Privacy Policy

  
1. Data Controller
Data Controller for this website: Heavenly Desserts Global Ltd, Company No. 11226375, 23 Brunel Parkway, Pride Park, Derby, DE24 8HR, United Kingdom.
Email: datenschutz@heavenlydesserts.de
 
The restaurant in Hamburg is operated by MaiFood GmbH (Geschäftsführer: Schah-Zaman Maiwandi, Stresowstraße 19d, 20539 Hamburg, HRB 187580, USt-IdNr.: DE450209161) under a franchise agreement with Heavenly Desserts Global Ltd.
 
2. Applicable Law
We process your personal data in accordance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the Telecommunications-Telemedia Data Protection Act (TDDDG), the Act Against Unfair Competition (UWG § 7), and the Digital Services Act (DDG § 5).
 
3. Data We Collect
Information you provide: name, email, phone, booking details, order and delivery information, account and loyalty data, payment information (processed by our payment provider), feedback and correspondence.
Automatically collected: device and browser information, usage data, cookie and tracking data (subject to your consent).
 
4. Purposes and Legal Basis
We process your data for: order fulfilment and table bookings (contract, Art. 6(1)(b)), account and loyalty management (contract), payment processing (contract), email marketing (consent, Art. 6(1)(a) — double opt-in required under UWG § 7), website analytics (consent for analytics cookies), responding to enquiries (legitimate interest, Art. 6(1)(f)), fraud prevention (legitimate interest), and legal obligations (Art. 6(1)(c)).
 
5. Email Marketing — Double Opt-In
German law (UWG § 7) requires mandatory double opt-in for all email marketing. You must confirm your subscription via a verification link before we send any marketing emails. We document consent for at least 6 years. Every email contains an unsubscribe link; requests are processed within 48 hours.
 
6. Recipients of Your Data
We share data with the following categories of service providers (all bound by data processing agreements): website hosting provider (EU/Israel), consent management platform (EU/Germany), analytics provider (EU/Ireland, USA with safeguards), email marketing platform (USA, DPF certified with SCCs), payment processor (EU/Ireland), ordering and loyalty platform (UK), table booking provider (EU/Germany), social media platforms (EU/Ireland, USA with safeguards). We do not sell your data.
 
7. International Transfers
Where data is transferred outside the EU/EEA, we rely on adequacy decisions, Standard Contractual Clauses (Art. 46(2)(c) GDPR), EU-US Data Privacy Framework certification, and Transfer Impact Assessments.
 
8. Cookies and TDDDG
Strictly necessary cookies do not require consent. Analytics, marketing, and third-party tracking cookies require your explicit consent via our cookie banner, which provides an equally prominent “Reject All” button. You can change preferences at any time via the cookie settings link in the footer. See our separate Cookie Policy for full details.
 
9. Retention Periods
Order/transaction data: 10 years (HGB § 257, AO § 147). Marketing consent records: 6 years after withdrawal. Analytics data: 14 months maximum. Cookie consent: 12 months. Customer service records: 3 years. Account/loyalty data: duration of account plus 2 years.
 
10. Your Rights
Under the GDPR you have rights of: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), withdrawal of consent, and complaint to a supervisory authority (Art. 77). Contact: datenschutz@heavenlydesserts.de. Response within one month.
 
11. Supervisory Authority
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, Ludwig-Erhard-Straße 22, 7. OG, 20459 Hamburg. Email: mailbox@datenschutz.hamburg.de
 
 
© 2026 Heavenly Desserts Global Ltd.