Privacy
We take the protection of your personal data seriously, thus treating any of your personal data confidential according to data protection laws, in particular the General Data Protection Regulation (GDPR). In this privacy statement, you learn what data we collect and for what purposes the data is being processed.
We operate on the principal of data economy. We only collect data that is necessary and relevant for the hosting of our services and never forward any data to third parties without your express permission, unless required by law.
Responsible Entity
The responsible entity for the collection, processing and usage of personal data in accordance with Art. 4 Nr. 7 GDPR is:
Holocafe GmbH
Am Wehrhahn 41
40211 Düsseldorf
Germany
The operators of Holocafé branches are independent franchiseees. When personal data is provided as part of a ticket purchase, the Holocafe UG acts as data processor by order of the respective franchisee.
What data we process and for what purpose
Server-Log-Files
When visiting our website, we automatically collect and store information in so-called server log files that your browser transmits to us by default. These are:
- Browser typ and version
- Operating system
- Referrer URL
- Host name of the device
- Time of the request
- IP address
This data is automatically collected by the operating system of the server and used for logging of connections to our website. This enables us to pursue abusive behavior such as fake bookings, hacking attempts, DOS attacks and filtering spam. Furthermore, it gives us access to pseudonymised access statistics in order to optimize our systems. This data is never aggregated with any other data. We reserve the right to scan this data on concrete indications for an unlawful use of our systems.
Ticket Shop
When you order tickets in our online shop, we process your entered data solely for the purpose of fulfilling your order. We thus collect your first and last name, your address, e-mail and phone number. Your name and address are used in accordance with tax and trade laws as invoice address, while your e-mail address is used to send you the tickets and invoice for your order. Your phone number is stored in order to be able to call you in case of questions concerning your order (e.g. when you show up late to your booking). The data is stored on our servers and are accessible to the operator of the branch which you have booked.
Personal data that is collected as part of an online order have to be stored for at least 10 years in accordance with German tax and trade laws.
If you decide to pay onlien for your ticket, the payment process is hosted by heidelpay GmbH (Vangerowstraße 18, D–69115 Heidelberg, Germany). Heidelpay acts as transaction provider under a bank license and is governed by the same laws requiring a long-term storage of transactional and personal data. If you decide to use PayPal or SOFORT Überweisung as payment method, your personal data will be transmitted by heidelpay GmbH to the respective payment provider for the purpose of handling the transaction. You can find the privacy statements of the individual providers here: [Heidelpay][SOFORT Überweisung][PayPal]
Newsletter
You have the option to subscribe to our newsletter. We are sending it out irregularly to inform you about important news surrounding the Holocafé, e.g. opening of new branches or new games. To process the subscription, we collect your e-mail address and somtimes your name. This data is then processed by the service Mailchimp to handle the technical delivery of the newsletter. The service is provided by The Rocket Science Group LLC in Ohio, USA. This provider has signed a data processing agreement with us and is obliged to comply with European privacy regulations. You can find more information concerning Mailchimp and privacy here. Beyond that, we never forward your data to any third parties without your express permission. You will never receive advertising emails from other companies due to your subscription of the Holocafé newsletter.
Contact Form
If you send us requests through our contact form, your entered data including your provided contact information will be stored on our system. If your request is directed at one of our branches that is operated by one of our franchisees, we forward your request directly to them.
Cookies
Cookies are small text files that are stored in your web browser and enable us to assign specific data to your session. As an example, if you place an order, but abort the payment process and browse back in order to select a different booking option, a so-called "session cookie" allows us to temporarily store your input, so that you do not have to re-enter your entire address and order information. These session cookies are necessary for the technical operation of the website and are automatically deleted when you close your browser.
Furthermore, we place ads on Google and use Google's conversion tracking to determine whether ad clicks cause any interactions on our website. If you click on one of our Google ads, a cookie is set in your browser for that purpose. When you access our website, you are asked whether you want to allow or deny these cookies.
Google Services: YouTube and Google Maps
In some places on our website, we use embedded YouTube videos so you can make yourself familiar with our offers ahead of your visit. We use the enhanced privacy embedding of YouTube videos, so that you are not faced with tracking cookies when loading the respective page. As soon as you play the video however, YouTube may collect and process personal data from you.
We use Google Maps to provide directions for our branches. When you load a page with an embedded Google Map (on our contact pages), a connection to Google servers is being established and personal data such as IP address and location may be collected by Google. Information covering privacy for Google services can be found here . If you own a Google user account, you can configure what of your personal data Google is allowed to collect and what not.
Check-In related to COVID-19 contact tracing
Due to gorvernmental regulations, we are obliged to gather and save the contact information (name, address, phone number) of all guests as well as the date and time of their visit for the duration of four weeks. The contact information is gatheres through the self-check-in at https://holocafe.de/checkin . The sole use of the data being captured here is to notify customers of infections of guests sharing the same day and time of their visit at the respective venue. This is being done by the local public health office. In such an incidence, the public health office requests the affected contact information from us and will contact the affected guests directly. After the four weeks data retention, the contact data will be erased.
Storage Period
Unless stated more specifically, personal data is only stored for as long as it is necessary for the respective purpose. For instance, if you no longer want to receive our newsletter, you can simply unsubscribe, which causes your data to be deleted automatically. For invoice and transactional data, a minimum storage duration of 10 years is required as per German tax law.
Your Rights
If we collect and process personal data concerning you, you have a variety of rights regarding your data. Learn which:
Right to Information
You have the right to a clear disclosure about what of your personal data we store and process. This includes:
- the purpose
- type and amount of data
- the recipients to whom this data has been exposed
- the storage duration
- a copy of the data
Right to Correction
You have the right to correction or completion of data related to you.
Right to Deletion
Under certain circumstances, you have the right to immediate deletion of data concerning you in accordance with Art. 17 Abs. 1 GDPR, when one of the following conditions applies:
- The personal data is no longer necessary for the purpose for which it has been collected and processed
- You revoke your permission for processing that you gave in compliance with Art. 6 par. 1 S. 1 a) GDPR or Art. 9 par. 2 a) GDPR and there is no other legal basis for the processing
- You object the processing in accordance with Art. 21 par. 1 GDPR and there are no justified reasons of higher priority for processing, or you object the processing in accordance with Art. 21 par. 2 GDPR
- The personal data was processed unlawfully
- The deletion of the personal data is necessary to comply with a legal obligation of the EU or the relevant member state for the case
- The personal data was collected in relation to services of the information society in accordance with Art. 8 par. 1 GDPR
Right to Limitation of Processing
In a number of cases, you have the right to demand a limitation of processing of your personal data from us, when one of the following conditions applies:
- the correctness of your personal data is challenged by you, and for a duration that enables us die Richtigkeit der personenbezogenen Daten wird von dir bestritten, und zwar für eine Dauer, die es uns ermöglicht, die Richtigkeit der personenbezogenen Daten zu überprüfen
Right to portability of data
You have the right to retreive and transmit your personal data in a machine-readable form. You have the right to have us transmit the data directly to another organization if technically feasible.
Right to repeal of data processing agreement
You have the right to repeal your agreement regarding processing of personal data at any time.
Right to file complaint at regulatory body
You have the right to file a complaint at a regulatory body, especially in the state of your residence, your workplace or the location of an assumed violation if you are under the impression that the processing of your personal data is unlawful.
Data Security
We are giving our maximum efforts to protecting your data within the boundaries of data protection laws and technical feasibility. All data transmitted to us are SSL encrypted and stored in a data center in Frankfurt am Main. As a precautionary measure, we want to make you aware that data transmission over the internet (e.g. e-mail communication) can generally affected by technical security flaws, so that there can never be a 100% guaranteed protection against access from third parties.
In order to protect your data, we undertake technical and organisational safety measures according to Art. 32 GDPR which we continuously adjust to the current state of technology. However, we cannot guarantee that our services are available at all times. Malfunctions, interruptions or other faulty cannot fully be precluded. Our servers are backed up regularly.
Privacy Officer
In case of questions regarding data protection or in case you want to make use of any of the above mentioned rights, please contact our privacy officer: