a. Scope & purpose of the processing of personal data

As a matter of principle, we process your personal data as a user of this website only insofar as this is necessary to provide a functional website and our content and services. Your personal data will only be processed according to your purpose-related consent, unless the data processing is also permitted by law without obtaining prior consent. The purposes of the processing result from the processing activities described in more detail below.

b. Legal basis for the processing of personal data

Insofar as we obtain consent from you for processing operations of personal data, Art. 6 (1) a) EU General Data Protection Regulation (DSGVO) serves as the legal basis.

If the processing of your data is necessary for the performance of a contract to which you are a party, Art. 6 (1) b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

If processing of your personal data is necessary for compliance with a legal obligation to which we are subject, Art. 6 (1) c) DSGVO serves as the legal basis.

In the event that vital interests of you or another natural person make processing of personal data necessary, Art. 6 (1) d) DSGVO serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not override the first-mentioned interest, Art. 6 (1) f) DSGVO serves as the legal basis for the processing.

c. Data deletion and storage period

Your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Data may also be stored if this is required by law or by other legal provisions that are binding for us. Data will also be blocked or deleted if a storage period prescribed by the aforementioned legal provisions expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

d. Types of data processed

• Inventory data (e.g. name, address);
• Contact data (e.g., email address, phone number);
• Content data (e.g., text input, photographs, videos);
• Usage data (e.g., web page views, access times, personal interests);
• Communication and metadata (e.g. IP addresses, device information).

e. Purposes of the processing

• Provision of the online offer, its functions and content;
• Answering contact requests and communication with users;
• Security measures;
• Reach measurement/marketing.

f. Categories of data subjects

Visitors and users of the online offer (hereinafter “users”).

a. Right to information

Upon request, we will confirm whether personal data concerning you is being processed. If this is the case, you have the right to be informed about the following information

• the purpose(s) of the data processing,
• the categories of data processed, and
• if applicable, the recipients or categories of recipients to whom data are disclosed on the basis of legal obligations or contractual relationships; in particular in the case of recipients in third countries
• the planned storage period, or if this is not possible, the criteria for determining the duration
• the existence of a right to rectification or erasure of the personal data concerning them, or to restriction of processing by us, or a right to object to such processing
• the existence of a right of appeal to the supervisory authority
• in the event that the personal data are not collected from the data subject: Any available information about the origin of the data
• the existence of automated decision-making, including profiling, and meaningful information about the logic involved and the scope and intended effects of such processing for the data subject
• in case of transfer to a third country or to an international organization, about the appropriate safeguards in connection with the transfer.

Upon request, you will receive a copy of the data collected and processed from you. This will generally be done free of charge.

b. Right to rectification

You have the right to request that inaccurate personal data concerning you be corrected without delay. You have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.

c. Right to deletion (so-called right to be forgotten)

Upon request or after fulfillment or termination of the contract with us, your personal data will be deleted immediately if this does not conflict with tax or commercial law storage or documentation obligations or if the safeguarding of the legitimate interests of the responsible party is at risk.

A deletion claim exists under the following conditions:

• The personal data were collected or otherwise processed for such purposes for which they are no longer necessary.
• You withdraw your consent on which the processing was based pursuant to Art. 6 (1) a DSGVO or Art. 9 (2) a DSGVO and there is no other legal basis for the processing.
• You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or an objection to the processing has been lodged pursuant to Article 21(2) of the GDPR.
• the personal data have been processed unlawfully.
• the erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

the personal data has been collected in relation to information society services offered pursuant to Art. 8(1) DSGVO (consent has been given by a child)

d. Right to restriction of processing (blocking)

Under the following conditions, you have the right to request the restriction of processing, i.e. the blocking of your personal data for processing:

• the accuracy of the personal data is disputed by you for a period of time that allows us to verify the accuracy of the personal data.
• the processing is unlawful, you object to the erasure of the personal data and request instead the restriction of the use of the personal data.
• The controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims.
• The user has objected to the processing pursuant to Art. 21 (1) DSGVO and it is not yet clear whether the legitimate grounds of the controller outweigh those of the user.

e. Right to data portability (data portability).

Upon request, your data can be made available for a fee in a structured, common and machine-readable format for you and a service provider working in the connection to enable rapid transfer. This applies in any case insofar as the processing is based on consent pursuant to Art. 6 para. 1 a DSGVO or Art. 9 para. 2 a) DSGVO or on a contract pursuant to Art. 6 para. 1 b DSGVO and the processing is carried out with the aid of automated processes.

f. Right of objection

You also have the right to object to the processing of your personal data.

If the processing is carried out for the purpose of direct advertising (e.g. newsletter), this right exists at any time.

Otherwise, the right may also exist for reasons arising from your particular situation to object at any time to the processing of personal data concerning you. This applies only insofar as the processing is carried out on the basis of Art. 6 (1) (e) or (f) DSGVO (exercise of public interests or protection of legitimate interests by the controller).

To exercise this right of revocation, you can also send us an informal message via the contact options mentioned under point 1, stating your intention to revoke.

g. Right of complaint to the supervisory authority

If you are of the opinion that there has been a breach of data protection regulations, you have the right to lodge a complaint with the competent supervisory authority. For companies in Hamburg, for example, this is the Hamburg Commissioner for Data Protection and Freedom of Information: https://www.datenschutz-hamburg.de

h. Regulations on the provision of data and consequences of failure to provide data.

The provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). For a contract to be concluded, it may be necessary for you to provide us with personal data that must subsequently be processed by us. For example, you are obliged to provide us with personal data if our company concludes a contract with it. Failure to provide the personal data would mean that the contract could not be concluded.

i. Automated decision making

Automated decision making does not take place by us.

DATA PROCESSING FOR ADVERTISING PURPOSES

Advertising with consent
We process your data for marketing purposes only on the basis of explicit consent for these purposes pursuant to Art. 6(1)(a) DSGVO.

Proper commissioned processing agreements have been concluded with service providers that we engage for the purpose of supplying advertising and who process data on our behalf strictly in accordance with instructions.

Reference to the right of objection

You may object to the use of your personal data for the aforementioned advertising purposes at any time, free of charge and with effect for the future, by using the contact details provided in section 1.

If you object, your data will be blocked for further data processing for advertising purposes. We would like to point out that in exceptional cases, advertising material may still be sent temporarily after receipt of your objection. This is technically due to the necessary lead time within the selection process and does not mean that we have not implemented your objection.

Logfiles

In the case of mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 p. 1 f) EU-DSGVO):

Date and time of access, name of the pages accessed, IP address of the requesting device, referrer URL (originating URL from which visitors came to our websites), the amount of data transferred, loading time, browser type, language & version, name of the visitor’s access provider, operating system and its interface.

Server

We use a so-called hoster to provide certain services in connection with the operation of this website: in detail, IT infrastructure, computing services, database services, e-mail dispatch, security services, server storage space and technical maintenance services are provided, among others. In doing so, we. or our hoster, respectively, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of our visitors to our website on our behalf on the basis of Art. 28 DSGVO due to our legitimate interests in a professional and secure provision of our website in accordance with Art. 6 para. 1 f) DSGVO.

Cookies use

This website uses the following types of cookies, the scope and functionality of which are explained below:

a) Temporary cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

b) Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

Insofar as these cookies and/or the information contained therein are personal data, the legal basis for data processing is Art. 6 (1) f) DSGVO. Our interest in optimizing our website is thereby to be regarded as legitimate within the meaning of the aforementioned provision.

You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may then not be able to use all functions of this website.

a. Registration Corona

Your personal data will be processed for the purpose of tracking chains of infection related to the SARS-CoV-2 coronavirus during the corona phase. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. c, para. 3 of the DSGVO (General Data Protection Regulation). In addition, also Section 28 (1) of the Infection Protection Act (IfSG). The data will be deleted after the prescribed retention period.

b. Additional information for table reservation

Server log files

The integrated table reservation widget on our homepage automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

browser type and version
Operating system used
referrer URL
Host name of the accessing computer
Time of the server request

This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be collected.

a. The disclosure to tax offices and social security institutions will only take place if there is a legal obligation to do so; the legal basis is Article 6, paragraph (1), letter c) DSGVO.

b. The transfer to service providers will only take place on the basis of a proper contract processing agreement in accordance with Art. 28 DSGVO.

c. Payment service provider

Furthermore, we transmit data to third parties only in the context of the order for the purpose of payment processing, unless you pay in advance.

We use PayPal for this purpose. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. In addition, PayPal offers the possibility to process virtual payments via credit cards if a user does not maintain a PayPal account. A PayPal account is maintained via an e-mail address. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also assumes trustee functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the data subject selects “PayPal” as a payment option during the ordering process in our online store, data of the data subject will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing.

The personal data transmitted to PayPal are usually first name, last name, address, email address, IP address, telephone number, or other data necessary for payment processing. For the processing of the purchase contract are also such personal data that are related to the respective order.

The transmission of data is for the purpose of payment processing and fraud prevention. We will transmit personal data to PayPal in particular if there is a legitimate interest for the transmission. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit reporting agencies. The purpose of this transmission is to check identity and creditworthiness. The responsible party for this is PayPal.

PayPal may share the personal data with affiliated companies and service providers or subcontractors to the extent necessary to fulfill contractual obligations or to process the data on behalf.

You have the option to revoke your consent to the handling of personal data at any time vis-à-vis PayPal. A revocation does not affect personal data that must necessarily be processed, used or transmitted for (contractual) payment processing.

The applicable privacy policy of PayPal can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

If you choose a payment method credit card or Apple Pay or Google Pay, the payment service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (“Stripe”) is used for payment processing. For this purpose, information provided to Stripe during the ordering process, along with information about your order (name, address, account number, bank routing number, credit card number (if applicable), invoice amount, currency and transaction number) will be passed on in accordance with Art. 6 (1) lit. b DSGVO. The transfer of your data takes place exclusively for the purpose of payment processing with the payment service provider Stripe and only insofar as it is necessary for this purpose. You can find more information about Stripe’s data protection at the URL https://stripe.com/de/privacy#translation.

Sharing with other third party service providers

The transfer to service providers takes place only on the basis of a proper agreement for commissioned processing in accordance with Art. 28 DSGVO.

With the exception of the processing described above, we do not pass on your data to recipients based outside the European Union or the European Economic Area. The processing operations mentioned here result in a data transfer to the servers of the providers of tracking or targeting technologies commissioned by us.

Integration of third-party services and content

Within the scope of our website, we use offers from third-party providers to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”), on the basis of consent pursuant to Art. 6 (1) f) DSGVO or, if consent does not exist in the individual case and is not legally required, on the basis of our legitimate interests (i.e., interest in evaluating the use of our website and improving the operation of our website within the meaning of Art. 6 (1) f) DSGVO).

This may require that the respective third-party providers perceive your IP address, as without the IP address they could not send the content to your browser. The IP address is thus required for the delivery and display of this content. The third-party providers may also use so-called “pixel tags” (invisible graphic files, also called “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to analyze usage behavior on this website. The pseudonymous information may be stored in cookies on your device and may contain, for example, technical information about visiting times, the browser and operating system, previously visited website and other information about the use of our website. A linkage with similar information from other sources does not take place.

If you do not want pixel tags to record your usage behavior, you can object to the data collection at any time.

Google Maps

We may integrate maps from the Google Maps service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include, in particular, IP addresses and location data of the users, which, however, are not collected without their consent (usually executed in the context of the settings of their mobile devices). The data may be processed in the USA. Its privacy notice can be found at:

You can set an opt-out at this link:

Comments/Posts

If you leave comments or other contributions, your IP address may be stored for up to 7 days due to our legitimate interests pursuant to Art. 6 (1) f) DSGVO. This is done for our security and to protect others from illegal content. In this case, we are liable as the operator of this website and would therefore like to try to identify the author. In addition, this enables the detection of spam and its exclusion as a legitimate interest on our part Art. 6 para. 1 f) DSGVO.

The content provided in the context of your comments and / or contributions will be permanently stored by us until your objection, unless there is any other obligation to remove.

Google Fonts

We integrate the fonts (“Google Fonts”) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can find their privacy policy under: 
https://www.google.com/policies/privacy/

You can set an opt-out under this link:
https://adssettings.google.com/authenticated. 

​Explanation of the use of cookies

a. Processing of data

FS Five Star Gastronomy Collection GmbH is responsible for processing the data described in this Cookie Policy. We use cookies and other techniques such as JavaScript and web beacons to provide you with the best possible service on our website.

Below is an overview of the cookies and techniques we use with specific information for which these cookies and techniques serve.

​b. What are cookies?

Cookies are small files that are sent from our website and stored in your browser, computer or mobile device. Cookies contain information that we need to process your order and improve our internet services.

c. What are the other techniques?

JavaScript and Web Beacons are standard Internet techniques that, together with cookies, ensure that a system can collect information (JavaScripts), store it in small, simple text files (cookies), and then send it (Web Beacons).

By using cookies and other techniques, we ensure, for example, that:

• you can easily and pleasantly store in our online store;
• you do not always receive the same information or have to enter it;
• The products in your cart will not be lost when you close the browser;
• We can analyze the surfing behavior of our visitors and further improve the shopping experience in our webshop;
• We can tell which device our visitors are using to shop online.

d. Types of cookies and their use

Essential cookies
We use essential cookies to ensure a smooth shopping experience. These cookies are necessary for the smooth functioning of the website and cannot be disabled in our systems.
You can set your browser to block cookies or send a notification, but in this case you will not be able to browse the website or continue to use certain features. These types of cookies do not store any personal data. These cookies ensure that:

• you receive a notification when an order is not completed, so you do not lose your products in the cart;
• credentials can be saved so that you don’t have to re-enter them each time;
• Abuse and possible problems can be detected

Functionality cookies

We may use functionality cookies to store preferences you have indicated on previous visits and changes you have made to customize the Site to your preferences.

Performance Cookies
Performance cookies collect anonymous data that allows us to analyze how our visitors use our websites and thereby improve the performance of our website.

FS Five Star Gastronomy Collection GmbH uses Google Analytics to analyze how our visitors use this website and to improve their shopping experience. Google Analytics uses cookies to anonymously collect standard Internet log information and visitor behavior information. Note the explicit addition of the term “anonymous” as no personally identifiable information about you is collected.

Thanks to these cookies, we gain insight into how often our webshop is visited and how we can improve our webshop. The following data is stored:

• The IP address (will be anonymized);
• Browser type, screen resolution and device type;
• Place from which our webshop is visited;
• Duration of the visitor session and at which times the webshop is visited most;
• Use of the functions of the web store;
• Visited pages.

For detailed information on the cookies used by Google Analytics, see Cookies and Google Analytics in the Google Analytics tracking code documentation. You can also visit the following link: Google Privacy Policy for Google Analytics. We do not share our analytics data with other third parties.

Advertising cookies
FS Five Star Gastronomy Collection GmbH generates a portion of its visitors through partner websites and Internet advertising. There may be third-party cookies to track the contribution of partner websites to our bottom line. Certain ads from Google may contain third-party cookies.

‘Share’ links to Facebook, Twitter, and the like.
When you use one of the ‘Share’ buttons on the Website, a cookie may be placed on your computer by the relevant service. We have no control over the placement of these cookies and cannot block these cookies from these websites. We refer you to the relevant website for more information.

YouTube:
We may integrate videos from YouTube into our pages. Pages with this integrated content may present cookies from YouTube. See google.com/ads/preferences/ .

McAfee Secure:
When you click on the McAfeeSecure widget on our website, McAfeeSecure sets a cookie to store which website the widget was clicked from. This allows McAfee to scan the website and guarantee that you can complete your purchase in a secure environment. See mcafeestore.com/terms-of-service/cookies.

Other/unanticipated cookies:
Depending on how the Internet and websites work, we may not always have visibility into the cookies that are placed through our website by third parties.

This overview of cookies on the Godiva Chocolates EU website is only a snapshot. We strive to keep this list as up-to-date as possible. However, due to the non-static nature of the internet and the (external) parties involved, it is possible that not all current cookies and/or websites can be found in this overview immediately.

Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal data is, simplified, individual information about personal or factual circumstances of an identified or identifiable natural person, i.e. not legal entities, such as a GmbH. Personal data primarily includes details such as the name, address, e-mail address but also the IP address.

Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing (in the sense of blocking).

Profiling
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

Person responsible
The controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient
Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.

Third Party
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

Consent
Consent shall mean any freely given indication of the data subject’s wishes for the specific case in an informed and unambiguous manner, in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

Limitation of liability

The contents of this website have been prepared with the greatest possible care and to the best of our knowledge. Nevertheless, the provider of this website does not guarantee the timeliness, completeness and accuracy of the pages and content provided.

As a service provider, the provider of this website is responsible for its own content and information provided on these pages in accordance with § 7 paragraph 1 TMG under the general laws; according to § § 8 to 10 TMG, however, not obliged to monitor the transmitted or stored foreign information. A removal or blocking of this content will take place immediately from the time of knowledge of a concrete infringement. Liability is only possible from the time of knowledge.

Copyright and ancillary copyright

The content, works and information provided on this website are subject to German copyright and ancillary copyright law. Any kind of reproduction, editing, distribution, storage and any kind of exploitation outside the limits of copyright law requires the prior written consent of the respective copyright holder. Unauthorized copying/saving of the information provided on these web pages is not permitted and is punishable by law.