based on our legitimate interests.
- Right to withdraw consent (Art. 7 (3) GDPR) — at any time, with effect for the future, where processing is based on consent.
You also have the right to lodge a complaint with a supervisory authority. The authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit), Alt-Moabit 59–61, 10555 Berlin.
4. Access to Our Website (Server Log Files)
When you visit our website, our hosting infrastructure automatically collects and stores information that your browser transmits to us in server log files. This may include the IP address, date and time of the request, the page accessed, the referring URL, and details of your browser and operating system.
Purpose: to deliver the website reliably, ensure system security and stability, and prevent abuse.
Legal basis: our legitimate interest in the secure and efficient operation of the website (Art. 6 (1) (f) GDPR).
5. Hosting and Database
Our website and application data are processed using the following providers, with whom we have concluded data processing agreements pursuant to Art. 28 GDPR:
- Application hosting: [Hosting provider name, address and country, e.g. Vercel Inc. / your own hosting provider].
- Database and file storage: Convex, Inc. Backend data (such as reservations, orders, contact and newsletter records, and uploaded images) is stored on infrastructure located in the European Union (AWS region
eu-west-1, Ireland).
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in a reliable, secure online presence) and, where the processing serves a contract, Art. 6 (1) (b) GDPR.
7. Table Reservations
When you book a table, we process the data you enter: name, email address, phone number (optional), date, time, party size, the occasion (optional), and any special requests you provide.
Purpose: to process, confirm and manage your reservation, and to contact you about it.
Legal basis: performance of a contract or pre-contractual measures at your request (Art. 6 (1) (b) GDPR).
8. Online Orders
If you place an order (dine-in, takeaway, or delivery), we process your name, the order details, and — depending on the order type — your email address, phone number, table number, preferred pickup time, delivery address and delivery instructions.
Purpose: to process and fulfil your order and to contact you about it.
Legal basis: performance of a contract (Art. 6 (1) (b) GDPR). Where order records must be retained for tax and commercial-law reasons, the legal basis is Art. 6 (1) (c) GDPR.
9. Contact Form and Email
If you contact us via the contact form or by email, we process the data you provide (such as name, email address, phone number, and your message) in order to respond to your enquiry.
Legal basis: Art. 6 (1) (b) GDPR where your enquiry relates to a contract, otherwise our legitimate interest in responding to enquiries (Art. 6 (1) (f) GDPR). Transactional and notification emails are sent via an email (SMTP) service provider acting as our processor.
11. Google Maps
We embed a map from Google Maps to show our location. The service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When the map loads, your IP address is transmitted to Google and may be transferred to servers in the USA. We have no influence over this processing by Google.
Legal basis: [your consent (Art. 6 (1) (a) GDPR) if you load the map only after a cookie/consent banner, or your legitimate interest (Art. 6 (1) (f) GDPR) in presenting our location]. See Google’s privacy policy at policies.google.com/privacy.
12. External Images and Fonts
Some images on this website are loaded from external sources (e.g. images.unsplash.com). When such an image is loaded, your IP address is transmitted to the respective provider, which is technically necessary to display the content. The legal basis is our legitimate interest in an appealing presentation of our website (Art. 6 (1) (f) GDPR).
Web fonts are hosted locally on our own server (self-hosted via the framework’s font optimisation). No connection to Google Fonts is established when you visit our website.
13. Data Retention
We store personal data only for as long as necessary for the purposes described above or as required by law. Reservation and enquiry data is deleted once it is no longer needed and no statutory retention period applies. Data relevant under commercial and tax law (e.g. order and invoice records) is retained for the statutory periods, generally 6 to 10 years (§ 257 HGB, § 147 AO). Newsletter data is stored until you unsubscribe.
14. Data Security
This website uses TLS/SSL encryption for security and to protect the transmission of confidential content. An encrypted connection is indicated by “https://” in the address bar of your browser.
15. Changes to This Privacy Policy
We may update this privacy policy to reflect changes to our services or to legal requirements. The version published on this page applies, with the “last updated” date shown above.