Last updated: June 15, 2026. GDPR-compliant statement.
1. Data controller
Haus des Döners Franchise GmbH
Bonnstraße 237, 50354 Hürth · Germany
E-mail: info@haus-des-doners.online
Represented by: Mevlüt Kirdemir
2. Purposes of processing
- Order processing: Name, phone, delivery address to fulfil your contract (Art. 6 para. 1 lit. b GDPR).
- Payment processing: Card data is processed exclusively by our PCI-DSS certified payment providers (Stripe, Nexi) — we do not store it.
- Location data: When you click "Use my location", browser GPS is used once for branch search — not stored.
- Bonus / points programme: When you voluntarily register, your order history and points balance are processed (Art. 6 para. 1 lit. a/b GDPR).
3. Recipients
- Stripe Payments Europe Ltd. (Ireland) — credit-card processing
- Nexi Payments S.p.A. (Italy) — alternative card acceptance
- Hetzner Online GmbH (Germany) — hosting / data centre
- Local branches — order forwarding to the selected HDD branch
4. Retention period
- Order data: 10 years (HGB §257 / AO §147 — commercial and tax retention obligations)
- Guest account data: deleted after 90 days
- Log files: 14 days
5. Your rights (Art. 15–22 GDPR)
Information, correction, deletion, restriction, data portability, objection. Send your request to info@haus-des-doners.online. Right to lodge a complaint with the competent supervisory authority (LDI NRW, Düsseldorf — www.ldi.nrw.de).
6. Cookies
We set technically necessary cookies (session, CSRF token, language selection). Tracking or advertising cookies are only set after your explicit consent via the cookie banner.
Current cookie settings
- Loading settings...
7. Security
TLS 1.3, passwords hashed with bcrypt, database backups encrypted.