In accordance with the statutory provisions of data protection law (in particular the new version of the German Federal Data Protection Act (BDSG) and the European General Data Protection Regulation (GDPR), we inform you below about the nature, scope, and purpose of the processing of personal data by our company. This privacy policy also applies to our websites and social media profiles. For the definition of terms such as “personal data” or “processing,” we refer to Art. 4 GDPR.

Name and contact details of the responsible person
Our responsible person (hereinafter “responsible person”) within the meaning of Art. 4 No. 7 GDPR is:

Parminder Singh Bhangal
Bebelstr. 72
46049 Oberhausen

Telephone: 0208 800229
Email: kontakt@maharajas.de

Data types, purposes of processing and categories of data subjects

Below we inform you about the type, scope and purpose of the collection, processing and use of personal data.

1. Types of data we process
   Usage data (access times, websites visited, etc.), inventory data (name, address, etc.), contact data (telephone number, email, fax, etc.), payment data (bank details, account details, payment history, etc.), contract data (subject of the contract, term, etc.), content data (text entries, videos, photos, etc.), communication data (IP address, etc.),

   2. Purposes of processing according to Art. 13 (1) (c) GDPR:
   Processing of contracts, evidentiary purposes / preservation of evidence, technically and economically optimising the website, enabling easy access to the website, fulfilling contractual obligations, fulfilling statutory retention periods, optimising and statistically evaluating our services, supporting commercial use of the website, improving user experience, making the website user-friendly, operating advertising and the website economically, marketing / sales / advertising, compiling statistics, determining the likelihood of texts being copied, avoiding SPAM and misuse, customer service and customer care, processing contact requests, providing websites with functions and content, security measures, ensuring uninterrupted and secure operation of our website, 

   3. Categories of data subjects according to Art. 13 para. 1 e) GDPR
   Visitors/users of the website, customers, interested parties, 

The data subjects are collectively referred to as “users”.

Legal basis for the processing of personal data

Below we inform you about the legal basis for the processing of personal data:

1. If we have obtained your consent to process personal data, Art. 6 (1) (a) GDPR is the legal basis.
2. If processing is necessary to fulfill a contract or to carry out pre-contractual measures taken at your request, Art. 6 (1) (b) GDPR is the legal basis.
3. If processing is necessary to fulfill a legal obligation to which we are subject (e.g. statutory retention periods), Art. 6 (1) (c) GDPR is the legal basis.
4. If processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6 (1) (d) GDPR is the legal basis.
5. If processing is necessary to protect our legitimate interests or the legitimate interests of a third party and your interests or fundamental rights and freedoms do not override them, Art. 6 (1) (f) GDPR is the legal basis.

Transfer of personal data to third parties and processors

We generally do not share data with third parties without your consent. Should this be the case, the sharing will be based on the aforementioned legal grounds, e.g., when sharing data with online payment providers for contract fulfillment or due to a court order or due to a legal obligation to disclose data for the purposes of criminal prosecution, threat aversion, or the enforcement of intellectual property rights.
We also use processors (external service providers, e.g., for web hosting of our websites and databases) to process your data. If data is shared with processors within the framework of a data processing agreement, this always occurs in accordance with Art. 28 GDPR. We carefully select our processors, monitor them regularly, and have been granted the right to issue instructions regarding the data. In addition, the processors must have implemented appropriate technical and organizational measures and comply with the data protection regulations in accordance with the new version of the Federal Data Protection Act (BDSG) and the GDPR.

Data transfer to third countries

The adoption of the European General Data Protection Regulation (GDPR) created a uniform basis for data protection in Europe. Your data will therefore primarily be processed by companies to which the GDPR applies. Should processing take place through third-party services outside the European Union or the European Economic Area, these third-party services must meet the specific requirements of Articles 44 et seq. of the GDPR. This means that processing is carried out on the basis of special guarantees, such as the EU Commission’s officially recognized determination of a data protection level equivalent to that of the EU or compliance with officially recognized specific contractual obligations, the so-called “standard contractual clauses.” For US companies, submission to the so-called “Privacy Shield,” the data protection agreement between the EU and the US, fulfills these requirements.

Deletion of data and storage period

Unless expressly stated in this privacy policy, your personal data will be deleted or blocked as soon as the purpose for its storage no longer applies, unless further retention is required for evidentiary purposes or if statutory retention periods conflict with this. These include, for example, commercial retention obligations for business letters pursuant to Section 257 (1) of the German Commercial Code (HGB) (6 years) and tax retention obligations for receipts pursuant to Section 147 (1) of the German Fiscal Code (AO) (10 years). When the prescribed retention period expires, your data will be blocked or deleted unless storage is still required for the conclusion or fulfillment of a contract.

Existence of automated decision-making

We do not use automated decision-making or profiling.

Provision of our website and creation of log files

1. If you are only using our website for information purposes (i.e. you do not register or otherwise transmit information), we only collect the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data: • IP address;
   • User’s Internet service provider;
   • Date and time of access;
   • Browser type;
   • Language and browser version;
   • Content of the access;
   • Time zone;
   • Access status/HTTP status code;
   • Data volume;
   • Websites from which the request came;
   • Operating system.
   This data is not stored together with your other personal data.
2. This data serves the purpose of delivering our website to you in a user-friendly, functional and secure manner, with functions and content, as well as their optimization and statistical evaluation.
3. The legal basis for this is our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR, which also lies in the above purposes.
4. For security reasons, we store this data in server log files for a period of 90 days. After this period, it is automatically deleted unless we need to retain it for evidentiary purposes in the event of attacks on the server infrastructure or other violations of law.

Cookies

1. We use so-called cookies when you visit our website. Cookies are small text files that your Internet browser saves on your computer. When you visit our website again, these cookies provide information to automatically recognize you. The information obtained in this way is used to technically and economically optimize our web offerings and to provide you with easier and more secure access to our website. When you visit our website, we will inform you about the use of cookies for the aforementioned purposes by means of a reference to our privacy policy and how you can object to these cookies or prevent their storage (“opt-out”). Our website uses session cookies, persistent cookies, and third-party cookies:

   • Session cookies:  We use so-called cookies to recognize repeated use of an offering by the same user (e.g., if you have logged in to determine your login status). When you visit our site again, these cookies provide information to automatically recognize you. The information obtained in this way is used to optimize our offerings and provide you with easier access to our site. When you close your browser or log out, the session cookies are deleted.

   • Persistent cookies:  These are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete cookies at any time in your browser’s security settings.

   • Third-party cookies:  You can configure your browser settings according to your preferences and, for example, refuse the acceptance of third-party cookies or all cookies. However, we would like to point out that if you do this, you may not be able to use all the features of this website. For more information about these cookies, please refer to the respective third-party providers’ privacy policies.

2. The legal basis for this processing is Art. 6 (1) (b) GDPR if the cookies are set to initiate a contract, e.g. when placing orders, and otherwise we have a legitimate interest in the effective functionality of the website, so that in this case Art. 6 (1) (f) GDPR is the legal basis.
3. Objection and “opt-out”:  You can generally prevent cookies from being stored on your hard drive by selecting “do not accept cookies” in your browser settings. However, this may result in a restriction of the functionality of our offerings. You can object to the use of third-party cookies for advertising purposes via a so-called “opt-out” on this American website ( https://optout.aboutads.info ) or this European website ( http://www.youronlinechoices.com/de/praferenzmanagement/ ).

Processing of contracts

1. We process inventory data (e.g., company, title/academic degree, names and addresses as well as contact details of users, email), contract data (e.g., services used, names of contact persons), and payment data (e.g., bank details, payment history) for the purpose of fulfilling our contractual obligations (knowledge of the contractual partner; justification, content, and execution of the contract; checking the plausibility of the data) and services (e.g., contacting customer service) in accordance with Art. 6 (1) (b) GDPR. Entries marked as mandatory in online forms are required for the conclusion of the contract.
2. As a general rule, this data will not be passed on to third parties unless it is necessary to pursue our claims (e.g. handing over to a lawyer for debt collection) or to fulfill the contract (e.g. handing over the data to a payment provider) or there is a legal obligation to do so in accordance with Art. 6 (1) (c) GDPR.
3. We may also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information.
4. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for inventory and contract data when the data is no longer required to execute the contract and no further claims arising from the contract can be asserted because they have expired (warranty: two years / standard limitation period: three years). Due to commercial and tax law requirements, we are obliged to store your address, payment, and order data for a period of ten years. However, upon termination of the contract after three years, we restrict processing; this means your data will only be used to comply with legal obligations. Information in the user account will remain until it is deleted.

Online payment providers

1. When paying via “Paypal,” billing is carried out via PayPal (Europe) S.àr.l. et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg, Web:  paypal.de ,  https://www.paypal.com/de/webapps/mpp/ua/privacy-full .
   When paying via “Sofort.com,” billing is carried out via Klarna GmbH, Theresienhöhe 12, 80339 Munich,   https://www.klarna.com/sofort/datenschutz/ .
   Hereinafter referred to as “online billers.” The online billers collect, store, and process your usage and billing data to determine and bill you for the services you have used. The data entered with the online billers is only processed and stored by them. If the online processors are unable to collect the usage fees or are only able to collect them in part, or if the online processors fail to do so due to a complaint from you, the usage data will be forwarded by the online processor to the controller, who may block your account. The same applies if, for example, a credit card company reverses a transaction at the controller’s expense.
2. The legal basis is Art. 6 (1) (b) GDPR, as processing is necessary for the controller to fulfill a contract. Furthermore, external online processors are used on the basis of Art. 6 (1) (f) GDPR for the legitimate interests of the controller in order to be able to offer you the most secure, simple, and diverse payment options possible.
3. Regarding the storage period, revocation, information and data subject rights, we refer to the above data protection declarations of the online billing providers.

Contact us via contact form / email / fax / post

1. When you contact us via contact form, fax, post or email, your information will be processed for the purpose of processing your contact request.
2. The legal basis for processing the data, provided you have given your consent, is Art. 6 (1) (a) GDPR. The legal basis for processing data transmitted in the course of a contact request or email, letter or fax is Art. 6 (1) (f) GDPR. The controller has a legitimate interest in processing and storing the data in order to be able to answer user inquiries, to preserve evidence for liability reasons and, if necessary, to comply with its statutory retention periods for business letters. If the aim of the contact is to conclude a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.
3. We may store your information and contact request in our Customer Relationship Management System (“CRM System”) or a similar system.
4. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data from the contact form input mask and that sent by email, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. We store inquiries from users who have an account or contract with us for a period of two years after the contract has ended. In the case of statutory archiving obligations, deletion occurs after these expiration: end of the retention period under commercial law (6 years) and tax law (10 years).
5. You have the right to revoke your consent to the processing of your personal data at any time, in accordance with Art. 6 (1) (a) GDPR. If you contact us by email, you can withdraw your consent to the storage of your personal data at any time.

Contact by phone

1. When you contact us by phone, your telephone number will be processed to process your contact request and its handling. It will be temporarily stored or displayed in the RAM/cache of your phone/display. This storage is done for liability and security reasons, to provide evidence of the call, and for economic reasons, to enable a return call. In the event of unauthorized advertising calls, we will block the phone number.
2. The legal basis for processing the telephone number is Art. 6 (1) (f) GDPR. If the contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.
3. The device cache stores calls for 90 days and gradually overwrites or deletes old data. When the device is disposed of, all data is deleted and the memory may be destroyed. Blocked phone numbers are reviewed annually to determine whether blocking is necessary.
4. You can prevent the phone number from being displayed by calling with a withheld phone number.

Newsletter

1. You can subscribe to our newsletter with your voluntary consent by entering your email address. Only this is required. Providing further data is voluntary and serves only for the purpose of personal contact. We use the so-called “double opt-in process” for registration. After registering with your email address, you will receive an email from us with a confirmation link to confirm your registration. If you click this confirmation link, your email address will be added to the newsletter distribution list and saved for the purpose of sending emails. If you do not click the confirmation link within 24 hours, your registration data will be blocked and automatically deleted after 30 days.
2. We also log the IP address you used during registration, as well as the date and time of the double opt-in (registration and confirmation). The purpose of this storage is to fulfill legal requirements regarding proof of registration and to prevent misuse of your email address.
3. As part of your declaration of consent, the contents (e.g. advertised products/services, offers, advertising and topics) of the newsletter will be described in detail.
4. We use the following shipping service provider for email delivery: 
   Shopify (). You can find their privacy policy here. We have concluded a data processing agreement with this shipping service provider in accordance with Art. 28 GDPR.
5. When sending the newsletter, we evaluate your user behavior. The newsletters contain so-called “web beacons” or “tracking pixels,” which are called up when the newsletter is opened. For this purpose, we link the web beacons to your email address and a unique ID. Links received in the newsletter also contain this ID. The data is collected exclusively in a pseudonymized form; the IDs are not linked to your other personal data, and direct personal reference is excluded. With this data, we can determine whether and when you opened the newsletter and which links in the newsletter were clicked. This serves the purpose of optimizing and statistically evaluating our newsletter.
6. We use the data collected above to create a user profile to identify our users’ reading habits and interests and thus personalize the newsletter. If you have also performed other actions on our website, we also link this data to tailor our newsletter content to your interests.
7. The legal basis for sending the newsletter, measuring success and storing the email is your consent in accordance with Art. 6 (1) (a) GDPR in conjunction with Section 7 (2) No. 3 UWG and for logging the consent Art. 6 (1) (f) GDPR, as this serves our legitimate interest in legal evidence.
8. You can opt out of tracking at any time by clicking the unsubscribe link at the end of the newsletter. Doing so will also stop your newsletter subscription. If you disable the display of images in your email software, tracking will also be impossible. However, this may limit the functionality of the newsletter, and images contained within will not be displayed.
9. You can revoke your consent to receive the newsletter at any time. You can do so by clicking the unsubscribe link at the end of the newsletter, sending an email, or notifying us using the contact details above. We will store your data for as long as you are subscribed to the newsletter. After unsubscribing, your data will only be stored anonymously for statistical purposes.

Google Adsense

1. We have integrated advertisements from the Google service “Adsense” (Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) on our website. These advertisements are identified by the (i) “Google Ads” notice in each ad. We have enabled personalized ads to show you more interesting advertising that supports the commercial use of our website, increases its value for us, and improves your user experience. With personalized advertising, we can reach users via Adsense based on their interests and demographic characteristics (e.g., “sports enthusiasts”).
2. For these purposes, Google receives the information that you have accessed our website when you visit our website. To do so, Google places a web beacon or cookie on your computer. The full extent of the data processing and the storage period are unknown to us. The data is also transferred to the USA and analyzed there. If you are logged in with a Google account, AdSense can assign the data to your account. If you do not want this to happen, you must log out before visiting our website.
3. But other information can also be used by Google for this purpose:

   • the type of websites you visit and the mobile apps installed on your device;

   • Cookies in your browser and settings in your Google Account;

   • Websites and apps you have visited;

   • Your activities on other devices;

   • previous interactions with Google ads or advertising services;

   • Your Google Account activity and information.

4. When you click on an Adsense ad, the user’s IP address is processed by Google (usage data). This processing is pseudonymized (so-called “advertising ID”) by shortening the IP address by the last two digits.
5. When it comes to personalized advertising, Google does not link identifiers from cookies or similar technologies to special categories of personal data pursuant to Art. 9 GDPR, such as ethnic origin, religion, sexual orientation or health.
6. It cannot be ruled out that the above data may be transferred to third parties, authorities, or Google partners. This website also has enabled third-party Google AdSense ads. The aforementioned data may  be transferred to these third parties (named at https://support.google.com/dfp_sb/answer/94149 ).
7. The legal basis for the processing of your data is Art. 6 (1) (f) GDPR. Google is certified under the EU-US Privacy Shield:  https://www.privacyshield.gov/EU-US-Framework .
8. You can object to or prevent the installation of cookies by Google Adsense in various ways:
   • You can block cookies in your browser by  setting “do not accept cookies” , which also includes third-party cookies;

    • You can deactivate personalized ads  directly from Google via the link  https://adssettings.google.com . This setting will only remain in effect until you delete your cookies.  Instructions  for deactivating personalized advertising on mobile devices can be found here: https://support.google.com/adsense/troubleshooter/1631343.

   • You can deactivate personalized  ads from third-party providers who participate in the advertising self-regulation initiative “About Ads” via the link  https://optout.aboutads.info  for US sites or for EU sites at  http://www.youronlinechoices.com/de/praferenzmanagement/  . This setting will only remain in effect until you delete all your cookies.
   • You can permanently deactivate cookies using a  browser plug-in  for Chrome, Firefox, or Internet Explorer at the link  https://support.google.com/ads/answer/7395996  . This deactivation may mean that you will no longer be able to fully use all of the functions of our website.

9.  For more information about Google’s use of cookies in ads and their advertising technologies, storage duration, anonymization, location data, functionality, and your rights, please see Google’s advertising privacy policy at  https://policies.google.com/technologies/ads .

Google AdWords with conversion tracking

1. We use the service “AdWords with Conversion Tracking” (Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) to draw attention to our website by means of advertisements on third-party websites. When you click on one of our Google ads, a cookie is stored in your browser which is valid for approximately 30 days. When you then visit our website, we and Google can use the cookie to evaluate whether you have visited our website and which page you visited. Google compiles statistics on this. The full extent of the data processing is not known to us. The data is also transferred to the USA and analyzed there. If you are logged in with a Google account, AdWords can assign the data to your account. If you do not want this to happen, you must log out before visiting our website. This conversion tracking serves the purpose of analyzing, optimizing and ensuring the economic operation of our advertising and website.
2. The legal basis for processing your data is our legitimate interest in the analysis, optimization, and economic operation of our advertising and website in accordance with Art. 6 (1) (f) GDPR. Google is certified under the EU-US Privacy Shield:  https://www.privacyshield.gov/EU-US-Framework .
3. You can object to or prevent the installation of cookies by Google in various ways:

   • You can block cookies in your browser by  selecting “do not accept cookies” , which also includes third-party cookies;

    • You can deactivate conversion tracking directly from Google using the link  https://adssettings.google.com , although this setting will only remain in effect until you delete your cookies.

   • You can deactivate the personalized  ads of third parties who participate in the advertising self-regulation initiative “About Ads” via the link  https://optout.aboutads.info  for US sites or for EU sites at  http://www.youronlinechoices.com/de/praferenzmanagement/  , although this setting will only last until you delete all your cookies;

   • You can permanently disable cookies using a  browser plug-in  for Chrome, Firefox, or Internet Explorer at  https://support.google.com/ads/answer/7395996  . This disabling may result in you no longer being able to fully use all of our website’s features.

4. For more information, please see Google’s privacy policy at  https://policies.google.com/privacy?hl=de&gl=de  and  https://services.google.com/sitestats/de.html .

Google AdWords Remarketing / “Similar Audiences”

1. We use the Google AdWords Remarketing/”Similar Audiences” application (Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) to draw attention to our website by means of advertisements on third-party websites and other internet offerings. With the  remarketing or “Similar Audiences” function  in AdWords, we can reach you there if you have already visited our website and address you with a suitable message via an ad. With remarketing, we can bring our previous visitors back to our website with just one click. When you visit certain pages of our website, a cookie is stored in your browser which is valid for 30 days. When you then access other websites or internet offerings, we and Google can use the cookie to evaluate whether you have already visited our website and whether you also see our advertising there. Google compiles statistics on this. The full extent of the data processing is not known to us. The data is also transferred to the USA and analyzed there. According to Google, the data collected through remarketing will not be merged with any personal data you may have stored with Google, but will be processed pseudonymously. This remarketing serves the purpose of analyzing, optimizing, and operating our advertising and website economically.
2. The legal basis for processing your data is our legitimate interest in the analysis, optimization, and economic operation of our advertising and website in accordance with Art. 6 (1) (f) GDPR. Google is certified under the EU-US Privacy Shield:  https://www.privacyshield.gov/EU-US-Framework .
3. You can object to or prevent the installation of cookies by Google in various ways:

   • You can block cookies in your browser by  selecting “do not accept cookies” , which also includes third-party cookies;

    • You can deactivate personalized ads directly from Google using the link  https://adssettings.google.com , although this setting will only remain in effect until you delete your cookies.

   • You can deactivate the personalized  ads of third parties who participate in the advertising self-regulation initiative “About Ads” via the link  https://optout.aboutads.info  for US sites or for EU sites at  http://www.youronlinechoices.com/de/praferenzmanagement/  , although this setting will only last until you delete all your cookies;

   • You can permanently disable cookies using a  browser plug-in  for Chrome, Firefox, or Internet Explorer at  https://support.google.com/ads/answer/7395996  . This disabling may result in you no longer being able to fully use all of our website’s features.

4. For more information, please see Google’s privacy policy at  https://policies.google.com/privacy?hl=de&gl=de .

YouTube videos

1. We have embedded YouTube videos from youtube.com on our website using the embedded function, so that they can be accessed directly on our website. YouTube is owned by Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland. We have embedded the videos in so-called “extended data protection mode” without using cookies to record usage behavior in order to personalize video playback. Instead, the video recommendations are based on the currently playing video. Videos played in extended data protection mode in an embedded player do not affect which videos are recommended to you on YouTube. When you start a video (click on the video), YouTube receives the information that you have accessed the corresponding subpage of our website. The data obtained is transferred to the USA and stored there. This also happens without a Google user account. If you are logged into your Google account, Google can assign the above data to your account. If you do not want this to happen, you must log out of your Google account. Google creates user profiles from such data and uses this data for the purposes of advertising, market research or optimising its websites.
2. The legal basis for this is our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR, which also lies in the above purposes.
3. You have the right to object to the creation of user profiles by Google. Please contact Google directly via the privacy policy below. You can opt out of advertising cookies in your Google Account here:
   https://adssettings.google.com/authenticated .
4.  For more information about Google’s use of cookies and advertising technologies, storage duration, anonymization, location data, functionality, and your rights, see  YouTube’s Terms of Use at  https://www.youtube.com/t/terms  and Google’s Advertising Privacy Policy at  https://policies.google.com/technologies/ads . Google’s General Privacy Policy: https://policies.google.com/privacy .
5. Google is certified under the EU-US Privacy Shield ( https://www.privacyshield.gov/EU-US-Framework ) and is therefore obliged to comply with European data protection law.

Google Maps

1. We have integrated maps from “Google Maps” (Google Ireland Limited, Register No. 368047, Gordon House, Barrow Street, Dublin 4, Ireland) on our website. This allows us to display the location of addresses and directions directly on our website in interactive maps and enables you to use this tool.
2. When you access our website, which includes Google Maps, a connection is established to Google’s servers in the USA. Your IP address and location may be transmitted to Google. Google also receives the information that you have accessed the corresponding page. This happens even without a Google user account. If you are logged into your Google account, Google can assign the above data to your account. If you do not wish this to happen, you must log out of your Google account. Google creates user profiles from this data and uses this data for the purposes of advertising, market research, or optimizing its websites.
3. The legal basis for this is our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR, which also lies in the above purposes.
4. You have the right to object to the creation of user profiles by Google. Please contact Google directly via the privacy policy below. You can opt out of advertising cookies in your Google Account here:
   https://adssettings.google.com/authenticated .
5. For more information about Google’s use of cookies and advertising technologies, storage duration, anonymization, location data, functionality, and your rights, see the Google Maps Terms of Use at  https://www.google.com/intl/de_de/help/terms_maps.html  and the Google Advertising Privacy Policy at  https://policies.google.com/technologies/ads .  Google’s general privacy policy:  https://policies.google.com/privacy .
6. Google is certified under the EU-US Privacy Shield ( https://www.privacyshield.gov/EU-US-Framework ) and is therefore obliged to comply with European data protection law.

Presence on social media

1. We maintain profiles and fan pages on social media to communicate with connected and registered users and to provide information about our products, offers, and services. These US providers are certified under the so-called Privacy Shield and are therefore obligated to comply with European data protection regulations. When you use and access our profile on the respective network, the respective privacy policy and terms of use of the respective network apply.
2. We process the data you send to us via these networks in order to communicate with you and to respond to your messages there.
3. The legal basis for the processing of personal data is our legitimate interest in communicating with users and our external presentation for advertising purposes in accordance with Art. 6 (1) (f) GDPR. If you have given the controller of the social network consent to the processing of your personal data, the legal basis is Art. 6 (1) (a) and Art. 7 GDPR.
4. The data protection information, information options and opt-out options of the respective networks can be found here:

   •  Facebook  (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) Privacy Policy:  https://www.facebook.com/about/privacy/ , Opt-Out:  https://www.facebook.com/settings?tab=ads  and  http://www.youronlinechoices.com , Privacy Shield:  https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active .

   •  Instagram  (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy/Opt-Out:  http://instagram.com/about/legal/privacy/ .

Social media plug-ins

1. We use social media plug-ins from social networks on our website. We use the so-called  “two-click solution” Shariff  from c’t and heise.de. When you access our website,  no personal data is  transmitted to the plug-in providers. Next to the logo or brand of the social network, you will find a control that you can click to activate the plug-in. Once activated, the provider of the social network receives the information that you have accessed our website and that your personal data will be transmitted to the plug-in provider and stored there. These are so-called third-party cookies. According to some providers, such as Facebook and XING, your IP address is immediately anonymized after collection.
2. The plug-in provider stores the data collected about the user as user profiles. These are used for the purposes of advertising, market research, and/or tailoring its website to meet the needs of its users. Such evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about the user’s activities on our website. The user has the right to object to the creation of these user profiles; to exercise this right, they must contact the respective plug-in provider.
3. The legal basis for the use of plug-ins is our legitimate interest in improving and optimizing our website by increasing our awareness through social networks as well as the possibility of interacting with you and users with each other via social networks in accordance with Art. 6 (1) (f) GDPR.
4. We have no influence on the data collected and the data processing procedures. We also have no knowledge of the scope of data collection, the purpose of processing, or the retention periods. We also have no information on the deletion of the collected data by the plug-in provider.
5. Regarding the purpose and scope of data collection and processing, we refer to the respective privacy policies of the social networks. You will also find information about your rights and settings options for protecting your personal data there.

Facebook

1. We have integrated plug-ins from the social network Facebook.com (headquarters in the EU: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on our website as part of the so-called “two-click solution” from Shariff. You can recognize these by the Facebook logo “f” or the addition “Like”, “Like” or “Share”.
2. As soon as you deliberately activate the Facebook plug-in, a connection is established from your browser to the Facebook servers. Facebook receives the information, including your IP address, that you have visited our website and transmits this information to Facebook servers in the USA, where it is stored. If you are logged into your Facebook account, Facebook can assign this information to your account. When you use the functions of the plug-in, e.g. by clicking the “Like” button, this information is also transferred from your browser to the Facebook servers in the USA and stored there.
3. The purpose and scope of data collection, as well as the further processing and use of the data by Facebook, as well as your rights and setting options for protecting your privacy, can be found in Facebook’s privacy policy:  https://www.facebook.com/about/privacy/ . Data collection when clicking the “Like” button:  https://www.facebook.com/help/186325668085084 . You can manage your settings regarding the use of your profile data for advertising purposes on Facebook and object here:  https://www.facebook.com/ads/preferences/ .
4. If you log out of Facebook before visiting our website and delete your cookies, no data about your visit to our website will be assigned to your Facebook profile when the plug-in is activated.
5. You can also prevent the Facebook plug-in from loading by using so-called “Facebook Blocker”, which you can install as an add-on for your browser: Facebook Blocker for  Firefox ,  Chrome  and  Opera  or  1blocker  for Safari, iPad and iPhone.
6. Facebook has submitted to the Privacy Shield and thus ensures that European data protection law is observed:  https://www.privacyshield.gov/EU-US-Framework .

Instagram

1. We have integrated plug-ins from the social network Instagram (Instagram LLC., 1601 Willow Road, Menlo Park, CA, 94025, USA) on our website as part of the so-called “two-click solution” from Shariff. You can recognize these by the Instagram logo in the shape of a square camera.
2. If you intentionally activate the plug-in, a connection will be established from your browser to the Instagram servers. Instagram receives the information, including your IP address, that you have visited our site and transmits the information to Instagram servers in the USA, where this information is stored. If you are logged into your Instagram account, Instagram can assign this information to your account and you can click the Instagram button to share and save the content of our pages on your Instagram account and possibly show it to your friends there. We have no knowledge of the exact content of the transmitted data, its use or for how long it is stored by Instagram.
3. If you log out of Instagram before visiting our website and delete your cookies, no data about your visit to our website will be assigned to your profile on Instagram when the plug-in is activated.
4. You can find further information in Instagram’s privacy policy at  https://help.instagram.com/519522125107875  and about the privacy settings here:  https://help.instagram.com/196883487377501 .

Rights of the data subject

1. Objection or revocation against the processing of your data

   To the extent that the processing is based on your consent pursuant to Art. 6 (1) (a) GDPR, Art. 7 GDPR, you have the right to revoke your consent at any time. This does not affect the legality of the processing carried out on the basis of your consent until the revocation.

   If we base the processing of your personal data on the balancing of interests pursuant to Art. 6 (1) (f) GDPR, you can object to the processing. This is the case, in particular, if the processing is not necessary to fulfill a contract with you, which we will explain in the following description of the functions. If you exercise such an objection, we ask you to explain the reasons why we should not process your personal data as we do. If your objection is justified, we will examine the situation and will either stop or adapt the data processing or explain to you our compelling legitimate reasons on the basis of which we continue the processing.

   You can object to the processing of your personal data for advertising and data analysis purposes at any time. You can exercise your right of objection free of charge. You can inform us of your objection to advertising using the following contact details:

   Badmaash Indian Food Club
   Am Malzbüchel 1
   50667, Cologne
   Managing Director Sarvraj Singh Hundal
   Email address: info@badmaash.de

    

2. Right to information
   You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to information about your personal data stored by us in accordance with Art. 15 GDPR. This includes, in particular, information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, and the origin of your data, unless it was collected directly from you.
3. Right to rectification
   You have the right to have incorrect data rectified or correct data completed in accordance with Art. 16 GDPR.
4. Right to erasure
   You have the right to have your data stored by us erased in accordance with Art. 17 GDPR, unless statutory or contractual retention periods or other statutory obligations or rights to further storage conflict with this.
5. Right to restriction
   You have the right to request that the processing of your personal data be restricted if one of the conditions in Art. 18 (1) (a) to (d) GDPR is met:
   • If you contest the accuracy of the personal data concerning you for a period that enables the controller to verify the accuracy of the personal data;

   • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;

   • the controller no longer needs the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims, or

   • if you have objected to processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.

6. Right to data portability
   You have a right to data portability according to Art. 20 GDPR, which means that you can receive the personal data we have stored about you in a structured, common and machine-readable format or you can request that it be transmitted to another controller.
7. Right to lodge a complaint
   You have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority in the Member State of your residence, place of work, or place of the alleged infringement.

Data security

To protect all personal data transmitted to us and to ensure that we and our external service providers adhere to data protection regulations, we have taken appropriate technical and organizational security measures. This is why, among other things, all data between your browser and our server is transmitted encrypted via a secure SSL connection.

As of: November 10, 2019