As of: April 2026

This Privacy Policy informs you about the type, scope and purpose of personal data processing on the platform vidireserve.com ("VidiReserve").

12.2 Cloudflare Turnstile (Bot Protection in Reservation Widget)

On restaurant websites embedding our reservation or event widget, we use Cloudflare Turnstile — an invisible bot-protection mechanism by Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA), represented in the EU by Cloudflare Germany GmbH (Rosental 7, 80331 Munich, Germany).

Turnstile checks in the background whether you are a real human, without traditional captcha puzzles (no image selection, no tracking cookies). It analyses browser signals such as user agent, screen resolution and behavioural patterns solely for spam prevention.

Transmitted data: IP address, user agent, language, screen size, triggered browser events

Purpose: Protection of our reservation booking form from automated spam submissions

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protecting our systems from misuse and spam)

Retention period: Cloudflare specifies a maximum retention of 30 minutes for verification tokens. Aggregated statistics may be retained longer.

Transfer to third countries: Cloudflare is a US-based company. Data is transferred under the EU Standard Contractual Clauses (SCC) and Cloudflare's self-certification under the EU-US Data Privacy Framework.

More information: Cloudflare Privacy Policy

1. Controller

The controller within the meaning of GDPR is:

VidiScope GmbH
Römerstr. 27
89250 Senden
Germany

Managing Director: Valentin Schierhuber
Email: office@vidireserve.com
Phone: +49 731 25072700

For data protection inquiries, please contact: datenschutz@vidireserve.com

2. Data Protection Officer

We have not appointed a Data Protection Officer as the legal requirements for this are not met. Please direct data protection inquiries to the controller's email above.

3. Server Logs

Each time our website is accessed, our hosting provider automatically stores the following data in log files:

  • IP address (truncated after 7 days)
  • Date and time of access
  • Requested URL
  • HTTP status code and transferred data volume
  • Referrer URL
  • Browser identification (user agent)

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest)
Purpose: Technical operation, error analysis, attack protection
Retention: 7 days, then automatic deletion or anonymization

4. Cookies

We use cookies on our website. Strictly necessary cookies (PHPSESSID, _csrf_token, dr_consent) are set without consent under § 25 (2) no. 2 TDDDG. Optional cookies are set only with your explicit consent (§ 25 (1) TDDDG, Art. 6 (1) lit. a GDPR). You can withdraw your consent at any time via the "Cookie Settings" link in the footer.

5. Registration and User Account

For registration we process: name, email address, phone number, encrypted password, optional birthday and language preference. Legal basis: Art. 6 (1) lit. b GDPR (contract). Retention: until account deletion; statutory retention periods remain unaffected.

6. Reservations

For reservations we process: date, time, party size, contact details, allergies/dietary information (Art. 9 GDPR — explicit consent), special requests, company name. Recipients: The selected restaurant (own controller under Art. 4 no. 7 GDPR). Legal basis: Art. 6 (1) lit. b GDPR. Retention: 3 years after last reservation; tax-relevant data up to 10 years (§ 147 AO).

7. Reviews

We store reviews together with the timestamp and IP address (BGH case law, evidence purposes), the linked reservation (verification of real experience) and the consent to community guidelines. Legal basis: Art. 6 (1) lit. b + lit. f GDPR. Retention: as long as restaurant profile is active, max 5 years.

8. Payment Processors

  • SumUp (SumUp Payments Limited, London, UK) — for card payments via SumUp readers
  • Stripe (Stripe Payments Europe Ltd., Dublin, Ireland) — for online deposits/event fees, when applicable

9. Service Providers

  • Hosting: STRATO AG, Berlin, EU/Germany
  • Email delivery: STRATO AG, Berlin, EU/Germany
  • Bootstrap CDN: jsDelivr (Cloudflare), global

10. Your Rights

You have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), withdrawal of consent (Art. 7 (3)). Contact: datenschutz@vidireserve.com

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for our platform is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163, 65021 Wiesbaden, Germany
https://datenschutz.hessen.de

12. Data Security

We implement technical and organizational security measures. The connection to our website is encrypted via TLS (HTTPS). Passwords are stored exclusively as bcrypt hashes.

13. Automated Decision-Making

No automated decision-making within the meaning of Art. 22 GDPR takes place.

As of: April 2026