Privacy

Our institution is a member of the Alliance for Cyber Security (ACS).

This privacy policy informs users about the nature, scope and purpose of the collection and use of personal data by the responsible provider (Cuk Gastronomiebetriebsgesellschaft mbH, Hackescher Markt 2–3, 10178 Berlin) on this website (hereinafter referred to as ‘offer’).

Cuk Gastronomiebetriebsgesellschaft mbH (hereinafter referred to as ‘Cuk’ or “we”) takes the protection of your personal data very seriously. All information and contact details can be found under ‘Personal rights’ in section 10. Contact details of the company and the data protection officer.

We treat your personal data confidentially and in accordance with the provisions of data protection law. With this privacy policy, we inform you about how, to what extent and for what purposes we process personal data. The legal basis for data protection can be found in particular in the General Data Protection Regulation (EU GDPR) and other national and international regulations.

Under the General Data Protection Regulation and other national data protection laws of the Member States, as well as other data protection regulations, the responsible party is: Cuk Gastronomiebetriebsgesellschaft mbH, Hackescher Markt 2–3, 10178 Berlin, email info@brasseriecolette.de. Our data protection officer is available to answer any further questions you may have at datenschutz@dpf-investment.de.

We reserve the right to amend the privacy policy in order to adapt it to changes in the legal situation or in the event of changes to the service or data processing. However, this only applies to statements regarding data processing. If user consent is required or if parts of the privacy policy contain provisions governing the contractual relationship with users, changes will only be made with the consent of the users. Users are requested to regularly review the content of the privacy policy.

Based on our legitimate interests within the meaning of Art. 6 (1) lit. f. GDPR, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, the file, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider. Log file information is stored for security reasons (e.g. to investigate misuse or fraud) for a maximum of 7 days and then deleted. Data that needs to be retained for evidence purposes is excluded from deletion until the respective incident has been finally clarified.

Personal data is information that can be used to identify a person, i.e. information that can be traced back to a person. This includes the name, email address or telephone number. Data about preferences, hobbies, memberships or which websites someone has visited also counts as personal data. Cuk only collects, uses and passes on personal data if this is permitted by law or if users consent to the collection of data.

When you contact Cuk by email, we store the user's details, including the contact details you provide there, for the purpose of processing the enquiry and in case of follow-up questions. We do not pass on this data without your consent.

This data is processed on the basis of Art. 6 (1) lit. b GDPR, provided that your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if this has been requested.

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host's servers. This may include IP addresses, contact enquiries, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

The hoster is used for the purpose of fulfilling our contractual obligations towards our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f GDPR).

Our host will only process your data to the extent necessary to fulfil its service obligations and will follow our instructions regarding this data.

We use the following host:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

We use the Cloudflare service. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as ‘Cloudflare’).

Cloudflare offers a globally distributed content delivery network with DNS. Technically, this means that the transfer of information between your browser and our website is routed through the Cloudflare network. This enables Cloudflare to analyse the data traffic between your browser and our website and to act as a filter between our servers and potentially malicious data traffic from the Internet. Cloudflare may also use cookies or other technologies to recognise Internet users, but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6(1)(f) GDPR).

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/.

Further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.

In order to make our website as user-friendly as possible, we use cookies and web beacons. A cookie is a small text file that a Cuk web server sends to your browser when you visit a website. Session cookies expire at the end of the browser session and can record your actions during that browser session. In contrast, permanent cookies remain stored on your device between browser sessions and can record your settings or actions on multiple websites.

Web beacons are small graphic files (also known as ‘pixel tags’ or ‘clear GIFs’) that may be included in our websites, apps, applications and newsletters and are typically used in conjunction with cookies to identify users or user behaviour. The above statements on cookies apply accordingly to web beacons; web beacons are not used in particular if you have objected to the use of the corresponding cookie.

Cookies do not pose any risk to your computer, as they are only text files and not executable programmes. The cookies on the Cuk website serve to make surfing more convenient and are also used for market research and advertising purposes, as well as to collect usage statistics. In addition, we use cookies for web tracking and as a basis for personalised content. In addition to so-called session cookies, which are deleted when you end your browser session, we also use permanent cookies. These cookies remain stored until they are deleted by the user. No personal data is stored in the cookies we use. Depending on your browser settings, the cookie file is either stored or rejected. If the file is stored, our web server can recognise your device. During subsequent visits and when switching between functions that require you to enter a password, the cookie can save you some of the effort of entering information. Cookies thus make it easier for you to use websites that require user input. In addition, cookies can help us to offer you a browsing experience that is as tailored to your needs as possible. Unless you expressly do not want this and deactivate cookies as described below:

You can either set your browser to accept our cookies or use our website without cookie functionality. In the latter case, however, your text entries in form fields cannot be saved for further queries, so you will have to re-enter them the next time you visit our website. Furthermore, in this case, we will unfortunately not be able to present you with content tailored to your personal preferences.

Your browser may also already be set to display a warning message each time it receives a cookie. Since the identification cookie must be resent each time you visit a page on our website, this message can be very disruptive. We therefore recommend that you set your browser to always allow cookies from brasseriecolette.de. You can set this individually for each website.

You can manage many online advertising cookies from companies via the US website www.aboutads.info/choices or the EU website www.youronlinechoices.com/uk/your-ad-choices. For more information on the use of cookies and how to disable them, please visit www.meine-cookies.org or www.youronlinechoices.com. Regardless of stored cookies, for security reasons you must log in again each time you access areas of our website that require registration. Tertianum also integrates third-party content on brasseriecolette.de. These third-party providers may set cookies while you are visiting the website and thereby obtain information, for example, that you have visited the website. Please visit the websites of the third-party providers for further information on their use of cookies. If you have decided not to give your consent to the use of cookies that require consent or to revoke your consent (deactivation of cookies), you will only be provided with those functionalities of our website that we can guarantee without these cookies.

We use a service called Google Tag Manager from Google. ‘Google’ is a group of companies consisting of Google Ireland Ltd. (service provider), Gordon House, Barrow Street, Dublin 4, Ireland, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and other affiliated companies of Google LLC.

We have entered into a data processing agreement with Google. Google Tag Manager is an auxiliary service and only processes personal data for technically necessary purposes. Google Tag Manager is responsible for loading other components, which in turn may collect data. Google Tag Manager does not access this data.

Further information about Google Tag Manager can be found in Google's privacy policy.

Please note that American authorities, such as intelligence agencies, may be able to access personal data that is inevitably exchanged with Google when this service is integrated due to American laws such as the Cloud Act.

If you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’).

Scope of processing

Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

We use the User ID function. With the help of the User ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyse user behaviour across devices.

We use the “anonymizeIP” function (so-called IP masking): Due to the activation of IP anonymisation on this website, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

During your visit to the website, the following data is collected, among other things:

• the pages you have visited, your ‘click path’
• achievement of ‘website goals’ (conversions, e.g. newsletter registrations)
• Your user behaviour (e.g. clicks, length of stay, bounce rates)
• Your approximate location (region)
• Your IP address (in abbreviated form)
• Technical information about your browser and the devices you use (e.g. language settings, screen resolution)
• Your internet service provider
• The referrer URL (which website/advertisement you came to this website from)

Purposes of processing

On behalf of Cuk, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns.

Recipient

The recipient of the data is

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

as a processor. We have concluded a data processing agreement with Google for this purpose. Google LLC, based in California, USA, and, where applicable, US authorities may access the data stored by Google.

Transfer to third countries

A transfer of data to the USA cannot be ruled out.

Storage period

The data sent by us and linked to cookies is automatically deleted after 14 months. Data that has reached its retention period is automatically deleted once a month.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by

a. not giving your consent to the setting of the cookie or

b. downloading and installing the browser add-on to deactivate Google Analytics HERE.

You can also prevent the storage of cookies by adjusting your browser software settings accordingly. However, if you configure your browser to reject all cookies, this may result in restrictions on the functionality of this and other websites.

Demographic characteristics in Google Analytics

This website uses the ‘demographic characteristics’ function of Google Analytics to display relevant advertisements to website visitors within the Google advertising network. This allows reports to be generated that contain information about the age, gender and interests of the website visitors. This data comes from interest-based advertising by Google and visitor data from third-party providers. This data cannot be attributed to a specific person. You can disable this feature at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section ‘Objection to data collection’.

Legal basis and right of revocation

Your consent is required for this data processing, Art. 6 (1) (a) GDPR.

You can revoke your consent at any time with effect for the future. To do so, click on this link. This will open our consent management banner the next time you visit the website, where you can make a new decision.

For more information on the terms of use of Google Analytics and data protection at Google, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.go.

Our website uses Microsoft Clarity, a web analytics service provided by Microsoft Corporation, to better understand the behaviour of our users and continuously improve our offering. The service provider is the American company Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA. Data is transferred to the independent controller Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park. Leopardstown, Dublin 18, D18 P521, Ireland.

Microsoft Clarity uses cookies and similar technologies to collect data about the behaviour of our website visitors. This includes, in particular, data about clicks, scrolling movements, dwell time and interactions with the page content. This data is collected in anonymised form and processed on Microsoft's servers. The insights gained through Microsoft Clarity help us to optimise the user experience on our website. The legal basis for processing is your consent in accordance with Art. 6 (1) (a) GDPR. The data collected by Microsoft Clarity is stored for a maximum of 13 months and then automatically deleted. The data will not be passed on to third parties, with the exception of transmission to Microsoft as our processor. You can revoke your consent at any time with effect for the future. To do so, click on this link. This will open our consent management banner the next time you visit the website, where you can make a new decision.

Microsoft also processes your data in the USA, among other places. Microsoft is an active participant in the EU-US Data Privacy Framework, which regulates the transfer of personal data from EU citizens to the USA. For more information, please visit https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

We have concluded standard contractual clauses with Microsoft. These standard contractual clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to third countries (such as the United States) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Microsoft undertakes to comply with European data protection standards when processing personal data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de. For more information about the standard contractual clauses at Microsoft, please visit https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses. For more information about the data processed through the use of Microsoft, please refer to the privacy policy at https://privacy.microsoft.com/de-de/privacystatement.

We operate online presences within the social networks listed below. If you visit one of these presences, the respective provider will collect and process the data specified below. As a rule, this data is collected for advertising and market research purposes and used to create user profiles. Data can be stored in the user profiles regardless of the device you use. This is particularly the case if you are a member of the respective platform and are logged in to it. The user profiles can be used by the providers to display interest-based advertising to you. You have the right to revoke the creation of user profiles. To exercise this right, you must contact the respective provider.

If you have an account with one of the providers listed below and are logged in there when you visit our website, the respective provider may collect data about your usage behaviour on our website. To prevent such linking of your data, you can log out of the provider's service before visiting our site. The purpose and scope of data collection by the provider can be found in the respective privacy policies of the providers listed below.

We would like to point out that, depending on the country of residence of the provider listed below, the data collected via their platform may be transferred and processed outside the European Union. In this case, there is a risk that the level of data protection required by the GDPR may not be maintained and that it may be difficult or impossible to enforce your rights.

Data concerned

• Inventory and contact data (e.g. name, address, telephone number, email address)

• Content data (e.g. posts, photos, videos)

• Usage data (e.g. access times, websites clicked on)

• Communication data (e.g. information about the device used, IP address).

Purpose of processing: Communication and marketing, tracking and analysis of user behaviour

Legal basis: Consent, Art. 6 (1) (a) GDPR, legitimate interests Art. 6 (1) (f) GDPR

Opt-out options: For the respective opt-out options, please refer to the information provided by the providers linked below.

We maintain online presences on the following social networks:

Facebook

Service provider: Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA

Headquarters in the EU: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Website: https://www.facebook.com/

Privacy policy: https://www.facebook.com/about/privacy/

Privacy policy for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data

Instagram

Service provider: Instagram Inc., 1601 Willow Road, Menlo Park CA 94025, USA

Parent company: Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA

EU headquarters: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Website: https://www.instagram.com/

Privacy policy: http://instagram.com/about/legal/privacy

TikTok

Service Provider: TikTok Technology Limited

Parent Company: ByteDance Ltd., mit Sitz in Peking, China

EU Headquarters: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, Irland

Website: https://www.tiktok.com/

Privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en

We use services to display Internet advertising. Certain user data is collected via a cookie or pixel through the services we use. This includes, in particular, information about which website you used to access our website (known as a referrer), which pages of our website you accessed, how long you visited our pages and what interactions you carried out there. In addition, data about the browser, computer system and device type you are using is collected. Demographic information, such as age or gender, can also be collected as pseudonymous values via such a service. If you have consented to the collection of your location data, this may also be processed, depending on the provider. In order to collect and store this data, the respective service places a cookie or a so-called tracking pixel on the device you are using, which is also used to collect the IP address assigned to you. However, this is shortened using a so-called IP masking procedure so that the IP address can no longer be assigned to your visit to our website. As a rule, no clear data such as names or email addresses are stored when using the respective service. This is only the case if you are a member of a social network that offers one of the services listed below and merges your profile with the aforementioned data material.

The data is evaluated by the service we use to produce a report with statistical information about the number of visitors generated by the advertising and the success of the advertising campaign. The reports show, among other things, the total number of users who were redirected to our website via our advertisements. The reports also contain information about the users' end devices and browsers, their locations and the times at which the advertisement was clicked. However, the reports do not contain any information that could be used to personally identify you as a user of our site.

We would like to point out that, depending on the location of the service provider, the data collected via the service may be transferred and processed outside the European Union. In this case, there is a risk that the level of data protection required by the GDPR may not be maintained and that it may be difficult or impossible to enforce your rights.

Data concerned

• Usage data (e.g. access times, websites clicked on)

• Communication data (e.g. information about the device used, IP address)

Affected persons

Users of our online services

Purpose of processing

Reach measurement, campaign performance monitoring, remarketing, and interest- and behaviour-based marketing

Legal basis and right of revocation

If we have asked for your consent before using the respective service, this constitutes the legal basis, Art. 6 (1) lit. a GDPR. Otherwise, we use the respective service on the basis of our legitimate interest in directing visitor traffic to our website and analysing this visitor traffic in order to continuously improve the functions, offers and user experience, Art. 6 (1) lit. f GDPR.

You can revoke your consent at any time with effect for the future. To do so, click on the button below. This will open our consent management banner the next time you visit the website, where you can make a new decision.

We use the following service providers for online advertising in the following sections.

This website uses Facebook visitor action pixels to measure conversions.

This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the United States and other third countries.

This allows the behaviour of website visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook advertisement. This enables the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimised.

The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Use Policy. This enables Facebook to place advertisements on Facebook pages and outside of Facebook. As the website operator, we have no influence over this use of the data.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of data and its transfer to Facebook. The processing by Facebook after the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert your rights as a data subject (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your rights as a data subject with us, we are obliged to forward them to Facebook.

You can find further information on the protection of your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/. Opt-out option: https://www.facebook.com/settings?tab=ads

We also use the ‘extended matching’ function. This involves your personal data being transferred to Facebook in encrypted form.

We also use the ‘Custom Audiences’ process. This involves your email address, as the recipient of the newsletter, being uploaded to Facebook in encrypted form. This helps us to determine the recipient of our Facebook ads and to ensure that the ads are only shown to interested parties. You can deactivate the ‘Custom Audiences’ remarketing function in the ‘Advertising Preferences’ section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

Legal basis and right of revocation

If we have asked for your consent before using the respective service, this constitutes the legal basis, Art. 6 (1) lit. a GDPR. Otherwise, we use the respective service on the basis of our legitimate interest in directing visitor traffic to our website and analysing this visitor traffic in order to continuously improve the functions, offers and user experience, Art. 6 (1) lit. f GDPR.

You can revoke your consent at any time with effect for the future. To do so, click on the button below. This will open our consent management banner the next time you visit the website, where you can make a new decision.

We use the following service providers for online advertising in the following sections.

Newsletter data

If you would like to subscribe to the newsletter offered on the website, we need your email address and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data is collected or is only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of data, your email address and its use for sending the newsletter at any time, for example via the ‘Unsubscribe’ link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide us with for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to exist. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.

After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f GDPR). There is no time limit for storage in the blacklist. You can object to the storage if your interests outweigh our legitimate interest.

MailChimp

This website uses the services of MailChimp to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service that can be used, among other things, to organise and analyse the sending of newsletters. If you enter data for the purpose of receiving the newsletter (e.g. email address), this data will be stored on MailChimp's servers in the USA.

MailChimp enables us to analyse our newsletter campaigns. When you open an email sent by MailChimp, a file contained in the email (known as a web beacon) connects to MailChimp's servers in the USA. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Technical information is also collected (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of the recipients.

If you do not want MailChimp to analyse your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.

Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data stored by us for other purposes remains unaffected.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.

After you unsubscribe from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist, if necessary, to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interests and our interests in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). There is no time limit on storage in the blacklist. You can object to storage if your interests outweigh our legitimate interest.

For more details, please refer to MailChimp's privacy policy at: https://mailchimp.com/legal/terms/.

Revocation, changes, corrections and updates

The user has the right to request information free of charge about the personal data stored about them. In addition, the user has the right to correct incorrect data, block and delete their personal data, provided that there is no legal obligation to retain it.

Information on personal rights in data protection

1. Information on data processing based on Articles 13 and 14 of the GDPR

We hereby inform you that we process your personal data (surname, first name, address, other contact details) when you contact us or are added to the list of interested parties.

2. Purposes of data processing

Contacting interested parties, own advertising.

3. Legal basis for data processing

Cuk processes personal data on the basis of Art. 6 GDPR. This is based on consent to the processing of personal data concerning them for one or more specific purposes, to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data prevail.

4. Origin of the data

The data originates from your personal input.

5. Categories of personal data

Surname, first name, address and other contact details.

6. Categories of recipients of personal data

The recipients are generally based in Germany or the EU. These are predominantly service providers for technical and commercial operations who work on behalf of Cuk.

7. Duration of data storage

Cuk only stores information for a certain period of time. For example, data on interested parties is deactivated 36 months after it is first collected and finally deleted after a further 60 months, provided that no service contract has been concluded or no further contact has taken place between the parties which clearly documents a continuing mutual interest in maintaining a business relationship.

8. Rights of data subjects

Every data subject has the right to information, correction, deletion, restriction of processing and data portability. These rights under Articles 15 to 20 of the GDPR can be asserted against Cuk at the addresses listed below.

In addition, it is possible to contact the supervisory authority responsible for Cuk.

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Postfach 10 29 32
70025 Stuttgart

Bavarian State Office for Data Protection Supervision
Promenade 27 (Schloss)
91522 Ansbach

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstraße 219
10969 Berlin

If you would like to know what data Cuk has stored about you and to whom this data has been transferred, Cuk will be happy to provide you with this information. You can request a so-called self-disclosure free of charge. Please note that for data protection reasons, the respective Tertianum company is not permitted to provide any information by telephone, as it is not possible to clearly identify you on the phone. In order to prevent misuse by third parties, the respective Tertianum company requires the following information from you: surname (maiden name, if applicable), first name(s), date of birth, current address (street, house number, postcode and town).

9. Right to object

In accordance with Art. 21 GDPR, you can object to data processing at the address provided. This essentially concerns processing based on a legitimate interest of the controller or a third party.

10. Contact details of the company and the data protection officer

The companies responsible for data protection are listed below:
Cuk Gastronomiebetriebsgesellschaft mbH
Hackescher Markt 2–3
10178 Berlin
Email info@brasseriecolette.de

The company data protection officer at Cuk can also be contacted at the above addresses with the addition of ‘Data Protection Officer’ or by email at the following address: datenschutz@dpf-investment.de.