CURRY CLUB
Privacy Policy
Effective Date: March 2026 Last Updated: March 2026 Website: curryclubfrankfurt.de
1. Data Controller & Contact Details
The entity responsible for the processing of your personal data (Verantwortlicher within the meaning of Art. 4 No. 7 GDPR) is:
Curry Club Frankfurt
Vilbeler Straße 27, 60313 Frankfurt am Main, Germany
Phone: +49 69 90025840
Email: cc@curryclubfrankfurt.de
Website: curryclubfrankfurt.de
For all data protection questions, requests, or concerns, you may contact us directly at the above email or postal address.
2. Introduction & Scope
At Curry Club Frankfurt, your privacy matters as deeply to us as the quality of every dish we serve. This Privacy Policy explains in full transparency how we collect, use, store, and protect your personal data when you visit our website curryclubfrankfurt.de, make a table reservation, submit an enquiry, or contact us directly.
This policy applies to all visitors, guests, and users who interact with our website or services and is fully compliant with the General Data Protection Regulation (GDPR, EU 2016/679) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).
By using our website, you acknowledge the practices described in this Privacy Policy. We encourage you to read it carefully.
3. What Personal Data We Collect
We collect only the minimum personal data necessary to provide you with our services. The categories of data we may process are as follows.
Data you provide directly to us:
When you submit our contact form, we collect your full name, email address, phone number, and the content of your message. When you make a table reservation via our Quandoo booking widget, we collect your name, email address, phone number, preferred date and time, number of guests, and any special requests. When you enquire about private dining or events,we collect your full name, email address, phone number, and the content of your message. Where you voluntarily provide dietary preferences or allergen information as part of a reservation or special request, this is also collected.
4. Purposes & Legal Basis for Processing
Every instance of data processing at Curry Club Frankfurt is grounded in a lawful basis under Art. 6 GDPR (and Art. 9 GDPR where special category data is involved).
We process your reservation details — including name, email, phone number, and booking preferences — to fulfil or prepare a contract with you under Art. 6(1)(b) GDPR. When you contact us via email or our contact form, we process your information to respond to your enquiry under Art. 6(1)(b) and Art. 6(1)(f) GDPR (legitimate interests). Dietary and allergen data, which may constitute health-related special category data under Art. 9 GDPR, is processed exclusively on the basis of your explicit consent under Art. 9(2)(a) GDPR and solely to accommodate your dining needs. Website analytics and performance data are processed with your prior consent via our cookie banner under Art. 6(1)(a) GDPR. Financial and transaction-related records are retained to comply with our legal obligations under German tax law (§ 147 AO) pursuant to Art. 6(1)(c) GDPR. Server log data and IP addresses are processed to ensure the security and integrity of our website under Art. 6(1)(f) GDPR. Where you have separately subscribed to receive marketing communications from us, we process your contact details on the basis of your explicit consent under Art. 6(1)(a) GDPR.
Where we rely on legitimate interests (Art. 6(1)(f)), we have assessed that our interests do not override your fundamental rights and freedoms. You have the right to object to such processing at any time — see Section 10.
5. Third-Party Services & Data Processors
We work with carefully selected third-party service providers to operate our website and services. Each provider acts as a data processor under a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR. We do not sell your personal data to third parties under any circumstances.
Table Reservations — Quandoo Table reservations on our website are processed through Quandoo GmbH, a third-party online reservation platform registered and operating in Germany. When you complete a booking via the Quandoo widget, your data is transmitted to and processed by Quandoo under their own privacy policy. We strongly recommend reviewing Quandoo’s Privacy Policy at quandoo.de before completing a reservation. Quandoo operates under GDPR compliance obligations as both a data processor and, in certain contexts, an independent data controller.
Email Communications When you contact us by email, your message and contact details are stored securely within our professional email system. All email correspondence is retained for the duration necessary to address your enquiry and for a reasonable period thereafter for legal and operational purposes.
We process your reservation details — including name, email, phone number, and booking preferences — to fulfil or prepare a contract with you under Art. 6(1)(b) GDPR. When you contact us via email or our contact form, we process your information to respond to your enquiry under Art. 6(1)(b) and Art. 6(1)(f) GDPR (legitimate interests). Dietary and allergen data, which may constitute health-related special category data under Art. 9 GDPR, is processed exclusively on the basis of your explicit consent under Art. 9(2)(a) GDPR and solely to accommodate your dining needs. Website analytics and performance data are processed with your prior consent via our cookie banner under Art. 6(1)(a) GDPR. Financial and transaction-related records are retained to comply with our legal obligations under German tax law (§ 147 AO) pursuant to Art. 6(1)(c) GDPR. Server log data and IP addresses are processed to ensure the security and integrity of our website under Art. 6(1)(f) GDPR. Where you have separately subscribed to receive marketing communications from us, we process your contact details on the basis of your explicit consent under Art. 6(1)(a) GDPR.
Where we rely on legitimate interests (Art. 6(1)(f)), we have assessed that our interests do not override your fundamental rights and freedoms. You have the right to object to such processing at any time — see Section 10.
6. Cookies & Tracking Technologies
Our website uses cookies — small text files stored on your device by your browser — to ensure the site functions correctly and to improve your browsing experience.
Essential / Strictly Necessary Cookies are required for the basic functioning of the website. These include session management cookies set by WordPress (wordpress_, wp-settings-, comment_author_*). These cannot be disabled without impairing website functionality and do not require your consent as they are based on our legitimate interests under Art. 6(1)(f) GDPR.
Functional / Preference Cookies are used to remember your settings and preferences between visits. These require your consent.
Analytics / Performance Cookies help us understand how visitors use our website so we can improve it. These require your prior consent and are only activated after you accept them via our cookie consent banner.
Marketing / Third-Party Cookies, if applicable, are used for advertising or remarketing purposes. These always require your explicit consent.
Upon your first visit to our website, you will be presented with a cookie consent banner allowing you to accept, reject, or customise non-essential cookies. You may withdraw or update your consent at any time through your browser settings or our cookie preference centre. Please note that disabling certain cookies may reduce the functionality of our website.
7. Data Retention Periods
We retain personal data only for as long as is necessary to fulfil the purposes outlined in this policy or as required by applicable law.
Reservation records are retained for 3 years from the date of the reservation for legal compliance and dispute resolution purposes. Contact enquiry data is retained for 2 years from the date of last contact. Invoice and financial records are retained for 10 years in compliance with German commercial and tax law (§ 147 Abgabenordnung). Server log files and IP addresses are retained for up to 30 days before being automatically deleted. Marketing email consent records are retained until consent is withdrawn and then for a further 3 years as documented proof of consent. Cookie consent records are retained for 1 year.
Once data is no longer required for its original purpose and no legal retention obligation remains, it is securely deleted or anonymised.
8. Data Security
Protecting your personal data is of the highest priority to us. We have implemented appropriate technical and organisational measures (TOMs) in accordance with Art. 32 GDPR to protect your information against unauthorised access, accidental loss, alteration, disclosure, or destruction.
Our website uses HTTPS with SSL/TLS encryption for all data transmitted between your browser and our server. Access to personal data is restricted to authorised personnel on a strict need-to-know basis. All staff who handle personal data receive appropriate data protection training. Our hosting infrastructure is maintained with up-to-date software, regular security patches, and standard physical security controls. We practise the principle of data minimisation and collect only what is strictly necessary for each purpose.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours (Art. 33 GDPR) and, where required, inform affected individuals without undue delay (Art. 34 GDPR).
9. International Data Transfers
Curry Club Frankfurt is based in Germany and primarily processes your data within the European Economic Area (EEA). However, certain third-party providers — such as Google LLC and Meta Platforms Ireland — may transfer and process data in countries outside the EEA, including the United States.
Where such transfers occur, we ensure they take place only under appropriate safeguards recognised by the European Commission, including Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework. You may request further information about the specific safeguards in place by contacting us at cc@curryclubfrankfurt.de.
10. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy periodically to reflect changes in legal requirements, our operational practices, or the services we provide. The most current version will always be available at curryclubfrankfurt.de/privacy-policy/ with the effective date clearly stated at the top.
For material changes, we will make reasonable efforts to notify you — such as via a notice on our website. Your continued use of our website following any such update constitutes acknowledgment of the revised policy. We encourage you to review this page regularly.
11. Contact & Right to Lodge a Complaint
Contact Us Directly: For all data protection enquiries or to exercise your rights, please contact:
Curry Club Frankfurt Email: cc@curryclubfrankfurt.de Phone: +49 69 90025840 Address: Vilbeler Straße 27, 60313 Frankfurt am Main, Germany
Right to Lodge a Complaint: Without prejudice to any other remedy, you have the right under Art. 77 GDPR to lodge a complaint with a data protection supervisory authority — in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement. The competent supervisory authority for Curry Club Frankfurt is:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (Hessian Commissioner for Data Protection and Freedom of Information) Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany Website: datenschutz.hessen.de
We would appreciate the opportunity to address your concerns directly before any escalation, and warmly invite you to contact us first.
