Legal
Privacy Policy
Protecting your personal data matters to us. This privacy policy explains what data is collected when you visit our website, how we handle it, and what rights you have as a data subject.
This is a translation of our German privacy policy provided for your convenience. The German version is legally binding.
You can generally use our website without providing any personal data. Where personal data is collected on this website, this is always done in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection law.
Controller
Prime X GmbH
Harscampstr. 2
52062 Aachen
Germany
Represented by: Veit Brinkmann (Managing Director)
Contact
Phone: 0241 / 47596773
Email: hello@coco-chan.de
Your Rights as a Data Subject
If we process your personal data, you have the following rights in particular:
- Right of access to your stored data (Art. 15 GDPR)
- Right to rectification of inaccurate data (Art. 16 GDPR)
- Right to erasure of your data (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to receive your data in a portable format (Art. 20 GDPR)
- Right to object to processing (Art. 21 GDPR)
- Right to withdraw any consent given, with effect for the future (Art. 7(3) GDPR)
To exercise these rights, simply send us an informal message at hello@coco-chan.de.
You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data. The competent authority is:
State Commissioner for Data Protection and Freedom of Information of
North Rhine-Westphalia (LDI NRW)
Kavalleriestr. 2-4
40213 Düsseldorf, Germany
ldi.nrw.de
Hosting and Server Log Files
This website is delivered on infrastructure that we operate and administer ourselves. Our servers are located in a data centre operated by our infrastructure partner netcup GmbH in Germany, as well as on our own hardware on our premises in Aachen (with a redundant fibre-optic connection). Where required, a data processing agreement under Art. 28 GDPR is in place with our hosting partner.
Every time our website is accessed, information is automatically stored in so-called server log files, which your browser transmits to us:
- Browser type and version
- Operating system used
- Referrer URL (the page visited previously)
- Date and time of access
- IP address
This data is used exclusively for the technical delivery and security of our website and is not combined with other data sources. The legal basis is our legitimate interest in the secure and stable operation of our website (Art. 6(1)(f) GDPR).
Contacting Us by Email or Phone
If you contact us by email or phone, the data you provide (e.g. name, contact details, the content of your message) is stored and processed exclusively to handle your enquiry. The legal basis is Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR (legitimate interest in responding to your enquiry). This data is not shared with third parties.
Web Analytics with Matomo
To analyse how our website is used, we use the privacy-friendly, self-hosted web analytics service Matomo. Matomo collects anonymised usage data (e.g. pages visited, time spent, browser type); your IP address is shortened before it is stored.
The legal basis is our legitimate interest in the statistical evaluation and improvement of our offering (Art. 6(1)(f) GDPR).
You can object to the collection of your data by Matomo at any time (opt-out):
Online Reservations via Resmio
For accepting and managing table reservations, we use the Resmio service provided by Resmio GmbH. When you book a table through our reservation form, the data you enter (e.g. name, email address, phone number, number of guests, requested time) is transmitted directly to Resmio and processed there.
Resmio may use its own tracking technologies as part of the widget. For details on how Resmio processes your data, please refer to their privacy policy at resmio.com/en/privacy.
The legal basis for the transfer of your data is the performance of a pre-contractual relationship at your request (Art. 6(1)(b) GDPR). A data processing agreement under Art. 28 GDPR is in place with Resmio.
Retention Period
Personal data is only stored for as long as necessary for the relevant purpose, or as required by statutory retention periods. After that, the data is routinely deleted.
SSL/TLS Encryption
For security reasons, this website uses SSL/TLS encryption. You can recognise an encrypted connection by the fact that the address bar of your browser changes from “http://” to “https://” and by the lock icon in the address bar.
No Automated Decision-Making
We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.
If you have any questions about data protection, you can reach us at any time at hello@coco-chan.de.