Privacy Policy
Effective Date: August 05, 2024
1. Introduction Welcome to Paskal
We are committed to protecting your privacy and ensuring the security of your personal information.
This Privacy Notice explains how we collect, use, disclose, and safeguard your information when you visit our café or use our website.
2. Why Do You Need this Privacy Notice?
We encourage you to carefully read this Privacy Notice as it provides you with information about your personal data being processed in connection with:
а) your access to and use of our website available at https://paskal-choux.com/, including any of its subdomains (the “Website”);
b) discussions for evaluating or pursuing certain business relationships and transactions with us (the “Business Relationship”) when either, we (including our representatives) contact you, or you reach us (including our representatives) for these purposes; and
c) your access to and use of our social media networks, such as Facebook and Instagram accounts (the “Social Media Channels”). Links to our Social Media Channels are provided on the Website.
This Privacy Notice does not govern processing of your personal data if you act as our team member or candidate. The latter case is governed by another document, which is provided to you by us if and where applicable.
In this Privacy Notice personal data and personal information are used as synonyms and mean any information that directly or indirectly identifies you as an individual. In this Privacy Notice we explain which types of personal data we hold on you, how we collect and process such data, how long we keep it, and so on.
3. Who Are We and How to Reach Us?
When we say “we”, “us”, or “our”, we mean Paskal “You” or “your” refers to you as (i) a visitor of the Website, (ii) a person who we contact or who reaches us regarding the Business Relationship, (iii) a person who accesses and uses our Social Media Channels, or (iv) any other person if we process your personal data in accordance with this Privacy Notice, as may be informed by us.
With respect to personal data collected as outlined in Section 5 hereof, we act as a data controller or joint data controller, depending on applicable circumstances as described below in this Privacy Notice.
We respect your privacy and are committed to protecting your personal data. Therefore, we process your personal data in accordance with this Privacy Notice and we endeavor to comply with the applicable data protection legislation, which includes the General Data Protection Regulation, also known as the GDPR (the “Applicable Legislation”).
If you have any questions regarding this Privacy Notice or the processing of your personal data, contact us via privacy@paskal-choux.com.
4. What Are Our Principles?
Lawfulness. We endeavour to process personal data in accordance with the Applicable Legislation and only on the basis of the appropriate legal grounds.
Fairness. We do our best to handle personal data in ways that you would reasonably expect and we do not use any personal information in ways that have unjustified adverse effects on you.
Transparency. We endeavour to make the processing activities transparent and understandable for you, including by providing you with all reasonably necessary information regarding the processing.
Data Minimisation. We endeavour to process only necessary personal data, taking into consideration the requirements of the Applicable Legislation.
Purpose Limitation. We process your data only for the purposes it was collected. If we establish any other purpose, we will inform you reasonably in advance.
Accuracy. We endeavour to ensure the accuracy of your personal data, including by providing you with the opportunity to rectify or complete it.
Confidentiality, Integrity, and Availability. We try to comply with the best practices applicable to the development and maintenance of the security systems.
Storage Limitation. We keep the personal data as long as prescribed in this Privacy Notice, based on the purposes the data was collected.
Accountability. We endeavour to comply with the Applicable Legislation, and, furthermore, if we disclose personal data to any person, we will do our best to ensure that such person will comply with the terms of the Applicable Legislation and this Privacy Notice.
5. Information We Collect:
The categories of personal data we collect depend on how you interact with us and the requirements of the Applicable Legislation. We collect and process the following types of personal data as outlined below. Please note that we may also collect certain other information, which may be required under the applicable laws:
- Personal Identification Information: Name, email address, phone number, and mailing address.
- Technical Data: IP address, browser type, operating system, and other details collected through cookies and similar technologies.
- Purchase History: Details of your orders and transactions: the number of cakes, date of receipt, Custom Decoration\Special options.
- Business Relationship Data: Name, email address, phone number, and mailing address.
- Social Media Data: nicknames, names, and/or photos, messages, comments, and other communications, any data that you choose to provide us with, information provided to us by the respective Social Media.
- Analytical and Marketing Data: Google Data:internet protocol (IP) address, browser details, device details, operating system, other information regarding the use of the Website. Meta Data:information regarding the use of the Website and your reactions to and interaction with advertisements.
6. How We Use Your Information
We use the information we collect for various purposes, including:
- Processing your orders and sending you related information.
- Responding to your inquiries and providing customer support.
- Sending promotional materials, newsletters, and other marketing communications.
- Improving our website, services, and customer experience.
- Ensuring the security and integrity of our services.
7. Sharing Your Information. We do not sell, trade, or otherwise transfer your personal information to outside parties except as described below:
- Service Providers: We may share information with third-party vendors who assist us in operating our café and website, conducting our business, or servicing you.
- Legal Requirements: We may disclose your information where required to comply with laws, regulations, or legal requests.
General. We do not sell or rent out your data. However, we may share your personal data in accordance with this Privacy Notice, Applicable Legislation, or with your consent, in each case for the purposes of and if it is reasonably necessary for the purposes outlined in this Privacy Notice or required under the applicable laws and regulations.
Please note that if we share any portion of your personal data with third persons, we will endeavour to secure such transfer using appropriate legal, organisational, and technical measures.
Recipients. Given the purposes outlined above, your personal information is shared with the following categories of recipients:
a) our affiliates, meaning any person controlling, controlled by, or under the same control as we;
b) our personnel, contractors and consultants, who are required to have such data in connection with the performance of the Business Relationship and on a “need-to-know” basis, such as our legal department for conducting the paperwork or financial department for administering payments, etc.;
с) analytical solution providers, such as Google Analytics;
d) government authorities, upon their request or if necessary to comply with our legal obligations; and
e) another entity by virtue of succession, including as a result of merger, reorganisation, acquisition, or liquidation.
8. Do We Transfer Your Personal Data to Third Countries?
We do not transfer your Personal Data to third countries.
9. Data Security. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
10. Your Rights. You have the right to:
- Access the personal information we hold about you.
- Request the correction of inaccurate information.
- Request the deletion of your personal information.
- Object to the processing of your personal data.
- Request the restriction of processing your personal data.
- Withdraw your consent at any time.
If you want to use any of your rights, you can contact us via email privacy@paskal-choux.com and we will meet you request according to the applicable legislation.
11. Cookies and Tracking Technologies. We use cookies and similar tracking technologies to track activity on our website and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.
12. How Long Do We Process Your Data?
As a general rule, we keep personal data as long as it is necessary for the purposes it was collected.
We may process certain personal data longer than outlined below, if it is necessary:
a) to meet our legal obligations under the applicable law;
b) in relation to anticipated or pending legal proceedings; or
c) to protect our rights and legitimate interests or those of third parties.
Business Relationship Data: As long as we maintain our Business Relationship and for three (3) years after any expiration or termination of the Business Relationship 一 if we or our affiliate entered into the Business Relationship with you or the company you represent.
Social Media Data: No retention period for statistical and analytical information. The personal data you provided us with is stored as long as it is not deleted by you or respective Social Media. Other personal data is processed as long as it is necessary for the purposes it was collected, unless otherwise is expressly provided, e.g. in a specific consent form or privacy notice or statement.
Google Data: Up to 2 years.
Meta Data: Up to 180 days after last interaction with the Meta Pixel.
13. Who Controls Your Personal Data?
General. With respect to personal data processed in accordance with this Privacy Notice, we act as a data controller or joint data controller depending on applicable circumstances as described below.
Data Controller. When we act as a data controller, we mean that we solely determine what data collected and the purposes and means of processing of your data. As a general rule, if the personal data is processed in connection with the Business Relationship and/or your access and use the Website, we are considered a data controller. Please note that with respect to Google Data, we act as a data controller and Google, accordingly, act as our data processors. However, Google may use such personal data for any of its own purposes, in which case, they act as independent data controllers. You can learn more about how Google process personal data in their privacy policies: Google’s privacy policy.
Joint Controller. When we act as a joint controller with others, we mean that we and the respective person or entity process the substantially the same set of personal data and jointly determine the purposes and means of processing such personal information. If and to the extent we are considered to be a joint controller according to the Applicable Legislation, you may exercise your data protection rights with respect to the relevant personal data against both us or the respective person or entity. However, we will be able to assist you only with respect to the processing operations expressly outlined in this Privacy Notice. We have no influence on the processing of personal data in connection with your interaction with others, including, but not limited to, Social Media and other third-party service providers, as such. According to the Applicable Legislation, we may be regarded as joint controllers, for example, in the following cases:
a) with respect to your Social Media Data — when you access or otherwise participate in our Social Media Channels, we are deemed a data controller with respect to (i) the data you provide us with and (ii) the statistical data provided by the respective Social Media. However, with respect to any other processing of your data, the respective Social Media acts as an independent data controller;
b) with respect to the Meta Data — we are deemed a joint data controller with respect to the following data processing activities in connection with the Meta Pixel: (i) creation of individualised or suitable ads, as well as for their optimisation; (ii) delivery of commercial and transaction-related messages. The following data processing activities are not covered by the joint controllership: (i) the process that takes place after the collection and transmission is within the sole responsibility of Meta; (ii) the preparation of reports and analyses in aggregated and anonymised form is carried out by Meta as a data processor and we act as a data controller. We have concluded a corresponding agreement with Meta for joint controllership. This agreement defines the respective responsibilities for fulfilling the obligation under the data protection legislation with regard to joint controllership. In particular, we have agreed with Meta that Meta can be used as a contact point for the exercise of your data protection rights regarding the data collected by the Meta Pixel.
14. Are You Subject to Automated Decision-Making?
According to the Applicable Legislation, you have the right not to be subject to a decision based solely on automated processing of data, including profiling, which produces legal effects concerning you or similarly significantly affecting you. Automated decision-making is the process of making a decision by automated means without any human influence on the outcomes. A process might still be considered solely automated if a human inputs the data to be processed, and then the decision-making is carried out by an automated system.
We do not make any automated decisions based on your personal data, including profiling, which produce legal effects concerning you or similarly significantly affect you. If we intend to do so, we will do our best to inform you about the same in advance.
15. What About Securing Your Personal Data?
We strive to do our best to keep your personal data secure. We always review and update appropriate technical and organizational measures to:
a) keep your personal data secure in accordance with the Applicable Legislation, our internal policies and procedures regarding the storage of, access to, and disclosure of personal data;
b) protect you against unauthorized or unlawful processing of personal data and accidental loss or destruction of, or damage to them.
We endeavor to implement and maintain reasonably necessary technical and organizational measures to protect the confidentiality, integrity and availability of your personal data. Your personal information may undergo anonymisation, pseudonymisation, and/or encryption to ensure safe transfer and/or processing.
16. What Data Subject Rights Do You Have?
General. According to the Applicable Legislation, you may have the rights outlined below. In order to exercise your rights as a data subject, we may request certain information from you to verify your identity and confirm that you have the right to exercise such rights.
Data Subject Rights. According to the Applicable Legislation, you may have the following rights:
Rights | Description |
---|---|
Right to access your personal data (commonly known as a “data subject access request”) | This enables you to (i) ask us whether we process your personal data, and (ii) request certain information about the processing activity and/or a copy of the personal data we hold about you as well as (iii) check that we are lawfully processing it. |
Right to rectification of the personal data | This enables you to have any incomplete or inaccurate data we hold about you completed or rectified, though we may need to verify the accuracy of the new data you provide us with. |
Right to erasure of your personal data (commonly known as a “right to be forgotten”) | This enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal or technical reasons which will be notified to you, if applicable, at the time of your request. |
Right to object to processing of your personal data | This enables you to object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. |
Right to restrict the processing of your personal data | This enables you to ask us to suspend the processing of your personal data in the following scenarios: (i) if you want us to establish the data’s accuracy, (ii) where our use of the data is unlawful but you do not want us to erase it, (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims, (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. |
Request the transfer of your personal data (commonly known as a “right to the data portability”) | We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you |
Right to withdraw consent | You may withdraw your consent at any time where we are relying on consent to process your personal data. |
Right not to be subject to automated decision-making | You reserve the right not to be subject to a decision based solely on automated processing of data, including profiling, which produces legal effects concerning you or similarly significantly affecting you. Please note that currently you are not subject to the automated decision-making, which produces legal effects concerning you or similarly significantly affecting you. |
Right to file a complaint | You may file a complaint with a relevant supervisory authority in case we violate your rights or obligations imposed on us under the Applicable Legislation. The relevant supervisory authority may depend on the place where you are located. The details of the Germany data protection supervisory authority: The details of the Germany data protection supervisory authority: |
17. Do We Process Children’s Personal Data?
The Website is not intended for the use of children (under 18 years old or older, if the country of your residence determines a higher age restriction). We also do not knowingly market to, solicit, process, collect, or use personal data of children.
If we become aware that a child has provided us with personal information, we will use commercially reasonable efforts to delete such information from our database. If you are the parent or legal guardian of a child and believe that we have collected personal information from your child, please contact us.
18. Changes to This Privacy. Notice We may update our Privacy Notice from time to time. We will notify you of any changes by posting the new Privacy Notice on our website. You are advised to review this Privacy Notice periodically for any changes.
19. Contact Us. If you have any questions about this Privacy Notice, please contact us at:
- Email: privacy@paskal-choux.com
- Address: Prenzlauer Allee 37, Prenzlauer Allee 37, 10405 Berlin, Germany
Your privacy and trust are important to us.