In this privacy policy, you will learn what personal data Grape Hospitality OpCo GmbH, in what way and for what purpose automation-supported processing, as well as what rights you, as a data subject, have.
The responsible party is Grape Hospitality OpCo GmbH, Landstraßer Hauptstraße 28, 1030 Vienna, Austria/ Tel: +43 (1) 716710 / Email: h5357@accor.com.
The protection of your personal data is of particular concern to us. Therefore, your personal data will only be processed to the extent that this is permitted by law and necessary to fulfill the respective purpose (provision of services, contract execution, fulfillment of legal obligations, sending informational material and advertising, sending a newsletter, conducting customer analyses).
For the processing of your health data (allergies and special needs), we require your express consent, which you can revoke at any time. Please note that if you do not give your consent or revoke it during our contractual relationship, we will not be able to provide our services to the usual extent, whereupon you will use our services at your own risk.
To send information about services and products of our company and to contact customer service:
In doing so, we will use the following communication channels if you have provided them to us: Email, mail and SMS.
In order to inform you about offers and services and to contact you for customer surveys we need your explicit consent, which you can give in a "double-op-in" form. Without you providing us with the data mentioned in point 4 and giving your explicit consent, we will not be able to send you any information or contact you in this regard.
For the purpose of providing and improving services and personalizing offers and services to better meet your needs (profiling):
This website uses the WordPress plugin Wordfence by Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA for security purposes. For this purpose, cookies are set in your browser and your IP address is collected, stored and transmitted to a server of Defiant in the USA.
The provided DSGVO-compliant data processing agreement has been concluded. Wordfence, as a data processor, complies with all requirements of the GDPR and is subject to the provisions of the Privacy Shield.
WordFence is used to increase the security of this website and thus also the security of the website users. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO.
The privacy policy of Wordfence can be found at https://www.wordfence.com/terms-of-use/ and at https://www.wordfence.com/privacy-policy/.
Profiling is the process in which the responsible person (controller or processor) collects and processes personal data for the purpose of providing and improving offers and services so that they can be better tailored to the needs of the customer. However, no decisions that may entail legal consequences or damages of any kind to the customer will be made in automated form.
We may process the following data in our system: Name, gender, title, address, telephone number, e-mail address, date of birth, comments and relationship to other profiles.
We may associate the following data related to your reservation with your profile: Previous reservations, future reservations, confirmations and notes. Personal data provided by you will be processed until you withdraw your consent. You can revoke your consent at any time free of charge and without giving reasons in the restaurant, by e-mail at: h5357@accor.com or by phone at +43 (1) 716710.
.
We have a legitimate interest in taking photographs at events for marketing purposes and publish them on our website. If you do not agree, you can object at any time in the restaurant or by e-mail at h5357@accor.com or by phone at +43 (1) 716710.
In the interest of public safety, there may be video surveillance in the area of the restaurant. Videos are stored in independent hard drives at the respective location and access is granted to restaurant managers.
Recorded video may be stored for a maximum of 72 hours.
Your personal data will not be disclosed to third parties, except.
For the purpose of payment processing, your bank details will be passed on to electronic payment service providers.
If we engage a processor, we remain responsible for the protection of your personal data.
We therefore only engage external processors to perform activities that are necessary to provide our services, such as sending newsletters. These processors have undertaken to comply with the applicable data protection regulations vis-à-vis us. An order processing contract has been concluded in accordance with Art 28 DSGVO.
Your personal data will be passed on to the following external data processors:
We primarily use processors within the European Union. We only use processors outside the European Union if (i) an adequacy decision has been issued by the European Commission for the third country in question, or (ii) we refer to the European Commission's standard contractual clauses, or (iii) appropriate safeguards, such as the EU/US Privacy Shield, are in place with the third country, or (iv) we have agreed binding internal data protection rules with the processor.
Our websites used Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses so-called "cookies", (text files that are stored on the user's computer,) which allow an analysis of the use of the websites. The information generated by the cookie about the use of the websites by the users is usually transmitted to a Google server in the USA and stored there.
In the event that IP anonymization is activated on our websites, however, Google will truncate the user's IP address beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active on our websites. On behalf of the operator of our websites, Google will use this information for the purpose of evaluating the use of the websites by users, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The shortened IP address transmitted by the user's browser as part of Google Analytics will not be merged with other Google data. Users may refuse the use of cookies by selecting the opt-out function on the Divvy Restaurant website or, alternatively, by selecting the appropriate settings on your browser, however, Grape Hospitality OpCo GmbH points out that if you do this you may not be able to use the full functionality of our website. Users can also prevent the collection of data generated by the cookie and related to their use of the websites (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
For more information about Google's use of data for advertising purposes, settings and opt-out options, please visit Google's websites: https://www.google.com/intl/de/policies/privacy/partners/ ("Data use by Google when you use our partners' websites or apps"), http://www.google.com/policies/technologies/ads ("Data Use for Advertising Purposes"), http://www.google.de/settings/ads ("Manage Information Google Uses to Show You Ads"), and http://www.google.com/ads/preferences/ ("Determine What Ads Google Shows You").
We process your personal data - as far as necessary - for the duration of the entire business relationship (from the initiation, processing to the termination of a contract and until the settlement of outstanding claims). After the contract has been fully processed, your data will be stored until the expiry of the warranty, limitation and compensation periods and statutory retention periods applicable to us, and beyond this until the end of any legal disputes in which the data is required as evidence.
We store data that you have provided to us for marketing and information purposes, such as for sending a newsletter, until you revoke your consent to do so.
We use technical and organizational security measures to protect your personal data against accidental or intentional manipulation, loss or destruction and against access by unauthorized persons, in accordance with Article 32 of the General Data Protection Regulation. Our security measures are continuously improved according to technical progress.
With regard to the processing of your data, you may exercise the following rights under the General Data Protection Regulation and the National Data Protection Act:
You may request confirmation from us as to whether and to what extent we process your data. This confirmation will include information about the purposes for which your data are processed, the categories of personal data processed, the recipients or categories of recipients of the personal data, the duration of the data processing.
You may at any time request that data concerning you which is inaccurate or incomplete be corrected and/or completed without undue delay.
You may request that we erase your personal data if we process it unlawfully, the processing unreasonably interferes with your legitimate interests in protecting yourself, the personal data is no longer necessary for the purposes for which it was collected, or you have withdrawn your consent. Please note that there may be reasons that prevent immediate deletion, such as in the case of legal retention obligations.
You can request us to restrict the processing of your data if
This data will be processed from the restriction request only with individual consent or for the assertion and enforcement of legal claims.
You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format, provided that
You may object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is necessary for the purposes of protecting our legitimate interests or those of a third party. After the objection, your data will no longer be processed unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You may object to direct marketing at any time without giving reasons.
If you believe that we are violating national or European data protection law in processing your data, you can contact us at any time. Of course, you also have the right to contact the competent data protection authority and, as of 25.05.2018, also the supervisory authority within the EU.
To assert any of the aforementioned rights against us, please use the following contact options:
If we are unable to determine your identity on the basis of the data available to us, it may be necessary for us to request additional information to determine your identity (e.g. photo identification). Inquiries in this regard serve to protect your rights and your privacy.