Privacy Policy
With this Privacy Policy, we would like to inform you about the nature, scope, and purpose of the processing of personal data (hereinafter also referred to as "data"). Personal data is all data that relates personally to you, such as your name, address, email address, or your user behavior. This Privacy Policy applies to all data processing operations carried out by us, both in the context of our core business and for the online media maintained by us.
Who is Responsible for Data Processing with Us
The Controller responsible for data processing is:
Café Klein
Mönckebergstraße 7
20095 Hamburg
E-mail: cafeklein.20095@gmail.com
Imprint/Legal Notice: https://cafeklein-hamburg.de/impressum
Processing of Your Data in the Context of Our Company's Core Business
If you are our customer, business partner, or interested in our services, the type, scope, and purpose of the processing of your data are governed by the contractual or pre-contractual relationships between us. In this sense, the data processed by us includes all data that is/was provided for the purpose of using the contractual or pre-contractual services by you and which is required for the handling of your inquiry or the contract concluded between us. Unless otherwise stated in the further information of this Privacy Policy, the processing of your data and its transfer to third parties is limited to the data that is necessary and expedient for answering your inquiries and/or for fulfilling the contract concluded between you and us, for safeguarding our rights, and for fulfilling legal obligations. We will inform you of the data required for this before or during the data collection process. If we use third-party providers to render our services, the privacy notices of the respective third-party providers apply.
Affected Data:
Inventory data (e.g., names, addresses)
Payment data (e.g., bank details, invoices)
Contact data (e.g., email address, telephone number, postal address)
Contract data (e.g., subject matter of the contract, contract duration)
Affected Persons: Prospective customers, business and contractual partners
Purpose of Processing: Handling of contractual services, communication and answering of contact inquiries, office and organizational procedures
Legal Basis: Performance of a contract and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legal obligation, Art. 6 para. 1 lit. c GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR
Your Rights under the GDPR
According to the GDPR, you have the following rights, which you can assert at any time with the Controller named in Section 1 of this Privacy Policy:
Right of Access: You have the right to request information from us as to whether and what data we process about you.
Right to Rectification: You have the right to request the correction of inaccurate or completion of incomplete data.
Right to Erasure: You have the right to request the erasure of your data.
Right to Restriction of Processing: You have the right to request that we restrict the processing of your data only in certain cases.
Right to Data Portability: You have the right to request that we transmit your data to you or another controller in a structured, commonly used, and machine-readable format.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. The supervisory authority of your usual place of residence, your workplace, or our company headquarters is responsible.
Right to Withdraw Consent
You have the right to withdraw your consent to data processing at any time.
Right to Object
You have the right to object at any time to the processing of your data that we base on our legitimate interest according to Art. 6 para. 1 lit. f GDPR. If you exercise your right to object, we ask you to state the reasons. We will then no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing that override your interests and rights.
Irrespective of the foregoing, you have the right to object at any time to the processing of your personal data for marketing and data analysis purposes.
Please address your objection to the contact address of the Controller provided above.
When Do We Delete Your Data?
We delete your data when we no longer need it or when you instruct us to do so. This means that—unless otherwise stated in the individual privacy notices of this Privacy Policy—we delete your data:
when the purpose of the data processing has ceased to apply and thus the respective legal basis mentioned in the individual privacy notices no longer exists, e.g.,
after the termination of the contractual or membership relations between us (Art. 6 para. 1 lit. a GDPR) or
after the cessation of our legitimate interest in the continued processing or storage of your data (Art. 6 para. 1 lit. f GDPR),
if you exercise your right to withdraw consent and no other legal basis for the processing within the meaning of Art. 6 para. 1 lit. b−f GDPR intervenes,
if you exercise your right to object and there are no compelling legitimate grounds against the erasure.
However, if we still have to hold on to (certain parts of) your data for other purposes, for example, because tax retention periods (usually 6 years for business correspondence or 10 years for accounting vouchers) or the assertion, exercise, or defense of legal claims from contractual relationships (up to four years) require this, or the data is needed to protect the rights of another natural or legal person, we will only delete (that part of) your data after these periods have expired. Until these deadlines expire, we will restrict the processing of this data to these purposes (fulfillment of retention obligations).
Cookies
Our website uses cookies. Cookies are small text files, consisting of a series of numbers and letters, which are placed and stored on the device you use. Cookies primarily serve to exchange information between the device you use and our website. This includes, among other things, the language settings on a website, the login status, or the point at which a video was watched.
Two types of cookies are used when visiting our websites:
Temporary Cookies (Session Cookies): These store a so-called session ID, which can be used to assign various requests from your browser to the common session. Session cookies are deleted when you log out or close your browser.
Permanent Cookies: Permanent cookies remain stored even after the browser is closed. This allows our website to recognize your computer when you return to our website. For example, information about language settings or log-in information is stored in these cookies. Furthermore, your surfing behavior can be documented and stored with these cookies. This data can be used for statistical, marketing, and personalization purposes.
In addition to the classification above, cookies can also be differentiated with regard to their purpose:
Necessary Cookies: These are cookies that are absolutely essential for the operation of our website, to store logins or shopping carts for the duration of your session, or cookies that are set for security reasons.
Statistical, Marketing, and Personalization Cookies: These are cookies that are used for analysis purposes or reach measurement. Such "tracking" cookies can, in particular, store information on search terms entered or the frequency of page views. In addition, the surfing behavior of an individual user (e.g., viewing certain content, using functions, etc.) can also be stored in a user profile. Such profiles are used to show users content that corresponds to their potential interests. If we use services through which cookies for statistical, marketing, and personalization purposes are stored on your device, we will inform you about this separately in the following sections of our Privacy Policy or in the context of obtaining your consent.
Affected Data:
Usage data (e.g., access times, clicked websites)
Communication data (e.g., information about the device used, IP address).
Affected Persons: Users of our online offers
Purpose of Processing: Displaying our websites, ensuring the operation of our websites, improving our online offer, communication and marketing
Legal Basis:
Legitimate Interest, Art. 6 para. 1 lit. f GDPR
If we do not obtain your consent to set cookies, we base the processing of your data on our legitimate interest in improving the quality and user-friendliness of our website, especially the content and functions. You have the option to object to the use of cookies set by us based on our legitimate interest via the security settings of your browser. There you have the possibility to determine whether you accept no cookies at all or only on request, or determine that cookies are deleted after each closing of your browser. If cookies are deactivated for our website, not all functions of the website may be fully usable.
Consent, Art. 6 para. 1 lit. a GDPR
If we ask you for permission to set certain cookies on your device before your visit to our website, and you consent, the legal basis is the consent you have given. We will inform you within the context of the consent about which cookies we set in detail. If you do not give this consent, only the so-called technically necessary cookies, which are required for the proper operation of our websites and their display in your browser, will be set. If you have consented to the setting of cookies, you have the option to withdraw the given consent from us at any time.
Webhosting
We use a provider for the maintenance of our websites, on whose server our websites are stored and made available for retrieval on the Internet (Hosting). The provider can process all data transmitted via the browser you use that arises when using our websites. This includes, in particular, your IP address, which the provider needs to be able to deliver our online offer to the browser you use, as well as all entries you make via our website. In addition, the provider we use can collect:
The date and time of access to our website
Time zone difference to Greenwich Mean Time (GMT)
Access status (HTTP status)
The amount of data transferred
The Internet service provider of the accessing system
The browser type and version you used
The operating system you used
The website from which you may have reached our website
The pages or sub-pages that you visit on our website.
The aforementioned data are stored as log files on the servers of our provider. This is necessary to ensure the stability and security of the operation of our website.
Affected Data:
Content data (e.g., posts, photos, videos)
Usage data (e.g., access times, clicked websites)
Communication data (e.g., information about the device used, IP address)
Affected Persons: Users of our internet presence
Purpose of Processing: Displaying our websites, ensuring the operation of our websites
Legal Basis: Legitimate Interest, Art. 6 para. 1 lit. f GDPR
Webhoster(s) commissioned by us:
Showit
Service provider: Showit Website: 2490 S Gilbert Rd, Suite 200, Chandler, Arizona 85286, USA Privacy Policy: https://showit.com/
Contacting Us
If you contact us via email, social media, telephone, fax, post, our contact form, or otherwise, and thereby provide us with personal data such as your name, telephone number, or email address, or provide further information about yourself or your request, we process this data to answer your inquiry within the scope of the pre-contractual or contractual relationship between us.
Affected Data:
Inventory data (e.g., names, addresses)
Contact data (e.g., email address, telephone number, postal address)
Content data (texts, photos, videos)
Contract data (e.g., subject matter of the contract, contract duration)
Affected Persons: Prospective customers, customers, business and contractual partners
Purpose of Processing: Communication and answering of contact inquiries, office and organizational procedures
Legal Basis: Performance of a contract and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR
Payment Service Providers
In accordance with our legal obligations or due to our legitimate interests in efficient, secure, and customer-oriented payment processing, persons who have concluded a contract or another legal relationship with us may use banks and credit institutions, as well as other payment service providers for payment. The payment service providers offered by us process inventory data in this context, including name, address, or bank data such as account/credit card number, passwords, TANs, check digits, as well as information about the concluded contract and information about the recipient of the payment.
The data collected in this context is necessary for the payment service provider to carry out the payment processing. Only the payment service provider commissioned by us collects and processes this personal information. We never receive information about your account or credit card connection. We are informed by our payment service provider whether our customers' payment has been received or not. It is possible that our payment service providers pass on our customers' data to credit agencies to check the identity and creditworthiness of the payer. In this respect, we refer to the Privacy Policy and General Terms and Conditions (GTC) of our payment service providers.
The GTC and data protection regulations of the respective payment service provider apply. You can find this information on the website of the affected service provider or in the transaction application. For further information and for asserting your rights regarding withdrawal and access, we refer to the provisions of the respective service provider.
Affected Data:
Inventory data (e.g., name, address),
Usage data (e.g., visited websites, interest in certain topics, access times),
Payment data (e.g., bank connection, invoices, payment history),
Transaction data (e.g., duration, customer category, subject matter of the contract),
Communication and metadata (e.g., IP address, information about the device or computer system)
Purpose of Processing: Effective, secure, and customer-oriented payment offers (service) as well as processing of payments according to contractual agreement
Legal Basis: Performance of a contract and fulfillment of pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legitimate interests, Art. 6 para. 1 lit. f GDPR
Withdrawal Options: You can withdraw your consent to the use of personal data at any time vis-à-vis the respective payment service provider. Despite withdrawal, the payment service provider may still be entitled to process, use, and transmit the personal data that are absolutely necessary for the contractual payment processing. Regarding the storage and timely deletion of personal data, we refer to the respective privacy policies of the payment service provider.
We use the following payment service providers:
American Express
Service provider: American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main
Website: https://www.americanexpress.com/de/?inav=NavLogo
Privacy Policy: https://www.americanexpress.com/de/legal/
online-datenschutzerklarung.html
Apple Pay
Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA
Website: https://www.apple.com/de/apple-pay/
Privacy Policy: https://www.apple.com/legal/privacy/de-ww/
Sofortüberweisung (Instant Transfer)
Service provider: SOFORT GmbH, Theresienhöhe 12, 80339 Munich
Website: https://www.sofort.de/index.html
Privacy Policy: https://www.sofort.de/datenschutz.html
Google Pay
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Website: https://pay.google.com/intl/de_de/about/
Privacy Policy: https://policies.google.com/privacy
Klarna
Service provider: Klarna GmbH, Theresienhöhe 12, 80339 Munich
Website: https://www.klarna.com/sofort/
Privacy Policy: https://cdn.klarna.com/1.0/shared/content/
legal/terms/0/de_de/privacy
Mastercard
Service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium
Website: https://www.mastercard.de/de-de.html
Privacy Policy: https://www.mastercard.de/de-de/datenschutz.html
PayPal
Service provider: PayPal (Europe) S.à.r.l. et Cie., S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg
Website: https://www.paypal.com/de/webapps/mpp/home
Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/
privacy-full#
Visa
Service provider: Visa Europe Management Services Ltd., German Branch, Neue Mainzer Strasse 66-68, 60311 Frankfurt am Main
Website: https://www.visa.de/
Privacy Policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html
Review Seals
In order to give you a first impression of the quality of our offers and services, we display a selection of customer reviews and the overall rating formed from all reviews via the review seal (also called a review widget) embedded on our website. If you click on the widget, you will be forwarded to the respective provider's online offer. There you can view all reviews for our offer. You also have the opportunity to rate us there.
The seal of the provider embedded on our websites is played out via an interface from the respective provider's server. For this purpose, when you visit our website, a data connection is established with the provider's server. The provider receives certain data that is required to display the content of the widget to your browser. This includes the IP address assigned to you and other access data.
Affected Data:
Usage data (e.g., access times, clicked websites)
Communication data (e.g., information about the device used, IP address).
Affected Persons: Customers, users of our internet presence
Purpose of Processing: Obtaining customer feedback, as well as interest- and behavior-based marketing
Legal Basis: Consent, Art. 6 para. 1 lit. a GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR
We use the following review seals: [No specific providers listed in the German text for review seals, only for the subsequent section.]
Web Analysis and Statistics
We use web analysis services to record and statistically evaluate the visitor flows on our internet presence. Such services record, among other things, data about which website you came to our internet presence from (so-called referrer), which pages of our internet presence you accessed, how long you visited our pages, and which interactions you carried out there. Data on the browser, computer system, and type of device you used are also collected. Furthermore, such a service can also collect demographic information, such as age or gender, as pseudonymous values. If you have consented to the collection of your location data, this can also be processed, depending on the provider.
In order to collect and store this data, the web analysis service we use usually places a cookie on the device you are using, with which the IP address assigned to you is also collected. However, this is shortened via a so-called IP masking procedure, so that the IP address can no longer be assigned to your visit to our website. No clear data such as names or email addresses are stored in any other respect either. Neither we nor the service we use know the identity of the visitors to our websites.
However, when collecting the data, the service provider can create pseudonymous usage profiles with information from the use of various devices through the use of cookies.
We would like to point out that, depending on the location of the service provider mentioned below, the data collected via the service may be transferred to and processed outside the area of the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR will not be adhered to and that the enforcement of your rights will not be possible or will only be possible with difficulty.
Affected Data:
Usage data (e.g., access times, clicked websites)
Communication data (e.g., information about the device used, IP address).
Affected Persons: Users of our online offers
Purpose of Processing: Reach measurement, campaign success monitoring, remarketing, as well as interest- and behavior-based marketing
Legal Basis: If we have asked for your consent before using the respective service, this is the legal basis, Art. 6 para. 1 lit. a GDPR. Otherwise, we use the respective service based on our legitimate interest in analyzing the visitor flows of our websites in order to continuously improve the functions, offers, and user experience, Art. 6 para. 1 lit. f GDPR.
We use the following web analysis services:
Google Analytics 4
Service provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Location within the EU: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland
Website: https://marketingplatform.google.com/intl/de/
about/analytics/
Privacy Policy: https://policies.google.com/privacy?hl=de
Note on data transfer to Google Analytics servers: When accessing our website within the EU (based on the geographical location according to the IP address), the IP address assigned to you is collected exclusively via servers in the EU and used as geolocation data, only to be deleted immediately afterwards. It is neither logged nor otherwise used. The further measurement data is then forwarded to Google Analytics servers to be evaluated there.
Opt-Out Option: If you do not want your data to be used by Google Analytics, you can set a so-called Opt-Out Plugin, which prevents your data from being collected on our website in the future. You can obtain this plugin here: https://tools.google.com/dlpage/gaoptout?hl=de
Our Online Presences on Social Networks
We maintain online presences within the social networks listed below. If you visit one of these presences, the data specified in more detail below is collected and processed by the respective provider. As a rule, this data is collected for advertising and market research purposes and used to create usage profiles. Data can be stored in the usage profiles regardless of the device you use. This is particularly the case if you are a member of the respective platform and logged in there. The usage profiles can be used by the providers to display interest-based advertising to you. You have a right to object to the creation of user profiles. To exercise this, you must contact the respective provider.
If you have an account with one of the providers listed below and are logged in there when visiting our website, the respective provider can collect data about your usage behavior on our website. To prevent such a link between your data, you can log out of the provider's service before visiting our site.
You can find out the purpose and scope of data collection by the provider in the respective privacy policies of the providers communicated below.
We would like to point out that, depending on the location of the provider mentioned below, the data collected via its platform may be transferred to and processed outside the area of the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR will not be adhered to and that the enforcement of your rights will not be possible or will only be possible with difficulty.
Affected Data:
Inventory and contact data (e.g., name, address, telephone number, email address)
Content data (e.g., posts, photos, videos)
Usage data (e.g., access times, clicked websites)
Communication data (e.g., information about the device used, IP address).
Purpose of Processing: Communication and marketing, tracking and analysis of user behavior
Legal Basis: Consent, Art. 6 para. 1 lit. a GDPR, legitimate interests Art. 6 para. 1 lit. f GDPR
Objection Options: Regarding the respective objection options (opt-out), we refer to the information from the providers linked below.
We maintain online presences on the following social networks:
Instagram
Service provider: Instagram Inc., 1601 Willow Road, Menlo Park CA 94025, USA
Parent company: Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA
Location in the EU: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Website: https://www.instagram.com/
Privacy Policy: http://instagram.com/about/legal/privacy
Content Services
We use certain services to display specific content or graphics (videos, images, music, fonts, map material) via our internet presence. The services we use process the IP address assigned to you at the time of your visit to our websites, as this is the only way the respective content can be displayed in the browser you are using. In addition, the providers of these services can set other cookies on your device, through which information about your usage behavior, your interests, the device and browser you are using, and the time and duration of your session are collected. These providers regularly use this data for analysis, statistics, and marketing purposes. Furthermore, this information can also be linked to information from other sources. This is particularly the case if you yourself maintain an account with the service provider and are logged in there at the time of the session.
We point out that, depending on the location of the service provider mentioned below, the data specified in more detail below may be transferred to and processed on servers outside the area of the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR will not be adhered to and that the enforcement of your rights will not be possible or will only be possible with difficulty.
Affected Data:
Usage data (e.g., access times, clicked websites)
Communication data (e.g., information about the device used, IP address)
Affected Persons: Users of our internet presence
Purpose of Processing: Displaying our websites, offering content, ensuring the operation of our websites
Legal Basis: Consent via cookie consent banner, Art. 6 para. 1 lit. a GDPR, legitimate interests, Art. 6 para. 1 lit. f GDPR
We use the following content services:
Google Maps
We use Google Maps on our internet presence. Google collects and processes the visitor's IP address. When you visit a website where Google Maps is integrated, your IP address and your location data (the latter usually not without your consent) are transmitted to Google, regardless of whether you actually use Google Maps or are logged into your Google Account. Your IP address is assigned to your Google Account if you are logged in there when visiting our website.
Service provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Location in the EU: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Website: https://www.google.de/maps
Privacy Policy: https://policies.google.com/privacy
Opt-Out Option: https://tools.google.com/dlpage/gaoptout?hl=de
Security Measures
We also take technical and organizational security measures according to the state of the art to comply with the provisions of data protection laws and to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorized access by third parties.
Currency and Amendment of this Privacy Policy
This Privacy Policy is currently valid and has the status October 2025. Due to changes in legal or official requirements, it may become necessary to adapt this Privacy Policy.
Folge uns auf Instagram
