Protecting your personal data is important to us. We comply strictly with data protection laws when handling your personal data. In the following document, we will inform you about how we use your personal data and what this means for you when you use our website, warsteiner-welt.de. The controller responsible for processing personal data under applicable data protection regulations is: Warsteiner Welt GmbH & Co. KG Domring 4–10 59581 Warstein Phone: +49 2902 885001 E‑mail: firstname.lastname@example.org Represented by: HCG Beteiligungs-GmbH in turn represented by: Simone Pollmann-Schweckhorst
1. WHAT IS PERSONAL DATA?
Personal data is all information related to an identified or identifiable natural person. This includes data provided such as your address, telephone number and e‑mail address, as well as usage data such as your username and password. Data that does not reference an identifiable person in any way is not considered personal data, such as anonymized data on usage and service processes.
2. ANONYMOUS USE AND COLLECTION, PROCESSING AND USE OF ACCESS AND PERSONAL DATA
In general, you can surf anonymously on warsteiner-welt.de. Unless you share such data with us yourself, we will not collect or store any personal data during your visit to warsteiner-welt.de. When you visit our website warsteiner-welt.de, however, our web server will store certain technical data (called access data) in log files, such as — Name of the accessed file — Date and time of access — IP address of the accessing computer — Browser type and version — Operating system used by the use — URL of the last page accessed by the user — Quantity of data transmitted — Status of access (successful yes/no) The IP addresses recorded in our log files serve only to better analyse and correct issues with the availability of the websites provided on our servers, to improve and optimise the websites we provide from a technical and editorial standpoint, and for forensic analysis if necessary. We do not prepare statistical analyses and/or user profiles based on the data stored in log files. When you use the following services available at warsteiner-welt.de, we collect your personal data: — When you book a brewery tour We only use the personal data we collect if you provide it to us during your registration and/or when placing an order, or in the course of the contractual relationship. You must provide your personal data in order to conclude the contract or carry out the contractual relationship. We collect and use the data you provide to process your orders and for billing purposes, if necessary to initiate, determine the content of or modify our contractual relationship with you in accordance with article 6 paragraph 1 letter b) GDPR. If you do not provide us with your personal data, then we cannot make the aforementioned services available to you. To book a brewery tour, you must provide the following data: — Date and time of your tour — Number of participants — Name (if applicable, company name and representative) — E‑mail address — Telephone number — Postal code — Date of birth — Number of audio guides — Number of handicapped participants — Payment information for payment methods in use During registration for certain services, Warsteiner Welt may request that users provide further personal data in order to provide them with their desired services Furthermore, we will only use the personal data you provide if and insofar as you have consented that we may do so, or if we have legal permission to use the data.
c) Matomo (formerly Piwik)
Matomo cookies remain stored on your device until you delete them.
Matomo cookies are stored, and this analytic tool is used, on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour, in order to optimise both its website and its advertisements. If we request your consent (for instance consent to store cookies), then data is processed exclusively on the basis of Art. 6 para. 1 lit. a GDPR; you may revoke your consent at any time.
Information on your use of the website generated by the cookie is not transmitted to third parties. You can change your browser software settings to prevent it from storing cookies; however, if you do so you may not be able to use all of the functions of this website in full.
If you do not agree to the storage and use of your data, you can deactivate said data storage and use. If you do so, an opt-out cookie will be stored on your browser to prevent Matomo from saving usage data. If you delete your cookies, then the Matomo opt-out cookie will also be deleted. You will have to reactivate the opt out the next time you visit the website.
Facebook is a social network run by the American company Facebook, Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA). Facebook buttons are always marked with the Facebook logo. When you confirm (click on) the icon, your personal data are transmitted and processed. Information on data processing on our Facebook fan page is available at the following link: https://bit.ly/382uc5x
Twitter is a microblogging service from the American company Twitter, Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107). Twitter buttons are always marked with the Twitter logo. When you confirm (click on) the icon, your personal data are transmitted and processed.
Instagram is a social network run by the American company Facebook, Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA). Instagram buttons are always marked with the Instagram logo. When you confirm (click on) the icon, your personal data are transmitted and processed.
Youtube is a video platform from the American company Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043 USA). Youtube buttons are always marked with the Youtube logo. When you confirm (click on) the icon, your personal data are transmitted and processed.
h) Adobe Fonts
This website uses certain web fonts from Adobe in order to achieve a uniform appearance. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110–2704, USA (Adobe).
When you access this website, your browser will load the required fonts directly from Adobe in order to display the site correctly on your device. Your browser creates a link to Adobe servers in the USA to do so. When it does, Adobe is notified that your IP address accessed this website. According to Adobe, no cookies are stored in association with providing these fonts.
Adobe is certified under the EU-US Privacy Shield. The Privacy Shield is a convention between the United States of America and the European Union designed to ensure compliance with European data protection standards. Further information is available at: https://www.adobe.com/de/privacy/eudatatransfers.html.
Data is stored and analysed in accordance with Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in displaying fonts in a uniform manner on the website. If we request your consent (for instance consent to store cookies), then data is processed exclusively on the basis of Art. 6 para. 1 lit. a GDPR; you may revoke your consent at any time.
Further information on Adobe Fonts is available at: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.
Adobe’s data protection declaration is available at: https://www.adobe.com/de/privacy/policy.html
4. Hosting and Content Delivery Networks (CDN)
This website is hosted by an external service provider (hoster). Personal data collected on this website is stored on the hoster’s servers. This may include, for instance, IP addresses, contact inquiries, meta and communication data, contract data, contact data, names, website access data and other data generated via a website.
We make use of the hoster’s services to fulfil our contracts with current and potential customers (Art. 6 para. 1 lit. b GDPR) and in the interest of providing our online services securely, quickly and efficiently via a professional provider (Art. 6 para. 1 lit. f GDPR).
Our hoster will only process your data if necessary to fulfil its service obligations, and under our instructions with respect to this data.
Concluding a contract for data processing
We have concluded a contract for data processing with our hoster in order to ensure processing is carried out according to data protection law.
5. ENCRYPTED PAYMENT TRANSACTIONS ON THIS WEBSITE
If you are obligated to provide us with your payment information (such as your account number for direct debits) after concluding a contract that involves payments, then we require this data to process your payment.
Payments are processed via commonly used payment methods (Visa/MasterCard, direct debit) exclusively via an encrypted SSL or TLS connection. You can tell whether a connection is encrypted because the address line of your browser will switch from “http://” to “https://” and you will see a lock symbol in the browser line.
The payment data you provide to us cannot be viewed by third parties if you communicate it to us via encrypted means.
6. eCommerce and Payment Providers
Data processing (customer and contract data)
We collect, process and use personal data only if necessary to initiate, determine the content or modify our legal relationship. We do so on the basis of Art. 6 para. 1 lit. b GDPR, which allows data processing in order to fulfil a contract or carry out pre-contractual measures. We only collect, process and use personal data regarding the use of this website (usage data) if necessary to allow users to utilise our services, or to charge for them.
Collected customer data is deleted after their contract is complete, or after the end of the business relationship. Statutory retention periods remain unaffected.
Data transmission upon concluding a contract for services and digital content
We transmit personal data to third parties only if necessary in the course of carrying out a contract, for instance to a credit institution involved in processing a payment.
Data is not transmitted for other purposes, or is transmitted only if you have expressly agreed to the transmission. Your data is not disclosed to third parties without your express consent, for instance for advertising purposes.
Data is processed based on Art. 6 para. 1 lit. b GDPR, which allows data processing in order to fulfil a contract or carry out pre-contractual measures.
One of the payment methods we offer on this website is payment by Klarna. The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as “Klarna”).
Klarna offers a variety of payment options (such as instalment purchases). If you decide to pay with Klarna (Klarna checkout solution), then Klarna will collect a variety of personal data from you. Details are available in the Klarna data protection declaration at the following link: https://www.klarna.com/de/datenschutz/.
We transmit your data to Klarna on the basis of Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing to fulfil a contract). You can revoke your consent to data processing at any time. Your revocation will not impact the effectiveness of data processing carried out in the past.
One of the payment methods we offer on this website is an “instant transfer”. The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter referred to as “Sofort GmbH”).
The “Instant transfer” process provides us with a payment confirmation from Sofort GmbH in real time, allowing us to begin fulfilling our liabilities immediately.
If you decide to use the “instant transfer” payment method, then you will transmit a PIN and valid TAN to Sofort GmbH so that they can log into your online banking account. Sofort GmbH will automatically check your account balance after logging in and complete the transfer to us with the TAN you provide. Then, they will send us an immediate transaction confirmation. After logging in, your revenues, the credit line of the overdraft facility and the existence of other accounts and their balances are checked automatically.
In addition to your PIN and TAN, the payment data and personal data you provide are also transmitted to Sofort GmbH. The personal data includes your first and last name, address, telephone number(s), e‑mail address, IP address, and any other data necessary to process your payment. This data must be transmitted to determine your identity and prevent any fraud attempts.
We transmit your data to Sofort GmbH on the basis of Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing to fulfil a contract). You can revoke your consent to data processing at any time. Your revocation will not impact the effectiveness of data processing carried out in the past.
7. TRANSMISSION OF PERSONAL DATA
We only transmit your personal data if this is indicated in this data protection declaration, if the contractual purpose requires that we do so (Article 6 para. 1 letter b) GDPR), if you have given your express consent that we do so (Article 6 para. 1 letter a) GDPR), and/or if we have legal permission to do so (Article 6 para. 1 letter c) GDPR). We may transmit your data to our commissioned credit institute or payment provider in order to process your payment.
8. DATA SECURITY
We use technical and organisational security measures to ensure that users’ personal data is protected against loss, prohibited changes, or illegal access by third parties. We only allow authorised personnel to access your personal data, and only allow access to the extent necessary for the above purposes.
Certain sensitive data is transmitted only in encrypted form. We use “secure socket layer” (SSL) transmission to do so. All information transmitted using this secure method is encrypted before it is sent to us. Your personal data, such as your name or address, is converted into a code for encryption by the security server software. This ensures that this data cannot be accessed by unauthorised parties during online transmission. Most newer browsers already support this secure transmission technology.
All employees of Warsteiner Welt and their agents are obligated to maintain data secrecy, if they handle personal data.
9. DURATION OF STORAGE
Once the contract has ended and been carried out in full, your data is blocked against further use, and is deleted at the end of applicable tax and commercial law regulations, unless you have declared your consent to the ongoing use of your data.
10. RIGHTS OF DATA SUBJECTS
You have a variety of rights under the law related to Warsteiner Welt’s processing of your personal data. As defined under the law, persons whose personal data is processed are referred to as “data subjects”.
You can contact Warsteiner Welt if you would like to exercise any of your rights listed below:
Right to revoke consent in accordance with Art. 7 para. 3 clause 1 GDPR
Right to information in accordance with Art. 15 GDPR
Right to rectification and completion in accordance with Art. 16 GDPR
Right to deletion and “right to be forgotten” in accordance with Art. 17 GDPR
Right to restrict processing in accordance with Art. 18 GDPR
Right to data portability in accordance with Art. 20 GDPR
Right to object in accordance with Art. 21 GDPR
Right to not be subject to decisions based only on automated processing — including profiling — in accordance with Art. 22 GDPR
Right to submit complaints to a supervisory authority in accordance with Art. 77 GDPR
Responsible supervisory authority:
State Officer for Data Protection and Freedom of Information
North Rhine Westphalia
PO Box 20 04 44
11. REVOCATION OF CONSENT / DATA PROTECTION OFFICER
If you have consented to the use of your personal data, you can revoke your consent granted to us at any time with future effect.
If you have questions or require further information, or if you would like to revoke your consent, please contact our Data Protection Officer:
Warsteiner Welt GmbH & Co. KG
Data Protection Officer
Data protection declaration Version 1.0
As of: June 2020