Data Protection Declaration
This data protection declaration informs you about the means, extent and aims of our usage of specific individual data (short: data) within the scope of our online services and its connected websites, functions and contents as well as external online presences like for example our social media profile (in the following referred to collectively as ’online services’). As concerns the terminology used, such as ’personal data’ or their ’processing’, we refer to the original German definitions of article 4 of the DSGVO (general data protection regulation).
Name/Company: Uerige Obergärige Hausbrauerei GmbH
Street, no.: Berger Straße 1
Postal code, city, country: 40213 Düsseldorf, Germany
Trade register no.: Amtsgericht Düsseldorf HRB 17717
CEO: Dipl.-Ing. Michael Schnitzler
Phone: +49 211 86699-0
What kinds of data we process:
- Inventory data (f. ex. name, address).
- Contact data (f. ex. E-mail, phone numbers).
- Application data (f. ex. C.V.).
- Content-related data (f. ex. inserted texts, photographs, videos).
- Contract data (f. ex. object of contract, customer category).
- Usage data (f. ex. time and date of access).
- Meta-communication data (f. ex. information on type of devices, IP address).
Processing special categories of data (art. 9 section 1 DSGVO):
We generally do not process any special categories of data unless the user directly enters them for pro-cessing, such as on the contact form.
Categories of people involved in processing:
- Customers / Interested Parties / Purveyors.
- Visitors and users of the online presence.
In the following, we will use the general term “user“ and “applicant“ for the respective people.
Aim of the data processing:
- To make accessible the online service, its content and functions.
- To provide contractual obligations, service and customer care.
- To reply to contact requests and communicate with users.
- To react to applications.
- Safety measures.
1. Relevant legal basis
In accordance with article 13 DSGVO, we hereby inform you about the legal basis of our data pro-cessing. In cases where the legal basis is not specifically mentioned in the data protection declara-tion, the following applies: retrieving approval is legally based on art. 6 section 1 lit. a and art. 7 DSGVO; the processing needed to fulfill our obligations and services and to carry out all contractually required measures as well as to answer your requests is legally based on art. 6 section 1 lit. b DSGVO. Compliance with our legal obligations is legally based on art. 6 section 1 lit. c DSGVO; pro-cessing data needed to protect our justified claims is legally based on art. 6 section 1 lit. f DSGVO. In cases where the vital interests of a specific person or another natural person request the processing of individual personal data, the legal basis refers to art. 6 section 1 lit. d DSGVO.
2. Changes and Updates of the Declaration of Data Protection (declaration last updated: 15.05.2018)
We ask you to inform yourself regularly concerning the content of our data protection declaration. We adapt this data protection declaration as soon as changes are shown to be necessary due to the data processed by us. We will inform you as soon as these changes require an active involvement from you (f. ex. a consent) or in cases where individual contact is required.
3. Safety measures
3.1. In accordance with art. 32 DSGVO, we take appropriate technical and organizational measures to ensure a level of safety appropriate to the risk. We do this in accordance with the state of art of tech-nology, the costs of implementation, the nature, scope, circumstances, and purposes of the pro-cessing as well as regarding the various degrees of likelihood and the severity of the risk to the rights and freedoms of natural persons. These measures include, especially, ensuring the non-violation of confidence, the integrity and accessibility of data by controlling physical access to these data as well as their access, entering and sharing data, ensuring their accessibility and segregating them. We have furthermore taken measures to ensure the exercise of data subject rights, to guarantee the dele-tion of data and suitable steps regarding data compromise. We furthermore already take into account the protection of individual subject data during the development and selection of hardware, software as well as procedures, in accordance with the principle of data protection via technological design and via data protection friendly default settings (Art. 25 DSGVO).
3.2. Safety measures especially imply the encoded transmission of data between your browser and our server.
4. Cooperation with data processing companies and third parties
4.1. In those cases where we do disclose data to other persons and companies (data processing compa-nies or third parties) in the context of our own processing, where we transmit data to them or allow them any other kind of access to the data, this only happens on the basis of a legal permit (f. ex. if transmitting the data to a third party – like a payment service provider – is necessary in accordance with art. 6 par. 1 lit. b DSGVO in order to fulfill the contract), following your permission, if we are bound to do so by law, or on the basis of our justified claims (f. ex. when employing representatives, web hosts, etc.).
4.2. In those cases where we employ third parties to process data on the basis of a so-called “data pro-cessing contract”, we do so on the basis of art. 28 DSGVO.
5. Transmission into third countries
If we process data from a third country (i.e. from outside of the European Union (EU) or the European Economic Area (EEA)), or if this happens in the context of using the services of third parties or in the process of disclosing or transmitting data to third parties, we only do so in order to fulfill our (pre-) contractual obligations, following your permission, if we are bound to do so by law, or on the basis of our justified claims. Once the legal or contractual permits have been obtained, we only process or let others process the data in a third country if the special prerequisites stated in art. 44 ff. DSGVO ap-ply. I.e., processing for example only takes place on the basis of special guarantees, such as the da-ta protection level being officially acknowledged as corresponding to EU laws (such as the “Privacy Shield“ in the USA) or if officially acknowledged special contractual obligations are being maintained (so-called “standard contract terms”).
6. Rights of the person concerned
6.1. You have the right to request a confirmation about whether specific data are being processed and a right to be informed about these data as well as further information and copy of the data, in accord-ance with art. 15 DSGVO.
6.2. In accordance with art. 16 DSGVO, you have the right to request that all data concerning you be ei-ther completed or corrected, should they be faulty.
6.3. In accordance with art. 17 DSGVO, you have the right to request that the respective data be deleted immediately or alternatively, in accordance with art. 18 DSGVO, you have the right to request a limita-tion of the usage of these data.
6.4. You have the right to request that the data you have provided us with be handed to you, in accord-ance with art. 20 DSGVO, or to request that we transmit these to other people in authority.
6.5. In accordance with art. 77 DSGVO, you have the right to issue a complaint with the respective con-trolling authority.
7. Right of revocation
8. Right of objection
9. Deletion of data
9.1. In accordance with art. 17 and 18 DSGVO, we delete or restrict the data we have processed. Unless explicitly stated otherwise in the context of this data protection declaration, the data we have saved will be deleted immediately as soon as they are no longer necessary for their intended purpose and if their deletion does not counter any legal storage obligation. In cases where the data are not entirely deleted because they are used for other, legally permitted means, their processing is restricted – this means the data are made inaccessible and are not processed for other ends. This applies f. ex. to da-ta that have to be kept for reasons concerning commercial law and taxation laws and regulations.
9.2. In accordance with the law, data is preserved for six years concerning § 257 section 1 HGB (trading books, inventories, opening balances, annual balance of accounts, trade communications, vouchers, etc.) and for ten years in accordance with § 147 section 1 AO (ledgers, notes, reports, receipts, communications with purveyors and customers, any material relevant for taxation, etc.).
10. Provision of contractual services: Bookings and Sale of Product
10.1. In order to fulfill our contractual obligations and service activities, we process file data, contact details and data relating to contracts in accordance with art. 6 section 1 lit b. DSGVO. The details marked as mandatory in our booking and order forms are necessary for the contract to be completed.
10.2. In the context of booking requests, the above-named data are transmitted to a booking management system (CRM-System). This system is locally hosted on our server. The above-named data are thus only saved locally.
10.3. When it comes to selling our products via the website www.stickum.de, we do not use a separate CRM system. The data listed in section 10.1. are also saved on our locally hosted server.
10.4. In the context of using our contractually agreed services, we save the IP address and the date of the specific user action. Saving these data is done on the basis of our legitimate interests as well as those of the user concerning protection from misuse and other unauthorized usage. These data are categorically not passed on to third parties, unless this is required for us to pursue our claims, or un-less we find ourselves under the legal obligation to do so in accordance with art. 6 section 1 lit. c DSGVO.
10.5. The data mentioned in 10.1. are deleted once the warranty obligation period and other comparable obligations have expired; whether or not the data need to be saved any longer is regularly checked every three years. Where legal obligations force us to store data, these are deleted as soon as legally possible (after six years relating to commercial law and after ten years relating to tax laws).
11. Performance of contractual services: Job Applications
11.1. We process file, contact and personal applicant’s data as well as further details concerning the candi-dates that are needed in the context of their application in accordance with art. 88 section 1 DSGVO i.V.m. § 26 Abs. 1 BDSG new.
11.2. In the case of an application, we store the above-mentioned data on our locally hosted server. We do not use a separate CRM system.
11.3. The data mentioned in 11.1. are deleted at the very latest six months after the application has been rejected. If an applicant is offered a position, we delete the data mentioned in 11.1. as soon as the employment relationship ends, unless legal retention periods require us to save them for longer.
12. Making contact
12.1. When you contact us (via the contact form or via email), the file and contact data as well as further indications given that we need to process your requests are saved in accordance with art. 6 section 1 lit. b DSGVO. The details marked as mandatory in our contact forms are necessary for the request to be processed.
12.2. The above-mentioned data as well as further user details are saved on our locally hosted server. We do not use a separate CRM system.
12.3. In the context of your using our contact forms, we save the IP address and the date of the specific user action. Saving these data is done on the basis of our legitimate claims as well as those of the user concerning protection against misuse and other unauthorized usage. These data are categorically not passed on to third parties, unless this is required for us to pursue our claims, or unless we find ourselves under the legal obligation to do so in accordance with art. 6 section 1 lit. c DSGVO.
12.4. We delete your requests and contact details as soon as we no longer need them; whether or not the data need to be stored any longer is regularly checked every two years. Where legal obligations force us to archive data, these are deleted as soon as legally possible (after six years relating to commer-cial law and after ten years relating to tax laws).
13. Eliciting access data and log files
13.1. On the basis of our justified claims, as stated in art. 6 section 1 lit. f. DSGVO, we collect data about every access to the server which hosts this service (so-called server log files). The access data con-sist of the name of the website you accessed, the file data, date and time of day when you ac-cessed, the amount of transferred data, notification about the successful access, browser type and version, the user’s operating system, referrer URL (the page you accessed previously), IP address, and the provider requesting access.
13.2. For security reasons (f. ex. to investigate acts of misuse or fraud), log file information is saved for a maximum of seven days and then deleted. When it is necessary that the data be kept as legal proof, they are exempt from deletion until the respective case has been closed definitely.
14. Online presence in social media platforms
14.1. We are actively present online in social media platforms in order to communicate with the customers, interested parties, and users who are active there, and to inform them about our services. When you access the respective networks and platforms, the terms and conditions as well as the data pro-cessing regulations of the respective operators of the site apply.
14.2. Unless stated otherwise in the context of our data protection declaration, we process the data of users if they communicate with us via these social media and social media platforms, for example if they write comments on sites where we are present or if they send us messages.
15. Inclusion of the services and content of third parties
15.1. Within our online services and on the basis of our legitimate interests (i.e., the claim to analyze, opti-mize and economically run our online services in accordance with art. 6 section 1 lit. f. DSGVO), we use content- and service-related offers by third-party suppliers in order to integrate their contents and services, f. ex. videos or font types (in the following termed “contents”). This always implies the re-quirement of the third parties offering these contents to be allowed to distinguish the users’ IP ad-dress because they would not be able to send any contents to their browsers without the IP address. In other words, the IP address is required so they can realize these contents. We take great care to only use such contents where the respective third parties only use the IP address to deliver the re-quired contents. Furthermore, third party suppliers are allowed to use so-called pixel tags (invisible graphics, also known as "Web Beacons") for statistical or marketing-related reasons. Pixel tags are used to process information such as the frequency of visitor traffic on the pages of a specific web-site. This information, which is pseudonymous, can furthermore be stored on the users’ devices via cookies and can also contain technological information about the browser and operating system, ref-erencing websites, times of access as well as further indications concerning the usage of our online services and can also be combined with similar information garnered from other sources.
15.2. The list below offers you an overview of the third-party suppliers and their services and contents as well as the direct links to their respective data protection declarations, which contain further infor-mation concerning the processing of data and your rights (so-called opt-outs), even though some of them might already be mentioned here:
- Maps taken from Google Maps, by third-party supplier Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
- Links to the social network facebook.com. The link is recognizable by the Facebook Logo (white “f“ on a blue square). When users click on this link, they are forwarded in a separate browser window to our Facebook account. If they log in via their own Facebook account, they can, for example, write a comment about our services. The link creates a direct connection between the users’ browser and the Facebook server. Facebook thus gets the information that the users visited our website with their IP address. According to Facebook, in Germany only anonymized IP addresses are saved. If the users logged in via their Facebook accounts, it is then also possible for Facebook to associate the users’ Facebook accounts with their access to our website. We would like to point out that we do not have any further knowledge beyond this of how the users’ data are further pro-cessed. The aims and extent of the data storage and the further processing and usage of the data by Facebook as well as related rights and setting options to protect the users’ private sphere an be found in the data protection declaration issued by Facebook https://www.facebook.com/about/privacy/. Further options concerning setting and opt-outs such as objections to the usage of data for commercial purposes are possible via the Facebook profile set-tings https://www.facebook.com/settings?tab=ads or via their US-American site at http://www.aboutads.info/choices/ or their European site at http://www.youronlinechoices.com/. These settings are carried out independently of the platform, i.e., they are transferred onto all de-vices used, be it desktop computers or mobile devices.
16. Link Online Shop BIER & BIER Genuss GmbH
16.1. The online shop BIER & BIER Genuss GmbH (“operator“), Neuschmied 42, 83246 Unterwössen, Germany, also markets our products in their own name and for their own account. We have integrated a link to their online shop on our website www.Uerige.de. In the context of establishing this connec-tion, it is necessary that the operator acknowledge the users’ IP address because he could not send any online service offers to their browsers without the IP address, which hence is required for the re-alization of the online services.
16.2. The operator is responsible for the processing of the data in the context of the services offered online. The aims and extent of the data collection and the further processing and usage of the data by the operator as well as related rights and setting options to protect the users’ private sphere can be found in the data protection declaration issued by the operator at http://www.biershop-braugasthoefe.de/datenschutz/.