Reserve now
Jetzt anrufen!

LIT Coffee Bar

Privacy Policy

In accordance with the legal requirements of data protection law (in particular the German Federal Data Protection Act (BDSG n.F.) and the European General Data Protection Regulation (GDPR)), we hereby inform you about the nature, scope, and purpose of the processing of personal data by our company. This privacy policy also applies to our websites and social media profiles. For the definition of terms such as “personal data” or “processing,” please refer to Article 4 of the GDPR.

Name and contact details of the responsible person(s)
Our controller (hereinafter referred to as “Controller”) within the meaning of Art. 4 No. 7 GDPR is:

Khalifa, Rahali & Ouerfelli Bakery GBR/LIT Cafe
Jagowstraße 23
10555 Berlin, Germany
Email address: litcoffeebar@gmail.com

Types of data, purposes of processing and categories of data subjects

Below we inform you about the type, scope and purpose of the collection, processing and use of personal data.

1. Types of data we process

2. Purposes of processing pursuant to Article 13(1)(c) GDPR

3. Categories of data subjects pursuant to Article 13(1)(e) GDPR

The individuals affected are collectively referred to as “users”.

Legal basis for the processing of personal data

Below we inform you about the legal basis for the processing of personal data:

  1. If we have obtained your consent for the processing of personal data, the legal basis is Article 6(1)(a) GDPR.

     

  2. If processing is necessary for the performance of a contract or for taking steps at your request prior to entering into a contract, the legal basis is Article 6(1)(b) GDPR.

     

  3. If processing is necessary for compliance with a legal obligation to which we are subject (e.g., statutory retention requirements), the legal basis is Article 6(1)(c) GDPR.

     

  4. If processing is necessary to protect the vital interests of the data subject or of another natural person, the legal basis is Article 6(1)(d) GDPR.

  5. If processing is necessary to protect the vital interests of the data subject or of another natural person, the legal basis is Article 6(1)(d) GDPR. If the processing is necessary to protect our legitimate interests or those of a third party, and your interests or fundamental rights and freedoms do not override these interests, then Article 6(1)(f) GDPR is the legal basis.

Disclosure of personal data to third parties and processors

We generally do not share your data with third parties without your consent. Should this nevertheless occur, the disclosure will be based on the aforementioned legal grounds, e.g., when transferring data to online payment providers for contract fulfillment, or due to a court order or a legal obligation to disclose data for the purposes of law enforcement, prevention of danger, or enforcement of intellectual property rights.

We also use data processors (external service providers, e.g., for web hosting of our websites and databases) to process your data. If data is transferred to these processors within the framework of a data processing agreement, this is always done in accordance with Article 28 of the GDPR. We carefully select our data processors, monitor them regularly, and have reserved the right to issue instructions regarding the data. Furthermore, the data processors must have implemented appropriate technical and organizational measures and comply with the data protection regulations according to the German Federal Data Protection Act (BDSG n.F.) and the GDPR.

Data transfer to third countries

The adoption of the European General Data Protection Regulation (GDPR) established a uniform basis for data protection in Europe. Your data is therefore primarily processed by companies to which the GDPR applies. Should processing by third-party services outside the European Union or the European Economic Area nevertheless take place, these services must meet the specific requirements of Articles 44 et seq. of the GDPR. This means that processing is based on specific safeguards, such as the EU Commission’s officially recognized finding of an adequate level of data protection equivalent to that of the EU, or compliance with officially recognized specific contractual obligations, the so-called “standard contractual clauses.”

Insofar as we obtain your explicit consent for the transfer of data to the USA due to the invalidity of the so-called “Privacy Shield,” pursuant to Article 49(1)(a) of the GDPR, we would like to draw your attention to the risk of secret access by US authorities and the use of the data for surveillance purposes, potentially without legal recourse for EU citizens.

Data deletion and storage period

Unless expressly stated otherwise in this privacy policy, your personal data will be deleted or blocked as soon as you withdraw your consent to its processing, or the purpose for its storage no longer applies, or the data is no longer required for that purpose, unless its further retention is necessary for evidentiary purposes or is required by law. This includes, for example, the statutory retention periods for business correspondence under Section 257 Paragraph 1 of the German Commercial Code (HGB) (6 years) and the statutory retention periods for tax documents under Section 147 Paragraph 1 of the German Fiscal Code (AO) (10 years). Once the prescribed retention period expires, your data will be blocked or deleted, unless further storage is necessary for entering into or fulfilling a contract.

Existence of automated decision-making

We do not use automated decision-making or profiling.

Provision of our website and creation of log files

  1. If you use our website for informational purposes only (i.e., without registering or otherwise submitting information), we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following data:

    • IP address;

    • User’s internet service provider;

    • Date and time of access;

    • Browser type;

    • Browser language and version;

    • Content of the request;

    • Time zone;

    • Access status/HTTP status code;

    • Data volume;

    • Referring website;

    • Operating system.

     

  2. This data is not stored together with any other personal data you provide.

     

  3. This data is used for the purpose of providing you with a user-friendly, functional, and secure website with all its features and content, as well as for optimization and statistical analysis.

     

  4. The legal basis for this is our legitimate interest in data processing, as outlined in the purposes above, pursuant to Article 6(1)(f) of the GDPR. For security reasons, we store this data in server log files for a period of several days. After this period, the data is automatically deleted unless we need to retain it as evidence in the event of attacks on the server infrastructure or other legal violations.

Rights of the data subject

  1. Objection or Withdrawal of Consent to the Processing of Your Data

    If the processing is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a), Art. 7 GDPR, you have the right to withdraw your consent at any time. The lawfulness of the processing carried out on the basis of the consent until its withdrawal remains unaffected.

     

    If we base the processing of your personal data on the balancing of interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR, you may object to the processing. This is the case, in particular, if the processing is not necessary for the performance of a contract with you, which we will explain in the following description of the functions. When exercising such an objection, please state the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either cease or adjust the data processing or demonstrate to you our compelling legitimate grounds for continuing the processing.

     

    You can object to the processing of your personal data for advertising and data analysis purposes at any time. You can exercise your right to object free of charge. You can inform us of your objection to advertising using the following contact details:

     

    Khalifa, Rahali & Ouerfelli Bakery GBR/LIT Cafe
    Jagowstraße 23
    10555 Berlin, Germany
    Email address: litcoffeebar@gmail.com

     

  2. Right to Information

    You have the right to request confirmation from us as to whether we process personal data concerning you. If this is the case, you have the right to access your personal data stored by us in accordance with Article 15 of the GDPR. This includes, in particular, information about the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom your data have been or will be disclosed, the envisaged storage period, and the source of your data, if it was not collected directly from you.

     

  3. Right to Rectification
    You have the right to rectification of inaccurate data or completion of incomplete data in accordance with Article 16 of the GDPR.

     

  4. Right to Erasure
    You have the right to erasure of your data stored by us in accordance with Article 17 of the GDPR, unless statutory or contractual retention periods or other legal obligations or rights to further storage preclude this.

     

  5. Right to Restriction of Processing
    You have the right to request a restriction of the processing of your personal data if one of the conditions in Article 18(1)(a) to (d) GDPR is met:

    • If you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

    • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

    • The controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims; or

    • You have objected to processing pursuant to Article 21(1) GDPR pending the verification of whether the legitimate grounds of the controller override your grounds.

     

  6. Right to data portability

    You have a right to data portability under Article 20 of the GDPR, which means that you can receive the personal data we hold about you in a structured, commonly used, and machine-readable format, or request that it be transmitted to another controller.

     

  7. Right to lodge a complaint
    You have the right to lodge a complaint with a supervisory authority. You can usually contact the supervisory authority in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.

Data Security

To protect all personal data transmitted to us and to ensure that data protection regulations are observed by us and our external service providers, we have implemented appropriate technical and organizational security measures. Therefore, among other things, all data between your browser and our server is transmitted using a secure SSL connection.

Last updated: December 2, 2022