Information on data protection
We are pleased that you are visiting our website. Data protection and data security for our customers and users are among our top priorities. We comply with data protection regulations, in particular those of the EU General Data Protection Regulation (“GDPR”), of the German Federal Data Protection Act (“BDSG”) and of the German Telemedia Act (TMG).
In this information on data protection we will explain which information (including personal data) is processed by us during your visit and your use of our above mentioned website ("website").
I. Who is responsible for data processing?
The entity responsible in terms of data protection for the processing of personal data and service providers in the sense of the German Telemedia Act (TMG) is Bitburger Braugruppe GmbH, Römermauer 3, 54634 Bitburg; Tel. 06561 14-0, Fax 06561 14-2289, firstname.lastname@example.org. Where reference is made to "we" or "us” in this information on data protection, this relates to the aforementioned company in each case.
Our data protection officer can be contacted via the above communication channels as well as at email@example.com.
II. What principles do we observe?
In compliance with data protection regulations, we process your personal data only where allowed to do so by a legal regulation or where you have declared your consent. This also applies to the processing of personal data for advertising and marketing purposes.
On this website we can also collect information which, in itself, does not enable us to make any direct conclusions as to your person. In some cases, particularly when combined with other data, this information can nevertheless be considered "personal data" in data protection terms. We may also, on this website, collect information on the basis of which we can neither identify you directly nor indirectly; this is the case for example with summarized information about all users of this website.
III. What data do we process?
You can access our website without directly entering personal data (such as your name, postal address or your e-mail address). In this case also we must collect and store certain information so as to be able to grant you access to our website. Moreover, we use certain analytical processes on this website.
- Log files: When you visit this website, our web server will automatically store the domain name or IP address of the accessing computer (usually that of your internet access provider), including the date, time and duration of your visit, the subpages/URLs you visit as well as information about the applications and end devices you use to view our pages.
You can change your browser settings to prevent tracking by cookies (Do not track, Tracking protection list) or to deny the storage of third-party cookies.
If all cookies are deleted, opt-out cookies already placed will also be deleted, meaning that you will have to declare again any opt-outs already declared.
We differentiate between cookies that are absolutely essential for the technical functionality of the website and optional cookies.
To enable you to select the data protection settings that best suit your requirements for your visits to our website, insofar as possible, we give you the option below of adjusting your preferences with respect to the categories of operational necessity and convenience for you.
Category "operational necessity"
These cookies are absolutely essential for the operation of the website and contain settings that ensure the basic functions and security features of the website. These also include information on the pure number of users of our website (to this end, we use, among others, a cookie from etracker; see also Section 3). These cookies do not store personal information.
We use these cookies to make it easier for you to use the website. When using the partner area in the GFGH portal, for example, you can remain permanently logged in to avoid having to re-enter your log-in details every time.
Here you can create your personal settings.
- Website analytics using etracker: We use a solution from etracker GmbH (Erste Brunnestrasse 1, 20459 Hamburg, www.etracker.com) on our website to collect and store data for marketing and optimization purposes. Based on this data, user profiles can be created under a pseudonym using cookies. Without your separate consent we will not use data processed via etracker to identify you personally. We will also not merge this data with other personal data collected about you in order to identify you. You can object to the processing of the aforementioned data at any time with effect for the future. Please obtain the opt-out-cookie “cntcookie” from this link. Please do not delete this cookie if you wish to keep your objection in place. You will find further information in etracker's information on data protection.
- Newsletter registration: If you would like to receive our newsletter, we require you to provide us with a valid e-mail address. In order to check whether you are the owner of the specified e-mail address or whether the owner agrees to receiving the newsletter, we will send an automated e-mail to the specified e-mail address once the first registration step has been completed. Only once the newsletter registration has been confirmed via a link in the confirmation e-mail will we add the specified e-mail address to our mailing list. We do not collect any data other than the e-mail address and the details for confirming registration. Your consent to the data and the e-mail address being stored and to these being used for sending the newsletter can be revoked at any time with effect for the future.
- Google Service reCaptcha
We use the Google service reCaptcha to determine whether a person or a computer is making a specific entry in our contact or registration form. Google uses the following data to check whether you are a person or a computer: IP address of the device being used, our website that you are visiting and on which the Captcha is integrated, the date and duration of your visit, the identification data of the browser and operating system type being used, the Google account if you are logged in to Google, mouse movements on the reCaptcha areas as well as tasks where you have to identify images.
IV. For what purposes and on what legal bases do we process your data?
- The processing of any personal data contained in the log files is carried out to enable you to use our website; this is done on the basis of Section 15, Para. 1 of the German Telemedia Act (TMG).
- The processing of the data collected using cookies (including the web analytics service etracker) and of the pseudonymous user profiles is carried out for purposes of advertising, market research and the needs-based design of our website on the basis of Section 15, Para. 3 TMG.
- The processing of the newsletter data is carried out for the purposes of registering for the newsletter and sending it within the scope of your consent on the basis of Article 6(1)(c) of the GDPR. Please note that you can revoke the consent you gave to us at any time with effect for the future, for example by clicking on the appropriate link in any of our newsletters or by sending post, fax or e-mail notification via one of the communication channels listed on the first page of this information on data protection.
- If you place an order over our website or register on our website as a user or register for a customer account, we will process the data collected in this context for the implementation of the contracts concluded with you on the basis of Article 6(1)(b) of the GDPR.
- The legal basis for the data processing by the Google service reCaptcha is Art. 6 (1f) of the General Data Protection Regulation. There is a legitimate interest on our part in this data processing in order to ensure the security of our website and protect us against automated entries (attacks).
- We can also process the data collected in connection with your use of our website in order to fulfill legal obligations to which we are subject; this is carried out on the basis of Article 6(1)(c) of the GDPR.
- Where necessary, we also process your data, in addition to the aforementioned purposes, for the purpose of safeguarding our legitimate interests or the interests of third parties; this is carried out on the basis of Article 6(1)(f) of the GDPR. Our legitimate interests include, in particular,
a. The assertion of legal claims and defense in legal disputes;
b. The prevention and investigation of criminal offenses;
c. The control and further development of our business activities, including risk control.
V. Am I obligated to provide data?
The data required in order to register for our newsletter, to implement online orders or to register as a user or create a customer account is marked as mandatory in the corresponding section of the website (e.g. online form); if the mandatory information is not provided we cannot enable you to the use the respective feature.
Where we collect personal data from you in addition to this, we will inform you at the time of collecting whether the provision of this information is prescribed by law or contract or is required for the conclusion of a contract. When doing so we will usually identify information the provision of which is voluntary and is not based on one of the above-mentioned obligations or not required for the conclusion of a contract.
VI. Who gets my data?
Your personal data is generally processed within our company. Depending on the type of personal data, only certain departments / organizational units will have access to your personal data. These include in particular the departments concerned with the provision of our digital services (e.g. webpages) and our IT department. By means of a role and authorization concept, the access within our company is limited to the functions and scope required for the purpose of processing.
We may also share your personal data with third parties outside of our company to the legally permitted extent. These external recipients can include in particular
- Affiliated companies within the Bitburger Brewery Group, with whom we share personal data for internal management purposes;
- The service providers engaged by us who provide services for us on a separate contractual basis, which may include the processing of personal data, as well as the subcontractors of our service providers engaged with our consent;
Non-public and public bodies, as far as we are obligated to share your personal data based on legal obligations.
VII. Is an automated decision-making used?
We generally do not use an automated decision-making process (including profiling) in the sense of Art. 22 of the GDPR in connection with the running of our website. Where we use such procedures in individual cases, we will inform you about this separately to the extent provided for by law.
VIII. Will data be transmitted to countries outside the EU/EEA?
The processing of your personal data is generally carried out within the EU or the European Economic Area.
Only in connection with the engaging of service providers for the provision of web analytics services can a transmission of information to recipients in so-called "third countries” be carried out. "Third countries" are countries outside the European Union or the European Economic Area Agreement, where a level of data protection cannot be readily assumed that is comparable to that in the European Union.
Where the transmitted information also includes personal data, we will make sure prior to such transmission that the adequate data protection level required is ensured in the respective third country or at the recipient in the third country. This may result in particular from a so-called "adequacy decision” of the European Commission enabling an adequate level of data protection for a specific third country to be determined overall. Alternatively, we can also base the data transmission on the so-called "EU Standard Contractual Clauses” agreed upon with a recipient or, in the case of recipients in the USA, on the compliance with the principles of the so-called "EU-US Privacy Shield". We will provide you with more information about the appropriate and adequate guarantees for compliance with a reasonable level of data protection on request; see the contact information at the beginning of this information on data protection. You will also find information about the participants of the EU-US Privacy Shield here.
IX. How long will my data be stored for?
We generally store your personal data for as long as we have a legitimate interest in doing so and said interest is not outweighed by your interests in discontinuing storage.
Even without a legitimate interest we can still store the data where required to do so by law (to meet our obligation to preserve records for example). We will delete your personal data without any action on your part as soon as knowing it is no longer necessary for fulfilling the purpose of processing or storing it is otherwise legally inadmissible.
As a general rule:
- The log data will be deleted within seven days as far as continued storage is not required for purposes provided for by law such as the detection of misuse and the detection and elimination of technical malfunctions;
- The data processed in connection with an order will be deleted upon the statutory record preservation periods ending at the latest; and
- The data processed in the context of a registration as a user or of a customer account will be deleted upon the registration being completed or upon deletion of the customer account.
Personal data that we need to store in order to comply with our obligations to preserve records will be stored until the relevant obligation ends. Where we store personal data solely for the purpose of fulfilling our obligations to preserve records, it is generally locked so that it can only be accessed where required in view of the purpose of our obligation to preserve records.
X. What rights do I have?
You have the right as an affected person:
- To receive information about the personal data stored about you, Art. 15 of the GDPR;
- To correction of inaccurate or incomplete data, Art. 16 of the GDPR;
- To deletion of personal data, Art. 17 of the GDPR;
- To restriction of processing, Art. 18 of the GDPR;
- To data portability, Art. 20 of the GDPR, and
- To object to the processing of the personal data concerning you, Art. 21 of the GDPR.
To exercise these rights, you can contact us at any time, e.g. via one of the communication channels specified at the beginning of this information on data protection.
If you have any questions regarding the processing of your data, you can also contact our data protection officer.
You are also entitled to file a complaint with a competent supervisory authority for data protection, Art. 77 of the GDPR.
* * *