BELLUCCI
Privacy Policy

Privacy Policy

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection provisions is:

Costello Gastronomie GmbH
Brandenburgische Str. 35
10707 Berlin, Germany

Represented by: Mr A. Hess

Email: info@bellucci.de
Phone: +49 30 280 322 33

2. Overview of Data Processing

The following overview summarises the types of data processed, the purposes of their processing, and refers to the data subjects concerned:

Types of Data Processed

  • Inventory data (e.g. names, addresses)
  • Contact data (e.g. email addresses, phone numbers)
  • Content data (e.g. entries in contact forms)
  • Usage data (e.g. pages visited, access times)
  • Meta/communication data (e.g. IP addresses, device information)
  • Reservation data (e.g. name, party size, date, time)

Purposes of Processing

  • Provision of the website and its functions
  • Handling of contact enquiries and communication
  • Processing of table reservations
  • Security measures
  • Reach measurement and web analytics

3. Legal Bases

The following provides an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile.

  • Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes (e.g. consent to the use of Google Analytics).
  • Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract (e.g. reservations).
  • Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. statutory retention obligations).
  • Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (e.g. website security, usage analysis).

4. Security Measures

We take appropriate technical and organisational measures in accordance with legal requirements, taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

These measures include, in particular:

  • Ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data
  • SSL/TLS encryption of the entire website (identifiable by "https://" in the address bar)
  • Regular review and updating of security measures

5. Data Collection When Visiting the Website

When using the website for informational purposes only, i.e. when you do not register or otherwise submit information to us, we only collect the personal data that your browser transmits to our server (so-called server log files). When you access our website, we collect the following data, which is technically necessary to display our website to you:

  • IP address of the requesting device
  • Date and time of access
  • Name and URL of the file accessed
  • Website from which access was made (referrer URL)
  • Browser used and, where applicable, the operating system of your device
  • Name of your access provider

Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in ensuring the trouble-free operation of our website and improving our services.

Retention period: Server log files are automatically deleted after 7 days.

6. Contact

When you contact us by email or telephone, the data you provide (e.g. your name, email address, telephone number, and the content of your enquiry) will be stored and processed by us for the purpose of handling your enquiry.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in processing enquiries).

Retention period: Data collected in connection with contact enquiries will be deleted after your enquiry has been fully processed and after a period of 30 days, unless statutory retention obligations apply.

7. Reservations

For table reservations, we use the service Quandoo (Quandoo GmbH, Rosenthaler Str. 13, 10119 Berlin, Germany). When you make a reservation through our website, the following data is transmitted to and processed by Quandoo:

  • First and last name
  • Email address
  • Telephone number
  • Number of guests
  • Desired date and time
  • Any special requests or notes

Legal basis: Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures).

For further information on data protection at Quandoo, please refer to Quandoo's privacy policy: https://www.quandoo.de/datenschutz

8. Cookies

Our website uses cookies. Cookies are small text files that are stored on your device and saved by your browser. They serve to make our services more user-friendly and effective.

Technically Necessary Cookies

Some cookies are technically necessary for the proper functioning of our website. These are set automatically and cannot be deactivated. Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

Optional Cookies

In addition, we use optional cookies (e.g. for analytical purposes) that are only set with your explicit consent. Legal basis: Art. 6(1)(a) GDPR (consent).

For further information on the cookies we use, please refer to our Cookie Policy.

9. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies to enable analysis of the use of the website.

IP Anonymisation

We have activated IP anonymisation on this website. This means that your IP address is truncated by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA.

Opt-Out

You can prevent the storage of cookies by adjusting your browser software settings accordingly. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) being transmitted to Google, and the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout

Retention period: 18 months

Legal basis: Art. 6(1)(a) GDPR (consent). Consent is obtained via our cookie banner.

For further information on data protection at Google, please visit: https://policies.google.com/privacy

10. Google Maps

This website uses the mapping service Google Maps provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you access pages that contain Google Maps, data is transmitted to Google servers. This includes, in particular, your IP address and your location.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in the user-friendly presentation of our location.

For further information, please refer to Google's privacy policy: https://policies.google.com/privacy

11. Google Fonts

This website uses Google Fonts for the consistent display of typefaces, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The fonts Playfair Display and Montserrat are loaded via the Google Fonts CDN (Content Delivery Network). When you access our website, your browser establishes a connection to Google's servers to download the fonts. In doing so, your IP address is transmitted to Google.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in the consistent and visually appealing presentation of our website.

For further information on Google Fonts, please visit https://fonts.google.com/about and Google's privacy policy: https://policies.google.com/privacy

12. Social Media

Our website contains links to our profiles on the social networks Facebook and Instagram. These are simple links only -- no social media plugins are embedded.

Only when you click on one of these links are you redirected to the respective platform. Only at that point is data transmitted to the respective social network operator. As long as you do not click on the links, no data is transferred to Facebook or Instagram.

Information on data protection at the respective providers can be found at:

13. Hosting

Our website is hosted by Hostinger. The hosting provider automatically collects and stores information in so-called server log files, which your browser automatically transmits. These are the data referred to in Section 5.

We have concluded a data processing agreement (DPA) pursuant to Art. 28 GDPR with our hosting provider, which ensures the protection of your personal data.

Server location: Germany

14. Your Rights as a Data Subject

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 22 and Art. 77 GDPR:

  • Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether personal data concerning you is being processed. Where that is the case, you have the right of access to such data and to further information as set out in Art. 15 GDPR.
  • Right to rectification (Art. 16 GDPR): You have the right to obtain the rectification of inaccurate personal data concerning you and the completion of incomplete data.
  • Right to erasure (Art. 17 GDPR): You have the right to obtain the erasure of personal data concerning you without undue delay where one of the grounds set out in Art. 17 GDPR applies.
  • Right to restriction of processing (Art. 18 GDPR): You have the right to obtain the restriction of processing of your personal data where one of the conditions set out in Art. 18 GDPR applies.
  • Right to notification (Art. 19 GDPR): If you have exercised your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your data has been disclosed of such rectification, erasure, or restriction.
  • Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
  • Right to object (Art. 21 GDPR): You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(f) GDPR. Where personal data is processed for direct marketing purposes, you have the right to object at any time to such processing.
  • Right to withdraw consent (Art. 7(3) GDPR): You have the right to withdraw any consent given at any time with effect for the future. The lawfulness of processing carried out on the basis of the consent prior to its withdrawal shall not be affected.
  • Right against automated decisions (Art. 22 GDPR): You have the right not to be subject to a decision based solely on automated processing -- including profiling -- which produces legal effects concerning you or similarly significantly affects you.
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes the GDPR.

Competent Supervisory Authority

Berliner Beauftragte für Datenschutz und Informationsfreiheit
(Berlin Commissioner for Data Protection and Freedom of Information)
Friedrichstr. 219
10969 Berlin, Germany

Website: https://www.datenschutz-berlin.de

15. Currency and Amendments to this Privacy Policy

This privacy policy is currently valid as of March 2026. Due to the further development of our website or changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version of the privacy policy can be accessed at any time on this page.

← Back to homepage