Protecting your personal data is important to us. We comply strictly with data protection laws when handling your personal data. In the following document, we will inform you about how we use your personal data and what this means for you when you use our website, warsteiner-welt.de. The controller responsible for processing personal data under applicable data protection regulations is: Warsteiner Welt GmbH & Co. KG Domring 4–10 59581 Warstein Phone: +49 2902 885001 E‑mail: email@example.com Represented by: HCG Beteiligungs-GmbH in turn represented by: Simone Pollmann-Schweckhorst
1. WHAT IS PERSONAL DATA?
Personal data is all information related to an identified or identifiable natural person. This includes data provided such as your address, telephone number and e‑mail address, as well as usage data such as your username and password. Data that does not reference an identifiable person in any way is not considered personal data, such as anonymized data on usage and service processes.
2. ANONYMOUS USE AND COLLECTION, PROCESSING AND USE OF ACCESS AND PERSONAL DATA
In general, you can surf anonymously on warsteiner-welt.de. Unless you share such data with us yourself, we will not collect or store any personal data during your visit to warsteiner-welt.de. When you visit our website warsteiner-welt.de, however, our web server will store certain technical data (called access data) in log files, such as — Name of the accessed file — Date and time of access — IP address of the accessing computer — Browser type and version — Operating system used by the use — URL of the last page accessed by the user — Quantity of data transmitted — Status of access (successful yes/no) The IP addresses recorded in our log files serve only to better analyse and correct issues with the availability of the websites provided on our servers, to improve and optimise the websites we provide from a technical and editorial standpoint, and for forensic analysis if necessary. We do not prepare statistical analyses and/or user profiles based on the data stored in log files. When you use the following services available at warsteiner-welt.de, we collect your personal data: — When you book a brewery tour We only use the personal data we collect if you provide it to us during your registration and/or when placing an order, or in the course of the contractual relationship. You must provide your personal data in order to conclude the contract or carry out the contractual relationship. We collect and use the data you provide to process your orders and for billing purposes, if necessary to initiate, determine the content of or modify our contractual relationship with you in accordance with article 6 paragraph 1 letter b) GDPR. If you do not provide us with your personal data, then we cannot make the aforementioned services available to you. To book a brewery tour, you must provide the following data: — Date and time of your tour — Number of participants — Name (if applicable, company name and representative) — E‑mail address — Telephone number — Postal code — Date of birth — Number of audio guides — Number of handicapped participants — Payment information for payment methods in use During registration for certain services, Warsteiner Welt may request that users provide further personal data in order to provide them with their desired services Furthermore, we will only use the personal data you provide if and insofar as you have consented that we may do so, or if we have legal permission to use the data.
Facebook is a social network run by the American company Facebook, Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA). Facebook buttons are always marked with the Facebook logo. When you confirm (click on) the icon, your personal data are transmitted and processed. Information on data processing on our Facebook fan page is available at the following link: https://bit.ly/382uc5x
Twitter is a microblogging service from the American company Twitter, Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107). Twitter buttons are always marked with the Twitter logo. When you confirm (click on) the icon, your personal data are transmitted and processed.
f) Instagram Instagram is a social network run by the American company Facebook, Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA). Instagram buttons are always marked with the Instagram logo. When you confirm (click on) the icon, your personal data are transmitted and processed. g) Youtube Youtube ist ein Videoplattform des amerikanischen Unternehmens Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043 USA). Youtube-Buttons sind stets mit dem Youtube-Logo gekennzeichnet. Erst bei Bestätigung (Anklicken) des Icons erfolgt eine Weiterleitung und es erfolgt eine Verarbeitung personenbezogener Daten. h) Adobe Fonts This website uses certain web fonts from Adobe in order to achieve a uniform appearance. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110–2704, USA (Adobe). When you access this website, your browser will load the required fonts directly from Adobe in order to display the site correctly on your device. Your browser creates a link to Adobe servers in the USA to do so. When it does, Adobe is notified that your IP address accessed this website. According to Adobe, no cookies are stored in association with providing these fonts. Adobe is certified under the EU-US Privacy Shield. The Privacy Shield is a convention between the United States of America and the European Union designed to ensure compliance with European data protection standards. Further information is available at: https://www.adobe.com/de/privacy/eudatatransfers.html. Data is stored and analysed in accordance with Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in displaying fonts in a uniform manner on the website. If we request your consent (for instance consent to store cookies), then data is processed exclusively on the basis of Art. 6 para. 1 lit. a GDPR; you may revoke your consent at any time. Further information on Adobe Fonts is available at: https://www.adobe.com/de/privacy/policies/adobe-fonts.html. Adobe’s data protection declaration is available at: https://www.adobe.com/de/privacy/policy.html
4. Hosting und Content Delivery Networks (CDN)
External hosting This website is hosted by an external service provider (hoster). Personal data collected on this website is stored on the hoster’s servers. This may include, for instance, IP addresses, contact inquiries, meta and communication data, contract data, contact data, names, website access data and other data generated via a website. We make use of the hoster’s services to fulfil our contracts with current and potential customers (Art. 6 para. 1 lit. b GDPR) and in the interest of providing our online services securely, quickly and efficiently via a professional provider (Art. 6 para. 1 lit. f GDPR). Our hoster will only process your data if necessary to fulfil its service obligations, and under our instructions with respect to this data. Concluding a contract for data processing We have concluded a contract for data processing with our hoster in order to ensure processing is carried out according to data protection law.
5. ENCRYPTED PAYMENT TRANSACTIONS ON THIS WEBSITE
If you are obligated to provide us with your payment information (such as your account number for direct debits) after concluding a contract that involves payments, then we require this data to process your payment. Payments are processed via commonly used payment methods (Visa/MasterCard, direct debit) exclusively via an encrypted SSL or TLS connection. You can tell whether a connection is encrypted because the address line of your browser will switch from “http://” to “https://” and you will see a lock symbol in the browser line. The payment data you provide to us cannot be viewed by third parties if you communicate it to us via encrypted means.
6. ECOMMERCE AND PAYMENT PROVIDERS
7. TRANSMISSION OF PERSONAL DATA
We only transmit your personal data if this is indicated in this data protection declaration, if the contractual purpose requires that we do so (Article 6 para. 1 letter b) GDPR), if you have given your express consent that we do so (Article 6 para. 1 letter a) GDPR), and/or if we have legal permission to do so (Article 6 para. 1 letter c) GDPR). We may transmit your data to our commissioned credit institute or payment provider in order to process your payment.
8. DATA SECURITY
We use technical and organisational security measures to ensure that users’ personal data is protected against loss, prohibited changes, or illegal access by third parties. We only allow authorised personnel to access your personal data, and only allow access to the extent necessary for the above purposes. Certain sensitive data is transmitted only in encrypted form. We use “secure socket layer” (SSL) transmission to do so. All information transmitted using this secure method is encrypted before it is sent to us. Your personal data, such as your name or address, is converted into a code for encryption by the security server software. This ensures that this data cannot be accessed by unauthorised parties during online transmission. Most newer browsers already support this secure transmission technology. All employees of Warsteiner Welt and their agents are obligated to maintain data secrecy, if they handle personal data.
9. DURATION OF STORAGE
Once the contract has ended and been carried out in full, your data is blocked against further use, and is deleted at the end of applicable tax and commercial law regulations, unless you have declared your consent to the ongoing use of your data.
10. RIGHTS OF DATA SUBJECTS
You have a variety of rights under the law related to Warsteiner Welt’s processing of your personal data. As defined under the law, persons whose personal data is processed are referred to as “data subjects”. You can contact Warsteiner Welt if you would like to exercise any of your rights listed below: Right to revoke consent in accordance with Art. 7 para. 3 clause 1 GDPR Right to information in accordance with Art. 15 GDPR Right to rectification and completion in accordance with Art. 16 GDPR Right to deletion and “right to be forgotten” in accordance with Art. 17 GDPR Right to restrict processing in accordance with Art. 18 GDPR Right to data portability in accordance with Art. 20 GDPR Right to object in accordance with Art. 21 GDPR Right to not be subject to decisions based only on automated processing — including profiling — in accordance with Art. 22 GDPR Right to submit complaints to a supervisory authority in accordance with Art. 77 GDPR Responsible supervisory authority: State Officer for Data Protection and Freedom of Information North Rhine Westphalia PO Box 20 04 44 40102 Düsseldorf Tel.: 0211/38424–0 Fax: 0211/38424–10 E‑mail: firstname.lastname@example.org
11. REVOCATION OF CONSENT / DATA PROTECTION OFFICER
If you have consented to the use of your personal data, you can revoke your consent granted to us at any time with future effect. If you have questions or require further information, or if you would like to revoke your consent, please contact our Data Protection Officer: Warsteiner Welt GmbH & Co. KG Data Protection Officer Domring 4–10 59581 Warstein E‑mail: email@example.com Data protection declaration Version 1.0 As of: June 2020
© 2020 Warsteiner