Declaration of Data Protection
Name and contact responsible in accordance with article 4 (7) DSGVO
Company: BrewHeart GmbH
Address: Nordring 37a, 83624 Otterfing
Phone: + 49 (0) 8024 47 77 150
Security and protection of your personal data
We consider it our primary task to maintain the confidentiality of the personal information you provide and to protect it from unauthorized access. We therefore apply the utmost care and the most modern safety standards to ensure maximum protection of your personal data.
As a private company, we are subject to the provisions of the General Data Protection Regulation (GDPR) and the regulations of the Federal Law Act (BDSG). We have taken technical and organizational measures to ensure that the rules on data protection are respected by us as well as by our external service providers.
The legislator requests that personal data be processed lawfully, in good faith and in a manner that is comprehensible to the person concerned ("lawfulness, processing in good faith, transparency"). To ensure this, we inform you about the individual legal definitions that are also used in this privacy statement:
"Personal data" shall be any information relating to an identified or identifiable natural person (hereinafter referred to as "the person concerned"); Identifiable is a natural person who identifies directly or indirectly, by assigning it to an identifier such as a name, to an identification number, to location data, to an online identifier or to one or more special characteristics. Can be the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
"Processing" means any operation performed, with or without the help of automated procedures, or any such sequence of operations in connection with personal data such as the collection, recording, organization, arranging, storage, adaptation or Change, reading, interrogation, use, disclosure by Transmission, distribution or any other form of provision, matching or linking, restriction, deletion or destruction.
Limitation of processing
"Limitation of processing" is the marking of stored personal data with the aim of limiting its future processing.
„Profiling" means any form of automated processing of personal data, which consists in the use of such personal data to assess certain personal aspects relating to a natural person, aspects relating to Analyze or predict the performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or location of this natural person.
"Pseudonymization" means the processing of personal data in such a way that the personal data can no longer be assigned to a specific person concerned without the addition of additional information, provided that such additional Information shall be kept separately and subject to technical and organizational measures to ensure that the personal data cannot be assigned to an identified or identifiable natural person.
"File system" is any structured collection of personal data that is accessible according to certain criteria, regardless of whether this collection is managed centrally, decentralized or according to functional or geographical aspects.
"Person in charge" means a natural or legal entity, authority, institution or other body which, alone or jointly with others, decides on the purposes and means of processing personal data; Where the purposes and means of such processing are determined by union law or by the law of the Member States, the person responsible or the specific criteria of his designation may be provided for in accordance with Union law or the laws of the Member States Be.
"Processor" means a natural or legal person, authority, institution or other body that processes personal data on behalf of the responsible party.
"Receiver" means a natural or legal person, authority, institution or other body to which personal data is disclosed, irrespective of whether it is a third party or not. Authorities which, under a specific investigation mandate, are subject to union law or the law of the Member States may receive personal data but are not considered to be recipients; The processing of such data by the mentioned authorities shall be in accordance with the applicable data protection rules in accordance with the processing.
"Third party" means any natural or legal person, authority, institution or other body, other than the person concerned, the controller, the processor and the persons under the direct responsibility of the responsible or Processors are authorized to process the personal data.
A "consent" of the person concerned shall be any voluntarily declared in the specific case, in an informed manner and unequivocally, in the form of a declaration or other clear, conclusive act which the person concerned Understand that you agree to the processing of the personal data relating to you.
Lawfulness of processing
The processing of personal data is only lawful if there is a legal basis for the processing. The legal basis for processing may be adopted in accordance with article 6 (1)LitA – F DSGVO in particular:
- The person concerned has given her consent to the processing of the personal data relating to him for one or more specific purposes;
- Processing is necessary for the fulfilment of a contract to which the data subject is a party, or for the implementation of pre-contractual measures to be taken at the request of the person concerned;
- Processing is required to comply with a legal obligation to which the person responsible is subject;
- Processing is necessary to protect vital interests of the person concerned or of another natural person;
- Processing is necessary for the performance of a task which is in the public interest or is carried out in the exercise of public authority which has been transferred to the person responsible;
- Processing is necessary in order to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal information, outweigh, particularly when the person concerned is a child.
Information on the collection of personal data
(1) In the following we inform you about the collection of personal data when using our website. Personal data is, for example, name, address, e-mail addresses, user behavior.
(2) In case of contacting us by e-mail or via a contact form, the data you have communicated (your e-mail address, if necessary Your name and phone number) saved by us to answer your questions. We delete the data in this connection after the storage is no longer required, or the processing is restricted if legal retention obligations exist.
Collection of personal data when visiting our website
In the case of merely informational use of the website, i.e. if you do not register or otherwise provide us with information, we will only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to show you our website and to ensure stability and security (legal basis is Article 6 para 1 p. 1 Lit. f DSGVO):
- IP Address
- Date and time of the request
- Zeitzonendifferenz zur Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- Access status /HTTP-status code
- Amount of data transferred
- Site from which the request comes
- Operating system and its interface
- Language and version of the browser software.
(1) Additionally, to the mentioned the data, cookies are stored on your computer when using our website. Cookies are small text files that are stored on your hard drive associated with the browser you are using, and which provide specific information to the location that sets the cookie. Cookies cannot run programs or transfer viruses to your computer. They serve to make the Internet offer more user-friendly and more effective.
(2) This website uses the following types of cookies, the scope and functionality of which are explained below:
- Transient cookies (A.)
- Persistent cookies (b.).
- Transient cookies are automatically deleted when you close the browser. This includes the session cookies. These store a so-called session ID, with which different requests from your browser can be assigned to the shared session. This will allow your computer to be recognized again when you return to our website. The session cookies are deleted when you log out or close the browser.
- Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
- You can configure your browser settings according to your preferences and
For example, refuse to accept third-party cookies or all cookies. So-called "third party Cookies" are cookies that have been set by third parties, hence not by the actual website on which you are currently located. Please note that disabling cookies may not allow you to use all the features on this website.
More features and offers of our website
(1) In addition to the purely informational use of our website, we offer various services which you can use if you are interested. To do this, you usually need to provide additional personal information that we use to provide the respective service and for which the data processing principles apply.
(2) We use some of our services to process your data from external service providers. These were carefully selected and commissioned by us, are bound by our instructions and are regularly checked.
(3) Furthermore, we may disclose your personal data to third parties if action participation, sweepstakes, contracts or similar services are offered by us together with partners. For further information please contact us by providing your personal data or below in the description of the offer.
(4) Insofar as our service providers or partners have their registered office in a state outside the European Economic Area (EEA), we inform you of the consequences of this circumstance in the description of the offer.
Use of our web shop
(1) If you wish to order in our web shop, it is necessary for the conclusion of the contract that you provide your personal data which we need for the processing of your order. Mandatory information required for the settlement of contracts is marked separately, further information is optional. We process the data you have provided for the processing of your order. For this we can pass on your payment data to our House bank. The legal basis for this is art. 6 Abs. 1 P. 1 Lit. b GDPR. You can voluntarily create a customer account through which we can store your data for subsequent purchases. When you set up an account under "My Accounts", the data you specify will be revocable. You can always delete all other data, including your user account, in the customer area.
(2) We are obliged to store your address, payment and order data for a period of ten years due to trade and tax regulations. However, after two years we are taking a restriction on processing, i.e. Your data will only be used to comply with Legal obligations.
(3) In order to prevent unauthorized access by third parties to your personal data, financial data, the ordering process is encrypted using TLS technology.
(1) We offer several payment methods for the use of the web shop and we use different payment services. Depending on the payment method you choose, different data will be sent to the respective payment service provider. The legal basis for transmission is art. 6 Abs. 1 P. 1 Lit. a DSGVO. Below we list our payment service providers.
If you choose the payment method PayPal, your personal data will be sent to PayPal. A prerequisite for using PayPal is the opening of a PayPal account. By using or opening a PayPal account, you must send your name, address, telephone number and e-mail address to PayPal. The legal basis for the transmission of the data is Article 6 (1) Lit. a GDPR (consent) and article 6 (1) Lit. b GDPR (processing to fulfil a contract).
Payment service provider PayPal is the:
PayPal (Europe) S. At R.l. And CieS.c.a.
22-24 Boulevard Royal
Choose the Payment Methods Credit card, Alipay, Giropay, SEPA Direct Debit or SOFORTÜBERWEISUNG, your personal data will be sent to Stripe.
The operator of this service is:
185 Berry Street, Suite 550
San Francisco, CA 94107, USA
Attention: Stripe Legal
By choosing Amazon payments, your personal data will be sent to Amazon. A prerequisite for using Amazon Payments is the opening of an Amazon account. By using or opening an Amazon account, you provide your name, address, telephone number and e-mail address to Amazon. The legal basis for the transmission of the data is Article 6 (1) Lit. a GDPR (consent) and article 6 (1) Lit. b GDPR (processing to fulfil a contract).
The operator of this service is:
Amazon Payments Europe s.c.a.
5 Street Plaetis
(1) With your consent you can subscribe to our newsletter, with which we inform you about our current interesting offers. The goods and services advertised are named in the Declaration of consent.
(2) for the registration of our newsletter we use the so-called double-Opt-In procedure. The means that after you have registered, we will send you an e-mail to the email address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and time points of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to investigate possible misuse of your personal data.
(3) The required information for the sending of the newsletter is your e-mail address alone. The indication of further, separately marked data is voluntary and is used to be able to contact you personally. After your confirmation, we save your e-mail address for the purpose of sending the newsletter. Legal basis is art. 6 Abs. 1 P. 1 Lit. a DSGVO.
(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can cancel your withdrawal by clicking on the button in each newsletter email Provided link, via this form of the website, by e-mail email@example.com or by a message to the contact details stated in the imprint.
(5) We would point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the sent e-mails contain so-called web-Beacons or tracking pixels that represent one-pixel image files stored on our website. For the evaluations, we link the data referred to in § 3 and the Web Beacons with your email address and an individual ID. The data are collected exclusively pseudonymized, so the IDs are not linked with your further personal data, a direct personal availability is excluded. You may object to this tracking at any time by clicking on the separate link provided in each email or by notifying us of another contact. The information will be stored if you have subscribed to the newsletter. After unsubscribing, we store the data statistically and anonymously.
Our offer is always aimed at adults. Persons under the age of 18 should not provide personal data to us without the consent of their parents or guardians.
Rights of the person concerned
(1) Withdrawal of consent
If the processing of the personal data is based on a given consent, you have the right at any time to revoke your consent. The revocation of the consent does not affect the legality of the processing due to the consent until the revocation.
You can contact us at any time for the exercise of the right of withdrawal.
(2)Right to Confirmation
You have the right to require the person responsible to confirm whether we are processing personal data relating to them. The confirmation can be requested at any time under the above-mentioned contact data.
(3) Right of information
If personal data are processed, you can at any time request information about this personal data and the following information:
- processing purposes;
- The categories of personal data that are processed;
- The recipients or categories of recipients to whom the personal data has been disclosed or is still disclosed, to recipients in third countries or to international organizations;
- If possible, the planned duration for which the personal data is stored, or, if this is not possible, the criteria for determining that duration;
- The existence of a right to rectify or delete the personal data relating to it or to restrict the processing by the person responsible or a right of objection against such processing;
- The existence of a right of appeal by a supervisory authority;
- If the personal data are not collected from the data subject, all available information on the origin of the information;
- The existence of automated decision-making, including Profiling In accordance with article 22 (1) and (4), GDPR and, at least in these cases, meaningful information on the logic involved, the scope and the intended impact of such processing on the data subject.
Where personal data are transmitted to a third country or to an international organization, they shall have the right to be informed of the appropriate guarantees referred to in article 46 DSGVO in connection with the transmission. We provide a copy of the personal data which are the subject of the processing. For any further copies that you request, we may demand a reasonable fee based on the administrative costs. If you make the application electronically, the information shall be made available in a standard electronic format, unless it specifies otherwise. The right to receive a copy in accordance with paragraph 3 shall not prejudice the rights and freedoms of other persons.
(4) Right to rectification
You have the right to demand from us without delay the rectification of any incorrect personal data relating to you. Considering the purposes of processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
(5) Right to deletion
You have the right to require the person responsible to delete any personal data relating to you immediately and we are obligated to remove any personal data immediately, provided that one of the following reasons applies:
- The personal data are no longer necessary for the purposes for which they were collected or processed in any other way.
- The person concerned shall revoke the consent to which the processing in accordance with article 6 (1) (a) or article 9 (2) (a) DSGVO was based and there is no other legal basis for processing.
- In accordance with article 21 (1), the person concerned shall DSGVO opposition to the Processing and there are no priority legitimate reasons for processing, or the person concerned shall DSGVO opposition to processing in accordance with article 21 (2).
- The personal data has been processed in an unlawful form.
- The deletion of personal data is necessary for the fulfilment of a legal obligation under union law or the law of the Member States to which the person responsible is subject.
- The personal data were collected in relation to information society services provided in accordance with article 8 (1 DSGVO).
If the person responsible has made the personal data public and he is obliged to delete it in accordance with paragraph 1, he shall take appropriate measures, including technical means, taking into account the available technology and the implementation costs, in order to The data controller, who processes the personal data, to inform that an affected person of you the deletion of all links to this personal data or of copies or replicas of these personal data has requested.
The right to delete shall not exist where the processing is required:
- To exercise the right to freedom of expression and information;
- To fulfil a legal obligation which requires processing under the law of the Union or of the Member States to which the person responsible is subject, or to carry out a task which is in the public interest or in the exercise of public authority Transferred to the person responsible;
- For reasons of public interest in the field of public health pursuant to article 9 (2) (h) and (i) and article 9 (3 DSGVO);
- For archival purposes in the public interest, scientific or historical research or for statistical purposes pursuant to article 89 (1) DSGVO, where the law referred to in paragraph 1 is likely to fulfil the objectives of this processing is impossible or seriously impaired, or
- For the assertion, exercise or defence of legal claims.
(6) Right to limitation of processing
You have the right to require us to restrict the processing of your personal data if one of the following conditions is met:
- The correctness of the personal data is contested by the person concerned, for a period which enables the controller to verify the accuracy of the personal data,
- The processing is unlawful, and the person concerned refuses to delete the personal data and instead demands the restriction of the use of personal data;
- The person responsible does not have the personal data for the purposes of processing Longer required, but the data subject requires it to assert, exercise or defend legal claims, or
- The person concerned objected to the processing in accordance with Article 21 Paragraph 1 DSGVO, as long as it has not yet been determined whether the legitimate reasons of the person in charge outweigh those of the data subject.
If the processing has been restricted in accordance with the above-mentioned conditions, this personal data, apart from its storage, will only be subject to the consent of the person concerned or to the assertion, exercise or defence of legal claims Or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State.
To claim the right to restrict the processing, the person concerned may at any time contact us at the above-mentioned contact data.
(7) Right to data transferability
You Have The right to receive the personal data that you have provided to us in a structured, common and machine-readable format, and you have the right to use such data to another person in charge without hindrance by the person to whom the personal data has been provided, provided that:
- The processing on a consent according to Article 6 Paragraph 1 (a) or article 9 (2) (a) or a contract pursuant to article 6 (1) (b) DSGVO, and
- Processing is done using automated procedures.
When exercising the right to transfer data in accordance with paragraph 1, you have the right to obtain that the personal data are transmitted directly by a person responsible to another person responsible, as far as this is technically feasible. The exercise of the right to transfer data does not affect the right to be deleted ("right to be forgotten"). This right shall not apply to processing which is necessary for the performance of a task which is in the public interest or is carried out in the exercise of public authority which has been transferred to the person responsible.
(8) Right of objection
You have the right at any time, for reasons arising from your particular situation, to violate the processing of personal data relating to you which is Article 6 (1) (e) or (f) DSGVO is made to appeal; This shall also apply to a provision based on Profiling. The person responsible no longer processes the personal data, unless he can prove compelling reasons for the processing that outweigh the interests, rights and freedoms of the person concerned, or the processing serves the Enforcement, exercise or defence of legal claims.
If personal data are processed in order to operate direct advertising, the You The right to object at any time to the processing of personal data relating to them For the purpose of such advertising; This also applies to the Profiling, as far as it is related to such direct advertising. If you object to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
In connection with the use of information society services, they may, notwithstanding the Directive 2002/58/EC Exercise their right of objection by means of automated procedures in which technical specifications are used.
You have the right, for reasons arising out of your particular situation, against the processing of any personal data relating to you, for scientific or historical research purposes or for statistical purposes in accordance with Article 89 Paragraph 1 shall be subject to opposition, unless the processing is necessary to fulfil a task in the public interest.
You can exercise the right of objection at any time by contacting the respective person responsible.
(9) Automated Decisions in individual cases, including Profiling
You have the right not to rely solely on automated processing, including Profiling – To be subjected to a decision which has a legal effect on them or which in a similar manner significantly impairs them. This does not apply if the decision:
- is necessary for the conclusion or fulfilment of a contract between the data subject and the person responsible,
- is permissible based on legislation of the Union or of the Member States to which the person responsible is subject, and that this legislation provides for appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject Contain or
- With the express consent of the person concerned.
The person responsible shall take appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, including at least the right to a person's intervention on the part of the party responsible, the presentation of his own Position and on the challenge of the decision.
This right may be exercised by the person concerned at any time by applying to the respective responsible party.
(10) Right of appeal to a supervisory authority
They shall also, without prejudice to any other administrative or judicial remedy, have the right to appeal to a supervisory authority, in the Member State of their place of residence, their workplace or the location of the suspected Infringement if the person concerned considers that the processing of the goods concerned is Personal data is in breach of this regulation.
(11) Right to an effective judicial remedy
Without prejudice to any available administrative or extrajudicial remedies, including the right to appeal to a supervisory authority in accordance with the Article 77 DSGVO the right to an effective judicial remedy if it considers that the rights to which it is entitled under this regulation have been infringed as a result of the processing of its personal data which is not in accordance with this Regulation.
Using Google Analytics
(1) This website uses Google Analytics, a Web Analytics service from Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and which allow you to analyze the use of the website. The By The cookie Generated information about your use of this website is usually transferred to a Google server in the USA and stored there. However, in the event that IP anonymization is enabled on this website, Google's IP address will be shortened in advance within Member States of the European Union or in other States parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services related to the use of the website and the Internet Against the website operator.
(2) The IP address submitted by Google Analytics from your browser will not be merged with other Google data.
(3) You can prevent the storage of cookies by a corresponding setting of your browser software; However, we would point out that in this case you may not be able to use all functions of this website in full. You can also prevent Google from capturing the data generated by the cookie and related to your use of the website (including your IP address) to Google as well as the processing of such data by using the information available at the following link Download and install the browser plug-in: Http://tools.google.com/dlpage/gaoptout?hl=de.
(4) This website uses Google Analytics with the extension "AnonymizeIp()". As a result, IP addresses are truncated further, and a person's recoverability can be excluded. As far as the data collected about you has a personal reference, it is thus immediately excluded and the personal data is deleted immediately.
(5) We use Google Analytics to analyze and regularly improve the use of our website. We can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data are transferred to the United States, Google has subjected itself to the EU-US privacy shield, https://www.privacyshield.gov/EU-US-Framework. Legal basis for the use of Google Analytics is art. 6 Abs. 1 P. 1 Lit. F DSGVO.
(6) Information for this Service Provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Data Protection Information:
http://www.google.com/analytics/terms/de.html, Data Protection Overview: Http://www.google.com/intl/de/analytics/learn/priv... as well as the privacy statement: Http://www.google.de/intl/de/policies/privacy.
(7) This website also uses Google Analytics for a cross-device analysis of visitor streams carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My Data", "personal data".
Integration of Google Maps
(1) We use Google Maps. This allows us to show you interactive maps directly in the website and allow you to use the card function conveniently.
(2) by visiting the website, Google receives information that you have accessed the corresponding sub-page of our website. In addition, the 3dieser declaration. This is done regardless of whether Google provides a user account that you are logged on to, or if there is no user account. If you are logged in to Google, your data will be directly associated with your account. If you do not want to associate with your profile on Google, you must log out before activating the button. Google stores your data as a usage profile and uses it for advertising, market research and/or on-demand design of its website. Such an evaluation is carried out (even for users who are not logged in) for the provision of demand-based advertising and to inform other users of the social network about their activities on our website. You have the right to object to the formation of these user profiles, and you must direct yourself to Google to exercise it.
(3) For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the provider's privacy statements. There you will also receive further information on your rights and setting options for protecting your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the United States and is subject to the EU-US privacy shield, Https://www.privacyshield.gov/EU-US-Framework.
E-mail newsletter with Drip
(1) This website uses the services of drip to send newsletters. Drip Is A Service of Avenue 81 (UK) Ltd., 9th Floor, 107 Cheapside, London.
(2) Drip is a service that supports sending, organizing and analyzing newsletters. If you provide data for the purposes of the newsletter subscription (such as e-mail address), they are stored on the servers of Drip in the United States.
(3) With the help of Drip we can analyze our newsletter campaigns. When you open an e-mail sent by Drip, a file contained in the e-mail a web Beacon is associated with the Drip servers in the United States. This can be used to determine whether a newsletter message has been opened and which links have been clicked. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the newsletter recipient. They are used exclusively for the statistical evaluation of newsletter campaigns. The results of these analyses can be used to better align future newsletters with the interests of the recipient.
(4) If you do not agree with an analysis of drip, please log out of the newsletter. For this purpose, we provide a link in each newsletter message.
(5) The data processing is based on your consent (article 6 (1) (a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already been completed is not affected by unsubscribing.
(6) The data stored with us for the receipt of the newsletter will be saved by us until you unsubscribe from the newsletter. After logging out, your data will be removed from our servers and from the servers of drip. Data that is stored for other purposes with us (e.g. e-mail addresses for the member area) are not affected by this.