OLAM Restaurant Berlin
Data Protection

Privacy Policy

Last updated: 29 June 2026

We take the protection of your personal data seriously. This policy explains what personal data we process when you visit our website or use our services, on what legal basis, and what rights you have under the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Controller

The controller responsible for data processing on this website within the meaning of the GDPR is:

[Legal entity name, e.g. OLAM Restaurant GmbH]
Reinickendorfer Straße 102, 13347 Berlin, Germany
Phone: +49 178 2478889
Email: [email protected]

2. Data Protection Officer

[If you are legally required to appoint a Data Protection Officer (DPO), provide their contact details here. If no DPO is required, state that and direct enquiries to the controller above.]

3. Your Rights

You have the following rights regarding your personal data. To exercise them, contact us using the details above.

  • Right of access (Art. 15 GDPR) — to obtain confirmation of, and a copy of, the data we hold about you.
  • Right to rectification (Art. 16 GDPR) — to have inaccurate data corrected.
  • Right to erasure (Art. 17 GDPR) — to have your data deleted, subject to statutory retention obligations.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR).
  • Right to object (Art. 21 GDPR) — to processing based on our legitimate interests.
  • Right to withdraw consent (Art. 7 (3) GDPR) — at any time, with effect for the future, where processing is based on consent.

You also have the right to lodge a complaint with a supervisory authority. The authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit), Alt-Moabit 59–61, 10555 Berlin.

4. Access to Our Website (Server Log Files)

When you visit our website, our hosting infrastructure automatically collects and stores information that your browser transmits to us in server log files. This may include the IP address, date and time of the request, the page accessed, the referring URL, and details of your browser and operating system.

Purpose: to deliver the website reliably, ensure system security and stability, and prevent abuse.
Legal basis: our legitimate interest in the secure and efficient operation of the website (Art. 6 (1) (f) GDPR).

5. Hosting and Database

Our website and application data are processed using the following providers, with whom we have concluded data processing agreements pursuant to Art. 28 GDPR:

  • Application hosting: [Hosting provider name, address and country, e.g. Vercel Inc. / your own hosting provider].
  • Database and file storage: Convex, Inc. Backend data (such as reservations, orders, contact and newsletter records, and uploaded images) is stored on infrastructure located in the European Union (AWS region eu-west-1, Ireland).

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in a reliable, secure online presence) and, where the processing serves a contract, Art. 6 (1) (b) GDPR.

6. Cookies and Local Storage

We keep the use of cookies to a minimum. We use only technically necessary storage:

  • Admin session cookie: set only for signed-in administrators to keep them logged in to the content-management area.
  • Shopping cart (browser local storage): if you add items to an order, your selection is stored locally in your browser so it persists between page views. This data does not leave your device until you submit an order.

Legal basis: these are strictly necessary for functionality you have requested (§ 25 (2) No. 2 TTDSG; Art. 6 (1) (f) GDPR). They do not require consent and are not used for tracking or advertising.

7. Table Reservations

When you book a table, we process the data you enter: name, email address, phone number (optional), date, time, party size, the occasion (optional), and any special requests you provide.

Purpose: to process, confirm and manage your reservation, and to contact you about it.
Legal basis: performance of a contract or pre-contractual measures at your request (Art. 6 (1) (b) GDPR).

8. Online Orders

If you place an order (dine-in, takeaway, or delivery), we process your name, the order details, and — depending on the order type — your email address, phone number, table number, preferred pickup time, delivery address and delivery instructions.

Purpose: to process and fulfil your order and to contact you about it.
Legal basis: performance of a contract (Art. 6 (1) (b) GDPR). Where order records must be retained for tax and commercial-law reasons, the legal basis is Art. 6 (1) (c) GDPR.

9. Contact Form and Email

If you contact us via the contact form or by email, we process the data you provide (such as name, email address, phone number, and your message) in order to respond to your enquiry.

Legal basis: Art. 6 (1) (b) GDPR where your enquiry relates to a contract, otherwise our legitimate interest in responding to enquiries (Art. 6 (1) (f) GDPR). Transactional and notification emails are sent via an email (SMTP) service provider acting as our processor.

10. Newsletter

If you subscribe to our newsletter, we process your email address to send you offers, event invitations and menu updates.

Legal basis: your consent (Art. 6 (1) (a) GDPR). You can withdraw your consent at any time with effect for the future by using the unsubscribe link in any newsletter or by contacting us. The withdrawal does not affect the lawfulness of processing carried out before it.

Note: To meet German requirements for consent-based email marketing, a double opt-in confirmation process is recommended before the first newsletter is sent.

11. Google Maps

We embed a map from Google Maps to show our location. The service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When the map loads, your IP address is transmitted to Google and may be transferred to servers in the USA. We have no influence over this processing by Google.

Legal basis: [your consent (Art. 6 (1) (a) GDPR) if you load the map only after a cookie/consent banner, or your legitimate interest (Art. 6 (1) (f) GDPR) in presenting our location]. See Google’s privacy policy at policies.google.com/privacy.

12. External Images and Fonts

Some images on this website are loaded from external sources (e.g. images.unsplash.com). When such an image is loaded, your IP address is transmitted to the respective provider, which is technically necessary to display the content. The legal basis is our legitimate interest in an appealing presentation of our website (Art. 6 (1) (f) GDPR).

Web fonts are hosted locally on our own server (self-hosted via the framework’s font optimisation). No connection to Google Fonts is established when you visit our website.

13. Data Retention

We store personal data only for as long as necessary for the purposes described above or as required by law. Reservation and enquiry data is deleted once it is no longer needed and no statutory retention period applies. Data relevant under commercial and tax law (e.g. order and invoice records) is retained for the statutory periods, generally 6 to 10 years (§ 257 HGB, § 147 AO). Newsletter data is stored until you unsubscribe.

14. Data Security

This website uses TLS/SSL encryption for security and to protect the transmission of confidential content. An encrypted connection is indicated by “https://” in the address bar of your browser.

15. Changes to This Privacy Policy

We may update this privacy policy to reflect changes to our services or to legal requirements. The version published on this page applies, with the “last updated” date shown above.