DONATELLA

1. Objective and responsible body

This data protection declaration clarifies the type, scope and purpose of the processing (including collection, processing and use as well as obtaining consent) of personal data within our online offer and the associated websites, functions and content (hereinafter collectively referred to as “online offer” or “Website”). The data protection declaration applies regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile) on which the online offer is carried out.

The provider of the online offer and the party responsible for data protection is Trattoria Donatella (hereinafter referred to as “provider”, “we” or “us”). For contact options, we refer directly to our website imprint. The term “user” includes all customers and visitors to our online offer, understood as completely gender-neutral.

2. Basic information on data processing

We process personal data of users only in compliance with the relevant data protection regulations in accordance with the principles of data economy and data avoidance. This means that user data is only processed if there is legal permission, in particular if the data is required by law to provide our contractual services and online services, or if express consent has been given.

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and that the data processed by us are protected against accidental or deliberate manipulation, loss, destruction or access by unauthorized persons.

If content, tools or other means from third-party providers are used within the scope of this declaration and their registered office is abroad, it can be assumed that data will be transferred to the countries in which the third-party providers are based. The transfer of data to third countries takes place either on the basis of legal permission, the consent of the user or special contractual clauses that guarantee the legally required security of the data.

3. Processing of personal data

The personal data are processed for the following purposes on the basis of legal permissions or user consent:

• The provision, execution, maintenance, optimization and securing of our services, online assets and user features.
• Ensuring effective customer service and technical optimization support.

We only transmit user data to third parties if this is necessary for billing purposes (e.g. to a payment service provider) or to fulfill our contractual obligations towards users. When contacting us via the contact form or email, the information provided by the user is stored for the purpose of processing the request and handling potential follow-up questions. Personal data will be safely deleted as soon as they have fulfilled their intended purpose and deletion does not conflict with any statutory retention requirements.

4. Collection of access data (Server Log Files)

We collect data about every single access to the server on which this service is located via automated server log files. The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

We use this log data without specific assignment to the person of the user or other profile creation in accordance with the statutory provisions only for statistical evaluations for the purpose of operation, internal security and absolute optimization of our online offer. However, we reserve the right to check the log data retrospectively if, based on specific indications, there is a legitimate suspicion of illegal use.

5. Cookies & Range Measurement

Cookies are small pieces of information that are transferred from our web server or third-party web servers to the user’s web browser and stored there for later retrieval. In this declaration, users are informed about the use of cookies in the context of pseudonymous range measurement.

Viewing this online offer is completely possible with the exclusion of cookies. If users do not want cookies to be stored on their device, they are asked to deactivate the corresponding option in the system settings of their browser. Saved cookies can also be deleted at any time in the browser system settings. Please note that the exclusion of cookies can lead to functional restrictions of this online offer.

6. Google Analytics

We use Google Analytics, a web analysis service from Google Ireland Ltd. (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there. Google uses this information on our behalf to evaluate the use of our online offer, to compile reports on the activities within this online offer and to provide us with other services related to website traffic. Pseudonymous user profiles can be created from the processed data.

We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases. The IP address transmitted by your browser will not be merged with other Google data. Users can prevent cookie storage through browser settings or by installing the official browser plug-in available via Google's privacy settings channels.

7. Google Re / Marketing Services

We use the marketing and remarketing services (“Google Marketing Services”) from Google Ireland Ltd.. These services allow us to display advertisements for and on our website in a more targeted manner in order to only present users with advertisements that potentially correspond to their interests. If users are shown advertisements for products they were interested in on other websites, this is referred to as “remarketing”.

For these purposes, Google executes a code from Google and uses so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) integrated into the website. With their help, an individual cookie or comparable tracker is saved on the user’s device. This file records which websites the user has visited, what content they are interested in, which offers they clicked, technical browser details, operating system, referring websites, visiting time, and other information regarding the use of the online offer.

The IP address of the user is also recorded, but anonymized/shortened within the EU or EEA. The user data is processed entirely pseudonymously as part of Google Marketing Services. This means that Google does not save and process the name or email address of the user, but manages the data inside pseudonymous user profiles associated with cookie owners. Integrated components include Google AdWords (Conversion Tracking cookies), DoubleClick, Google AdSense, and the Google Tag Manager which coordinates these diagnostic frameworks.

8. Facebook Social Plugins

Our online offer uses social plugins (“plugins”) from the social network facebook.com, operated by Facebook Ireland Ltd.. The plugins can be recognized by one of the Facebook logos (white “f” on a blue tile, the terms “like” or a “thumbs up” sign).

When a user calls up a function of this online offer that contains such a plugin, their device establishes a direct connection with the Facebook servers. The content of the plug-in is transmitted directly from Facebook to the user’s device. By integrating the plugins, Facebook receives the information that a user has called up the corresponding page of our online offer. If the user is logged in to Facebook, Facebook can assign the visit to their personal Facebook account. If a user interacts with the plugins (e.g. hitting Like or commenting), that data goes straight to Facebook. If a user is not a member of Facebook, there is still a possibility that Facebook will find out their IP address and save it. Members who wish to avoid this link must log out of Facebook and delete all tracking cookies before visiting our online assets.

9. Facebook Remarketing (Facebook Pixel)

So-called “Facebook pixels” of the social network Facebook (operated by Facebook Inc. / Facebook Ireland Ltd.) are used within our online offer. With the help of the Facebook pixel, Facebook is able to determine the visitors of our offer as a target group for the presentation of targeted advertisements, so-called “Facebook ads”. Accordingly, we use the Facebook pixel to only display the Facebook ads placed by us to users who have also shown an interest in our website, ensuring our ads correspond to potential user interests and are not annoying.

The Facebook pixel can save a cookie on your device when you visit our website. If you then log in to Facebook or visit Facebook while logged in, the visit to our offer will be noted in your profile. The data collected about you is anonymous to us, so it does not allow us to draw any conclusions about the identity of individual users. However, the data is stored and processed by Facebook to connect to the respective user profile within the framework of Facebook’s data usage guidelines. You can object to the collection by the Facebook pixel and use of your data via your platform profile settings at any time.

10. Newsletter Protocol

By subscribing to our newsletter, you agree to the receipt and the registration, dispatch, and statistical evaluation procedures described. Our newsletters contain promotional information regarding our products, offers, promotions and our company.

The registration for our newsletter takes place via a double opt-in procedure. This means that after registration you will receive an email asking to confirm your registration to prevent unauthorized sign-ups. Registrations are logged (storing the time of registration, confirmation, and the user's IP address) to fulfill legal proof requirements. The email addresses are stored on the servers of our technical mailing service provider, who evaluates performance metrics on our behalf but never passes data to third parties. Newsletters contain a pixel-sized tracking file ("web beacon") to collect technical details (browser, system, IP address, links clicked) to optimize content delivery. You can cancel receipt or revoke consent at any time using the direct link at the end of every newsletter.

11. Integration of services and content from third parties

Content or services from third-party providers, such as city maps or fonts, are integrated into our online offer. This integration always requires that the third-party providers perceive the IP address of the user, since they would not be able to send the content to the user’s browser without it. We aim to use this content as sparingly as possible and choose reliable third-party providers with high data security standards.

• Google Fonts: Call up external typography assets by connecting directly to servers managed by Google (usually based in the USA).
• Google Maps: Local mapping infrastructure provided by Google Ireland Ltd. to assist with directional tracking.
• YouTube: Embedded video stream feeds managed by Google Ireland Ltd..

12. User rights and deletion of data

Users have the explicit right, upon request, to receive information free of charge about the personal data that we have stored about them. In addition, users have the right to correct incorrect data, revoke consent, block and delete their personal data and, in the event of unlawful data processing being assumed, to lodge a complaint with the competent supervisory authority. The data stored by us will be deleted as soon as they are no longer required for their intended purpose and deletion does not conflict with any statutory retention requirements.

We reserve the right to change this data protection declaration in order to adapt it to changed legal situations or to structural updates in data processing. If user consent is required, modifications will only be applied with explicit authorization. Users are requested to inform themselves regularly about the content of this data protection declaration.