Restaurant FACIL - Data Privacy Policy

Information on data processing according to Art. 13, 14 GDPR

We are pleased that you are visiting our homepage and thank you for your interest. Dealing with the data of website visitors, but also of our customers and business partners, is a matter of trust. The trust placed in us is very important to us and therefore the significance and obligation to handle your data with care and to protect it from misuse.

THE MANDALA specifically adheres to the EU General Data Protection Regulation (GDPR) as well as the current German Federal Data Protection Act (BDSG). For internet usage, we follow the German Telecommunications and Digital Services Data Protection Act (TDDDG) of the Federal Republic of Germany to protect your personal data. In the following, we explain what information we collect during your visit to our websites and how this information is used. In the following, we explain what information we collect during your visit to our websites and how this information is used. Additionally, we would also like to inform you about how we store and use personal data that we have obtained through other means.

The Data Controller under the GDPR and other national data protection laws of Member States, as well as other data protection regulations, is:

The Mandala Hotel GmbH,
Potsdamer Str. 3,
D-10785 Berlin, Germany

• +49 (0) 30 590 05 00 00
• welcome@themandala.de

The Data Controller's Data Protection Officer is:

Andreas Thurmann,
DataSolution LUD GmbH,
Isarstrasse 13,
D-14974 Ludwigsfelde, Germany

• mail@hoteldatenschutz.de
• +49 (0) 3378 202514

Scope of the processing of personal data

As a matter of principle, we collect and use personal data of our users only insofar as this is necessary for the provision of a functional website as well as our contents and services. The collection and use of our users' personal data regularly only takes place with the user's consent. An exception applies in cases where it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by legal regulations.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) lit. a GDPR serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If processing of personal data is necessary to comply with a legal obligation (statutory provisions) to which our company is subject (e.g. federal registration laws), Art. 6 (1) c GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) f GDPR serves as the legal basis for the processing.

Data deletion and storage period

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.

Description and scope of data processing

Our website contains a contact form that can be used to contact us electronically. If you use this option, the data entered in the input mask will be transmitted to us and stored. These data are: First and last name, e-mail address and request.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the personal data transmitted with the e-mail will be stored.

Legal basis for data processing

The legal basis for the processing of the data is firstly our legitimate interest in the processing of data in the context of contacting the enquirer. If the contact is aimed at the conclusion of a contract, the additional legal basis for processing is in the context of a contractual relationship.

Purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The data is used exclusively for processing the booking and for communication.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

If the contact is a pre-contractual relationship (offer or reservation request), the transmitted data will also be stored in our hotel software and used to execute the contract. If there is no contractual relationship, we delete the data after one year at the end of the year.

Possibility of objection

You have the option to object to the processing of your data at any time. We have set up the e-mail address widerruf@themandala.de for this purpose. We would like to point out that in the event of an objection, the conversation cannot be continued or we cannot create any offers etc.

All personal data stored in the course of contacting us will be deleted in this case.

Description and scope of data processing

In order to be able to communicate with you better and to be able to answer questions about the online platform quickly, we use the chat function of LiveRate from the company LiveRate GmbH, Metzstraße 12, 81667 Munich, Germany on our website. The chat function of LiveRate is used as a communication medium and enables communication with website visitors. So-called chatbots can also be used here, which automatically answer standard questions. Within the chat, you have the option of entering your first and last name as well as your e-mail address. Otherwise, no personal data is stored.

Furthermore, you can use other messenger platforms (Facebook Messenger, Telegram) via LiveRate to send and receive messages. If you use Facebook Messenger, Facebook transmits to LiveRate, among other things, Facebook name, profile pictures, language and gender. If you use Telegram Messenger, your username and picture will be sent to LiveRate.

Legal basis for data processing

The legal basis for the processing is the common interest in data processing. We carry out the aforementioned processing for customer care and to increase our services.

You can also make a booking with us via the chat function of LiveRate. The data requested for the booking, e.g. e-mail address, name, address, are required for the initiation and conclusion of the contract. We process data for order processing, in particular we will forward payment data to your chosen payment service provider or our house bank. The legal basis for the processing is the contract or contract initiation relationship. To prevent unauthorised third parties from accessing your personal data, the ordering process on the website is encrypted using SSL/TLS technology.

Purpose of the data processing

The data is processed exclusively for the processing of the conversation.

Duration of storage

We delete the data accruing in this context after the processing is no longer necessary or we restrict the processing if there are statutory retention obligations.

In addition, as part of LiveRate, you are offered the opportunity to register to receive newsletters. The registration takes place via a registration link. If you have registered for the newsletter, our data processing will be carried out in accordance with the information on the point "Newsletter".

Possibility of objection

You have the option to object to the processing of your data at any time. We have set up the e-mail address widerruf@themandala.de for this purpose.

We would like to point out that in the event of an objection, the booking cannot be completed or the conversation cannot be continued.

Description and Scope of Data Processing

Our website provides the option to make restaurant reservations. If you use this option, the data entered in the input form will be transmitted to us. This data includes: first name, last name, email address, phone number, reservation details (date, time, number of persons, restaurant), as well as optional information regarding special requests and occasion.

When you make a reservation through our website, this is processed via the online reservation system Formitable B.V. (Seatris AI GmbH), Herengracht 560, 1017 CH Amsterdam, Netherlands / Kantstr. 34, 10625 Berlin, Germany. All reservation data you provide is transmitted in encrypted form. For more information about Formitable B.V. / Seatris.ai, please refer to the privacy policy.

Legal Basis for Data Processing

The legal basis for processing this data is our legitimate interest in data processing, as well as the user's consent by accepting our data processing terms.

Purpose of Data Processing

The data is used by us exclusively for table reservations. If you wish to allow Seatris.ai further use of your data, Formitable will obtain separate consent.

Storage Duration

The data will be deleted as soon as it is no longer required for the purpose for which it was collected.

Right to Object

You have the right to object to the future processing of your data at any time. For this purpose, we have provided the email address: widerruf@themandala.de.

Description and scope of data processing

Our website offers the option of purchasing vouchers. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are: Salutation/title, first name, last name, e-mail address, address, voucher value, wishes, payment data, password for individual user account and, if applicable, date of birth and telephone number.

If you make a voucher purchase from our websites, this is done through the online ordering platform of INCERT eTourismus Gmbh & Co KG, Leonfeldner Straße 328, A-4040 Linz, Austria. All order data entered by you is transmitted in encrypted form. INCERT is committed to handling your transmitted data in accordance with data protection regulations. INCERT takes all organisational and technical measures to protect your data.

Legal basis for data processing

The legal basis for the processing of the data is the conclusion of a purchase contract.

Purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the voucher purchase and to handle the payment transaction.

If there is a legitimate interest in obtaining information about the accessibility of natural persons who are commercially active and legal entities, and information about their creditworthiness, we can carry out an information request with IHD Gesellschaft für Kredit- und Forderungsmanagement mbH, Augustinusstr. 11 B, 50226 Frechen. You can find out more about this in IHD's data protection regulations.

Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial law, statutory or contractual retention requirements have been fulfilled.

Possibility of objection

The user has the option to object to the processing of his or her personal data at any time. We have set up the e-mail address widerruf@themandala.de for this purpose.

Description and scope of data processing

On our website, you have the option of commenting on one of our entries. If you take advantage of this option, the data entered in the input mask will be transmitted to us, stored and published on our website. These data are: Name, e-mail address and the comment.

Legal basis for data processing

The legal basis for the processing of the data is firstly our legitimate interest in the data processing as well as the existence of the user's consent by accepting our conditions for data processing.

Purpose of the data processing

The processing of personal data is solely for the purpose of publishing comments on our contributions.

Duration of storage

The data will be deleted if the processing or publication of the data is objected to (right to be forgotten).

Possibility of objection and removal

You have the option to object to the publication of your comments for the future at any time. For this purpose, we have set up the e-mail address widerruf@themandala.de.

Description and scope of data processing

For the support, advice and advertising of corporate customers, we collect and use the contact person, telephone number and postal address in addition to the business partner or potential business partner. We obtain the information from various sources, either through an enquiry (e-mail or telephone), but also via events, trade fairs, business cards that our sales staff receive, etc.

Legal basis for data processing

The legal basis for processing the data is our legitimate interest in data processing. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is the contractual relationship.

To increase our services, we manage all data received in the CRM module of our central hotel software within THE MANDALA. The responsible entity is the hotel with which a business contact exists. Central services such as sales, banqueting, reservations and marketing access this data. The legal basis for processing the data is our legitimate interest in data processing within the framework of central administration and use of the data of our customers and business partners within the hotel group.

Purpose of the data processing

We use this contact data exclusively for our own purposes and for the needs-based design of our own sales activities.

Duration of storage

In principle, no deletion period is foreseen. However, if our sales department has not had any contact with the company contact within 3 years, the sales department will decide whether the contact person of the company contact will be deleted.

If the contact is a pre-contractual relationship (offer, booking or reservation request), the transmitted data will also be stored in our hotel software and used to execute the contract. If there is no contractual relationship, we delete the data after one year at the end of the year.

Possibility of objection

As the contact person of a company contact, you have the option to object to the processing of your data at any time. We have set up the e-mail address widerruf@themandala.de for this purpose. All personal data of the contact person that has been stored for the business partner will be deleted in this case.

Description and scope of data processing

On our website, you have the option of subscribing to our newsletter service in various ways. If you take advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are: E-mail address, if applicable first name, last name, language and interest in one or more topics.

If you register for a newsletter from our websites, the data will be stored in our newsletter tool by Mailchimp, The Rocket Science Group LLC. , 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. For further information on data protection, please see the FAQ on the GDPR.

If we otherwise receive an email address where the recipient clearly tells us that they would like to receive our newsletter, we will collect their details via the input mask on our website.

Legal basis for data processing

The legal basis for the processing of the data is the existence of the recipient's consent. This is ensured by a double-opt-in procedure.

Purpose of the data processing

The processing of personal data is solely for the purpose of sending individual newsletters.

Duration of storage

The data will be deleted as soon as the newsletter service is cancelled.

Possibility of objection

You have the option to object to the processing of your data at any time. You can unsubscribe from the newsletter service with each newsletter. In addition, we have set up the e-mail address widerruf@themandala.de. Please let us know the e-mail address here.

Description and scope of data processing

You have the option of applying for a job or sending us a speculative application. You can do this preferably via our website, by e-mail or in paper form. From our website you can access our job advertisements. If you take this opportunity, we will store general information about you in an administration programme. These data are:

• First name, last name
• E-mail address
• Phone
• Application date
• For which position applied
• Curriculum vitae and other application documents (upload)
• Your message to us

In addition, we may forward your application internally to the responsible head of department. The data will not be passed on to third parties in this context. The data will only be used for processing the application and for communication.

Legal basis for data processing

The legal basis for the processing of the data is the processing for a contract initiation relationship or contractual relationship.

Purpose of the data processing

The processing of personal data is solely for the purpose of processing the application.

Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If you are not hired by our company, we will delete all data and documents relating to your application after 6 months at the latest. Should we wish to retain your documents for longer due to your qualifications, we will obtain your permission to do so.

Possibility of objection

You have the option to object to the processing of your data at any time. To do so, please contact the e-mail address: widerruf@themandala.de. Please note that in the event of an objection, the application cannot be completed or the conversation cannot be continued.

Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

• Information about the browser type and version used
• The operating system of the user
• The IP address of the user
• Date and time of access
• Websites from which the user's system accesses our website
• Websites that are accessed by the user's system via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. Personal user profiles cannot be formed. The stored data is only evaluated for statistical purposes.

Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is the processing to protect our legitimate interest.

Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing also lies in these purposes.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

Description and scope of data processing

Cookies are small text files that are sent by us to the browser of your end device when you visit our website and are stored there. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, however, enable us to carry out various analyses, so that we are able, for example, to recognise the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses.

We provide information about the respective services for which we use cookies in the individual processing operations. Detailed information on the cookies used can be found in the cookie policy.

We also use cookies on our website that enable an analysis of the user's surfing behaviour. The following data can be transmitted in this way: Search terms entered, frequency of page views, use of website functions. The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the user. When calling up our website, the user is informed about the use of cookies for analysis purposes and his or her consent to the processing of the personal data used in this context is obtained. In this context, a reference to this data protection declaration is also made.

Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is our legitimate interest in data processing. The legal basis for the processing of personal data using cookies for analysis purposes is the existence of a relevant consent of the user.

Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change. The user data collected through technically necessary cookies are not used to create user profiles.

Analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.

Duration of storage, possibility of objection and elimination

Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

It is also possible to use our offers without cookies and scripts. You can deactivate the storage of cookies and scripts in your browser, restrict them to certain websites or set your browser to notify you as soon as a cookie is sent. You can also delete cookies from your PC's hard drive at any time.

Description and scope of data processing

Our website loads the consent manager of the company Cybot A/S, Havnegade 39, 1058 Copenhagen (hereinafter: cookiebot.com). We use this service to ensure, on the one hand, the full functionality of our website and, on the other hand, the privacy-compliant use of marketing and tracking tools on our website. In this context, your browser may transmit personal data to cookiebot.com.

Legal basis and purpose for data processing

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in the error-free functioning of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. Further information on the handling of the transmitted data can be found in the privacy policy of cookiebot.com. You can prevent the collection and processing of your data by cookiebot.com by deactivating the execution of script code in your browser or installing a script blocker in your browser.

The following information is stored in our Cookiebot account:

• The user's IP address in anonymised form (the last three digits are set to "0").
• Date and time of consent.
• User's browser.
• The URL from which the consent was sent.
• An anonymous, random and encrypted key value.
• The user's state of consent, which serves as proof of consent.

The key and consent status are also stored in the user's browser in the cookie "CookieConsent" so that the website can automatically read and respect the user's consent in all subsequent page requests and future user sessions for up to 12 months. You have the option to view and change your level of consent at any time. You can find this further down on this page.

According to the law, we may store cookies on your device if they are strictly necessary for the operation of this website. The use of the service is based on obtaining legally required consent for cookie usage pursuant to Article 6(1)(c) GDPR and Section 25(2) No. 2 TDDDG. For all other cookie types, we require your permission. This website uses different types of cookies. Some cookies are placed by third parties that appear on our pages. You can modify or withdraw your consent at any time via the cookie declaration on our website.

The specific storage duration of the processed data is not controllable by us, but is determined by Cybot A/S. Further information can be found in the Cookiebot privacy policy.

Google Analytics 4

Our website uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Google Analytics uses cookies that enable an analysis of your use of our websites. The information about your use of this website collected by means of the cookies is generally transmitted to a Google server in the USA and stored there.

We use the User-ID function. Using the User ID, we can assign a unique, persistent ID to one or more sessions (and the activities within those sessions) and analyze user behavior across devices.

We also use Google Signals. This allows Google Analytics to collect additional information about users who have enabled personalized ads (interests and demographic data), and ads can be delivered to these users in cross-device remarketing campaigns.

In Google Analytics 4, IP anonymization is enabled by default. Due to IP anonymization, your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your website visit, your user behavior is recorded in the form of "events". Events may include:

• Page views

• First visit to the website

• Session start

• Your "click path", interaction with the website

• Scrolls (whenever a user scrolls to the bottom (90%) of the page)

• Clicks on external links

• Internal search queries

• Interactions with videos

• File downloads

• Ads viewed/clicked

• Language setting

Additionally recorded:

• Your approximate location (region)

• Your IP address (in truncated form)

• Technical information about your browser and the devices you use (e.g., language setting, screen resolution)

• Your internet service provider

• The referrer URL (which website/advertising medium brought you to this website)

Purposes of Processing

Google will process the transmitted information on our behalf to evaluate website usage by visitors and to compile reports on website activities. The reports provided by Google Analytics serve us to analyze website performance.

Recipients

Recipients of the data may include:

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 GDPR)

• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

• Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Access to the data stored at Google by US authorities cannot be ruled out.

Third Country Transfer

Where data is processed outside the EU/EEA and no data protection level equivalent to the European standard exists, we have concluded EU Standard Contractual Clauses with the service provider to establish an adequate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to data stored by Google cannot be excluded. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may have no legal remedies against access by authorities.

Storage Duration

The data we send that is linked to cookies is automatically deleted after 14 months. The deletion of data whose retention period has been reached occurs automatically once a month.

Legal Basis and Withdrawal

We process your data using Google Analytics 4 based on your consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25 TTDSG. You give your consent via the cookie settings (cookie banner/consent manager), through which you can also declare your withdrawal pursuant to Art. 7(3) GDPR at any time with effect for the future.

You can prevent the storage of cookies from the outset by adjusting your browser software accordingly. However, if you configure your browser to reject all cookies, functionality may be limited on this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (incl. your IP address) by Google and the processing of this data by Google by (I) not giving your consent to the setting of the cookie or (II) downloading and installing the browser add-on to deactivate Google Analytics HERE.

Further information can be found in Google's Terms of Service and Privacy Policy.

Google Tag Manager

We use Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and enables us to control the precise integration of services on our website.

This allows us to flexibly integrate additional services to evaluate users' access to our website.

The use of Google Tag Manager is based on your consent according to Art. 6 (1) (a) GDPR and § 25 (1) TDDG.

We intend to transfer personal data to third countries outside the European Economic Area, particularly the USA. Data transfer to the USA takes place in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where there is no adequacy decision from the European Commission (including US companies not certified under the EU-U.S. DPF), we have agreed with the data recipients on other appropriate safeguards within the meaning of Art. 44 et seq. GDPR. These are - unless otherwise stated - standard contractual clauses of the EU Commission according to the Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN.

Furthermore, before such a transfer to a third country, we obtain your consent according to Art. 49 (1) sentence 1 (a) GDPR, which you give via consent manager (or other forms, registrations, etc.). Please note that data transfers to third countries may involve risks that are not fully known (e.g., data processing by the security authorities of the third country, the exact extent and consequences of which we do not know, over which we have no control, and of which you may not be aware).

The specific storage duration of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the Google Tag Manager privacy policy.

Google DoubleClick

We have integrated components of Google DoubleClick on our website. DoubleClick is a brand of Google, primarily marketing specialized online marketing solutions to advertising agencies and publishers. DoubleClick by Google transmits data to the DoubleClick server with every impression, click, or other activity.

Each data transmission triggers a cookie request to the affected person's browser. If the browser accepts this request, DoubleClick sets a cookie in your browser.

DoubleClick uses a cookie ID necessary for the technical process. The cookie ID is used, for instance, to display an advertisement in a browser. DoubleClick can also use the cookie ID to determine which ads have already been shown in a browser to avoid duplicate display. Furthermore, the cookie ID enables DoubleClick to record conversions, such as when a user sees a DoubleClick advertisement and later makes a purchase on the advertiser's website using the same browser.

A DoubleClick cookie does not contain personal data but may include additional campaign identifiers. A campaign identifier helps identify campaigns with which you have interacted on other websites. In the context of this service, Google becomes aware of data that may also be used to generate commission settlements. Google can trace, for example, that you clicked on certain links on our website. The data transfer in this case is to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. More information and the applicable data protection provisions of DoubleClick by Google can be found at https://policies.google.com/privacy.

We process your data using the DoubleClick cookie for the purpose of optimizing and displaying advertisements based on your consent according to Art. 6 (1) (a) GDPR and § 25 (1) TDDG. The cookie is used to deliver user-relevant ads, create and improve ad campaign reports, and avoid multiple displays of the same advertisement. Every time you access one of our website's individual pages where a DoubleClick component is integrated, your browser is automatically triggered by the respective DoubleClick component to transmit data to Google for the purposes of online advertising and commission billing. There is no legal or contractual obligation to provide your data. If you do not give your consent, you can still visit our website without restrictions, but some features may not be fully available.

We intend to transfer personal data to third countries outside the European Economic Area, particularly the USA. Data transfer to the USA takes place in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where there is no adequacy decision from the European Commission (including US companies not certified under the EU-U.S. DPF), we have agreed with the data recipients on other appropriate safeguards within the meaning of Art. 44 et seq. GDPR. These are - unless otherwise stated - standard contractual clauses of the EU Commission according to the Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN.

Furthermore, before such a transfer to a third country, we obtain your consent according to Art. 49 (1) sentence 1 (a) GDPR, which you give via the consent manager (or other forms, registrations, etc.). Please note that data transfers to third countries may involve risks that are not fully known (e.g., data processing by the security authorities of the third country, the exact extent and consequences of which we do not know, over which we have no control, and of which you may not be aware).

The specific storage duration of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the Google DoubleClick privacy policy.

Google Ads

We have integrated Google Ads on our website. Google Ads is a service provided by Google Ireland Limited to display targeted advertising to users. Google Ads uses cookies and other browser technologies to analyze user behavior and recognize users.

Google Ads collects information about visitor behavior on various websites. This information is used to optimize ad relevance. Furthermore, Google Ads delivers targeted ads based on behavioral profiles and geographic location. The provider receives your IP address and other identifiers, such as your user agent.

If you are registered with a Google Ireland Limited service, Google Ads can associate your visit with your account. Even if you are not registered or logged in, the provider may still identify and store your IP address and other identifiers.

The data transfer takes place in this case to the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The use of Google Ads is based on your consent according to Art. 6 (1) (a) GDPR and § 25 (1) TDDG.

We intend to transfer personal data to third countries outside the European Economic Area, particularly the USA. Data transfer to the USA takes place in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where there is no adequacy decision from the European Commission (including US companies not certified under the EU-U.S. DPF), we have agreed with the data recipients on other appropriate safeguards within the meaning of Art. 44 et seq. GDPR. These are - unless otherwise stated - standard contractual clauses of the EU Commission according to the Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN.

Furthermore, before such a transfer to a third country, we obtain your consent according to Art. 49 (1) sentence 1 (a) GDPR, which you give via the consent manager (or other forms, registrations, etc.). Please note that data transfers to third countries may involve risks that are not fully known (e.g., data processing by the security authorities of the third country, the exact extent and consequences of which we do not know, over which we have no control, and of which you may not be aware).

The specific storage duration of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the Google Ads privacy policy.

Google Maps

We use Google Maps to create directions. Google Maps is a service provided by Google Ireland Limited, which displays a map on our website.

When you access these contents of our website, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. These data are processed solely for the aforementioned purposes and to maintain the security and functionality of Google Maps.

The use of Google Maps is based on your consent according to Art. 6 (1) (a) GDPR and § 25 (1) TDDG.

We intend to transfer personal data to third countries outside the European Economic Area, particularly the USA. Data transfer to the USA takes place in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where there is no adequacy decision from the European Commission (including US companies not certified under the EU-U.S. DPF), we have agreed with the data recipients on other appropriate safeguards within the meaning of Art. 44 et seq. GDPR. These are - unless otherwise stated - standard contractual clauses of the EU Commission according to the Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN.

Furthermore, before such a transfer to a third country, we obtain your consent according to Art. 49 (1) sentence 1 (a) GDPR, which you give via consent manager (or other forms, registrations, etc.). Please note that data transfers to third countries may involve risks that are not fully known (e.g., data processing by the security authorities of the third country, the exact extent and consequences of which we do not know, over which we have no control, and of which you may not be aware).

The specific storage duration of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the Google Maps privacy policy.

We have integrated Microsoft Advertising on our website. Microsoft Advertising is a service provided by Microsoft Corporation to display targeted advertising to users. Microsoft Advertising uses cookies and other browser technologies to analyze user behavior and recognize users.

Microsoft Advertising collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertisements. Furthermore, Microsoft Advertising delivers targeted advertising based on behavioral profiles and geographical location. Your IP address and other identification features such as your user agent are transmitted to the provider.

The transfer of your data in this case is to the operator of Microsoft Advertising, Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, United States.

The use of Microsoft Advertising is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG.

We intend to transfer personal data to third countries outside the European Economic Area, particularly the USA. Data transfer to the USA takes place in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where there is no adequacy decision from the European Commission (including US companies not certified under the EU-U.S. DPF), we have agreed with the data recipients on other appropriate safeguards within the meaning of Art. 44 et seq. GDPR. These are - unless otherwise stated - standard contractual clauses of the EU Commission according to the Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN.

Furthermore, before such a transfer to a third country, we obtain your consent according to Art. 49 (1) sentence 1 (a) GDPR, which you give via the consent manager (or other forms, registrations, etc.). Please note that data transfers to third countries may involve risks that are not fully known (e.g., data processing by the security authorities of the third country, the exact extent and consequences of which we do not know, over which we have no control, and of which you may not be aware).

The specific storage duration of the processed data cannot be influenced by us but is determined by Microsoft Corporation. Further information can be found in the Microsoft Advertising privacy policy.

We operate so-called fan pages or accounts on the networks mentioned below in order to provide you with information and offers within social networks and to offer you additional ways to contact us and learn about our offers. Below, we inform you about the data that we or the respective social network process from you in connection with accessing and using our fan pages/accounts.

Data we process from you

If you wish to contact us via messenger or direct message through the respective social network, we generally process your username through which you contact us and may store other data you provide, insofar as it is necessary to process/respond to your request.

The legal basis is Art. 6 (1) sentence 1 (f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller).

(Statistical) Usage data we receive from social networks

Through insights functionalities, we automatically receive statistics related to our accounts. The statistics include, among other things, the total number of page views, likes, information on page activities and post interactions, reach, video views, and information on the proportion of male/female among our fans/followers.

The statistics contain only aggregated data and do not relate to individual persons. Therefore, we cannot identify you through them.

What data social networks process from you

You do not need to be a member of the respective social network to view the content of our fan pages/accounts, and therefore no user account is required.

However, please note that social networks may collect and store data from website visitors without user accounts (e.g., technical data to display the website) and use cookies and similar technologies, over which we have no control. Details can be found in the privacy policies of the respective social networks (see the corresponding links above).

If you want to interact with the content on our fan pages/accounts, e.g., comment on, share, or like our posts, or contact us via messenger functions, prior registration with the respective social network and the provision of personal data are required.

We have no influence on the data processing by social networks when used by you. To the best of our knowledge, your data is stored and processed by social networks, particularly in connection with providing the services of the respective social network, and for analyzing user behavior (using cookies, pixels/web beacons, and similar technologies) to deliver interest-based advertising both within and outside the respective social network. It cannot be ruled out that your data may also be stored by social networks outside the EU/EEA and transmitted to third parties.

For information regarding the exact scope and purposes of processing your personal data, storage duration/deletion, as well as policies on the use of cookies and similar technologies in connection with registration and usage, please refer to the privacy policies/cookie policies of the social networks. There you will also find information about your rights and objection options.

Facebook

When visiting our Facebook page, Facebook (Meta) collects, among other things, your IP address and other information stored on your PC in the form of cookies. This information is used to provide us, as the operators of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more information on this at the following link: https://facebook.com/help/pages/insights.

It is not possible for us to draw conclusions about individual users based on the transmitted statistical information. We only use this data to respond to user interests and to continuously improve our online presence and maintain its quality.

We collect your data via our fan page solely to enable communication and interaction with us. This usually includes your name, message content, comment content, and publicly available profile information.

The processing of your personal data for our aforementioned purposes is based on our legitimate economic and communicative interest in providing an information and communication channel pursuant to Art. 6 (1) (f) GDPR. If you have given your consent to data processing to the respective social network provider, the legal basis for processing is Art. 6 (1) (a), Art. 7 GDPR.

Due to the fact that data processing is carried out by the social network provider, our ability to access your data is limited. Only the provider of the social network has full access to your data. Therefore, only the provider can directly take appropriate measures to fulfill your user rights (request for information, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effectively directed directly to the respective provider.

We are jointly responsible with Facebook for the personal data processed via the fan page. Affected rights can be exercised with both Meta Platforms Ireland Ltd. and us.

The primary responsibility for processing insights data under GDPR lies with Facebook, and Facebook fulfills all GDPR obligations concerning the processing of insights data. Meta Platforms Ireland Ltd. provides the essentials of the page insights supplement to the data subjects.

We do not make any decisions regarding the processing of insights data or the storage duration of cookies on users' devices.

Further information is available directly from Facebook (Supplementary Agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.

For more detailed information, including the exact scope and purposes of processing your personal data, storage duration/deletion, as well as policies on the use of cookies and similar technologies during registration and use, please refer to Facebook’s privacy policies/cookie policies: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0 https://www.facebook.com/policies/cookies

Instagram

When visiting our Instagram page https://www.instagram.com/restaurant_facil/, Instagram (Meta) collects, among other things, your IP address as well as other information that is available in the form of cookies on your PC. This information is used to provide us, as operators of the Instagram page, with statistical information regarding the use of the Instagram page. Instagram provides more detailed information at the following link (Note: by clicking the following link, you will be redirected to the website of the social network Facebook, which is also part of the Meta Group. However, the information provided via the link equally applies to the Instagram network): https://facebook.com/help/pages/insights.

The statistical information transmitted does not allow us to draw conclusions about individual users. We only use this information to better respond to the interests of our users, to continuously improve our online presence, and to ensure its quality.

We collect your data via our fan page solely to enable communication and interaction with us. This typically includes your name, message content, comment content, and profile information that you have made “publicly” available.

The processing of your personal data for the aforementioned purposes is based on our legitimate economic and communicative interest in offering an information and communication channel pursuant to Art. 6 (1) f) GDPR. If, as a user, you have given consent to the data processing to the respective social network provider, the legal basis for the processing is Art. 6 (1) a), Art. 7 GDPR.

Due to the fact that the actual data processing is carried out by the provider of the social network, our ability to access your data is limited. Only the provider of the social network is authorized to have full access to your data. Therefore, only the provider can directly take and implement appropriate measures to fulfill your user rights (e.g., access request, deletion request, objection, etc.). As such, asserting these rights is most effective when done directly with the respective provider.

We are jointly responsible with Instagram for the personal content on the fan page. Data subject rights can be asserted with Meta Platforms Ireland Ltd. as well as with us.

According to the GDPR, Instagram bears primary responsibility for the processing of Insights data and fulfills all obligations under the GDPR with respect to the processing of Insights data. Meta Platforms Ireland Ltd. makes the essence of the Page Insights Supplement available to data subjects.

We do not make decisions regarding the processing of Insights data or the duration of cookie storage on user devices.

Further information can be found directly on Instagram (Supplementary Agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.

More detailed information, including the exact scope and purposes of processing your personal data, the duration of storage/deletion, as well as policies on the use of cookies and similar technologies in the context of registration and use, can be found in Instagram's privacy/cookie policies (Note: by clicking the following link, you will be redirected to the website of the social network Facebook):
https://help.instagram.com/519522125107875/?helpref=uf_share
This information can also be accessed in the help section of Instagram's website via the following link:
https://help.instagram.com/581066165581870

For further information, please refer to Instagram’s privacy policy.

YouTube Video

We have integrated YouTube Video on our website. YouTube Video is a component of the video platform YouTube, LLC, where users can upload content, share it via the internet, and receive detailed statistics.

YouTube Video enables us to integrate content from the platform into our website.

YouTube Video uses cookies and other browser technologies to analyze user behavior, recognize users, and create user profiles. This information is used, among other things, to analyze the activity of accessed content and to generate reports. If a user is registered with YouTube, LLC, YouTube Video can associate the viewed videos with the corresponding user profile.

When you access this content, a connection is established to servers of YouTube, LLC, Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, during which your IP address and, if applicable, browser data such as your user agent are transmitted.

Use of this service is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG.

We intend to transfer personal data to third countries outside the European Economic Area, particularly the USA. The data transfer to the USA is based on Art. 45 (1) GDPR according to the adequacy decision of the European Commission. The involved US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where there is no adequacy decision by the European Commission (including US companies that are not certified under the EU-U.S. DPF), we have agreed on other appropriate safeguards pursuant to Art. 44 et seq. GDPR with the recipients of the data. Unless otherwise stated, these are the standard contractual clauses of the European Commission according to the Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be viewed at:
https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE

Furthermore, before such a third country transfer, we obtain your consent according to Art. 49 (1) sentence 1 lit. a GDPR, which you provide via the consent manager (or other forms, registrations, etc.). We would like to point out that third-country transfers may involve unknown risks in detail (e.g., data processing by security authorities of the third country, the exact scope and consequences of which are unknown to us, beyond our control, and of which you may not be aware).

The specific storage duration of the processed data is not determined by us but is set by YouTube, LLC. Further information can be found in the privacy policy for YouTube Video.

We have integrated components of the Hotelcareer Widget on our website. Hotelcareer Widget is a service provided by StepStone GmbH, Axel-Springer-Straße 65, 10969 Berlin, Germany, which offers applicant and personnel management software.

Hotelcareer Widget is used in connection with application processes to optimize applicant management, for example through the automated analysis of job references. Furthermore, Hotelcareer Widget enables us to create and evaluate job postings.

The use of the service is based on our legitimate interests, i.e., the interest in optimizing our application processes pursuant to Art. 6 (1) lit. f GDPR.

The specific storage duration of the processed data is not determined by us but is defined by StepStone GmbH. Further information can be found in the privacy policy for Hotelcareer Widget.

We use Crazy Egg from Crazy Egg, Inc. to conduct so-called A/B tests on our online offering. In this process, different versions of our online offering are published simultaneously and it is measured which of these versions is more user-friendly.

When testing the versions, data such as the operating system used, the browser’s user agent, and the time of access may be collected in order to measure the success of the version.

Web tracking technologies are used to associate the aforementioned data with the version of our online offering being tested.

The use of Crazy Egg is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG.

The specific storage duration of the processed data is not determined by us but is defined by Crazy Egg, Inc. Further information can be found in the data protection declaration for Crazy Egg.

We have integrated components of Cognito Forms on our website. Cognito Forms is a service provided by Cognito LLC and offers marketing automation software.

Cognito Forms enables us to create and display online forms and pop-ups on our website. Furthermore, Cognito Forms is used to process data entered in forms, e.g., when contacting us via contact form or subscribing to a newsletter.

Cognito Forms uses cookies and other browser technologies to analyze user behavior and recognize users. This information is used, among other things, to compile reports on website activity.

In this case, your data is transmitted to the operator of Cognito Forms, Cognito LLC, 929 Gervais Street, Suite D, Columbia, SC 29201, United States.

The use of Cognito Forms is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG.

The specific storage duration of the processed data is not determined by us but is defined by Cognito LLC. Further information can be found in the privacy policy for Cognito Forms.

We have integrated components of the MailChimp service on our website. MailChimp is a service provided by The Rocket Science Group, LLC and offers marketing automation for businesses.

MailChimp is used to store and transmit data entered in forms via cookies, to send marketing emails and automated messages, and to create targeted campaigns.

In addition, MailChimp provides us with the ability to analyze whether the emails sent have been opened, how many users received an email, and whether users unsubscribed from the newsletter after receiving an email.

In this case, your data is transmitted to the operator of MailChimp, The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, United States.

The use of MailChimp is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG.

The specific storage duration of the processed data is not determined by us but is defined by The Rocket Science Group, LLC. Further information can be found in the privacy policy for MailChimp.

We have integrated components of Stripe Payments on our website. Stripe Payments is a service provided by Stripe, Inc. and offers online payment solutions worldwide.
If you choose Stripe Payments as your payment method, the data required for the payment process will be automatically transmitted to Stripe, Inc., San Francisco, California, US.

In this context, the following data is generally collected: name, address, company (if applicable), email address, telephone and mobile number, and IP address.

The use of the service is based on the performance of a contract, i.e., for the processing of payment transactions.

The specific storage duration of the processed data is not determined by us but is defined by Stripe, Inc. Further information can be found in the privacy policy for Stripe Payments.

This service is aimed primarily at adults. We do not currently market any services for children. Therefore, we neither knowingly collect information to determine user age, nor do we knowingly collect personal data from children under 16 years of age. We would, however, like to advise all visitors to our website under 16 years of age not to disclose or make available any personal data. If we discover that a child under 16 years of age has provided us with personal data, we will delete the personal data of the child from our files, as far as this is technologically possible.

If your personal data are processed, you are a Data Subject under the GDPR and you have the following rights with regard to the Data Controller:

You have the right to information on the data stored about you, the purposes for which your data are being processed, any transferring of this data to other bodies that may occur, and the length of time for which your data will be stored.

Should data be incorrect or no longer required for the purposes for which they were collected, you have the right to demand their correction or deletion, or restriction of data processing. Where provided for by the data processing methods used, you can view and, if necessary, correct the data yourself.

If special personal circumstances provide reasons against processing of your personal data, you have the right to object to such data processing, provided that the processing is based on a legitimate interest. The Data Controller will then no longer process your personal data, unless the Data Controller can provide evidence of compelling legitimate reasons for processing which outweigh your interests, rights and freedoms; or if processing serves to assert, exercise or defend legal claims. If your personal data are processed for direct marketing purposes, you have the right, at any time, to object to the processing of your personal data for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing. If you object to data processing for purposes of direct advertising or profiling, your personal data will no longer be processed for these purposes.

You have the right to revoke your declaration of consent for data protection at any time. Withdrawal of consent shall not affect the legality of processing undertaken on the basis of this consent before its withdrawal.

If you have questions on your rights and exercising them, please contact:

The Mandala Hotel
The Mandala Hotel GmbH
Potsdamer Str. 3
D-10785 Berlin
Deutschland

Tel.: +49 (0) 30 590 05 00 00
Mail: welcome@themandala.de

Data Protections Officer
DataSolution Thurmann GbR
Herr Andreas Thurmann
Isarstr. 13
D-14974 Ludwigsfelde
Deutschland

Tel.: +49 (0) 3378 202513
Fax: (0) 3378 202514
Mail: mail@hoteldatenschutz.de

As a Data Subject, irrespective of any other administrative or judicial remedy, you have the right of appeal to a supervisory authority for data protection, more specifically in the member state where you reside or where the alleged offence was committed, if you believe that the processing of your personal data violates data protection law.

The supervisory authority to which the complaint is submitted will inform you of the status and the findings of your complaint, including whether or not a judicial remedy is possible.

More information is available on the website of the Federal Commissioner for Data Protection and Freedom of Information. Please click this link.

If personal data is processed outside the European Union, you can refer to the preceding statements for further details.

THE MANDALA uses technological and organisational security precautions, in accordance with article 32 of the GDPR, in order to protect your data administered by us from accidental or deliberate manipulation, loss, destruction or access by unauthorised persons. Our security precautions are continually improved as technology develops. Access is only granted to a small number of authorised persons, and persons committed specifically to data protection who are concerned with technical, administrative or editorial management of data.

We reserve the right to change, update or amend this privacy notice at any time. Any revised information on data processing will only apply to personal data collected or modified after the effective date.

Status | May 2025