Privacy Policy

1. Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Ubu Beteiligungs GmbH
Zehlendorfer Damm 75A
14532 Kleinmachnow
Germany

Email: office@ubu-beteiligung.de

Further information on the controller can be found in our Legal Notice.

2. Contact for data protection enquiries

For questions regarding the collection, processing or use of your personal data, for information requests, rectification, restriction or erasure of data, as well as for the withdrawal of any consent granted, please contact:

Email: dataprotection@ubu-beteiligung.de

A Data Protection Officer has not been appointed, as the legal requirements for such appointment are not met.

3. General information on data processing

We process personal data of our users only insofar as this is necessary to provide a functional website as well as our content and services. As a rule, processing only takes place with the consent of the user or in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

3.1 Legal bases for processing

Where we obtain the consent of the data subject for processing operations involving personal data, Article 6(1)(a) GDPR serves as the legal basis.

For the processing of personal data necessary for the performance of a contract to which the data subject is party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.

Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Article 6(1)(f) GDPR serves as the legal basis for processing.

3.2 Data erasure and storage duration

The personal data of the data subject will be erased or restricted as soon as the purpose of storage no longer applies. Further storage may take place if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Restriction or erasure of data also takes place when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

4. Hosting

This website is hosted on servers of STRATO AG, Pascalstraße 10, 10587 Berlin, Germany. The servers are located in Germany. When you access our website, STRATO collects data automatically transmitted by your browser (server log files), in particular IP address, date and time of access, transferred data volume, page accessed and browser information.

The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in the technically error-free and secure presentation of our website. We have concluded a data processing agreement with STRATO pursuant to Article 28 GDPR.

5. Server log files

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:

• IP address of the user (in shortened form)
• Date and time of access
• Name and URL of the file accessed
• Website from which access is made (referrer URL)
• Browser used and, where applicable, the operating system of your computer and the name of your access provider

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. The legal basis for the temporary storage of the data is Article 6(1)(f) GDPR. The data is deleted after no more than seven days.

6. Cookies and similar technologies

Our website uses cookies and similar technologies (e.g. local storage). Cookies are text files stored in the internet browser or by the internet browser on the user’s computer system.

We distinguish between technically necessary cookies, which are required for the operation of the website (legal basis: Article 6(1)(f) GDPR and Section 25(2) No. 2 TDDDG), and non-necessary cookies (statistics, marketing, external content), which are set only with your express consent (legal basis: Article 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG).

Detailed information on the cookies used, their purpose, storage duration and providers can be found in our Cookie Policy. You can manage your consents at any time via our cookie settings and withdraw them with effect for the future.

To manage cookies and your consent, we use Borlabs Cookie, a service provided by Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany. Borlabs Cookie stores your consent settings locally in your browser.

7. Contact

When you contact us by email or via a contact form, the data provided by the user (e.g. name, email address, content of the enquiry) will be stored for the purpose of processing the enquiry and for the case of follow-up questions.

The legal basis for processing the data, if the user has given consent, is Article 6(1)(a) GDPR. The legal basis for processing the data transmitted in the course of sending an email or contact enquiry is Article 6(1)(f) GDPR. If the email contact aims at the conclusion of a contract, an additional legal basis for processing is Article 6(1)(b) GDPR.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended and the matter has been finally clarified. Statutory retention periods remain unaffected.

8. Booking process

When booking an ALMARA Moment, we collect and process the data necessary for the performance of the contract, in particular:

• First and last name
• Email address
• Telephone number (optional)
• Booking details (selected experience, date, time, number of participants)
• Payment data (see section 9)

8.1 Brokered bookings (data transfer to partners)

ALMARA operates a platform through which experiences (Moments) can be booked. In most cases, the actual service is provided by our partners (location operators). In these cases, we forward the data necessary for the execution of the booking (in particular name, booking code, date, number of participants) to the respective partner.

Insofar as ALMARA and the partner jointly determine the purposes and means of the processing, there is a joint controllership pursuant to Article 26 GDPR. We have entered into corresponding agreements with our partners regulating the respective responsibilities. The essential content of these agreements can be obtained on request via the contact details provided in section 2.

The legal basis for processing is Article 6(1)(b) GDPR (performance of contract).

8.2 ALMARA-operated locations

At ALMARA-operated locations, we provide the service ourselves. No data is transferred to partners in these cases. Processing takes place exclusively for the purpose of contract performance on the basis of Article 6(1)(b) GDPR.

8.3 Storage duration

Booking data is stored for the duration of the contract performance and to fulfil statutory retention obligations (in particular commercial and tax retention periods of up to ten years).

9. Payment processing

For payment processing, we use external payment service providers. When you select a payment method, you will be redirected to the website of the respective provider or the payment data will be transmitted directly to the provider.

9.1 Stripe

Provider: Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. In the context of payment processing, Stripe processes in particular payment data (e.g. credit card data, account data), transaction data and technical connection data.

Further information on data protection at Stripe: https://stripe.com/privacy

9.2 Mollie

Provider: Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, Netherlands. In the context of payment processing, Mollie processes in particular payment data, transaction data and technical connection data.

Further information on data protection at Mollie: https://www.mollie.com/privacy

The legal basis for processing is Article 6(1)(b) GDPR (performance of contract) as well as Article 6(1)(f) GDPR (legitimate interest in smooth payment processing).

10. Newsletter

On our website, you can subscribe to a free newsletter. We use the so-called double opt-in procedure for registration: after entering your email address, we send you a confirmation email. Only after clicking on the confirmation link in this email will your email address be added to our distribution list.

10.1 Newsletter content and brand portfolio

With your consent, you will receive our newsletter with information, offers and recommendations from the brand portfolio of Ubu Beteiligungs GmbH. In addition to ALMARA, this currently includes in particular the brands foodie, El Gusto, DELIKAS, CRUSTY and smuwi. If we extend or modify the brand portfolio, your newsletter may also include references to additional brands of the same company. All brands mentioned are operated by Ubu Beteiligungs GmbH as controller; no transfer of your data to third parties takes place through this brand communication.

You can unsubscribe from the newsletter at any time, for example via the unsubscribe link in each newsletter email or by sending a message to the contact details provided in section 2.

10.2 Dispatch service provider

For sending the newsletter, we use Mailchimp, a service provided by Intuit Inc., 2700 Coast Avenue, Mountain View, California 94043, USA. Mailchimp is certified under the EU-US Data Privacy Framework; data transfer to the USA takes place on the basis of the adequacy decision of the European Commission of 10 July 2023.

In the context of sending the newsletter, Mailchimp processes your email address, registration and dispatch times, as well as statistical data on opening and click rates. We have concluded a data processing agreement with Mailchimp pursuant to Article 28 GDPR.

The legal basis is Article 6(1)(a) GDPR (consent).

Further information: https://mailchimp.com/legal/privacy/

11. Web analytics with Google Analytics 4

On the basis of your consent, we use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses cookies and similar technologies that enable an analysis of the use of our website.

The information generated by the cookie about your use of this website is generally transmitted to a Google server in the USA and stored there. We have activated IP anonymisation, so that your IP address is shortened by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand.

Google LLC is certified under the EU-US Data Privacy Framework; data transfer to the USA takes place on the basis of the adequacy decision of the European Commission. We have concluded a data processing agreement with Google pursuant to Article 28 GDPR.

The legal basis is Article 6(1)(a) GDPR (consent) in conjunction with Section 25(1) TDDDG. You can withdraw your consent at any time via our cookie settings.

Further information: https://policies.google.com/privacy

12. Google Fonts (local integration)

We use fonts (“Google Fonts”) on our website for the uniform display of typefaces. The Google Fonts are installed locally on our server. No connection to Google servers is made. Your data is not transmitted to Google.

13. Google Maps

On our website, we use the map service Google Maps provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on the basis of your consent. This allows us to display interactive maps directly on the website.

By using Google Maps, information about your use of this website (including your IP address) is transmitted to a Google server and stored there. Before Google Maps is activated, you will be asked for your consent via a consent notice.

The legal basis is Article 6(1)(a) GDPR (consent) in conjunction with Section 25(1) TDDDG. Data transfer to the USA takes place on the basis of the EU-US Data Privacy Framework.

Further information: https://policies.google.com/privacy

14. Social media pixels

14.1 Meta Pixel (Facebook/Instagram)

On the basis of your consent, we use the Meta Pixel provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, Ireland. The Meta Pixel allows us to track the behaviour of users after they have been redirected to the provider’s website by clicking on a Meta advertisement. This allows us to evaluate the effectiveness of advertisements and to display target-group-oriented advertising.

Meta Platforms Inc. is certified under the EU-US Data Privacy Framework. We have concluded a joint controllership agreement with Meta pursuant to Article 26 GDPR, which regulates the responsibilities with regard to data processing.

The legal basis is Article 6(1)(a) GDPR (consent) in conjunction with Section 25(1) TDDDG.

Further information: https://www.facebook.com/privacy/policy

14.2 TikTok Pixel

On the basis of your consent, we use the TikTok Pixel provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. The TikTok Pixel enables the measurement of conversions as well as the optimisation and delivery of advertisements.

In the context of using the TikTok Pixel, data may be transferred to third countries outside the EEA (in particular to the People’s Republic of China and the USA). TikTok is currently not certified under the EU-US Data Privacy Framework. Data transfers take place on the basis of EU Standard Contractual Clauses pursuant to Article 46(2)(c) GDPR; however, a level of protection equivalent to that of the EU cannot be guaranteed.

The legal basis is Article 6(1)(a) GDPR (consent) in conjunction with Section 25(1) TDDDG, and Article 49(1)(a) GDPR for data transfer to third countries.

Further information: https://www.tiktok.com/legal/page/eea/privacy-policy/en

15. Chat and support tools

15.1 Superchat

On the basis of your consent, we use the messenger service Superchat provided by Superchat GmbH, Adalbertstraße 8, 10999 Berlin, Germany. Superchat enables us to communicate with you via various messenger channels (e.g. WhatsApp, SMS). The communication content and your contact data are processed.

The legal basis is Article 6(1)(a) GDPR (consent). For contract-related enquiries, Article 6(1)(b) GDPR additionally applies.

Further information: https://www.superchat.com/en/privacy

15.2 Tidio

On the basis of your consent, we use the live chat service Tidio provided by Tidio LLC, 530 7th Avenue, Suite 502, New York, NY 10018, USA. Tidio enables us to offer you a live chat on our website. Your chat messages, any contact data provided, and technical connection data are processed.

Tidio LLC is certified under the EU-US Data Privacy Framework. We have concluded a data processing agreement with Tidio pursuant to Article 28 GDPR.

The legal basis is Article 6(1)(a) GDPR (consent) in conjunction with Section 25(1) TDDDG.

Further information: https://www.tidio.com/privacy-policy/

16. Your rights as a data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

16.1 Right of access (Article 15 GDPR)

You may request confirmation from the controller as to whether personal data concerning you is being processed by us, and – if so – obtain information about this data.

16.2 Right to rectification (Article 16 GDPR)

You have the right to request the rectification of inaccurate or the completion of incomplete personal data.

16.3 Right to erasure (Article 17 GDPR)

You may request the erasure of your personal data, provided that the legal requirements are met.

16.4 Right to restriction of processing (Article 18 GDPR)

You have the right to request the restriction of the processing of your personal data.

16.5 Right to data portability (Article 20 GDPR)

You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, or to request that it be transmitted to another controller.

16.6 Right to object (Article 21 GDPR)

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is based on Article 6(1)(e) or (f) GDPR. If personal data is processed for the purpose of direct marketing, you have the right to object to the processing at any time.

16.7 Right to withdraw consent (Article 7(3) GDPR)

You have the right to withdraw any consent granted at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of the consent prior to its withdrawal.

17. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for us is:

Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg
(State Commissioner for Data Protection and the Right of Access to Files, Brandenburg)
Stahnsdorfer Damm 77
14532 Kleinmachnow
Germany
Phone: +49 33203 356-0
Email: poststelle@lda.brandenburg.de
Web: www.lda.brandenburg.de

18. Currency of this Privacy Policy

This Privacy Policy is currently valid and has the status of May 2026. Due to the further development of our website and offerings or due to changes in legal or regulatory requirements, it may become necessary to amend this Privacy Policy. The current Privacy Policy can be accessed and printed at any time on the website at /en/privacy-policy.