1. Overview
Last updated: June 2026. This policy informs you about the processing of personal data when visiting this website and using our services (table reservation, contact, online paid tickets).
2. Controller
Déjà Vu Lounge Cologne, Zülpicher Str. 17, 50674 Cologne, Germany.
Phone: +49 176 81397127 · Email: info@dejavuloungecologne.com.
3. Hosting & server logs
Technically necessary server log files (IP, date/time, page, browser) are processed to ensure operation, stability and security. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
4. Cookies & consent
We use necessary cookies and – only with your consent (Art. 6(1)(a) GDPR, Sec. 25 TTDSG) – cookies for analytics, marketing and external media. You can withdraw consent at any time with future effect via cookie settings.
5. Contact & reservation form
We process your data (name, phone, email, date/time, party size, message) to handle your request/reservation. Legal basis: Art. 6(1)(b),(f) GDPR. We also process the IP address for abuse and spam prevention.
6. Online tickets & order data
When buying a paid ticket we process the data required to perform the contract: name, email, phone (optional), event, number of guests, amount, language and IP address. Legal basis: performance of contract (Art. 6(1)(b) GDPR).
7. Payment processing (SumUp)
Online payments are processed by SumUp (SumUp Limited, Block 8, Harcourt Centre, Charlotte Way, Dublin 2, Ireland). Data required for payment (amount, order reference, payment/card data) is transmitted directly to SumUp and processed by SumUp as an independent controller. We do not store full card data and only receive payment status information. Legal basis: Art. 6(1)(b) GDPR. SumUp's own privacy policy also applies (sumup.com).
8. Email & invoice
After successful payment we send a confirmation with QR code and an invoice (PDF) to your email. Invoices are retained to comply with tax/commercial retention obligations (Art. 6(1)(c) GDPR with Sec. 147 AO, Sec. 14b UStG – usually up to 10 years).
9. QR code & admission control
For admission control we create a QR code per order with a random pseudonymous token. On scanning at the entrance the status (redeemed/time) is stored to prevent multiple use. Legal basis: Art. 6(1)(b),(f) GDPR.
10. Notifications via Telegram
For internal handling, reservations and ticket orders are sent to an internal Telegram channel of the operator (service: Telegram). Data may be transferred to the provider's servers, possibly outside the EU. Legal basis: legitimate interest in efficient handling (Art. 6(1)(f) GDPR).
11. External services
Embedded services such as Google Maps, Instagram and YouTube are loaded only after your consent. Data may be transferred to the respective providers, including third countries.
12. Retention
We store personal data only as long as necessary for the stated purposes or as required by statutory retention periods, after which it is deleted or restricted.
13. Your rights
You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21 GDPR). You may withdraw consent at any time with future effect.
14. Right to complain
You have the right to lodge a complaint with a data protection supervisory authority, in particular the State Commissioner for Data Protection NRW (LDI NRW), Kavalleriestraße 2–4, 40213 Düsseldorf.
15. Updates
This policy is updated as needed to reflect changes in law or functionality.
Last updated: 16.06.2026