Oktoberfest Table Alert

Get notified when tables become available

Privacy Policy

Datenschutzerklärung — information according to Art. 13/14 GDPR (DSGVO)

1. Controller

The controller responsible for the processing of your personal data in connection with this service is:

Storm Farrell Postfach 950303, Ohlmüllerstr. 17 81519 München, Germany Email: apps@stormfar.com

See the Imprint for full contact details.

2. Data we collect and purposes

We process the following data to provide the Oktoberfest Table Alert service:

  • Account and authentication: Email address. Used to create and identify your account, and to send you service-related messages (e.g. notification that your alert is active). Legal basis: performance of contract (Art. 6(1)(b) GDPR).
  • Alert configuration: Selected tents, dates, time slots, and notification preferences (e.g. ntfy.sh topic). Used to run the availability checks and send you notifications. Legal basis: performance of contract (Art. 6(1)(b) GDPR).
  • Payment: Payment is processed by Stripe. We do not store your card number or full payment credentials. Stripe may collect and process your email, payment method details, and billing information in accordance with Stripe's Privacy Policy. We receive from Stripe: payment status, customer/session identifiers, and (if provided at checkout) your email, so we can complete your account and alert setup. Legal basis: performance of contract (Art. 6(1)(b) GDPR).
  • Usage analytics: We use Vercel Analytics to collect aggregate, anonymised usage data (page views, referrers, device types) for service improvement. We also use Google Analytics (GA4) to understand how the site is used; Google may set cookies and process data as described in Google's Privacy Policy Legal basis: legitimate interests (Art. 6(1)(f) GDPR).

3. Recipients and sub-processors

Your data may be processed by or shared with:

These providers may process data outside the EU/EEA. Where they do, they use measures such as standard contractual clauses or adequacy decisions to ensure an adequate level of data protection.

4. Cookies and session storage

We use strictly necessary cookies (and similar technologies) to keep you logged in. These are required for the service to function and do not require your consent under the ePrivacy Directive. Google Analytics may set cookies for usage measurement; Vercel Analytics collects aggregate usage statistics without cookies. We do not use advertising or third-party advertising cookies.

5. Retention

We retain your account and alert data for as long as your account exists. You can delete your account and associated data at any time from the dashboard settings. After deletion, we remove or anonymise your data in line with our retention practices, except where we must keep it for legal obligations (e.g. tax or commercial law).

6. Your rights

Under the GDPR you have the right to:

  • Access (Art. 15) — obtain confirmation and a copy of your personal data
  • Rectification (Art. 16) — have inaccurate data corrected
  • Erasure (Art. 17) — have your data deleted, subject to legal exceptions
  • Restriction of processing (Art. 18) — limit how we use your data in certain cases
  • Data portability (Art. 20) — receive your data in a structured, machine-readable format
  • Object (Art. 21) — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, without affecting lawfulness of prior processing
  • Lodge a complaint (Art. 77) — with a supervisory authority. The competent authority for Bavaria is: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, www.lda.bayern.de

To exercise these rights, use the contact details in the Imprint or the account deletion option in the dashboard.

7. Changes

We may update this privacy policy from time to time. The current version is always available on this page. Last updated: 19 February 2026.

← Back to home