We take the protection of your personal data seriously, thus treating any of your personal data confidential according to data protection laws, in particular the General Data Protection Regulation (GDPR). In this privacy statement, you learn what data we collect and for what purposes the data is being processed.

We operate on the principal of data economy. We only collect data that is necessary and relevant for the hosting of our services and never forward any data to third parties without your express permission, unless required by law.

Responsible Entity

The responsible entity for the collection, processing and usage of personal data in accordance with Art. 4 Nr. 7 GDPR is:

Holocafe UG (haftungsbeschränkt)
Heyestr. 41a
40625 Düsseldorf

The operators of Holocafé branches are independent franchiseees. When personal data is provided as part of a ticket purchase, the Holocafe UG acts as data processor by order of the respective franchisee.

What data we process and for what purpose

Server Log Files

When visiting our website, we automatically collect and store information in so-called server log files that your browser transmits to us by default. These are:

  • Browser typ and version
  • Operating system
  • Referrer URL
  • Host name of the device
  • Time of the request
  • IP address

This data is automatically collected by the operating system of the server and used for logging of connections to our website. This enables us to pursue abusive behavior such as fake bookings, hacking attempts, DOS attacks and filtering spam. Furthermore, it gives us access to pseudonymised access statistics in order to optimize our systems. This data is never aggregated with any other data. We reserve the right to scan this data on concrete indications for an unlawful use of our systems.

Ticket Shop

When you order tickets in our online shop, we process your entered data solely for the purpose of fulfilling your order. We thus collect your first and last name, your address, e-mail and phone number. Your name and address are used in accordance with tax and trade laws as invoice address, while your e-mail address is used to send you the tickets and invoice for your order. Your phone number is stored in order to be able to call you in case of questions concerning your order (e.g. when you show up late to your booking). The data is stored on our servers and are accessible to the operator of the branch which you have booked.

Personal data that is collected as part of an online order have to be stored for at least 10 years in accordance with German tax and trade laws.

If you decide to pay onlien for your ticket, the payment process is hosted by heidelpay GmbH (Vangerowstraße 18, D–69115 Heidelberg, Germany). Heidelpay acts as transaction provider under a bank license and is governed by the same laws requiring a long-term storage of transactional and personal data. If you decide to use PayPal or SOFORT Überweisung as payment method, your personal data will be transmitted by heidelpay GmbH to the respective payment provider for the purpose of handling the transaction. You can find the privacy statements of the individual providers here: [Heidelpay] [SOFORT Überweisung] [PayPal]


You have the option to subscribe to our newsletter. We are sending it out irregularly to inform you about important news surrounding the Holocafé, e.g. opening of new branches or new games. To process the subscription, we collect your e-mail address and somtimes your name. This data is then processed by the service Mailchimp to handle the technical delivery of the newsletter. The service is provided by The Rocket Science Group LLC in Ohio, USA. This provider has signed a data processing agreement with us and is obliged to comply with European privacy regulations. You can find more information concerning Mailchimp and privacy here. Beyond that, we never forward your data to any third parties without your express permission. You will never receive advertising emails from other companies due to your subscription of the Holocafé newsletter.

Contact Form

If you send us requests through our contact form, your entered data including your provided contact information will be stored on our system. If your request is directed at one of our branches that is operated by one of our franchisees, we forward your request directly to them.


Cookies are small text files that are stored in your web browser and enable us to assign specific data to your session. As an example, if you place an order, but abort the payment process and browse back in order to select a different booking option, a so-called "session cookie" allows us to temporarily store your input, so that you do not have to re-enter your entire address and order information. These session cookies are necessary for the technical operation of the website and are automatically deleted when you close your browser. We do not use any tracking cookies and thus do not track your browsing behavior.

Google Services: YouTube and Google Maps

In some places on our website, we use embedded YouTube videos so you can make yourself familiar with our offers ahead of your visit. We use the enhanced privacy embedding of YouTube videos, so that you are not faced with tracking cookies when loading the respective page. As soon as you play the video however, YouTube may collect and process personal data from you.

We use Google Maps to provide directions for our branches. When you load a page with an embedded Google Map (on our contact pages), a connection to Google servers is being established and personal data such as IP address and location may be collected by Google. Information covering privacy for Google services can be found here. If you own a Google user account, you can configure what of your personal data Google is allowed to collect and what not.

Storage Period

Unless stated more specifically, personal data is only stored for as long as it is necessary for the respective purpose. For instance, if you no longer want to receive our newsletter, you can simply unsubscribe, which causes your data to be deleted automatically. For invoice and transactional data, a minimum storage duration of 10 years is required as per German tax law.

Your Rights

If we collect and process personal data concerning you, you have a variety of rights regarding your data. Learn which:

Right to Information

You have the right to a clear disclosure about what of your personal data we store and process. This includes:

  1. the purpose
  2. type and amount of data
  3. the recipients to whom this data has been exposed
  4. the storage duration
  5. a copy of the data

Right to Correction

You have the right to correction or completion of data related to you.

Right to Deletion

Under certain circumstances, you have the right to immediate deletion of data concerning you in accordance with Art. 17 Abs. 1 GDPR, when one of the following conditions applies:

  1. The personal data is no longer necessary for the purpose for which it has been collected and processed
  2. You revoke your permission for processing that you gave in compliance with Art. 6 par. 1 S. 1 a) GDPR or Art. 9 par. 2 a) GDPR and there is no other legal basis for the processing
  3. You object the processing in accordance with Art. 21 par. 1 GDPR and there are no justified reasons of higher priority for processing, or you object the processing in accordance with Art. 21 par. 2 GDPR
  4. The personal data was processed unlawfully
  5. The deletion of the personal data is necessary to comply with a legal obligation of the EU or the relevant member state for the case
  6. The personal data was collected in relation to services of the information society in accordance with Art. 8 par. 1 GDPR

Right to Limitation of Processing

In a number of cases, you have the right to demand a limitation of processing of your personal data from us, when one of the following conditions applies:

  1. the correctness of your personal data is challenged by you, and for a duration that enables us die Richtigkeit der personenbezogenen Daten wird von dir bestritten, und zwar für eine Dauer, die es uns ermöglicht, die Richtigkeit der personenbezogenen Daten zu überprüfen
  2. die Verarbeitung unrechtmäßig ist und du die Löschung der personenbezogenen Daten abgelehnt und stattdessen die Einschränkung der Nutzung der personenbezogenen Daten verlangt hast
  3. wir die personenbezogenen Daten für die Zwecke der Verarbeitung nicht länger benötigen, du die Daten jedoch zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen benötigst
  4. du Widerspruch gegen die Verarbeitung gemäß Art. 21 Abs. 1 GDPR eingelegt hast, solange noch nicht feststeht, ob die berechtigten Gründe unseres Unternehmens gegenüber deinen überwiegen

Recht auf Datenübertragbarkeit

Du hast das Recht, dich betreffende personenbezogene Daten maschinenlesbar zu erhalten, zu übermitteln oder von uns übermitteln zu lassen. Dabei hast du das Recht zu erwirken, dass wir diese Daten direkt von uns an einen anderen Verantwortlichen übermittelt werden, soweit dies technisch machbar ist.

Recht auf Widerruf einer datenschutzrechtlichen Einwilligung

Du hast das Recht, eine Einwilligung zur Verarbeitung personenbezogener Daten jederzeit zu widerrufen.

Recht auf Beschwerde bei einer Aufsichtsbehörde

Du hast das Recht auf Beschwerde bei einer Aufsichtsbehörde, insbesondere in dem Mitgliedstaat deines Aufenthaltsorts, deines Arbeitsplatzes oder des Orts des mutmaßlichen Verstoßes, wenn du der Ansicht bist, dass die Verarbeitung der dich betreffenden personenbezogenen Daten rechtswidrig ist.


Wir sind um die Sicherheit deiner Daten im Rahmen der geltenden Datenschutzgesetze und technischen Möglichkeiten maximal bemüht. Sämtliche Daten werden bei uns verschlüsselt über SSL übertragen und in einem Rechenzentrum in Frankfurt am Main gespeichert. Wir weisen jedoch vorsorglich darauf hin, dass Datenübertragung im Internet (z.B. bei der Kommunikation per E-Mail) grundsätzlich von technischen Sicherheitslücken betroffen sein kann, so dass ein lückenloser Schutz von Daten vor dem Zugriff durch Dritte nicht möglich ist.

Zur Sicherung deiner Daten unterhalten wir technische und organisatorische Sicherungsmaßnahmen entsprechend Art. 32 GDPR, die wir immer wieder dem Stand der Technik anpassen. Wir gewährleisten außerdem nicht, dass unser Angebot zu bestimmten Zeiten zur Verfügung steht; Störungen, Unterbrechungen oder Ausfälle können nicht ausgeschlossen werden. Die von uns verwendeten Server werden regelmäßig sorgfältig gesichert.


Bei Fragen zum Datenschutz oder wenn du eines der oben genannten Rechte geltend machen möchtest, kannst du dich an unseren Datenschutzbeauftragten wenden:

Sebastian Kreutz
Holocafe UG (haftungsbeschränkt)
Kontakt: privacy@holocafe.de