DATA PROTECTION

Pro­tec­ting your per­so­nal data is important to us. We com­ply strict­ly with data pro­tec­tion laws when hand­ling your per­so­nal data.

In the fol­lo­wing docu­ment, we will inform you about how we use your per­so­nal data and what this means for you when you use our web­site, warsteiner-welt.de.

The con­trol­ler respon­si­ble for pro­ces­sing per­so­nal data under appli­ca­ble data pro­tec­tion regu­la­ti­ons is:

Warsteiner Welt GmbH & Co. KG
Dom­ring 4–10
59581 Warstein

Pho­ne: +49 2902 885001
E‑mail: visit@warsteiner.com

Repre­sen­ted by:
HCG Beteiligungs-GmbH

in turn repre­sen­ted by:
Simo­ne Pollmann-Schweckhorst

1. WHAT IS PERSONAL DATA?

Per­so­nal data is all infor­ma­ti­on rela­ted to an iden­ti­fied or iden­ti­fia­ble natu­ral per­son. This includes data pro­vi­ded such as your address, tele­pho­ne num­ber and e‑mail address, as well as usa­ge data such as your user­na­me and password.

Data that does not refe­rence an iden­ti­fia­ble per­son in any way is not con­side­red per­so­nal data, such as anony­mi­zed data on usa­ge and ser­vice processes.

2. ANONYMOUS USE AND COLLECTION, PROCESSING AND USE OF ACCESS AND PERSONAL DATA

In gene­ral, you can surf anony­mously on warsteiner-welt.de. Unless you share such data with us yours­elf, we will not coll­ect or store any per­so­nal data during your visit to warsteiner-welt.de. When you visit our web­site warsteiner-welt.de, howe­ver, our web ser­ver will store cer­tain tech­ni­cal data (cal­led access data) in log files, such as

- Name of the acces­sed file
— Date and time of access
— IP address of the acces­sing computer
— Brow­ser type and version
— Ope­ra­ting sys­tem used by the use
— URL of the last page acces­sed by the user
— Quan­ti­ty of data transmitted
— Sta­tus of access (suc­cessful yes/no)

The IP addres­ses recor­ded in our log files ser­ve only to bet­ter ana­ly­se and cor­rect issues with the avai­la­bi­li­ty of the web­sites pro­vi­ded on our ser­vers, to impro­ve and opti­mi­se the web­sites we pro­vi­de from a tech­ni­cal and edi­to­ri­al stand­point, and for foren­sic ana­ly­sis if neces­sa­ry. We do not prepa­re sta­tis­ti­cal ana­ly­ses and/or user pro­files based on the data stored in log files.

When you use the fol­lo­wing ser­vices available at warsteiner-welt.de, we coll­ect your per­so­nal data:

- When you book a bre­wery tour

We only use the per­so­nal data we coll­ect if you pro­vi­de it to us during your regis­tra­ti­on and/or when pla­cing an order, or in the cour­se of the con­trac­tu­al rela­ti­onship. You must pro­vi­de your per­so­nal data in order to con­clude the con­tract or car­ry out the con­trac­tu­al rela­ti­onship. We coll­ect and use the data you pro­vi­de to pro­cess your orders and for bil­ling pur­po­ses, if neces­sa­ry to initia­te, deter­mi­ne the con­tent of or modi­fy our con­trac­tu­al rela­ti­onship with you in accordance with artic­le 6 para­graph 1 let­ter b) GDPR. If you do not pro­vi­de us with your per­so­nal data, then we can­not make the afo­re­men­tio­ned ser­vices available to you.

To book a bre­wery tour, you must pro­vi­de the fol­lo­wing data:

- Date and time of your tour
— Num­ber of participants
— Name (if appli­ca­ble, com­pa­ny name and representative)
— E‑mail address
— Tele­pho­ne number
— Pos­tal code
— Date of birth
— Num­ber of audio guides
— Num­ber of han­di­cap­ped participants
— Pay­ment infor­ma­ti­on for pay­ment methods in use

During regis­tra­ti­on for cer­tain ser­vices, Warsteiner Welt may request that users pro­vi­de fur­ther per­so­nal data in order to pro­vi­de them with their desi­red services

Fur­ther­mo­re, we will only use the per­so­nal data you pro­vi­de if and inso­far as you have con­sen­ted that we may do so, or if we have legal per­mis­si­on to use the data.

3. LINKS TO OTHER WEBSITES, USE OF COOKIES, GOOGLE ANALYTICS, SOCIAL PLUG-INS

a) Hyper­links

Warsteiner-welt.de links to web­sites from other pro­vi­ders with which we are not affi­lia­ted (third par­ties). Once you click the­se links warsteiner-welt.de has no fur­ther influence over the data coll­ec­ted and used by the­se pro­vi­ders. Fur­ther infor­ma­ti­on on data coll­ec­tion and usa­ge is pro­vi­ded in the data pro­tec­tion decla­ra­ti­ons of the­se indi­vi­du­al pro­vi­ders. Of cour­se, sin­ce we have no con­trol over how third par­ties coll­ect and pro­cess data, we can­not accept any respon­si­bi­li­ty for such coll­ec­tion or processing.

b) Coo­kies

We use coo­kies to make our web­site more attrac­ti­ve and to allow you to use cer­tain functions.

Coo­kies are text files stored tem­po­r­a­ri­ly or long-term on the user’s com­pu­ter by the user’s brow­ser. Tem­po­ra­ry coo­kies ensu­re that com­mu­ni­ca­ti­ons remain uni­form. Per­sis­tent coo­kies are used to reco­g­ni­se users when they visit our web­site again. Such per­sis­tent coo­kies are used, for ins­tance, when users sel­ect the func­tion “Remain log­ged in on this com­pu­ter”. If you use the same com­pu­ter to access the page again later, the web­site then uses a coo­kie to reco­g­ni­se the com­pu­ter and log it in automatically.

You can choo­se whe­ther your brow­ser should accept coo­kies. All brow­ser pro­grams will allow you to deac­ti­va­te or dele­te coo­kies. Func­tions that requi­re the abili­ty to reco­g­ni­se your com­pu­ter, howe­ver, will not be available or will only be available to a rest­ric­ted ext­ent if you do so. The­r­e­fo­re, web­site func­tions may be impac­ted if you deac­ti­va­te coo­kies; in par­ti­cu­lar, your abili­ty to book a bre­wery tour may be restricted.

Our web­site uses coo­kie con­sent tech­no­lo­gy from Borlabs Coo­kie to obtain your con­sent to store cer­tain coo­kies in your brow­ser, then docu­ment this con­sent in accordance with data pro­tec­tion laws. The pro­vi­der of this tech­no­lo­gy is Borlabs — Ben­ja­min A. Born­schein, Georg-Wil­helm-Str. 17, 21107 Ham­burg (her­ein­af­ter refer­red to as Borlabs).

When you access our web­site, a Borlabs coo­kie is stored in your brow­ser, and your con­sent or revo­ca­ti­on of con­sent is stored with the coo­kie. This data is not trans­mit­ted to the pro­vi­der of Borlabs Cookie.

The recor­ded data is stored until you request that we dele­te it, or until you dele­te the Borlabs coo­kie yours­elf, or until the pur­po­se for which the data was stored no lon­ger appli­es. Man­da­to­ry sta­tu­to­ry reten­ti­on peri­ods remain unaf­fec­ted. Details on data pro­ces­sing by Borlabs Coo­kie are available at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

We use Borlabs Coo­kie con­sent tech­no­lo­gy to obtain legal­ly requi­red appr­oval for the use of coo­kies. Our legal basis for doing so is Art. 6 para. 1 clau­se 1 lit. c GDPR.

You can edit your coo­kie set­tings here:

c) Mato­mo (form­er­ly Piwik)

This web­site uses the open source web ana­ly­tics ser­vice Mato­mo. Mato­mo uses coo­kies. The­se are text files stored on your com­pu­ter that allow us to ana­ly­se your use of the web­site. To do so, infor­ma­ti­on on your use of the web­site gene­ra­ted by the coo­kie is saved on our ser­ver. Your IP address is anony­mi­sed befo­re it is saved.

Mato­mo coo­kies remain stored on your device until you dele­te them.

Mato­mo coo­kies are stored, and this ana­ly­tic tool is used, on the basis of Art. 6 para. 1 lit. f GDPR. The web­site ope­ra­tor has a legi­ti­ma­te inte­rest in the anony­mi­sed ana­ly­sis of user beha­viour, in order to opti­mi­se both its web­site and its adver­ti­se­ments. If we request your con­sent (for ins­tance con­sent to store coo­kies), then data is pro­ces­sed exclu­si­ve­ly on the basis of Art. 6 para. 1 lit. a GDPR; you may revo­ke your con­sent at any time.

Infor­ma­ti­on on your use of the web­site gene­ra­ted by the coo­kie is not trans­mit­ted to third par­ties. You can chan­ge your brow­ser soft­ware set­tings to pre­vent it from sto­ring coo­kies; howe­ver, if you do so you may not be able to use all of the func­tions of this web­site in full.

If you do not agree to the sto­rage and use of your data, you can deac­ti­va­te said data sto­rage and use. If you do so, an opt-out coo­kie will be stored on your brow­ser to pre­vent Mato­mo from saving usa­ge data. If you dele­te your coo­kies, then the Mato­mo opt-out coo­kie will also be dele­ted. You will have to reac­ti­va­te the opt out the next time you visit the website.

d) Face­book

Face­book is a social net­work run by the Ame­ri­can com­pa­ny Face­book, Inc. (1601 S. Cali­for­nia Ave, Palo Alto, CA 94304, USA). Face­book but­tons are always mark­ed with the Face­book logo. When you con­firm (click on) the icon, your per­so­nal data are trans­mit­ted and pro­ces­sed. Infor­ma­ti­on on data pro­ces­sing on our Face­book fan page is available at the fol­lo­wing link: https://bit.ly/382uc5x

e) Twit­ter

Twit­ter is a micro­blog­ging ser­vice from the Ame­ri­can com­pa­ny Twit­ter, Inc. (795 Fol­som St., Suite 600, San Fran­cis­co, CA 94107). Twit­ter but­tons are always mark­ed with the Twit­ter logo. When you con­firm (click on) the icon, your per­so­nal data are trans­mit­ted and processed.

f) Insta­gram

Insta­gram is a social net­work run by the Ame­ri­can com­pa­ny Face­book, Inc. (1601 S. Cali­for­nia Ave, Palo Alto, CA 94304, USA). Insta­gram but­tons are always mark­ed with the Insta­gram logo. When you con­firm (click on) the icon, your per­so­nal data are trans­mit­ted and processed.

g) You­tube

You­tube is a video plat­form from the Ame­ri­can com­pa­ny Goog­le LLC. (1600 Amphi­theat­re Park­way Moun­tain View, CA 94043 USA). You­tube but­tons are always mark­ed with the You­tube logo. When you con­firm (click on) the icon, your per­so­nal data are trans­mit­ted and processed.

h) Ado­be Fonts

This web­site uses cer­tain web fonts from Ado­be in order to achie­ve a uni­form appearance. The pro­vi­der is Ado­be Sys­tems Incor­po­ra­ted, 345 Park Ave­nue, San Jose, CA 95110–2704, USA (Ado­be).

When you access this web­site, your brow­ser will load the requi­red fonts direct­ly from Ado­be in order to dis­play the site cor­rect­ly on your device. Your brow­ser crea­tes a link to Ado­be ser­vers in the USA to do so. When it does, Ado­be is noti­fied that your IP address acces­sed this web­site. Accor­ding to Ado­be, no coo­kies are stored in asso­cia­ti­on with pro­vi­ding the­se fonts.

Ado­be is cer­ti­fied under the EU-US Pri­va­cy Shield. The Pri­va­cy Shield is a con­ven­ti­on bet­ween the United Sta­tes of Ame­ri­ca and the Euro­pean Uni­on desi­gned to ensu­re com­pli­ance with Euro­pean data pro­tec­tion stan­dards. Fur­ther infor­ma­ti­on is available at: https://www.adobe.com/de/privacy/eudatatransfers.html.

Data is stored and ana­ly­sed in accordance with Art. 6 para. 1 lit. f GDPR. The web­site ope­ra­tor has a legi­ti­ma­te inte­rest in dis­play­ing fonts in a uni­form man­ner on the web­site. If we request your con­sent (for ins­tance con­sent to store coo­kies), then data is pro­ces­sed exclu­si­ve­ly on the basis of Art. 6 para. 1 lit. a GDPR; you may revo­ke your con­sent at any time.

Fur­ther infor­ma­ti­on on Ado­be Fonts is available at: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

Adobe’s data pro­tec­tion decla­ra­ti­on is available at: https://www.adobe.com/de/privacy/policy.html

4. Hosting and Content Delivery Networks (CDN)

Exter­nal hosting

This web­site is hos­ted by an exter­nal ser­vice pro­vi­der (hos­ter). Per­so­nal data coll­ec­ted on this web­site is stored on the hoster’s ser­vers. This may include, for ins­tance, IP addres­ses, cont­act inqui­ries, meta and com­mu­ni­ca­ti­on data, con­tract data, cont­act data, names, web­site access data and other data gene­ra­ted via a website.

We make use of the hoster’s ser­vices to ful­fil our con­tracts with cur­rent and poten­ti­al cus­to­mers (Art. 6 para. 1 lit. b GDPR) and in the inte­rest of pro­vi­ding our online ser­vices secu­re­ly, quick­ly and effi­ci­ent­ly via a pro­fes­sio­nal pro­vi­der (Art. 6 para. 1 lit. f GDPR).

Our hos­ter will only pro­cess your data if neces­sa­ry to ful­fil its ser­vice obli­ga­ti­ons, and under our ins­truc­tions with respect to this data.

Con­clu­ding a con­tract for data processing

We have con­cluded a con­tract for data pro­ces­sing with our hos­ter in order to ensu­re pro­ces­sing is car­ri­ed out accor­ding to data pro­tec­tion law.

5. ENCRYPTED PAYMENT TRANSACTIONS ON THIS WEBSITE

If you are obli­ga­ted to pro­vi­de us with your pay­ment infor­ma­ti­on (such as your account num­ber for direct debits) after con­clu­ding a con­tract that invol­ves pay­ments, then we requi­re this data to pro­cess your payment.

Pay­ments are pro­ces­sed via com­mon­ly used pay­ment methods (Visa/MasterCard, direct debit) exclu­si­ve­ly via an encrypt­ed SSL or TLS con­nec­tion. You can tell whe­ther a con­nec­tion is encrypt­ed becau­se the address line of your brow­ser will switch from “http://” to “https://” and you will see a lock sym­bol in the brow­ser line.

The pay­ment data you pro­vi­de to us can­not be view­ed by third par­ties if you com­mu­ni­ca­te it to us via encrypt­ed means.

6. eCommerce and Payment Providers

Data pro­ces­sing (cus­to­mer and con­tract data)

We coll­ect, pro­cess and use per­so­nal data only if neces­sa­ry to initia­te, deter­mi­ne the con­tent or modi­fy our legal rela­ti­onship. We do so on the basis of Art. 6 para. 1 lit. b GDPR, which allows data pro­ces­sing in order to ful­fil a con­tract or car­ry out pre-con­trac­tu­al mea­su­res. We only coll­ect, pro­cess and use per­so­nal data regar­ding the use of this web­site (usa­ge data) if neces­sa­ry to allow users to uti­li­se our ser­vices, or to char­ge for them.

Coll­ec­ted cus­to­mer data is dele­ted after their con­tract is com­ple­te, or after the end of the busi­ness rela­ti­onship. Sta­tu­to­ry reten­ti­on peri­ods remain unaffected.

Data trans­mis­si­on upon con­clu­ding a con­tract for ser­vices and digi­tal content

We trans­mit per­so­nal data to third par­ties only if neces­sa­ry in the cour­se of car­ry­ing out a con­tract, for ins­tance to a cre­dit insti­tu­ti­on invol­ved in pro­ces­sing a payment.

Data is not trans­mit­ted for other pur­po­ses, or is trans­mit­ted only if you have express­ly agreed to the trans­mis­si­on. Your data is not dis­c­lo­sed to third par­ties wit­hout your express con­sent, for ins­tance for adver­ti­sing purposes.

Data is pro­ces­sed based on Art. 6 para. 1 lit. b GDPR, which allows data pro­ces­sing in order to ful­fil a con­tract or car­ry out pre-con­trac­tu­al measures.

Klar­na

One of the pay­ment methods we offer on this web­site is pay­ment by Klar­na. The pro­vi­der is Klar­na AB, Svea­vä­gen 46, 111 34 Stock­holm, Swe­den (her­ein­af­ter refer­red to as “Klar­na”).

Klar­na offers a varie­ty of pay­ment opti­ons (such as inst­al­ment purcha­ses). If you deci­de to pay with Klar­na (Klar­na check­out solu­ti­on), then Klar­na will coll­ect a varie­ty of per­so­nal data from you. Details are available in the Klar­na data pro­tec­tion decla­ra­ti­on at the fol­lo­wing link: https://www.klarna.com/de/datenschutz/.

Klar­na uses coo­kies to opti­mi­se use of the Klar­na check­out solu­ti­on. Opti­mi­sing the check­out solu­ti­on is part of our legi­ti­ma­te inte­rest in the sen­se of Art. 6 para. 1 lit. f GDPR. Coo­kies are small text files stored on your device, and do not cau­se any harm. They remain stored on your device until you dele­te them. Details on the use of Klar­na coo­kies are available at the fol­lo­wing link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.

We trans­mit your data to Klar­na on the basis of Art. 6 para. 1 lit. a GDPR (con­sent) and Art. 6 para. 1 lit. b GDPR (pro­ces­sing to ful­fil a con­tract). You can revo­ke your con­sent to data pro­ces­sing at any time. Your revo­ca­ti­on will not impact the effec­ti­ve­ness of data pro­ces­sing car­ri­ed out in the past.

Instant trans­fers

One of the pay­ment methods we offer on this web­site is an “instant trans­fer”. The pro­vi­der of this pay­ment ser­vice is Sofort GmbH, The­re­si­en­hö­he 12, 80339 Munich (her­ein­af­ter refer­red to as “Sofort GmbH”).

The “Instant trans­fer” pro­cess pro­vi­des us with a pay­ment con­fir­ma­ti­on from Sofort GmbH in real time, allo­wing us to begin ful­fil­ling our lia­bi­li­ties immediately.

If you deci­de to use the “instant trans­fer” pay­ment method, then you will trans­mit a PIN and valid TAN to Sofort GmbH so that they can log into your online ban­king account. Sofort GmbH will auto­ma­ti­cal­ly check your account balan­ce after log­ging in and com­ple­te the trans­fer to us with the TAN you pro­vi­de. Then, they will send us an imme­dia­te tran­sac­tion con­fir­ma­ti­on. After log­ging in, your reve­nues, the cre­dit line of the over­draft faci­li­ty and the exis­tence of other accounts and their balan­ces are che­cked automatically.

In addi­ti­on to your PIN and TAN, the pay­ment data and per­so­nal data you pro­vi­de are also trans­mit­ted to Sofort GmbH. The per­so­nal data includes your first and last name, address, tele­pho­ne number(s), e‑mail address, IP address, and any other data neces­sa­ry to pro­cess your pay­ment. This data must be trans­mit­ted to deter­mi­ne your iden­ti­ty and pre­vent any fraud attempts.

We trans­mit your data to Sofort GmbH on the basis of Art. 6 para. 1 lit. a GDPR (con­sent) and Art. 6 para. 1 lit. b GDPR (pro­ces­sing to ful­fil a con­tract). You can revo­ke your con­sent to data pro­ces­sing at any time. Your revo­ca­ti­on will not impact the effec­ti­ve­ness of data pro­ces­sing car­ri­ed out in the past.

Details on pay­ment via instant trans­fer are available at the fol­lo­wing links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

7. TRANSMISSION OF PERSONAL DATA

We only trans­mit your per­so­nal data if this is indi­ca­ted in this data pro­tec­tion decla­ra­ti­on, if the con­trac­tu­al pur­po­se requi­res that we do so (Artic­le 6 para. 1 let­ter b) GDPR), if you have given your express con­sent that we do so (Artic­le 6 para. 1 let­ter a) GDPR), and/or if we have legal per­mis­si­on to do so (Artic­le 6 para. 1 let­ter c) GDPR). We may trans­mit your data to our com­mis­sio­ned cre­dit insti­tu­te or pay­ment pro­vi­der in order to pro­cess your payment.

8. DATA SECURITY

We use tech­ni­cal and orga­ni­sa­tio­nal secu­ri­ty mea­su­res to ensu­re that users’ per­so­nal data is pro­tec­ted against loss, pro­hi­bi­ted chan­ges, or ille­gal access by third par­ties. We only allow aut­ho­ri­sed per­son­nel to access your per­so­nal data, and only allow access to the ext­ent neces­sa­ry for the abo­ve purposes.

Cer­tain sen­si­ti­ve data is trans­mit­ted only in encrypt­ed form. We use “secu­re socket lay­er” (SSL) trans­mis­si­on to do so. All infor­ma­ti­on trans­mit­ted using this secu­re method is encrypt­ed befo­re it is sent to us. Your per­so­nal data, such as your name or address, is con­ver­ted into a code for encryp­ti­on by the secu­ri­ty ser­ver soft­ware. This ensu­res that this data can­not be acces­sed by unaut­ho­ri­sed par­ties during online trans­mis­si­on. Most newer brow­sers alre­a­dy sup­port this secu­re trans­mis­si­on technology.

All employees of Warsteiner Welt and their agents are obli­ga­ted to main­tain data sec­re­cy, if they hand­le per­so­nal data.

9. DURATION OF STORAGE

Once the con­tract has ended and been car­ri­ed out in full, your data is blo­cked against fur­ther use, and is dele­ted at the end of appli­ca­ble tax and com­mer­cial law regu­la­ti­ons, unless you have declared your con­sent to the ongo­ing use of your data.

10. RIGHTS OF DATA SUBJECTS

You have a varie­ty of rights under the law rela­ted to Warsteiner Welt’s pro­ces­sing of your per­so­nal data. As defi­ned under the law, per­sons who­se per­so­nal data is pro­ces­sed are refer­red to as “data subjects”.

You can cont­act Warsteiner Welt if you would like to exer­cise any of your rights lis­ted below:

Right to revo­ke con­sent in accordance with Art. 7 para. 3 clau­se 1 GDPR

Right to infor­ma­ti­on in accordance with Art. 15 GDPR

Right to rec­ti­fi­ca­ti­on and com­ple­ti­on in accordance with Art. 16 GDPR

Right to dele­ti­on and “right to be for­got­ten” in accordance with Art. 17 GDPR

Right to rest­rict pro­ces­sing in accordance with Art. 18 GDPR

Right to data por­ta­bi­li­ty in accordance with Art. 20 GDPR

Right to object in accordance with Art. 21 GDPR

Right to not be sub­ject to decis­i­ons based only on auto­ma­ted pro­ces­sing — inclu­ding pro­fil­ing — in accordance with Art. 22 GDPR

Right to sub­mit com­plaints to a super­vi­so­ry aut­ho­ri­ty in accordance with Art. 77 GDPR

Respon­si­ble super­vi­so­ry authority:

Sta­te Offi­cer for Data Pro­tec­tion and Free­dom of Infor­ma­ti­on
North Rhi­ne West­pha­lia
PO Box 20 04 44
40102 Düs­sel­dorf

Tel.: 0211/38424–0
Fax: 0211/38424–10
E‑mail: poststelle@ldi.nrw.de

11. REVOCATION OF CONSENT / DATA PROTECTION OFFICER

If you have con­sen­ted to the use of your per­so­nal data, you can revo­ke your con­sent gran­ted to us at any time with future effect.

If you have ques­ti­ons or requi­re fur­ther infor­ma­ti­on, or if you would like to revo­ke your con­sent, plea­se cont­act our Data Pro­tec­tion Officer:

Warsteiner Welt GmbH & Co. KG
Data Pro­tec­tion Offi­cer
Dom­ring 4–10
59581 War­stein

E‑mail: visit@warsteiner.com

Data pro­tec­tion decla­ra­ti­on Ver­si­on 1.0
As of: June 2020

Travelers Choice Award

The Warsteiner Welt was award­ed the Tra­vel­lers’ Choice Award.

© 2024 Warsteiner