Privacy protection information
We look forward to your visit to our site. Privacy and data protection for our customers and users is a top priority for us. We comply with privacy protection regulations, in particular the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), and the Telemedia Act (Telemediengesetz - TMG).
This privacy protection information explains what information (including personal data) we process during your visit and your use of the above internet content ("website").
I. Who is responsible for data processing?
In terms of privacy protection, the responsible instance for processing personal data and the service provider as defined in the TMG is the Bitburger Braugruppe GmbH, Römermauer 3, 54634 Bitburg; Tel. 06561 14-0, Fax 06561 14-2289, email@example.com. Whenever this privacy protection information uses the term "we" or "us", this refers to the company specified above.
Out Privacy Protection Officer can be reached via the above contact information as well as at firstname.lastname@example.org.
II. What principles do we follow?
In adherence to privacy protection regulations, we only process your personal data if this is permitted by the legal regulations or if you have provided your consent. This also applies to the processing of personal data for advertising and marketing purposes.
On this website we may also collect information which in itself does not permit us to make direct inferences about your person. In certain cases – in particular in combination with other data – this information may also be considered "personal data" in the privacy protection sense. Furthermore, we may also collect information based on which we cannot identify you directly or indirectly; this is the case, for instance, for the summarized information about all users of this website.
III. What data do we process?
You can access our website without directly entering personal data (such as your name, postal address or your e-mail address). In this case also we must collect and store certain information so as to be able to grant you access to our website. Moreover, we use certain analytical processes on this website.
- Log files: When you visit this website, our web server will automatically store the domain name or IP address of the accessing computer (usually that of your internet access provider), including the date, time and duration of your visit, the subpages/URLs you visit as well as information about the applications and end devices you use to view our pages.
You can change your browser settings to prevent tracking by cookies (Do not track, Tracking protection list) or to deny the storage of third-party cookies.
If all cookies are deleted, opt-out cookies already placed will also be deleted, meaning that you will have to declare again any opt-outs already declared.
We differentiate between cookies that are absolutely essential for the technical functionality of the website and optional cookies.
To enable you to select the data protection settings that best suit your requirements for your visits to our website, insofar as possible, we give you the option below of adjusting your preferences with respect to the categories of operational necessity and convenience for you.
Category "operational necessity"
These cookies are absolutely essential for the operation of the website and contain settings that ensure the basic functions and security features of the website. These also include information on the pure number of users of our website (to this end, we use, among others, a cookie from etracker; see also Section 3). These cookies do not store personal information.
We use these cookies to make it easier for you to use the website. When using the partner area in the GFGH portal, for example, you can remain permanently logged in to avoid having to re-enter your log-in details every time.
Here you can create your personal settings.
- Website analytics using etracker: We use a solution from etracker GmbH (Erste Brunnestrasse 1, 20459 Hamburg, www.etracker.com) on our website to collect and store data for marketing and optimization purposes. Based on this data, user profiles can be created under a pseudonym using cookies. Without your separate consent we will not use data processed via etracker to identify you personally. We will also not merge this data with other personal data collected about you in order to identify you. You can object to the processing of the aforementioned data at any time with effect for the future. Please obtain the opt-out-cookie “cntcookie” from this link. Please do not delete this cookie if you wish to keep your objection in place. You will find further information in etracker's information on data protection.
- Newsletter registration: If you would like to receive our newsletter, we require you to provide us with a valid e-mail address. In order to check whether you are the owner of the specified e-mail address or whether the owner agrees to receiving the newsletter, we will send an automated e-mail to the specified e-mail address once the first registration step has been completed. Only once the newsletter registration has been confirmed via a link in the confirmation e-mail will we add the specified e-mail address to our mailing list. We do not collect any data other than the e-mail address and the details for confirming registration. Your consent to the data and the e-mail address being stored and to these being used for sending the newsletter can be revoked at any time with effect for the future.
- Google Service reCaptcha
We use the Google service reCaptcha to determine whether a person or a computer is making a specific entry in our contact or registration form. Google uses the following data to check whether you are a person or a computer: IP address of the device being used, our website that you are visiting and on which the Captcha is integrated, the date and duration of your visit, the identification data of the browser and operating system type being used, the Google account if you are logged in to Google, mouse movements on the reCaptcha areas as well as tasks where you have to identify images.
IV. For what purposes and on what legal bases do we process your data?
- The processing of any personal data contained in the log files is carried out to enable you to use our website; this is done on the basis of Section 15, Para. 1 of the German Telemedia Act (TMG).
- The processing of the data collected using cookies (including the web analytics service etracker) and of the pseudonymous user profiles is carried out for purposes of advertising, market research and the needs-based design of our website on the basis of Section 15, Para. 3 TMG.
- The processing of the newsletter data is carried out for the purposes of registering for the newsletter and sending it within the scope of your consent on the basis of Article 6(1)(c) of the GDPR. Please note that you can revoke the consent you gave to us at any time with effect for the future, for example by clicking on the appropriate link in any of our newsletters or by sending post, fax or e-mail notification via one of the communication channels listed on the first page of this information on data protection.
- If you place an order over our website or register on our website as a user or register for a customer account, we will process the data collected in this context for the implementation of the contracts concluded with you on the basis of Article 6(1)(b) of the GDPR.
- The legal basis for the data processing by the Google service reCaptcha is Art. 6 (1f) of the General Data Protection Regulation. There is a legitimate interest on our part in this data processing in order to ensure the security of our website and protect us against automated entries (attacks).
- We can also process the data collected in connection with your use of our website in order to fulfill legal obligations to which we are subject; this is carried out on the basis of Article 6(1)(c) of the GDPR.
- Where necessary, we also process your data, in addition to the aforementioned purposes, for the purpose of safeguarding our legitimate interests or the interests of third parties; this is carried out on the basis of Article 6(1)(f) of the GDPR. Our legitimate interests include, in particular,
a. The assertion of legal claims and defense in legal disputes;
b. The prevention and investigation of criminal offenses;
c. The control and further development of our business activities, including risk control.
V. Am I obligated to provide data?
The information necessary for registration for our newsletter, implementation of online orders, ensuring consumer-friendly communication, or registration as user / creation of customer account are labeled as mandatory information in the corresponding area of the website (e.g. an online form); we cannot provide the respective functionalities without this mandatory information. In order to ensure consumer-friendly communication, we need at least your name and your mailing address.
If we collect any additional personal data from you, we inform you at the time of collection whether the provision of this information is legally or contractually required or necessary to conclude a contract. We generally mark the information which is voluntary and not due to one of the obligations listed above or is not necessary to conclude a contract.
VI. Who receives my data?
Your personal data is generally processed within our company. Depending on the type of the personal data, only specific departments / organizational units have access to your personal data. This includes in particular the specialized departments tasked with the provision of our digital content (e.g. websites) and our IT department. We use a role and authorization concept to restrict access within our company to those functions and that extent that is required for the respective processing purpose.
We may also transfer your personal data to third parties outside of our company to the extent permitted by law. These external recipients may include in particular
affiliated companies within the Bitburger Braugruppe, to which we transfer personal data for internal administrative purposes;
service providers we use to provide services for us on a separate contractual basis, which may include the processing of personal data, as well as any sub-contractors or service providers hired with our consent;
non-public and public instances, if we are legally required to transfer your personal data.
VII. Do you use automated decision-making?
In connection with the operation of our website we generally do not employ automated decision-making (including profiling) as defined in Art. 22 GDPR. If we do use such processes in individual cases, you will be informed about this as intended by the law.
VIII. Is data transferred to countries outside of the EU / EEA?
Your personal data is generally processed within the EU / EEA.
Only in connection with the use of service providers providing web analysis services may information be transferred to so-called "non-EU countries". "Non-EU countries" are countries located outside of the European Union or the treaty for the European Economic Area, in which one cannot assume a privacy protection level that is comparable to that of the European Union.
If the transferred information also contains personal data, before transmitting any such data we ensure that the respective non-European country or the recipients in the non-European country are subject to a suitable level of privacy protection. This may be defined in particular in a so-called "Suitability Resolution" of the European Commission, which determines a suitable overall level of privacy protection for a certain non-European country. As an alternative, we may also base the data transfer on a so-called "EU Standard Contract Clauses" agreed with a recipients or – in case of recipients in the US – on adherence to the principles of the so-called "EU-US Privacy Shield". Upon request, we will be glad to provide you with more information on suitable and appropriate guarantees of adherence to a suitable level of privacy protection; you can find the contact data at the beginning of this privacy protection information. You can also find information about the participants of the EU-US Privacy Shield here: www.privacyshield.gov/list.
IX. How long is my data stored?
We generally store your personal data for as long as we have a justified interest in this storage and your interests in the discontinuation of storage do not exceed ours.
We may also continue to store data even without justified interest, if we are legally obligated to do so (e.g. meeting archiving duties). We also delete your personal data without your intervention as soon as it is no longer necessary for meeting the purposes of the processing or if storage is otherwise legally not permissible.
log data is deleted after seven days, unless continued storage is necessary for legal purposes such as the investigation of abuse and the detection and repair of technical problems;
data processed in connection with an order or with consumer communication is deleted at the latest after the expiration of the legal archiving terms; and
data processed in connection with a registration as user or a customer account is deleted after the end of the registration or with the deletion of the customer account. The personal data that we need to store to meet archiving requirements are stored until the expiration of the respective archiving obligation. If we store personal data exclusively to meet archiving obligations, they are generally locked, so that they can only be accessed if this is necessary in terms of the purpose of the archiving obligation.
X. What are my rights?
As Data Subject you have the right
to receive information about personal data about that is stored, Art. 15 GDPR;
to correct any incorrect or incomplete data, Art. 16 GDPR;
to delete personal data, Art. 17 GDPR;
to limit the processing, Art. 18 GDPR; - to data portability, Art. 20 GDPR, and
to object to the processing of your personal data, Art. 21 GDPR.
In order to assert these rights you can contact us at any time – e.g. via the contact means provided at the beginning of this privacy protection information.
In case of questions about the processing of your data you can also contact our Privacy Protection Officer.
You also have the right to file a complaint at a regulatory agency for privacy protection, Art. 77 GDPR.