DATA PROTECTION AND PRIVACY RIGHTS
Of Paulaner Gruppe GmbH & Co KGaA
Thank you for your interest in our website. Protecting your privacy when processing your personal details is of the utmost concern to us. The Paulaner Gruppe GmbH & Co KGaA will handle your data responsibly.
As a matter of course we adhere to statutory provisions in the collection, processing and usage of your data, in particular those of the German Data Protection Act [BDSG] and the German Broadcast Media Act [TMG]. But of course we are aware that for many people using the internet is cause for great concern how such protection applies in practice.
The data privacy statement below provides an overview of what data is collected, used, stored, and possibly passed on to third parties, also what security measures we employ for your privacy, and what right to information you have on the matter.
1. Information about the collection of personal data
1.1. In the following we inform about the collection of personal data when using our website. Personal data means any information which is personally identifiable to you, e.g. name, address, e-mail addresses, user behaviour.
1.2. The controller pursuant to Article 4 (7) General Data Protection Regulation (GDPR)is
Paulaner Brauerei Gruppe GmbH & Co KGaA
Our data protection officer can be reached under firstname.lastname@example.org via our postal address with the additive “to the data protection officer”.
1.3. If we make use of individual functions of our offer of contracted service providers or if we would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We also specify the defined criteria for the storage period.
1.4. If we engage service providers to deliver individual functions of our offering or wish to use your data for advertising purposes, we will inform you about the relevant processing operations in detail below. We will also state the criteria used to determine the length of time for which data are stored.
2. Your rights
2.1. You have the following rights towards us with regard to your personal data:
- Right to information,
- Right to rectification or erasure,
- Right to restriction of processing,
- Right to object to the processing,
- Right to data portability.
To exercise your rights, you can contact us at the above contact details of the controller or the data protection officer.
2.2. You also have the right to complain at the data protection supervisory authorities about our processing of your personal data.
3. Collection of personal data when visiting our website
3.1. When you visit the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you visit our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Article 6(1) 1 lit. f GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Website from which the request comes
- Websites accessed by the user's system via our website
- Transmitted bytes of the requested URL
- Operating system and its interface
- Language and version of the browser software.
These data are stored in a so-called log file for a period of 7 days. Afterwards the data will be deleted.
3.2. In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in the browser you use and through which certain information flows to the place that sets the cookie (here by us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
3.3.1. This website uses the following types of cookies; the scope and functioning is explained below:
- Transient cookies (see 3.3.2)
- Persistent cookies (see 3.3.3).
3.3.2. Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. This store a so-called Session-ID, with which different requests of your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. Session cookies also include the cookies that we use to ensure the correct display of the website on the device used and to record the data about your order (what items, quantity, method of payment, shipping selection, etc.) during a purchase in our online shop. Session cookies are deleted when you log out or close your browser.
3.3.3. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
3.3.4. You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third party cookies or all cookies. Please note that you may not be able to use all functions of this website.
4.1. With your consent, you can subscribe to our newsletter in which we will inform you about our current interesting offers. The advertised goods and services are designated in the declaration of consent.
4.2. We use the double opt-in procedure for our newsletter. This means that we send an email to your indicated email address after your subscription, in which we ask you to confirm that you desire to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be locked and erased automatically after one month. Beyond this, we store the IP addresses used by you from time to time and both the times of registration and confirmation. The purpose of the proceedings is to document your registration and to investigate any possible abuse of your personal data.
4.3. The mandatory information for receiving the newsletter is your name, surname and email address. After your confirmation, we store the mentioned data for the purpose of sending you the newsletter.
4.4. The legal basis shall be sect. 6 para. 1 s. 1 lit. a) GDPR.
4.5. You may withdraw your consent to receiving the newsletter at any time and unsubscribe from the newsletter. You can withdraw your consent by clicking the link provided in each newsletter email or by sending a message to the contact details indicated in the imprint.
4.6. For our newsletter, we use the service of Campaign Monitor Pty Ltd., 631 Howard St., 5th Floor, San Francisco, CA 94105.The required data from the newsletter recipients are hosted web-based on a server of Campaign Monitor in an area to which only we have a password-protected access. The terms and conditions and the data protection statement of Campaign Monitor are the contractual basis. You can view them under the following https://www.campaignmonitor.com/policies/#terms-of-useand https://www.campaignmonitor.com/policies/#privacy-policy
The newsletter tool analyses the reach of the respective newsletters in order to ensure that the shipments actually reach the recipients. The individual behavioural patterns that can be found in this are only used for statistical evaluation of the newsletter success and will never be passed on to any third parties or used for any other purposes.
5. Further functions and offerings on our website
5.1. Apart from use of our website purely for information purposes, we offer various services you can use if interested. To do that, you usually have to give us further personal data, which we use to provide the service in question and to which the above data processing principles apply. We provide you with details about the data collected in connection with the action in question and how they are processed when the data in question are collected.
5.2. In some cases, we enlist the services of external service providers to process your data. They have been selected and engaged by us carefully, are bound by our instructions and are controlled regularly.
5.3. We may also pass on your data to third parties, if we offer the chance to participate in campaigns, contests, conclusion of contracts, or similar services together with partners. You are provided with more information on that when you disclose your personal data.
5.4. If our service providers or partners are based in a country outside the European Economic Area (EEA), we notify you of the consequences of that in the offering’s description.
6. Objection or withdrawal against the processing of your data
6.1. If you have given your consent to the processing of your data, you have the right to withdraw this consent at any time. Such withdrawal of consent influences the permissibility of processing your personal data after you have given it to us.
6.2. If we base the processing of your personal data on the weighing of interests, you have the right to object to the processing. This is the case if the processing is not necessary in particular to fulfil a contract with you, but for other purposes as described by us in the respective description of the applicable functions. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done it. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, which is the basis of the processing.
6.3. It goes without saying that you can object to processing of your personal data for purposes of advertising and data analysis at any time. You can inform us of your objection to its use for advertising by contacting us at: email@example.com
7. Use of Google Analytics
7.1. This website uses Google Analytics, a web analysis service of Google Inc. "("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help how users use the site. The information generated by the cookie about your use of this website is in general transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, Google will shorten your IP address within a Member State of the European Union or another member state of the European Economic Area beforehand. Only in exceptional cases the full IP address will be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website and Internet use.
7.2. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
7.4. Opt-out cookies prevent future recording of your data when you visit this website. In order to prevent it being recorded by Universal Analytics on different devices, you have to opt out on each system you use. You can set the opt-out cookie by clicking here: Disable Google Analytics
7.5. This website uses Google Analytics with the extension “anonymizeIp()". As a result, IP addresses are further processed in abbreviated form, so that a personal reference is excluded. As far as the data collected about you is personal, it will be excluded immediately and the personal data will be deleted immediately.
7.6. We use Google Analytics to analyse and improve regularly the use of our website. We would like to improve our offer and make it more interesting for you as a user. For exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Article 6 (1) 1 lit. f GDPR, whereby our legitimate interest arises from the aforementioned purpose.
7.7. The collected data are stored for 26 months. Data whose retention period has expired are erased automatically once a month.
7.8. Third party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Overview regarding data protection: www.google.com/intl/de/analytics/learn/privacy.html
8. Google Tag Manager
8.1. This website usesGoogle Tag Manager. Google Tag Manager is a solution marketers can use to manage website tags via an interface. The Tag Manager tool itself (which implements the tags) is a cookieless domain and does not record any personal data. The tool causes other tags to be activated, which may in turn record data. Google Tag Manager does not access those data.
8.2. If recording has been deactivated at the domain or cookie level, this setting will still apply to all tracking tags implemented with Google Tag Manager.
8.3. We use Google Tag Manager to analyse use of our website and to improve it on a regular basis. In exceptional cases in which personal data are transferred to the USA, Google is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework). The legal basis for using Google Tag Manager is Article 6 (1) point (f) GDPR.
Terms of Service: https://www.google.com/analytics/tag-manager/use-policy/
9. Use of Mouseflow
9.1. This website usesMouseflow, a web analytics tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to collect and store data for the purposes of marketing and optimizing the website. Pseudonymised user profiles may be created from the data. Randomly selected individual visits to the site are recorded (using anonymised IP addresses only). The result is a record of mouse movements and clicks intended to enable the replay of individual website visits chosen randomly. That helps us identify potential ways to improve the website.
9.2. The data collected with Mouseflow are not used to identify the user of this website personally and are not combined with personal data of the bearer of the pseudonym.
9.3. Mouseflow is used to optimize our website on a regular basis. The data are processed by Mouseflow ApS only within the EU and are not passed on to third parties. The legal basis for using Mouseflow is Article 6 (1) point (f) GDPR.
9.4. If you do not wish these data to be recorded, you can deactivate that on all websites using Mouseflow globally for the browser you are currently using under the following link: https://mouseflow.com/opt-out
10. Google Fonts
10.1. This website uses Google Fonts to integrate fonts, a service of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. To display our site, Google server are called-up, namely fonts.googleapis.com and fonts.gstatic.com.
10.2. In order to display the fonts on our site as quickly and efficiently as possible, the calls are stored by Google and fonts and preferences are cached by your browser. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 (1) 1 lit. f GDPR. With regard to the transfer of personal data to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
10.3. More information about Google Fonts and privacy can be found here:
11. Embedded YouTube videos
11.1. We have integrated YouTube videos in our online offering. The videos are stored at http://www.YouTube.comand can be played directly from our website. These videos are all embedded in “extended data protection mode”, i.e. no data on you as the user will be transmitted to YouTube if you do not play the videos. The data specified in 10.2 below will only be transmitted when you play the videos. We have no influence over transmission of these data.
11.2. When you visit our website, YouTube is informed that you have visited the corresponding subpage of our website. The following data are also transmitted:
– The IP address
– The date and time of the request
– The difference between your time zone and Greenwich Mean Time (GMT)
– The content of the request (specific page)
– The access status/HTTP status code
– The volume of data transferred
– The website from which the request came
– The browser
– The operating system and its interface
– The language and version of the browser software.
This is done irrespectively of whether YouTube offers a user account and you are logged into this account or you do not have a user account. If you are logged into Google, your data will be directly associated with your account. If you do not want YouTube to associate your actions with your profile, you must log out of your account before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or designing its website to suit needs. Such an evaluation is conducted in particular (even for users who are not logged in) in order to provide advertising tailored to the user and to inform other users of the social network about your activities on our website. You have the right to object to creation of these user profiles, but must contact YouTube in order to exercise this right.
11.3. The videos are integrated so that we can make them available to you. The legal basis for integrating YouTube videos is Article 6 (1) point (f) GDPR.
12. Contact us via the contact form or by e-mail
12.1. When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, if applicable your name and telephone number and your message) will be stored by us in order to answer your questions. We delete the data arising in this context after the storage is no longer necessary, or limit the processing if statutory retention obligations exist.
12.2. These data will be processed by us in order to respond to your request. Data processing is based on a contractual basis (Article 6 (1)1 lit. b GDPR) as far as questions concerning your purchase in our shop are concerned. For the customer service and the answers of your inquiries, processing is based on justified interests (Article 6 (1)1 1 lit. b GDPR), because it enables a satisfactory customer service.
13. Routine erasure and blocking of personal data
We process and store the personal data of data subjects only for the period of time which is required to achieve the purpose for which they are stored or which is authorized by European Directives or Regulations or other laws or provisions of another legislator to which the controller is subject. If the purpose for which the data are stored no longer applies or a storage period prescribed by European Directives or Regulations or another competent legislator expires, the personal data are routinely blocked or erased in accordance with the statutory provisions.