INFORMATION ON DATA PROTECTION
We are pleased that you are visiting our website. Data protection and data security for our customers and users are among our top priorities. We comply with data protection regulations, in particular those of the EU General Data Protection Regulation (“GDPR”), of the German Federal Data Protection Act (“BDSG”) and of the German Telemedia Act (TMG).
In this information on data protection we will explain which information (including personal data) is processed by us during your visit and your use of our above mentioned website ("website").
I. Who is responsible for data processing?
The entity responsible in terms of data protection for the processing of personal data and service providers in the sense of the German Telemedia Act (TMG) is Bitburger Braugruppe GmbH, Römermauer 3, 54634 Bitburg; Tel. 06561 14-0, Fax 06561 14-2289, firstname.lastname@example.org. Where reference is made to "we" or "us” in this information on data protection, this relates to the aforementioned company in each case.
Our data protection officer can be contacted via the above communication channels as well as at email@example.com.
II. What principles do we observe?
In compliance with data protection regulations, we process your personal data only where allowed to do so by a legal regulation or where you have declared your consent. This also applies to the processing of personal data for advertising and marketing purposes.
On this website we can also collect information which, in itself, does not enable us to make any direct conclusions as to your person. In some cases, particularly when combined with other data, this information can nevertheless be considered "personal data" in data protection terms. We may also, on this website, collect information on the basis of which we can neither identify you directly nor indirectly; this is the case for example with summarized information about all users of this website.
III. What data do we process?
You can access our website without directly entering personal data (such as your name, postal address or your e-mail address). In this case also we must collect and store certain information so as to be able to grant you access to our website. Moreover, we use certain analytical processes on this website.
Log files: When you visit this website, our web server will automatically store the domain name or IP address of the accessing computer (usually that of your internet access provider), including the date, time and duration of your visit, the subpages/URLs you visit as well as information about the applications and end devices you use to view our pages.
We differentiate between cookies that are absolutely essential for the technical functionality of the website and optional cookies.
To enable you to select the data protection settings that best suit your requirements for your visits to our website, insofar as possible, we give you the option below of adjusting your preferences with respect to the categories of operational necessity and convenience for you.
Category "operational necessity"
These cookies are absolutely essential for the operation of the website and contain settings that ensure the basic functions and security features of the website. These also include information on the pure number of users of our website (to this end, we use, among others, a cookie from etracker; see also Section 3). These cookies do not store personal information.
These cookies enable YouTube videos, record anonymized data for statistics via etracker and Facebook Custom Audience, and help display personalized content matching your surfing habits.
Here you can change your personal settings.
Website analytics using etracker: We use a solution from etracker GmbH (Erste Brunnestrasse 1, 20459 Hamburg, www.etracker.com) on our website to collect and store data for marketing and optimization purposes. Based on this data, user profiles can be created under a pseudonym using cookies. Without your separate consent we will not use data processed via etracker to identify you personally. We will also not merge this data with other personal data collected about you in order to identify you. You can object to the processing of the aforementioned data at any time with effect for the future. Please obtain the opt-out-cookie “cntcookie” from this link. Please do not delete this cookie if you wish to keep your objection in place. You will find further information in etracker's information on data protection.
The website also uses the Facebook Inc. (“Facebook”) remarketing function “Custom Audiences”. This means that interest-based advertisements can be displayed to users of the website while they are visiting the social network Facebook or other websites which also use the procedure (“Facebook ads”). In doing so, we are pursuing the interest of showing you advertising which may be of interest to you in order to make our website more interesting for you.
Your browser automatically establishes a direct connection to the Facebook server based on the marketing tool used. We do not have any influence on the extent or further use of data which is collected by Facebook via this tool and are therefore providing you with information on the basis of what is known to us. Connecting to Facebook Custom Audiences leads to Facebook being informed that you have clicked on the corresponding page of our internet presence or on one of our advertisements. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider will learn and store your IP address and identifying features.
You can deactivate the function “Facebook Custom Audiences” as a logged-in user at https://www.facebook.com/settings/?tab=ads.
The lawful bases for processing your data are set out in Article 6 (1) (1) (f) of the GDPR. You can find more information about how Facebook processes data at https://www.facebook.com/about/privacy.
We run a company Facebook page (“Business Page”) in addition to our website and our website may contain links to our business page. If you click on our business page, Facebook will process personal data. This may also be the case when you are not logged in to Facebook during the visit. We receive detailed content-related statistics from Facebook regarding use of our Facebook business page, but this consists only of summarized data. We can use these statistics to identify how often or by how many distinct visitors our business page and individual posts on this site are clicked on or rated, for example. We cannot discern from these statistics, however, which specific individuals are visiting our site or have clicked on or rated individual posts. As is usually the case with Facebook, you can see on our business page which Facebook user has rated a post. You can find more information about how Facebook processes data in the data policy provided by Facebook http://de-de.facebook.com/policy.php
Customer Communications: In order to ensure communication with our customers and end consumers, we process all information that you provide to us when you contact us and which we ask for (e.g. your name, address and other contact details); we also store the reason why you contacted us.
Google Service reCaptcha: We use the Google service reCaptcha to determine whether a person or a computer is making a specific entry in our contact or registration form. Google uses the following data to check whether you are a person or a computer: IP address of the device being used, our website that you are visiting and on which the Captcha is integrated, the date and duration of your visit, the identification data of the browser and operating system type being used, the Google account if you are logged in to Google, mouse movements on the reCaptcha areas as well as tasks where you have to identify images.
IV. For what purposes and on what legal bases do we process your data?
The processing of any personal data contained in the log files is carried out to enable you to use our website; this is done on the basis of Section 15, Para. 1 of the German Telemedia Act (TMG).
The processing of the data collected using cookies (including the web analytics service etracker) and of the pseudonymous user profiles is carried out for purposes of advertising, market research and the needs-based design of our website on the basis of Section 15, Para. 3 TMG.
We can also process the data collected in connection with your use of our website in order to fulfill legal obligations to which we are subject; this is carried out on the basis of Article 6(1)(c) of the GDPR.
Where necessary, we also process your data, in addition to the aforementioned purposes, for the purpose of safeguarding our legitimate interests or the interests of third parties; this is carried out on the basis of Article 6(1)(f) of the GDPR. Our legitimate interests include, in particular,
The assertion of legal claims and defense in legal disputes;
The prevention and investigation of criminal offenses;
The control and further development of our business activities, including risk control.
The legal basis for the data processing by the Google service reCaptcha is Art. 6 (1f) of the General Data Protection Regulation. There is a legitimate interest on our part in this data processing in order to ensure the security of our website and protect us against automated entries (attacks).
V. Am I obligated to provide data?
In order to guarantee consumer-friendly communication, at least your name and e-mail address are necessary. These required fields are labeled on the forms; if you do not complete the required fields, we cannot allow you to use the respective function.
Where we collect personal data from you in addition to this, we will inform you at the time of collecting whether the provision of this information is prescribed by law or contract or is required for the conclusion of a contract. When doing so we will usually identify information the provision of which is voluntary and is not based on one of the above-mentioned obligations or not required for the conclusion of a contract.
VI. Who gets my data?
Your personal data is generally processed within our company. Depending on the type of personal data, only certain departments / organizational units will have access to your personal data. These include in particular the departments concerned with the provision of our digital services (e.g. webpages) and our IT department. By means of a role and authorization concept, the access within our company is limited to the functions and scope required for the purpose of processing.
We may also share your personal data with third parties outside of our company to the legally permitted extent. These external recipients can include in particular
Affiliated companies within the Bitburger Brewery Group, with whom we share personal data for internal management purposes;
The service providers engaged by us who provide services for us on a separate contractual basis, which may include the processing of personal data, as well as the subcontractors of our service providers engaged with our consent;
Non-public and public bodies, as far as we are obligated to share your personal data based on legal obligations.
VII. Is an automated decision-making used?
We generally do not use an automated decision-making process (including profiling) in the sense of Art. 22 of the GDPR in connection with the running of our website. Where we use such procedures in individual cases, we will inform you about this separately to the extent provided for by law.
VIII. Will data be transmitted to countries outside the EU/EEA?
The processing of your personal data is generally carried out within the EU or the European Economic Area.
Only in connection with the engaging of service providers for the provision of web analytics services can a transmission of information to recipients in so-called "third countries” be carried out. "Third countries" are countries outside the European Union or the European Economic Area Agreement, where a level of data protection cannot be readily assumed that is comparable to that in the European Union.
Where the transmitted information also includes personal data, we will make sure prior to such transmission that the adequate data protection level required is ensured in the respective third country or at the recipient in the third country. This may result in particular from a so-called "adequacy decision” of the European Commission enabling an adequate level of data protection for a specific third country to be determined overall. Alternatively, we can also base the data transmission on the so-called "EU Standard Contractual Clauses” agreed upon with a recipient. We will provide you with more information about the appropriate and adequate guarantees for compliance with a reasonable level of data protection on request; see the contact information at the beginning of this information on data protection. .
IX. How long will my data be stored for?
We generally store your personal data for as long as we have a legitimate interest in doing so and said interest is not outweighed by your interests in discontinuing storage.
Even without a legitimate interest we can still store the data where required to do so by law (to meet our obligation to preserve records for example). We will delete your personal data without any action on your part as soon as knowing it is no longer necessary for fulfilling the purpose of processing or storing it is otherwise legally inadmissible.
As a general rule:
The log data will be deleted within seven days as far as continued storage is not required for purposes provided for by law such as the detection of misuse and the detection and elimination of technical malfunctions;
The data processed in connection with an order will be deleted upon the statutory record preservation periods ending at the latest
Personal data that we need to store in order to comply with our obligations to preserve records will be stored until the relevant obligation ends. Where we store personal data solely for the purpose of fulfilling our obligations to preserve records, it is generally locked so that it can only be accessed where required in view of the purpose of our obligation to preserve records.
X. What rights do I have?
You have the right as an affected person:
To receive information about the personal data stored about you, Art. 15 of the GDPR;
To correction of inaccurate or incomplete data, Art. 16 of the GDPR;
To deletion of personal data, Art. 17 of the GDPR;
To restriction of processing, Art. 18 of the GDPR;
To data portability, Art. 20 of the GDPR, and
To object to the processing of the personal data concerning you, Art. 21 of the GDPR.
To exercise these rights, you can contact us at any time, e.g. via one of the communication channels specified at the beginning of this information on data protection.
If you have any questions regarding the processing of your data, you can also contact our data protection officer.
You are also entitled to file a complaint with a competent supervisory authority for data protection, Art. 77 of the GDPR.