Back to homepage

Privacy Policy

Thongl'or Thai Cuisine takes the protection of your data very seriously. As a German company, we are particularly guided by the General Data Protection Regulation (GDPR).

The controller for data processing within the meaning of the GDPR is:

Thongl'or Thai Cuisine
Surat Mongkhon
Bahnhofstraße 31
52064 Aachen
Telefon: +49 (0) 241 99123292
E-Mail: info@thongloraachen.de

1. Legal Basis

In accordance with Art. 13 GDPR, we inform you of the legal basis for our data processing. The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR, for processing in fulfilment of our services Art. 6(1)(b) GDPR, for legal obligations Art. 6(1)(c) GDPR, and for legitimate interests Art. 6(1)(f) GDPR.

2. Changes and Updates

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes in the data processing we carry out make this necessary.

3. Security Measures

We take appropriate technical and organisational measures in accordance with Art. 32 GDPR to ensure a level of protection appropriate to the risk. Security measures include in particular the fully encrypted transmission of data between your browser and our servers via HTTPS.

4. Hosting

This website is hosted on Cloudflare Pages, a service of Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA (European office: Cloudflare Germany GmbH). When you access our website, Cloudflare automatically collects technical access data (e.g. IP address, time of access, browser type). This processing is based on our legitimate interest in the secure and efficient provision of our website (Art. 6(1)(f) GDPR). Cloudflare is certified under the EU-U.S. Data Privacy Framework.

5. Cookies

Our website uses only technically necessary cookies. When you activate the Instagram feed, the cookie 'instagram-embed-enabled' is set. When you activate the Google Maps embed, the cookie 'gmaps-embed-enabled' is set. Both cookies have a validity of 30 days and are automatically deleted when the respective embed is deactivated.

6. Embedded Third-Party Content

On individual pages we use so-called 'embeds', i.e. we integrate content from third-party providers directly into our offering. These embeds are inactive by default and must be explicitly activated by you (Art. 6(1)(a) GDPR).

Instagram Embeds — Provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. When activating the Instagram embed, a connection to Meta servers is established. Meta receives your IP address and possibly further information about your browser and usage behaviour. If you are logged in to Instagram, Instagram can associate your visit with our offer. Integration only takes place after your explicit consent (Art. 6(1)(a) GDPR).

Google Maps Embeds — Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Only after your explicit consent is a connection to Google's servers established. Google may collect personal data such as your IP address. The use of Google Maps serves the user-friendly display of geographical information. Data may be transferred to third countries (particularly the USA). Google is certified under the EU-U.S. Data Privacy Framework.

7. Information, Deletion, Blocking

You have the right at any time to obtain free information about your stored personal data, its origin and recipients, and the purpose of data processing, as well as a right to correction, blocking or deletion of this data.

Last updated: April 2026