Data protection & security
I. Information on processing of personal data
With the information provided to you below, we would like to give an overview, according to Article 13 and 14 GDPR of how your personal data are processed when you use our website www.olivo-restaurant.com and to inform you of your rights under data protection legislation.
1. Controller for data processing
The controller for data processing on this website pursuant to Article 4 No 7 GDPR and the provider of the website (service provider) within the meaning of the German Tele Media Act (Telemediengesetz – TMG) is
Steigenberger Hotels AG
Lyoner Straße 25
60528 Frankfurt am Main
Tel.: +49 69 66564-01
Fax: +49 69 66564-888
Complete details pursuant to section 5 TMG (Imprint)
2. Contact details of the Data Protection Officer
You can reach our Data Protection Officer at
TÜV Informationstechnik GmbH
E-mail address: firstname.lastname@example.org
3. Purposes and legal basis for processing personal data
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the new German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG-new) as well as all other relevant legislation for the purposes and on the legal basis as set out below:
(a) For processing and managing reservation inquiries and reservations as well as for providing our services and payments processing – the legal basis for this is the first sentence of Article 6(1)(b)) GDPR.
(b) For fulfilling a legal obligation to which our company is subject as controller (e.g. by tax laws, accounting obligations, etc.) – the legal basis for this is the first sentence of Article 6(1)(c)) GDPR.
(c) For sending our e-mail newsletter including managing your subscription to the newsletter – the legal basis for this is your consent pursuant to the first sentence of Article 6(1)(a)) GDPR.
(d) For processing issues, which you approach to us via E-Mail or the contact form – the legal basis for this is your consent pursuant to the first sentence of Article 6(1)(a)) GDPR.
Minors may not send any personal data to us without the consent of their parents or guardians. Through our website, we do not process any personal data knowingly acquired from minors.
4. Categories of personal data recipients
If and to the extent required for the purposes as set out above under item 3, we also disclose your personal information to the following recipients or categories of recipients pursuant to Article 4 No 9 GDPR:
Within our company only those persons or entities are permitted to view or access your data (to the extent required in each case) who need such data for performance of our contractual and statutory duties.
The service providers (e.g. as part of contract processing pursuant to Article 28 GDPR) and agents engaged by us may receive personal data for these purposes. These are undertakings from the categories payments processing and IT services.
Further data recipients may be those entities for which you have given us your consent to data transfer.
5. Transfer of personal data to a third country
A transfer of personal data to entities in countries outside the European Union (third countries) doesn’t take place.
6. Period of storage of personal data and criteria for defining such period
We process and store your personal data for as long as required for us to fulfil our contractual and legal duties. If the data are no longer required for fulfilment of contractual duties, they are normally deleted unless their further processing for a limited term is required by retention periods prescribed by commercial or tax legislation (including the German Commercial Code (Handelsgesetzbuch – HGB), German Tax Code (Abgabenordnung – AO)). The periods prescribed their for storage and/or documentation purposes range from two to ten years.
7. Your rights as a data subject
Every data subject whose personal data are processed has the right to obtain information from the controller about the personal data in question pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object to the processing pursuant to Article 21 GDPR as well as the right to data portability pursuant to Article 20 GDPR. The right to obtain information and the right to erasure are further subject to the restrictions pursuant to sections 34 and 35 BDSG-new.
Further information on your right to object to processing pursuant to Article 21 GDPR.
If the processing of your personal data is based on a consent granted to us, you have the right to revoke your consent at any time without the legality of the processing performed on the basis of such consent up to revocation being affected thereby.
Your also have the right to lodge a complaint with the competent data protection supervisory authority pursuant to Article 77 GDPR in conjunction with section 19 BDSG-new.
8. Requirement to provide data
You are not required to provide any personal data when using our website. If you would like us to contact you, then we need at least (i) your name, and (ii) your telephone number or your email address. If you send us a question using the contact form, you must provide a valid email address so that we know who is asking the question and so that we will be able to reply. Further information can be provided on a voluntary basis.
9. Automated decision-making and profiling
When establishing and executing our contractual relationship, you will not be subjected to a decision based solely on automated processing, including profiling, pursuant to Article 22 GDPR, which produces legal effects concerning you or similarly affects you in a serious way.
10. Additional information on your right to object pursuant to Article 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which are based on the first sentence of Article 6(1)(e)) GDPR (data processing in the public interest) or the first sentence of Article 6(1)(f)) GDPR (data processing based on a balancing of interests), including profiling based on those provisions pursuant to Article 4(4) GDPR.
If you make an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override the your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
If your personal data are processed by us for direct marketing purposes, you have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing.
The objection may be made without any particular form and should be directed to our Data Protection Officer under the contact details specified in item 2 above.
II. Additional information on data processing on this website
1. Table reservation
For making online table reservations, this website uses the reservation tool Bookatable by the provider Livebookings Holdings Limited with head offices in London, United Kingdom. You can find more information about how personal data is handled when using Bookatable in Bookatable's Data Protection Notice at https://www.bookatable.com/de/datenschutz.
2. E-mail newsletter
With the e-mail newsletter we keep you regularly informed about the offerings and services of our restaurant.
If you wish to receive the e-mail newsletter, we will need a valid email address for you. As a subscriber to the e-mail newsletter, you may at any time revoke your consent to the processing of your e-mail address for sending the newsletter. Consent may be revoked via the link provided for this purpose in each e-mail newsletter or by sending an e-mail with the subject "unsubscribe" to email@example.com.
3. Inclusion of third-party services and content (e.g. YouTube and Google Maps)
Third-party content such as videos from YouTube or maps from Google Maps (hereafter referred to as “Third Party Providers”) are included in this website. To use such content, the user’s IP address for technical reasons must be sent to the respective Third Party Provider, since without the IP address the Third Party Providers would not be able to send the content included in the Website to the browser of the respective user. We do not have any control over whether a Third Party Provider stores the IP address e.g. for statistical purposes or otherwise.
Current version and updating of this Private Policy
This Private Policy shall apply with effect from 22 May 2018.
We will update this Private Policy from time to time to reflect relevant changes to our website, changes in the processing of personal data or amendments to legislation. The revised version shall apply as of the published effective date. In the event of any material amendments to this Private Policy, we will inform you in good time prior to the effective date of such amendments by posting a notice on our website. Where applicable, we will also inform our guests of the amendments by e-mail or other means.