Privacy Policy - VidiReserve

As of: April 2026

This Privacy Policy informs you about the type, scope and purpose of personal data processing on the platform reserve.schierhuberit.de ("VidiReserve").

1. Controller

The controller within the meaning of GDPR is:

VidiScope GmbH
Riedackerstr. 4A
69509 Mörlenbach
Germany

Managing Director: Valentin Schierhuber
Email: office@vidiscope.com
Phone: +49 731 25072700

For data protection inquiries, please contact: datenschutz@vidiscope.com

2. Data Protection Officer

We have not appointed a Data Protection Officer as the legal requirements for this are not met. Please direct data protection inquiries to the controller's email above.

3. Server Logs

Each time our website is accessed, our hosting provider automatically stores the following data in log files:

IP address (truncated after 7 days)
Date and time of access
Requested URL
HTTP status code and transferred data volume
Referrer URL
Browser identification (user agent)

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest)
Purpose: Technical operation, error analysis, attack protection
Retention: 7 days, then automatic deletion or anonymization

4. Cookies

We use cookies on our website. Strictly necessary cookies (PHPSESSID, _csrf_token, dr_consent) are set without consent under § 25 (2) no. 2 TDDDG. Optional cookies are set only with your explicit consent (§ 25 (1) TDDDG, Art. 6 (1) lit. a GDPR). You can withdraw your consent at any time via the "Cookie Settings" link in the footer.

5. Registration and User Account

For registration we process: name, email address, phone number, encrypted password, optional birthday and language preference. Legal basis: Art. 6 (1) lit. b GDPR (contract). Retention: until account deletion; statutory retention periods remain unaffected.

6. Reservations

For reservations we process: date, time, party size, contact details, allergies/dietary information (Art. 9 GDPR — explicit consent), special requests, company name. Recipients: The selected restaurant (own controller under Art. 4 no. 7 GDPR). Legal basis: Art. 6 (1) lit. b GDPR. Retention: 3 years after last reservation; tax-relevant data up to 10 years (§ 147 AO).

7. Reviews

We store reviews together with the timestamp and IP address (BGH case law, evidence purposes), the linked reservation (verification of real experience) and the consent to community guidelines. Legal basis: Art. 6 (1) lit. b + lit. f GDPR. Retention: as long as restaurant profile is active, max 5 years.

8. Payment Processors

SumUp (SumUp Payments Limited, London, UK) — for card payments via SumUp readers
Stripe (Stripe Payments Europe Ltd., Dublin, Ireland) — for online deposits/event fees, when applicable

9. Service Providers

Hosting: STRATO AG, Berlin, EU/Germany
Email delivery: STRATO AG, Berlin, EU/Germany
Bootstrap CDN: jsDelivr (Cloudflare), global

10. Your Rights

You have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), withdrawal of consent (Art. 7 (3)). Contact: datenschutz@vidiscope.com

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for our platform is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163, 65021 Wiesbaden, Germany
https://datenschutz.hessen.de

12. Data Security

We implement technical and organizational security measures. The connection to our website is encrypted via TLS (HTTPS). Passwords are stored exclusively as bcrypt hashes.

13. Automated Decision-Making

No automated decision-making within the meaning of Art. 22 GDPR takes place.

As of: April 2026

`PHPSESSID`	Session identification, login status	Session
`_csrf_token`	Cross-Site Request Forgery protection	Session
`dr_consent`	Storage of your cookie preferences	12 months