CONTROLLER within the meaning of the GDPR:

A.K. GmbH
Franziskaner Straße 14
81669 Munich

Contact:
By mail: Haus Kiefer, Friedhofstraße 1, 76437 Rastatt-Ottersdorf
By email: info@haus-kiefer-rastatt.de

WHAT INFORMATION DO WE COLLECT?

PERSONAL INFORMATION YOU PROVIDE TO US

In summary: We collect personal information that you provide to us.

We collect the personal data you voluntarily provide to us when you express interest in information about us, when you participate in activities on the website www.haus-kiefer-rastatt.de, or when you contact us in any other way.

The personal information we collect depends on the context of your interactions with us and the website, your choices, and the products and features you use. The personal information we collect may include:

• Names, email addresses, billing addresses, debit/credit card numbers, and other similar information,
• Payment data: We may collect data necessary to process your payment if you make purchases, such as your payment method ID (e.g., a credit card number) and the security code associated with your payment method.
• Video surveillance of the building.

AUTOMATICALLY COLLECTED INFORMATION

Summary: Certain information—such as your Internet Protocol (IP) address and/or browser and device characteristics—is collected automatically when you visit our website.

We automatically collect certain information when you visit, use, or navigate the website. This information does not reveal your identity (e.g., your name or contact details), but may include device and usage data, such as your IP address, browser and device characteristics, operating system, language settings, referring URLs, device name, country, location, information about how and when you use our website, and other technical information.

This information is primarily needed to maintain the security and operation of our website, as well as for our internal analysis and reporting purposes.

The information we collect includes:

• Log and usage data: Log and usage data consists of service-related, diagnostic, usage, and performance information that our servers automatically collect when you access or use our website, and which we record in log files. Depending on your interaction with us, this log data may include your IP address, device information, browser type and settings, as well as information about your activities on the website (e.g., date/time stamps related to your usage, pages and files viewed, search queries, and other actions, such as which features you use), information about device events (e.g., system activities, error reports (including so-called “crash dumps”), and hardware settings).
• Device data: We collect device data, such as information about your computer, phone, tablet, or other devices you use to access the website. Depending on the device you use, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, internet service provider and/or mobile carrier, operating system, and system configuration information.
• Location Data. We collect location data, such as information about the location of your device, which may be either precise or approximate. The amount of information we collect depends on the type and settings of the device you use to access the website. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can object to the collection of this data by either denying access to the data or disabling the location setting on your device.
  Please note, however, that you may not be able to use certain aspects of the services if you choose to opt out.

HOW DO WE USE YOUR INFORMATION?

In summary: We process your data for purposes based on legitimate business interests, the performance of our contract with you, compliance with our legal obligations, and/or your consent.

We use the personal data collected through our website for various business purposes described below. We process your personal data for these purposes based on our legitimate business interests, to enter into or fulfill a contract with you, with your consent, and/or to comply with our legal obligations. We specify the specific legal grounds on which we rely next to each purpose listed below.

We use the information we collect or receive as follows:

• We fulfill and manage your orders. We may use your data to process and manage orders, payments, returns, and exchanges made through the website.
• Providing and facilitating the provision of services to users. We may use your data to provide you with the service you have requested.
• Responding to user inquiries/providing user support. We may use your data to respond to your inquiries and resolve any issues that may arise while using our services.

IS YOUR INFORMATION SHARED WITH THIRD PARTIES?

In summary: We only share information to comply with laws, provide services to you, protect your rights, or fulfill business obligations.

We may process or share the data we hold about you on the following legal basis:

• Consent: We may process your data provided you have given us your explicit consent to use your personal information for a specific purpose.
• Legitimate Interests: We may process your data if this is necessary to protect our legitimate business interests.
• Performance of a Contract: If we have entered into a contract with you, we may process and disclose your personal data to fulfill the terms of our contract, in particular to collect admission fees via credit card, as set forth in Section 3.2 of the Terms and Conditions.
• Legal obligations: We may disclose your data if we are legally required to do so to comply with applicable law, governmental requests, legal proceedings, a court order, or legal process, such as in response to a court order or subpoena (including in response to public authorities to meet national security or law enforcement requirements).
• Vital Interests: We may disclose your data if we believe it is necessary to investigate or prevent potential violations of our policies, suspected fraud, situations posing a potential threat to the safety of individuals, and illegal activities, or to take action in this regard, or as evidence in legal disputes in which we are involved.

HOW LONG DO WE RETAIN YOUR INFORMATION?

In summary: We retain your data only for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, unless otherwise required by law:

We retain your personal data only for as long as is necessary to fulfill the purposes set forth in this Privacy Policy, unless a longer retention period is required or permitted by law (e.g., for tax, accounting, or other legal reasons). Video surveillance data is deleted within 48–72 hours.

Unless we have a further legitimate business need to continue processing your personal data, we will delete or anonymize this data, or, if this is not possible (e.g., because your personal data has been stored in backup archives), we will securely store your personal data and isolate it from any further processing until deletion can take place.

HOW DO WE KEEP YOUR DATA SECURE?

In summary: We strive to protect your personal data through a system of organizational and technical security measures.

We have implemented appropriate technical and organizational security measures to ensure the security of the personal data we process. However, despite our security precautions and efforts to protect your data, it is not possible to guarantee 100% security for electronic transmissions over the internet or information storage technology, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to circumvent our security and unlawfully collect, access, steal, or alter your data. Although we do our best to protect your personal data, the transfer of personal data to and from our website is at your own risk. You should only access the website from a secure environment.

DO WE COLLECT INFORMATION FROM MINORS?

In short: We do not knowingly collect or market to children under the age of 18.

We do not knowingly collect or market to children under the age of 18. By using the website, you represent that you are at least 18 years old or that you are the parent or legal guardian of such a minor and consent to the minor’s use of the website. If we learn that personal data from users under the age of 18 has been collected, we will deactivate the account and take appropriate measures to promptly delete this data from our records. If you are aware that we have collected data from children under the age of 18, please contact us at info@haus-kiefer-rastatt.de.

WHAT ARE YOUR PRIVACY RIGHTS?

In summary: You can review, modify, or cancel your account at any time.

If you reside in the EEA or the United Kingdom and believe that we are processing your personal data unlawfully, you also have the right to file a complaint with your local data protection supervisory authority. You can find their contact details here: https://ec.europa.eu/justice/data-protection/bodies/authorities/indexen.htm.

If you reside in Switzerland, you can find the contact details of the data protection authorities here: https://www.edoeb.admin.ch/edoeb/en/home.html.

CONTROLS FOR “DO-NOT-TRACK” FUNCTIONS (DNT FUNCTIONS)

Most web browsers, as well as some mobile operating systems and applications, provide an activatable “Do Not Track” feature or setting that allows you to indicate that you do not wish to be tracked or have data collected about your online browsing activities. Currently, there is no defined, uniform technological standard for the recognition and implementation of DNT signals. We therefore do not currently respond to DNT browser signals or other mechanisms that automatically indicate that you do not wish to be subject to online tracking. Should a standard for online tracking be adopted that we are required to follow in the future, we will inform you of this practice in a revised version of this Privacy Policy.

Rights of Data Subjects

You have the right to request access to the personal data we have collected, to correct or delete this data; in particular, you have the following rights:

• Right of access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)
• Withdrawal of consent (Art. 7 GDPR).

If you have any complaints, you may contact a data protection supervisory authority, for example, in Baden-Württemberg:

State Commissioner for Data Protection and Freedom of Information
by mail: P.O. Box 102932, 70025 Stuttgart
by email: poststelle@lfdi.bwl.de.

WILL WE UPDATE THIS NOTICE?

In short: Yes, to remain compliant with applicable laws, we will update this notice as needed.

We reserve the right to update this Privacy Policy from time to time. The updated version will be marked with a revised date, and the updated version will take effect as soon as it is available. If we make significant changes to this Privacy Policy, we may either notify you of these changes through a prominent notice or send you a direct notification. We recommend that you regularly review this privacy notice to stay informed about how we protect your data.

A.K. GmbH
Effective: January 1, 2026