DATA PROTECTION AND PRIVACY RIGHTS
Thank you for your interest in our website. The protection of your privacy in relation to the processing of personal data is important to us. Paulaner Brauerei Gruppe GmbH & Co. KGaA will handle your data responsibly.
Of course we therefore comply with the statutory provisions in collection, processing and use of your data, in particular as specified by the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz; BDSG-new). Nevertheless, we know that many users of the internet experience considerable uncertainty about how this protection is ensured from case to case.
The following data protection statement will therefore provide you with an overview of which data we collect, use, store and potentially pass on to any third parties, what safety measures we take for your protection and what information rights you have in this respect.
1. Information concerning collection of personal data
a) Below, we will inform you about collection of personal data when you use our website. Personal data are any data that permit a conclusion as to you personally, e.g. your name, address, email addresses, user behaviour.
b) The controller in accordance with sect. 4 para. 7 EU General Data Protection Regulation (GDPR) is Paulaner Brauerei Gruppe GmbH & Co. KGaA, represented by its personally liable shareholder Paulaner Verwaltungs GmbH, in turn represented by managing directors Dr. Jörg Lehmann, Andreas Steinfatt, Stefan Fischbach and Raphael Rauer, Ohlmüllerstraße 42, D-81541 Munich, phone: 089 / 48 00 5-0, fax: 089 / 48 00 5-409, email: firstname.lastname@example.org.
2. Information on the data protection officer
The contact details of the data protection officer are: email@example.com.
3. Collection of personal data when you visit our website (type and purpose)
If you use our website for information, i.e. if you do not register or otherwise submit any information to us, we will only collect the personal data your browser submits to our server. The provider of the website will collect and store information in server log files that your browser submits to us automatically. These are:
– IP address
– Date and time of the query
– Time zone difference from Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status /HTTP-status code
– The respective data volume transferred
– Website sending the request
– Operating system and its interface
– Language and version of the browser software.
The data named will be processed by us for the purpose of a smooth connection to the website in order to ensure comfortable use of our website, and to evaluate system safety and stability by us.
The legal basis for processing activities shall be sect. 6 para. 1 s. 1 lit. f) GDPR.
Our legitimate interests follow from the purposes listed above for data collection. We do not use the collected data in order to draw conclusions as to persons.
b) Contact form
When you contact us by email or through a contact form, the complete data disclosed by you (e.g. your complete name, postal code, place of residence and email address) will be saved by us in order to answer your questions.
Data processing for the purpose of contacting us shall take place according to sect. 6 para. 1 s. 1 lit. a) and b) GDPR based on your free consent and to perform pre-contractual measures upon your request.
a) With your consent, you can subscribe to our newsletter in which we will inform you about our current interesting offers. The advertised goods and services are designated in the declaration of consent.
b) We use the double opt-in procedure for our newsletter. This means that we send an email to your indicated email address after your subscription, in which we ask you to confirm that you desire to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be locked and erased automatically after one month. Beyond this, we store the IP addresses used by you from time to time and both the times of registration and confirmation. The purpose of the proceedings is to document your registration and to investigate any possible abuse of your personal data.
c) The only mandatory information for receiving the newsletter is your email address. Indicating any other, separately marked data is voluntary and used in order to enable us to address you personally. After your confirmation, we store your email address for the purpose of sending you the newsletter.
d) The legal basis shall be sect. 6 para. 1 s. 1 lit. a) GDPR.
e) You may withdraw your consent to receiving the newsletter at any time and unsubscribe from the newsletter. You can withdraw your consent by clicking the link provided in each newsletter email or by sending a message to the contact details indicated in the imprint.
5. Passing on personal data
a) The data will be system-technically forwarded to the provider who provides the web server. It operates its servers within Europe.
b) The data you send to us via the contact form will be forwarded to Schörghuber Corperate IT, Ohlmüllerstraße 42, D-81541 Munich, which provides the email server.
c) When conducting lotteries, we reserve the right to submit the required personal data to service providers that support us in the performance of the lottery, such as an agency or freight company charged with shipping the prizes. If such data transmission takes place, the corresponding data protection provisions or participation conditions will refer to this.
d) In addition to this, data will be passed on by using Google Analytics. For details, see item 6 a) of this data protection statement.
e) Your personal data will generally not be passed on to any third parties beyond this. We shall also only pass on your personal data to third parties if:
- you have explicitly consented to this pursuant to sect. 6 para. 1 s. 1 lit. a) GDPR,
- forwarding is required under sect. 6 para. 1 s. 1 lit. f) GDPR for assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding protection-worthy interest in your data not being passed on,
- forwarding is required due to statutory obligations pursuant to sect. 6 para. 1 s. 1 lit. c) GDPR, and
- this is legitimate by law and required according to sect. 6 para. 1 s. 1 lit. b) GDPR for processing contractual relationships with you.
a) What exactly are cookies?
Cookies are small pieces of information that are stored on your computer, tablet or mobile phone when you visit a website and are generally used to make websites more effective.
Many browsers accept cookies automatically. You may choose a configuration of your browser determining that cookies shall not be stored on your computer but a message appearing in case a cookie is to be created. However, if you completely disable cookies, this might lead to the effect that not all functions of our website are available.
(b) Details of the cookies
aa) Technically necessary cookies
Technically necessary cookies help us to enable the operation of the website. They ensure basic functions. These cookies aim to the safe and proper use of our website and therefore cannot be deactivated.
This includes session cookies and cookies for the cookie settings.
This data is required for the above-mentioned purposes in order to safeguard our legitimate interests in accordance with sect. 6 para. 1 sentence 1 lit. f) DSGVO.
Statistical cookies help us understand how our site interacts with our users by collecting and reporting information anonymously.
This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses "cookies", i.e. text files that are stored on your computer and that permit analysis of your use of the website. As a rule, the information generated by the cookie through your use of this website is sent to a Google server in the USA and stored there. Due to activation of IP anonymisation on these websites, your IP address will be abbreviated first by Google within member states of the European Union or in other contracting states of the convention on the European Economic area. Only in exceptions will your full IP address be transferred to a server of Google in the USA and abbreviated there. On the order of the operator of this website, Google will use this information to evaluate your use of the website, in order to compile reports on the website activities and to render further services connected to website use and internet use towards the website operator.
The IP address submitted by your browser will not be combined with any other Data of Google.
You may prevent saving of the cookies by making the corresponding settings in your browser software; however, note that you may be unable to fully use all functions of the website in such a case. You may furthermore prevent recording of the data generated by the cookie and referring to your use of the website (incl. your Internet Protocol address) and processing of these personal data by Google by downloading and installing the browser plugin available under the following link: tools.google.com/dlpage/gaoptout.
We use Google Analytics, in order to analyse use of our website and regularly improve it. The statistics acquired enable us to improve our offer and to make it more interesting for you as the user. For exceptions in which personal data are transmitted to the USA, Google has subjected to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
The legal basis for using Google Analytics is sect. 6 para. 1 sentence 1 lit. a) GDPR.
Information on the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: www.google.com/analytics/terms/de.html, Overview of data protection: www.google.com/intl/de/analytics/learn/privacy.html, and the data protection statement: www.google.de/intl/de/policies/privacy.
cc) Marketing cookies are used to follow visitors to websites. The intent is to show ads that are relevant and appealing to the individual user and therefore more valuable to publishers and third party advertisers.?
Using Google Tag Manager: Google Tag Manager is a solution that allows marketers to manage website tags from one interface. The Tag Manager tool itself is a cookie-free domain and doesn’t collect any personal information. The tool triggers other tags, which in turn may collect data. Google Tag Manager doesn’t access this data. If disabled at the domain or cookie level, it will remain disabled for all tracking tags implemented with Google Tag Manager. https://www.google.de/tagmanager/use-policy.html.
7. Use of web fonts
a) These websites use external fonts called Google Fonts. Google Fonts is a service of Google Inc. ("Google"). These web fonts are integrated by a server call, usually concerning a server of Google in the USA. This informs the server of which of our websites you have visited. The IP address of the browser of the end device of the visitor of these websites is also stored by Google.
b) When calling up a site, your browser will load the required web fonts into your browser cache in order to properly display texts and fonts. Web fonts are used in the interest of consistent and attractive display of our online offer.
c) This is a legitimate interest within the meaning of sect. 6 para. 1 lit. f) GDPR.
8. Information on location of the web server (§13 para. 1 TMG)
The data we receive via our website will be processed on servers within Europe.
9. Integration of services and third-party contents
(1) We may have YouTube videos integrated into our online offer that are stored on www.YouTube.com and that can be played directly from our website. All of these are integrated in the "expanded data protection mode", i.e. so that no data concerning you as user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data named in 10 a) (2) be transmitted. We cannot influence this data transmission.
(2) By your visit to the website, YouTube will be informed that you have called the corresponding sub-page of our website. The data named in § 3 of this statement will be transmitted as well. This is done no matter if YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned to your account directly. If you do not wish assignment to your profile at YouTube, you need to log out before you activate the button. YouTube will store your data as usage profiles and use them for the purpose of advertising, market research and/or demand-oriented design of its website. Such evaluation shall specifically take place (even for users who are not logged in) in order to render demand-oriented advertisements and in order to inform other users of the social network of your activities on our website. You have a right to object to the generation of these user profiles. In order to exercise these, you must contact YouTube.
(3) We use the service within our online offer based on a legitimate interest, i.e. in analysis, optimisation and economic operation of our online offer. The legal basis is sect. 6 para. 1 lit. f) GDPR.
(4) Further information on the purpose and scope of data collection and processing by YouTube is available in the data protection statement. It also contains further information on your rights and setting options for protecting your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
(1) This website uses Mouseflow, a web analysis tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to collect and store data for marketing and optimization purposes. The data can be used to create pseudonymous user profiles. Randomly selected individual visits (only with anonymised IP address) are recorded. This creates a log of mouse movements and clicks with the intention of randomly replaying individual website visits and deriving potential improvements for the website from this.
(2) The data collected with Mouseflow will not be used to personally identify the visitor of this website and will not be combined with personal data about the bearer of the pseudonym.
(3) The use of Mouseflow serves the regular optimization of our website. Mouseflow ApS processes the data only within the EU and does not pass them on to third parties. The legal basis for the use of Mouseflow is Art. 6 para. 1 lit. f) DSGVO.
(4) If you do not want a recording, you can deactivate a recording on all websites that use Mouseflow globally for the browser you are currently using under the following link: https://mouseflow.com/opt-out.
c) Other third-party contents
Other third-party contents, such as RSS feeds or graphics, are integrated from other websites. This always requires that the providers of these contents (hereinafter: "Third-Party Providers") perceive the users' IP addresses. Without the IP address, they would be unable to send the contents to the respective user's browser. The IP address is therefore required to present these contents. We strive to only use such contents the providers of which only use the IP address for delivering the contents. However, we cannot influence it if the Third-Party Providers store the IP address, e.g. for statistical purposes. We inform the users of this as far as we are aware of it.
10. Your rights
You have the right:
• to demand information in accordance with sect. 15 GDPR regarding processing of your personal data by us. In particular, you may request information on the processing purposes, category of personal data, categories of recipients to whom your data have been or are disclosed, the planned storage duration, the existence of a right to correction, erasure, restriction of processing or objection, existence of a right to complaint, origin of your data if they were not collected at our site, and the existence of automated decision-making, including profiling and any indicative information on its details;
• in accordance with sect. 16 GDPR, demand correction of any inaccurate personal data stored by us or completion of these without undue delay;
• in accordance with sect. 17 GDPR, demand erasure of your personal data stored by us as far as processing is not required in order to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest or for assertion, exercise or defence of legal claims;
• in accordance with sect. 18 GDPR, demand restriction of processing of your personal data as far as the accuracy of the data is disputed by you, processing is not legitimate, but you decline erasure and we no longer require the personal data, but you still require them to assert, exercise or defend legal claims or you have objected to processing in accordance with sect. 21 GDPR;
• in accordance with sect. 20 GDPR, demand to receive your personal data that you have provided to us in a structured, common and machine-readable format or to demand transfer to another controller;
• in accordance with sect. 7 para. 3 GDPR, to revoke your consent once given to us towards us at any time. This has the consequence that we may no longer continue the processing activities that were based on this consent in future and
• in accordance with sect. 77 GDPR, file a complaint with a supervisory authority. Usually, you may contact the supervisory authority at your common place of residence or work place or our registered office for this.
The Bayerisches Landesamt für Datenschutzaufsicht, Promenade 27 (Schloss), D-91522 Ansbach, Germany, phone: +49 (0) 981 53 1300, telefax: +49 (0) 981 53 98 1300, email: firstname.lastname@example.org is responsible for our headquarters.
11. Right to object
If your personal data are processed based on legitimate interests in accordance with sect. 6 para. 1 s. 1 lit. f) GDPR, you have the right to object to processing of your personal data in accordance with sect. 21 GDPR as far as there are grounds for this that result from your special situation.
If you object, your personal data will no longer be processed, except if compelling legitimate grounds for processing can be documented which override your interests, rights and freedoms or if processing serves to establish, exercise or defend legal claims.
The objection must be sent to us; an email to email@example.com will suffice.
12. Duration of storage
This website does not store any complete IP addresses of persons who use the website for information, or they will be deleted again without delay after the end of use of the website.
The stored usage processes will be deleted at the latest after 6 months.
If you send us an email, these data will generally be deleted 6 months after the last communication after answering the request.
If any customer relationship develops from this context or if it refers to an existing customer relationship, these data will be used for setting up a customer file or stored in the customer file if applicable. If the law does not stipulate any archiving periods, the existing data will be deleted after the end of the contract. If there are any statutory archiving periods, archiving may last up to ten years. Thereafter, the data will be finally deleted; in the meantime, the data will be blocked so that access to these data is no longer possible easily. The blocking phase shall commence at the end of the year following the end of the contract.
13. Obligation to provide data
As far as collection and processing of the server log files is concerned, the information is mandatory. Indication of the personal data, name and email address in the scope of contact via the contact form are also mandatory.
Indication of further data is voluntary.
14. Automated decision-making
Automated decision-making pursuant to sect. 22 GDPR does not take place.
15. Change to the purpose
Personal data are processed for the purpose for which they were collected. The purpose is not changed.
16. Safety note
If personal data are collected via our website, transmission shall take place encrypted using the data transmission procedure SSL "Secure-Socket-Layer". Beyond this, we ensure that only such employees will receive access to your personal data who need them to perform their respective tasks. They are trained accordingly regarding safety and data protection.
17. Changes to our data protection statement
We reserve the right to change our safety and data protection measures as far as this becomes necessary due to technical developments. In such cases, we will also adjust our notes on data protection accordingly. Therefore, please observe the respective valid version of our data protection statement.