Legal
Privacy policy
These privacy notes describe the functions actually used by this static website.
Controller
Stipe Beljan, Selbecker Straße 213, 58091 Hagen
Contact
+49 (0)2331 76464, info@rosengarten-hagen.de
1. Privacy at a glance
General notes
Personal data is any data that can identify you personally. This static website processes only data required for delivery, security, contact handling and the display of local content.
Reservations and inquiries are handled by phone or email. No public contact form is embedded.
Analytics and tracking
This website does not use its own marketing trackers, advertising networks or embedded advertising services.
Cloudflare processes technical request, security and performance metadata as the hosting and security provider. This processing is described in the Cloudflare section below.
No Cloudflare Web Analytics beacon is embedded in this website's source code. If Cloudflare Web Analytics is enabled automatically in the Cloudflare dashboard, Cloudflare may additionally inject a JavaScript beacon into the static page and process browser-side page view and performance metrics.
External content is blocked by default. The embedded Google Maps view is loaded only after your consent.
Instagram cards are delivered as static files from this website. On a normal page view, your browser does not connect directly to Meta or Instagram; external Instagram pages open only when you actively click an Instagram link.
Cloudflare as hosting provider
This website is delivered as a static site through Cloudflare Pages and the Cloudflare network. All page and asset requests first pass through Cloudflare infrastructure.
Cloudflare may process technically necessary access and log data, including IP address, traffic routing data, system and browser information, hostname, URL/path, HTTP method, HTTP status, referrer, timestamp, transferred data volume, cache information, security events, bot or abuse signals, IP reputation values and Cloudflare Ray IDs.
This data may be used to create technical request, visitor, performance, cache, error and security statistics in the Cloudflare dashboard. These evaluations serve delivery, stability, abuse protection, diagnostics and attack detection; they are not used here for advertising or own marketing tracking.
Cloudflare processes Customer Logs partly as a processor for the website operator and certain network/security data additionally as an independent controller. Depending on the Cloudflare product and routing, processing may also take place outside the EU; Cloudflare provides privacy terms, a Data Processing Addendum and Standard Contractual Clauses for this.
The legal basis for this technically necessary processing is Art. 6(1)(f) GDPR. The legitimate interest is secure, performant and reliable delivery of the website and protection against abusive access.
2. Server logs, cookies and local storage
Server log files
When visiting the website, technically necessary access data is created at Cloudflare. The public static website does not run its own server-side visitor database or public admin server.
Access data may include IP address, browser type, operating system, referrer, time, requested URL, HTTP status, transferred data volume, cache status and security-related metadata.
Retention depends on the Cloudflare products used, account settings and legal obligations. Where the website operator can access technical logs or dashboard data, they are used only for operation, security and diagnostics.
Cookies and cookie notice
The public website uses no server-side database, no public admin runtime, and no embedded Instagram cookies.
Your cookie notice selection is stored locally in the browser so the notice does not appear again on every page view. The stored record includes the time, text version and your category choices for Necessary, External media, Statistics and Marketing. You can reopen, change or withdraw the selection at any time via Cookie settings in the footer.
With Necessary only, only this technically required choice is stored; optional external media such as Google Maps remains blocked. With Accept all, you additionally consent to loading the embedded Google Maps view. In the settings you can enable or disable external media separately.
The legal basis for necessary storage is Art. 6(1)(f) GDPR and Section 25(2) TDDDG where storage or access is technically required. For Google Maps, the legal basis is your consent under Art. 6(1)(a) GDPR and Section 25(1) TDDDG.
Statistics and marketing categories are shown so the choice remains transparent; currently no first-party statistics or marketing services are loaded through them. The local choice remains stored until you change or withdraw it, delete browser storage, or a new text version requires a new choice.
If Cloudflare security or traffic mechanisms are enabled for this zone, additional strictly necessary Cloudflare cookies may be set (for example `__cf_bm`, `cf_clearance`, `__cflb`, `_cfuvid`). These support bot detection, challenge/clearance state, rate limiting, session/traffic management and abuse protection.
Instagram content and links
The homepage shows Instagram notes and post cards without an embedded Instagram widget. Images are delivered locally by this website.
On a normal page view, your browser does not connect directly to Meta Platforms Ireland Limited or Instagram. No Meta cookies are set for this and no information is read from Meta cookies.
Only when you click Profile or a post do you leave this website and open Instagram. From that point on, Meta's privacy information applies; Meta may then process personal data and use cookies or similar technologies.
When opening Instagram, your IP address, device and browser information and usage data may be transferred to Meta. Processing in the United States or other third countries cannot be ruled out.
Google Maps
The website does not load Google Maps automatically on page view. The map view is embedded only when you actively load it using the button or allow external media in Cookie settings.
When loading the map or opening the route, Google may process personal data such as IP address, device and browser information and usage data.
When the map is embedded, Google may set cookies or similar technologies or access information on your device. Consent is voluntary and can be withdrawn at any time via Cookie settings in the footer.
Depending on the Google service and account settings, processing may take place in the United States or other third countries. Without consent, the embedded map remains blocked; an external route link opens Google Maps only after your click.
PDF menus
The publicly accessible PDF menus contain restaurant information. Downloads create the usual technical server logs.
3. Contact and your rights
Contact by phone or email
If you contact us by phone or email, we process your details to handle the inquiry, reservation or event coordination.
This data is not passed on without consent unless there is a legal obligation.
Your rights
Within the legal framework, you have rights to access, correction, deletion, restriction of processing, objection and data portability.
You can withdraw consent at any time with future effect. Use the permanently available Cookie settings link in the footer.
You also have the right to lodge a complaint with the competent data protection supervisory authority.