This page explains how personal data may be processed when you use this website. The text is a structured demo template for a hospitality site and must be reviewed and adapted by the operator and, where appropriate, legal or data-protection counsel before use.

1. Scope

This policy applies to this website and related online services operated by the controller named above (e.g. information pages, contact or reservation forms, and online ordering if enabled).

2. Categories of data that may be processed

• Server and access data (e.g. IP address, date/time, requested URL, referrer, user agent, HTTP status) as typically created in server or security logs.
• Data you submit in contact, reservation, order, or similar forms (e.g. name, contact details, message content, preferences, party size, time slots).
• Account or transaction data if you create an account or place orders (e.g. credentials, order history, delivery or billing details as applicable).
• Communication content when you email, chat, or message the operator.
• Technical session or security-related data (e.g. session identifiers, anti-abuse signals, device/browser metadata) where needed to operate the service securely.

3. Purposes of processing

• Providing and securing the website
• Handling enquiries, reservations, and orders
• Customer support and service improvement
• Fraud prevention, IT security, and abuse mitigation
• Compliance with legal obligations (e.g. tax or commercial record-keeping, where applicable)

4. Legal bases (GDPR-oriented)

Depending on the situation, processing may rely on one or more of the following (non-exhaustive): consent (Art. 6(1)(a) GDPR); performance of a contract or steps prior to entering into a contract (Art. 6(1)(b)); legal obligation (Art. 6(1)(c)); legitimate interests (Art. 6(1)(f)), such as securing IT systems or improving services, balanced against your rights. The applicable basis depends on the concrete processing activity and must be determined for your real setup.

5. Recipients and processors

Data may be disclosed to categories of recipients such as hosting / IT service providers, communication or ticketing tools, and payment, ordering, or reservation-related processors where those services are actually used. List your specific providers and roles in this section after verification.

6. Storage duration

Personal data is kept only as long as necessary for the respective purposes, unless longer retention is required by law (e.g. commercial or tax retention). Technical logs are usually rotated after a defined period set by the operator or provider.

7. Cookies and similar technologies

This site may use cookies, local storage, or similar technologies that are technically necessary for security and session handling, and—only if you implement them—analytics or marketing tools. Maintain an accurate inventory and consent approach in line with your configuration; this demo text does not list individual cookies.

8. Your rights (EU/EEA)

Where the GDPR applies, you may have the following rights subject to conditions under law: access, rectification, erasure, restriction of processing, objection (including to certain direct marketing), data portability (for data you provided and that is processed by automated means on certain bases), and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You may also lodge a complaint with a supervisory authority.

9. Contact for privacy requests

Please direct privacy-related requests to: [privacy contact email or postal address].

Last updated: 2026-04-21