Privacy Notice Last updated: 13 September 2025 Controller Elishes Delicious UG Utrechter Straße 44, 13347, Berlin, Germany Email: info@elishes-delicious.de Phone: +49 15257837429 Managing Director: Marcel Spinner Data Protection Officer A statutory appointment is not required (Sec. 38 BDSG). Purposes, Legal Bases and Data Sources We process personal data for the following purposes: Website provision, stability and security (server logs). Legal basis: Art. 6(1)(f) GDPR (legitimate interests; IT security; Recital 49). Communication upon request (e.g., email, contact form). Legal basis: Art. 6(1)(b) GDPR (pre-/contractual) or Art. 6(1)(f) GDPR. Compliance with legal obligations (e.g., commercial/tax record retention). Legal basis: Art. 6(1)(c) GDPR in conjunction with Sec. 147 AO and Sec. 257 HGB. Data sources: data you actively provide; and automatically generated usage data (log files and, where applicable, strictly necessary cookies). Hosting and Server Log Files Our website is hosted by Strato. We process server log files (requested resource/URL, date/time, amount of data transferred, referrer, user agent, IP address). Purpose/interest: operation, security and troubleshooting. Legal basis: Art. 6(1)(f) GDPR. Retention: 14 days, longer only in case of incidents until resolved. Recipient: United Domains as a processor (Art. 28 GDPR). Cookies and Local Storage We use strictly necessary cookies/storage technologies only. No analytics, no marketing/tracking cookies. No cookie banner is shown. Legal basis: Sec. 25(2) TTDSG (exception for strictly necessary cookies) in conjunction with Art. 6(1)(f) GDPR. Contact (Email, Phone, Contact Form) If you contact us, we process your details (name, contact data, message, timestamps, technical metadata). Legal basis: Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR. Retention: requests are deleted after 12 months; longer storage only where statutory retention applies (up to 10 years). Recipients: internal teams; where applicable, EU/EEA email/IT providers as processors (Art. 28 GDPR). International transfers: none, unless otherwise stated in this notice. Recipients, Processors and Transfers Data is shared only for the purposes stated above. Service provider: United Domains – hosting/infrastructure (EU). No further third-party tools (analytics, newsletter, CRM, scheduling/video tools, embedded content) are in use. No third-country transfers. Retention We retain personal data only as long as necessary for the purposes described or as required by law. Specific periods are listed above (e.g., logs 14 days; contact 12 months; commercial/tax records up to 10 years under AO/HGB). Obligation to Provide Data There is no legal obligation to provide personal data to visit the website. Certain information is necessary to handle inquiries; without it, we may not be able to respond. Children Our services are not directed to children under 16. Consent by minors requires authorization by their legal guardians. No Automated Decision-Making We do not conduct automated decision-making including profiling within the meaning of Art. 22 GDPR. Your Rights You have the rights of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability(Art. 20) and objection (Art. 21 GDPR). Withdrawal of consent is possible at any time with future effect. To exercise your rights, contact us using the details above. Supervisory Authority You may lodge a complaint with a data protection supervisory authority, e.g., for Berlin: Berlin Commissioner for Data Protection and Freedom of Information, AltMoabit 59–61, 10555 Berlin, Germany. Security We implement appropriate technical and organizational measures (e.g., TLS encryption, access controls, authorization concepts) to protect data against loss, misuse and unauthorized access. Changes to this Notice We will update this notice if legal requirements or our processing change. The current version is available on this website.