Privacy Policy

Last updated: 1st January 2026

Data Controller Information

The data controller for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:

Data We Collect

We collect different types of information depending on how you interact with our services. The data we collect includes both information you provide directly and information collected automatically when you use our website.

Information You Provide

• Contact information (name, email address, phone number, postal address)
• Event details and catering requirements
• Dietary restrictions and special requests
• Payment information (processed securely through third-party providers)
• Communication preferences and feedback
• Any other information you choose to provide when contacting us

Information Collected Automatically

• IP address and browser information
• Device type and operating system
• Pages visited and time spent on our website
• Referring website and search terms
• Cookies and similar tracking technologies (see our Cookie Policy)

How We Use Your Information

We use of your data is based on legitimate business interests, contractual necessity, or your consent. We use your information for the following purposes:

• To provide and deliver our catering services
• To communicate with you about your events and bookings
• To process payments and manage billing
• To respond to your enquiries and provide customer support
• To improve our website and services
• To send you marketing communications (with your consent)
• To comply with legal obligations and protect our business interests

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to fulfil our catering services contract with you
• Legitimate Interests: For business operations, customer service, and website improvement
• Consent: For marketing communications and non-essential cookies
• Legal Obligation: To comply with accounting, tax, and other legal requirements

Data Sharing and Disclosure

We do not sell your personal information. We may share your data with trusted third parties in the following circumstances:

• Service providers who assist with our operations (payment processors, suppliers, delivery services)
• Professional advisers (lawyers, accountants, insurance providers)
• Regulatory authorities when required by law
• In connection with a business transfer or acquisition

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this policy. Our data retention periods are as follows:

• Customer and booking information: 7 years for accounting and tax purposes
• Marketing communications: Until you unsubscribe or object
• Website analytics data: 26 months maximum
• Enquiry information: 3 years unless a business relationship develops

Your Rights

Under GDPR and Austrian data protection law, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Correct any inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month.

International Data Transfers

We primarily store and process your data within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and staff training on data protection.

Cookies and Tracking

Our website uses cookies and similar technologies to enhance your browsing experience and analyse website usage. For detailed information about our use of cookies, please see our Cookie Policy.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Information

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde) or the supervisory authority in your country of residence.