1. Controller
The controller responsible for the processing of personal data on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Methfesselstraße 88
20255 Hamburg, Germany
Phone: +49 163 637 9416
Email: bar@ryeanddry.de
2. General Information on Data Processing
2.1 Scope of Processing
We collect and use personal data of our users only insofar as this is necessary to provide a functional website and our content and services. Processing of personal data is regularly only carried out with the consent of the user or where a legal basis permits processing.
2.2 Legal Bases
Where we process personal data, the following legal bases apply:
- Art. 6 (1) (a) GDPR — Consent of the data subject
- Art. 6 (1) (b) GDPR — Performance of a contract, e.g. for voucher purchases
- Art. 6 (1) (c) GDPR — Compliance with legal obligations, e.g. tax retention requirements
- Art. 6 (1) (f) GDPR — Legitimate interests, e.g. security of data processing
2.3 Data Erasure and Storage Duration
Personal data is erased or restricted as soon as the purpose of storage ceases to apply. For data from voucher purchases, the statutory tax retention period of ten years applies (§ 147 (1) German Fiscal Code).
3. Provision of the Website (Server Log Files)
Each time our website is accessed, our hosting provider (see section 6.4) stores data in so-called server log files. The following data is recorded:
- Requested URL and referrer
- Date and time of the request
- Browser type and version, operating system
- IP address (anonymised or truncated)
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in error-free and secure provision of the website).
Storage duration: Log files are automatically deleted after a maximum of 30 days, unless required to defend against a specific security incident.
4. Processing for Voucher Purchases
When purchasing a gift voucher, we collect the following personal data:
- Name and email address of the buyer
- Optional: Name and personal message for the recipient
- Billing address (collected by Stripe)
- Payment data (processed by Stripe, not stored by us)
Purpose: Execution of the purchase contract, delivery of the PDF voucher by email, invoicing, and management of redemption at the bar.
Legal basis: Art. 6 (1) (b) GDPR (performance of contract) and Art. 6 (1) (c) GDPR (tax retention obligation).
Storage duration: Until full redemption or expiration of the voucher, thereafter for the duration of the tax retention period (10 years).
5. Event and Tasting Enquiries
When registering for events or making tasting enquiries, you provide us with your name, email address, phone number if applicable, and voluntary information (number of persons, notes). This data is used to process your enquiry.
Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures).
Storage duration: Enquiry-related data is deleted after the event or after 12 months without response.
6. Integrated Services and Data Processors
We use services from external providers for the operation of our website. We have concluded or will conclude data processing agreements (DPAs) according to Art. 28 GDPR with each of these providers before going live.
6.1 Stripe (Payment Processing)
For payment processing of voucher purchases, we use the payment service provider Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
Stripe processes name, email address, billing address, IP address, card data, and transaction data when processing payments. Card data is transmitted directly to Stripe and is not stored on our servers.
Legal basis: Art. 6 (1) (b) GDPR.
Stripe privacy information: stripe.com/privacy
6.2 Resend (Email Delivery)
For transactional email delivery (voucher PDF, event confirmations, tasting enquiries) we use Resend, Inc., 2261 Market Street #4071, San Francisco, CA 94114, USA.
Resend processes recipient email address, sender address, subject, and email content for the purpose of delivery and to ensure deliverability.
Legal basis: Art. 6 (1) (b) GDPR.
Transfer to the USA: Resend offers standard contractual clauses (SCC) according to Art. 46 GDPR.
Resend privacy information: resend.com/legal/privacy-policy
6.3 Sanity (Content Management)
Our website content as well as voucher data is managed and delivered through the headless CMS Sanity Inc., 222 Kearny Street, Suite 510, San Francisco, CA 94108, USA.
Sanity stores content data and delivers images via a CDN. As part of voucher management, buyer data (name, email) is also stored.
Legal basis: Art. 6 (1) (b) and (f) GDPR.
Transfer to the USA: Sanity offers standard contractual clauses (SCC) according to Art. 46 GDPR.
Sanity privacy information: sanity.io/legal/privacy
6.4 Vercel (Hosting)
Our website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel operates a globally distributed edge network; requests from the EU area are preferentially processed via EU servers.
Vercel processes IP address, browser type, and request data for the provision of the website and for defence against attacks.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in secure hosting).
Transfer to the USA: Vercel offers standard contractual clauses (SCC) according to Art. 46 GDPR.
Vercel privacy information: vercel.com/legal/privacy-policy
7. Cookies
Our website uses only technically necessary cookies required for the operation of the website. This includes in particular cookies from the payment service provider Stripe during the checkout process (for fraud prevention and secure session management).
These cookies are set on the basis of Art. 6 (1) (f) GDPR (legitimate interest) or § 25 (2) no. 2 of the German Telecommunications and Telemedia Data Protection Act (TTDSG, strictly necessary). No consent is required for this.
We do not use any cookies for marketing or tracking purposes.
8. Rights of Data Subjects
If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent (Art. 7 (3) GDPR)
To exercise your rights, please contact bar@ryeanddry.de.
9. Right to Lodge a Complaint with the Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of your personal data violates the GDPR.
The supervisory authority responsible for us is:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Straße 22, 7. OG · 20459 Hamburg, Germany · datenschutz-hamburg.de
10. Changes to This Privacy Policy
We reserve the right to amend this privacy policy to ensure that it always complies with current legal requirements, or to implement changes to our services in the privacy policy, e.g. when introducing new services. Your next visit will then be subject to the new privacy policy.