• Home
  • Information
  • Privacy Policy for Café Jolie

Privacy Policy for Café Jolie

Last Updated: May 11, 2025

1. Controller

Café Jolie
Nicole Vogelhuber
Im Kamp 4
33161 Hövelhof

Germany
Email: info@cafe-jolie.com

2. General Data Processing

We collect, process and use personal data only to the extent necessary for establishing, implementing or modifying the legal relationship (inventory data), fulfilling our legal obligations (mandatory data) or with your explicit consent (consent data). Data will be deleted or blocked as soon as the purpose ceases to apply and no legal retention periods prevent it.

3. Legal Basis

  • Art. 6(1)(b) GDPR: Performance of contract and pre-contractual measures
  • Art. 6(1)(c) GDPR: Compliance with legal obligations
  • Art. 6(1)(a) GDPR: Consent for marketing and analytics
  • Art. 6(1)(f) GDPR: Legitimate interests (e.g. operation and optimization of the shop)

4. Data Collected & Purposes

  • Inventory data: Name, address, e-mail, phone – for contract processing and customer communication.
  • Contact data: E-mail address and phone – for inquiries via contact form or e-mail.
  • Usage data: Visit and behavior data (e.g. IP address, visited pages) – to ensure operation and security monitoring.
  • Marketing/Analytics data: Cookie and tracking data (e.g. Google Analytics) – for web analytics and service improvement.

5. Disclosure to Third Parties

We only share data where necessary to fulfill the contract (e.g. shipping providers), with your consent, or if legally required. Legal basis: Art. 6(1)(b) and (c) GDPR.

6. Cookies & Tracking

For details on our use of cookies, please see our Cookie Policy. You may disable cookies via your browser settings.

7. Use of Google Analytics

We use Google Analytics with IP anonymization. Processing is based on your consent (Art. 6(1)(a) GDPR). See Google’s Privacy Policy for details.

8. Data Transfers to Third Countries

Data transfers outside the EU/EEA occur only if an adequate level of data protection is ensured or standard contractual clauses are in place.

9. Data Retention

Personal data is deleted once the purpose no longer applies and no legal retention obligations remain.

10. Data Subject Rights

  • Access to personal data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure (“Right to be forgotten”, Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Objection to processing (Art. 21 GDPR)
  • Data portability (Art. 20 GDPR)
  • Withdraw consent at any time (Art. 7(3) GDPR)
  • Complaint to a supervisory authority (Art. 77 GDPR)

11. Security

We implement technical and organizational measures to protect your data against loss, destruction, manipulation and unauthorized access (Art. 32 GDPR).

12. Changes to This Policy

We may update this privacy policy as needed. The “Last Updated” date at the top indicates when it was last revised. Please review it periodically.