With the following privacy policy, we inform you about the types of personal data (hereinafter also referred to as “data”) we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and especially on our websites, in mobile applications, and within external online presences such as our social media profiles (collectively referred to as “online offering”).
The terminology used is gender-neutral.
Status: January 6, 2025
Controller
Overview of Processing Activities
Relevant Legal Bases
Security Measures
Rights of Data Subjects
Business Services
Provision of the Online Offering and Web Hosting
Use of Cookies
Contact and Inquiry Management
Newsletters and Electronic Notifications
Promotional Communication via Email, Mail, Fax or Phone
Contests and Competitions
Social Media Presences
Plugins and Embedded Functions and Content
Appletree Gastro GmbH & Co KG
Kantstraße 25
10623 Berlin
Represented by: Leoni Lencinas & Giacomo Vogel
Managing Director: Giacomo Vogel
Email: anevereverendinglovestory@gmail.com
This overview summarizes the types of processed data, purposes of processing, and data subjects.
Types of Data Processed:
Provision of contractual services and fulfillment of contractual obligations
Communication
Security measures
Direct marketing
Office and organizational procedures
Organizational and administrative procedures
Execution of contests and competitions
Feedback
Marketing
Provision of our online offering and user-friendliness
IT infrastructure
Public relations
Sales promotion
Business processes and economic procedures
Consent (Art. 6(1)(a) GDPR): Processing based on user’s consent.
Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR): Processing required to fulfill a contract.
Legal obligation (Art. 6(1)(c) GDPR): Processing to fulfill legal obligations.
Legitimate interests (Art. 6(1)(f) GDPR): Processing necessary for legitimate interests, provided it doesn’t override data subject rights.
National Regulations in Germany: Includes the Federal Data Protection Act (BDSG), which supplements GDPR with special rules.
Note on Applicability of GDPR and Swiss DSG: This privacy notice applies under both GDPR and the Swiss Data Protection Act (DSG).
We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.
These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, availability, and separation of the data. We also have procedures in place to ensure the exercise of data subject rights, data deletion, and responses to data threats. Furthermore, we consider the protection of personal data during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default.
Rights under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:
Right to object: You have the right to object at any time to the processing of your personal data based on Article 6(1)(e) or (f) GDPR, including profiling based on these provisions, for reasons arising from your particular situation. If your personal data is processed for direct marketing purposes, you have the right to object at any time to such processing; this also applies to profiling associated with such direct marketing.
Right to withdraw consent: You have the right to withdraw any consent given at any time.
Right of access: You have the right to request confirmation as to whether data concerning you is being processed, and to access this data and receive further information and a copy of the data in accordance with legal requirements.
Right to rectification: You have the right, in accordance with legal requirements, to request the completion or correction of data concerning you.
Right to erasure and restriction of processing: You have the right to request the deletion of data concerning you without undue delay, or alternatively, to request the restriction of processing in accordance with legal requirements.
Right to data portability: You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request its transfer to another controller.
Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR.
We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as “contractual partners”), within the framework of contractual and comparable legal relationships, related measures, and communication with the contractual partners (including pre-contractual), such as responding to inquiries.
We use this data to fulfill our contractual obligations. This includes, in particular, the obligation to provide the agreed services, any update obligations, and remedying warranty and other service deficiencies. Furthermore, we use the data to protect our rights, fulfill administrative tasks related to these obligations, and manage business operations. We also process this data based on our legitimate interest in proper and economically sound business management and in implementing security measures to protect our contractual partners and business operations from misuse, data breaches, loss of confidentiality, and other risks (e.g., involving telecommunications, transport, subcontractors, banks, tax and legal advisors, payment service providers, or fiscal authorities).
We only share data with third parties to the extent necessary for the purposes mentioned or to fulfill legal obligations. For any additional processing activities (e.g., marketing purposes), we inform contractual partners within this privacy policy.
We inform our contractual partners which data is necessary for the aforementioned purposes before or during the data collection, e.g., in online forms, by special markings (e.g., color coding) or symbols (e.g., asterisks), or personally.
We delete the data after the expiration of legal warranty or similar obligations, typically after four years, unless it is stored in a customer account (e.g., retained for legal archiving purposes such as tax compliance, usually ten years). Data disclosed by the contractual partner as part of an order is deleted in accordance with the terms and typically after completion of the order.
Types of Data Processed: Inventory data (e.g., full name, residential address, contact information, customer number); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses, phone numbers); contract data (e.g., contract content, term, customer category).
Data Subjects: Service recipients and clients; interested parties; business and contractual partners.
Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; communication; office and organizational procedures; organizational and administrative processes; business operations and economic procedures.
Storage and Deletion: Deletion in accordance with the section “General Information on Data Storage and Deletion.”
Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c) GDPR); legitimate interests (Art. 6(1)(f) GDPR).
We process users’ data to provide them with our online services. For this purpose, we process the user’s IP address to deliver content and functions to their browser or device.
Types of Data Processed: Usage data (e.g., page views, session duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); meta, communication, and procedural data (e.g., IP addresses, timestamps, IDs, involved persons); log data (e.g., login logs, file access, or access times); content data (e.g., textual or visual messages and posts, including authorship and timestamps).
Data Subjects: Users (e.g., website visitors, online service users).
Purposes of Processing: Provision of our online offering and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices like computers, servers, etc.); security measures.
Storage and Deletion: Deletion according to the section “General Information on Data Storage and Deletion.”
Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).
Further Notes on Processing Activities:
Access Data and Log Files: Access to our online offering is recorded in server log files. These include addresses and names of accessed web pages and files, date and time, data volumes, success status messages, browser type and version, operating system, referrer URL, IP addresses, and requesting provider. These logs are used to ensure security (e.g., to prevent server overload, especially in DDoS attacks) and to ensure stability; legal basis: legitimate interests (Art. 6(1)(f) GDPR). Retention: log files are stored for up to 30 days and then deleted or anonymized. Data needed as legal evidence is exempt from deletion until the case is resolved.
Email Transmission and Hosting: Our web hosting services also include the sending, receiving, and storage of emails. This includes sender and recipient addresses, related transmission data (e.g., provider info), and email content. Spam detection may also be involved. Note: email transmission over the internet is generally not encrypted. While typically encrypted during transit, emails are not encrypted on the servers unless end-to-end encryption is used. We cannot be responsible for the transfer route between sender and our server; legal basis: legitimate interests (Art. 6(1)(f) GDPR).
WordPress and Elementor Pro: Hosting and software for website, blog, and online service creation and operation are based on WordPress and Elementor Pro, managed by our selected hosting provider within the EU. Service provider: WordPress Foundation, 60 29th Street #343, San Francisco, CA 94110, USA, and Elementor Ltd., Tuval 40, Ramat Gan, Israel (for plugin and design services). Legal basis: legitimate interests (Art. 6(1)(f) GDPR); WordPress website: https://wordpress.org; Elementor website: https://elementor.com; Privacy policies: https://wordpress.org/about/privacy/ and https://elementor.com/about/privacy/. Data processing is governed by appropriate agreements, and for Elementor Ltd., the data transfer is subject to the adequacy decision for Israel.
The term “cookies” refers to functions that store and retrieve information on users’ devices. Cookies may be used for various purposes, including ensuring the functionality, security, and convenience of online offerings, as well as for analyzing visitor flows. We use cookies in accordance with legal requirements. Where required, we obtain the user’s consent in advance. Where consent is not necessary, we rely on our legitimate interests. This applies when storing and retrieving information is essential to provide explicitly requested content and functions. This includes, for example, saving settings and ensuring the functionality and security of our online offering. Consent can be withdrawn at any time. We clearly inform users of the scope and use of cookies.
Legal Basis Information: Whether we process personal data using cookies depends on user consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests as described in this section and in the context of the respective services and procedures.
Storage Duration:
Temporary Cookies (also: session cookies): These are deleted at the latest once a user leaves our online offering and closes their device (e.g., browser or mobile app).
Permanent Cookies: These remain stored even after the device is closed. For example, login status can be saved, and preferred content displayed directly upon revisiting the website. The data collected via cookies may also be used for reach measurement. Unless explicitly stated otherwise (e.g., during consent collection), users should assume such cookies are permanent and may be stored for up to two years.
General Information on Withdrawal and Objection (Opt-out): Users can withdraw their consent at any time and may also object to processing according to legal requirements—this can also be done via their browser’s privacy settings.
Types of Data Processed: Meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, involved persons).
Data Subjects: Users (e.g., website visitors, users of online services).
Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).
When contacting us (e.g., by post, contact form, email, phone, or via social media), or within existing user and business relationships, the information provided by the inquiring individuals is processed as far as necessary to respond to contact requests and any requested measures.
Types of Data Processed: Inventory data (e.g., full name, address, contact information, customer number); contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or visual messages and posts including authorship and timestamps); usage data (e.g., page views and duration, click paths, usage frequency and intensity, device types and operating systems, interactions with content and features); meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, involved persons).
Data Subjects: Communication partners.
Purposes of Processing: Communication; organizational and administrative processes; feedback (e.g., collecting feedback via online form); provision of our online offering and user-friendliness.
Storage and Deletion: Deletion in accordance with the section “General Information on Data Storage and Deletion.”
Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).
Further Information on Processing Activities:
Contact Form: When contacting us via our contact form, email, or other communication channels, we process the personal data provided to respond and handle the inquiry. This generally includes name, contact details, and any additional information shared that is required to process the request appropriately. This data is used solely for the stated purpose of communication; Legal bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).
We send newsletters, emails, and other electronic notifications (hereinafter referred to as “newsletters”) only with the consent of the recipients or based on a legal basis. If the content of the newsletter is specified during the signup process, that content determines the scope of the user’s consent. Usually, your email address is sufficient to subscribe. However, we may request your name for personalized addressing or additional information if required for the newsletter’s purpose.
Deletion and Restriction of Processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests to be able to prove prior consent. Processing is limited to the purpose of potential defense against claims. Individual deletion requests are possible at any time, provided previous consent is confirmed. In cases where we must honor permanent objections, we reserve the right to store the email address on a blocklist solely for this purpose.
The logging of the registration process is based on our legitimate interests to prove its proper execution. If we engage a service provider for email delivery, this is based on our legitimate interest in using an efficient and secure delivery system.
Content: Information about us, our services, promotions, and offers.
Types of Data Processed: Inventory data (e.g., full name, address, contact info, customer number); contact data (e.g., postal and email addresses, phone numbers); meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, involved parties); usage data (e.g., page views, session duration, click paths, usage frequency and intensity, device types and OS, interaction with content and features).
Data Subjects: Communication partners.
Purpose of Processing: Direct marketing (e.g., by email or mail).
Legal Bases: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).
Opt-Out Option: You may unsubscribe from our newsletter at any time, i.e., revoke your consent or object to further receipt. An unsubscribe link is provided at the end of each newsletter. Alternatively, you may contact us (preferably by email) using the contact information provided.
Further Information on Processing Activities:
Open and Click Rate Tracking: Newsletters contain a “web beacon,” i.e., a tiny file retrieved from our or our service provider’s server when the newsletter is opened. During this process, technical information such as browser and system info, IP address, and time of retrieval is collected. This data is used to technically improve the newsletter, analyze target groups, and understand reading behavior (e.g., location via IP, access times). It also records whether the newsletter was opened and which links were clicked. This information is linked to individual subscriber profiles and stored until deletion. The analysis helps us adapt content and deliver personalized experiences. Legal basis: Consent (Art. 6(1)(a) GDPR).
Mailchimp: Email marketing, automation of marketing processes, contact data storage and management, campaign performance measurement, recipient interaction tracking, content personalization.
Service provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR);
Website: https://mailchimp.com; Privacy policy: https://mailchimp.com/legal/; Data Processing Agreement: https://mailchimp.com/legal/;
Data transfer basis: Data Privacy Framework (DPF).
Additional safeguards: https://mailchimp.com/de/help/mailchimp-european-data-transfers/.
We process personal data for the purposes of promotional communication, which may occur via various channels such as email, phone, mail, or fax, in compliance with legal regulations.
Recipients have the right to withdraw consent or object to promotional communication at any time.
After a withdrawal or objection, we retain only the data necessary to prove prior authorization for up to three years from the end of the year in which the withdrawal or objection occurred, based on our legitimate interests. Processing is limited to defense against claims. Based on the legitimate interest in permanently observing withdrawal/objection, we also retain the data needed to prevent future contact (e.g., email address, phone number, name).
Types of Data Processed: Inventory data (e.g., full name, address, contact info, customer number); contact data (e.g., postal and email addresses, phone numbers); content data (e.g., textual or visual messages, including authorship and timestamps).
Data Subjects: Communication partners.
Purposes of Processing: Direct marketing (e.g., by email or mail); marketing; sales promotion.
Storage and Deletion: Deletion in accordance with the section “General Information on Data Storage and Deletion.”
Legal Bases: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).
We process the personal data of participants in contests and competitions in compliance with applicable data protection laws, to the extent the processing is necessary for the provision, execution, and management of the contest, participants have consented, or processing is based on our legitimate interests (e.g., ensuring contest security or protecting our interests, such as collecting IP addresses in case of abuse during submission).
If participant submissions are published during the contest (e.g., via voting, showcasing entries or winners, or reporting), participant names may also be disclosed. Participants may object to this at any time.
If a contest is held via an online platform or social network (e.g., Facebook or Instagram, hereafter “online platform”), the terms of use and privacy policies of those platforms also apply. In such cases, we clarify that we are responsible for the data shared in connection with the contest and that inquiries should be directed to us.
Participant data will be deleted once the contest ends and the data is no longer needed to inform winners or respond to inquiries. In general, participant data is deleted no later than 6 months after the end of the contest. Winner data may be retained longer to respond to queries or fulfill prize obligations—for instance, up to three years for physical prizes or services to cover warranty issues. Data may also be stored longer if included in contest reporting (online or offline).
If data is collected for other purposes in connection with the contest (e.g., newsletter registration), that processing is governed by the applicable privacy notices.
Types of Data Processed: Inventory data (e.g., full name, address, contact info, customer number); contact data (e.g., postal and email addresses, phone numbers); content data (e.g., text or image-based messages, including authorship and timestamps).
Data Subjects: Contest and competition participants.
Purpose of Processing: Conducting contests and competitions.
Storage and Deletion: Deletion according to the section “General Information on Data Storage and Deletion.”
Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).
We operate online presences within social networks and process user data to communicate with users active on these platforms or to provide information about us.
Please note that user data may be processed outside the European Union, which may pose risks (e.g., difficulties enforcing user rights).
Additionally, user data is often processed for market research and advertising purposes. For instance, usage behavior and interests may be used to build user profiles. These profiles can inform interest-based ads both within and outside of the platforms. Typically, cookies are stored on users’ devices to track usage behavior and preferences. In some cases, profiles are device-independent (especially when users are logged into their accounts).
For detailed information on data processing and opt-out options, refer to the respective platform operators’ privacy policies.
Even regarding data subject rights and access requests, we recommend contacting the respective providers directly, as they have access to the user data. However, we are available for assistance if needed.
Types of Data Processed: Contact data (e.g., postal and email addresses, phone numbers); content data (e.g., text or image-based messages, authorship, timestamps); usage data (e.g., page views, session duration, click paths, usage frequency, device types, operating systems, interaction with content and functions).
Data Subjects: Users (e.g., website visitors, users of online services).
Purposes of Processing: Communication; feedback (e.g., collecting feedback via online forms); public relations.
Storage and Deletion: Deletion according to the section “General Information on Data Storage and Deletion.”
Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).
Further Information on Processing Activities:
Instagram: Social network enabling photo and video sharing, comments, likes, messaging, following profiles and pages.
Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR);
Website: https://www.instagram.com; Privacy policy: https://privacycenter.instagram.com/policy/.
Third-country transfer basis: Data Privacy Framework (DPF).
Facebook Pages: Profiles within Facebook. We are joint controllers with Meta Platforms Ireland Limited for collecting (but not further processing) data of visitors to our Facebook page (“Fanpage”). This includes content viewed or interacted with, actions taken, and device data (e.g., IP addresses, OS, browser, language, cookies). Facebook uses this for analytics (“Page Insights”) to help us understand how users interact with our content.
We have a special agreement with Facebook (“Page Insights Controller Addendum”: https://www.facebook.com/legal/terms/page_controller_addendum) specifying data protection responsibilities. Users can exercise their rights directly with Facebook. Our agreement does not limit user rights (e.g., access, deletion, objection, complaint). Further info: https://www.facebook.com/legal/terms/information_about_page_insights_data.
Joint responsibility is limited to data collection and transfer to Meta Platforms Ireland Ltd. Further processing, especially transfers to Meta Platforms Inc. (USA), is solely Meta’s responsibility.
Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR);
Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/privacy/policy/.
Third-country transfer basis: Data Privacy Framework (DPF).
We integrate functional and content elements into our online offering that are retrieved from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include graphics, videos, or maps (collectively referred to as “content”).
Integration always requires that third-party providers process users’ IP addresses, as they cannot deliver content to users’ browsers without it. The IP address is therefore necessary for displaying this content or functionality. We endeavor to use only those content providers who use the IP address solely for content delivery. Third-party providers may also use “pixel tags” (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. These pixel tags can be used to evaluate visitor traffic on our website. Pseudonymous information may also be stored in cookies on users’ devices and may include technical data about the browser and operating system, referring websites, time of visit, and other usage details of our online offering. These may also be combined with information from other sources.
Legal Basis: If we request users’ consent to use third-party services, this consent constitutes the legal basis for processing. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). Please also refer to the cookie section of this privacy policy for additional details.
Types of Data Processed: Usage data (e.g., page views, session duration, click paths, usage intensity and frequency, device types, operating systems, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, involved persons); location data (e.g., geographic position of a device or user).
Data Subjects: Users (e.g., website visitors, users of online services).
Purposes of Processing: Provision of our online offering and user experience optimization.
Storage and Deletion: Deletion in accordance with the section “General Information on Data Storage and Deletion.” Unless otherwise specified, cookies and similar storage methods may be stored on users’ devices for up to two years.
Legal Bases: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).
Google Maps: We integrate maps from the “Google Maps” service provided by Google. The data processed may include, in particular, users’ IP addresses and location data.
Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland.
Legal basis: Consent (Art. 6(1)(a) GDPR).
Website: https://mapsplatform.google.com/; Privacy policy: https://policies.google.com/privacy.
Third-country transfer basis: Data Privacy Framework (DPF).
Created with the free privacy policy generator by Dr. Thomas Schwenke.
Data Collection, Usage, and Disclosure: Explanation of ownership of collected data on the website, data collection methods, disclosure to third parties, etc.
Data Control: Explanation of options to view, modify, and update personal information, raise concerns about data usage, etc.
Data Security: Protection measures for user data, data encryption, server details where data is stored, data transmission, etc.
Learn more here.
Be the first to enjoy all out news, trends, and merch products
We make content like we make pancakes: hot, fresh, and slightly unhinged
Kantstraße 25,
10623 Berlin
Monday- Sunday
8:00-17:00
Follow us
Kantstraße 25,
10623 Berlin
Monday- Sunday
8:00-17:00
Follow us
