Information on data protection
Website www.bitburger-holding.de
We are pleased that you are visiting our website. Data protection and data security for our customers and users are among our top priorities. We comply with data protection regulations, in particular those of the EU General Data Protection Regulation (“GDPR”), of the German Federal Data Protection Act (“BDSG”) and of the German Telemedia Act (TMG).
In this information on data protection we will explain which information (including personal data) is processed by us during your visit and your use of our above mentioned website ("website").
I. Who is responsible for data processing?
The entity responsible in terms of data protection for the processing of personal data and service providers in the sense of the German Telemedia Act (TMG) is Bitburger Holding GmbH, Römermauer 3, 54634 Bitburg; Tel. 06561 14-2744, Fax 06561 14-82744, anno.zilkens@bitburger.de. Where reference is made to "we" or "us” in this information on data protection, this relates to the aforementioned company in each case.
Our data protection officer can be contacted via the above communication channels as well as at datenschutz@bitburger.de.
II. What principles do we observe?
In compliance with data protection regulations, we process your personal data only where allowed to do so by a legal regulation or where you have declared your consent. This also applies to the processing of personal data for advertising and marketing purposes.
On this website we can also collect information which, in itself, does not enable us to make any direct conclusions as to your person. In some cases, particularly when combined with other data, this information can nevertheless be considered "personal data" in data protection terms. We may also, on this website, collect information on the basis of which we can neither identify you directly nor indirectly; this is the case for example with summarized information about all users of this website.
III. What data do we process?
You can access our website without directly entering personal data (such as your name, postal address or your e-mail address). In this case also we must collect and store certain information so as to be able to grant you access to our website. Moreover, we use certain analytical processes on this website.
- Log files: When you visit this website, our web server will automatically store the domain name or IP address of the accessing computer (usually that of your internet access provider), including the date, time and duration of your visit, the subpages/URLs you visit as well as information about the applications and end devices you use to view our pages.
- Cookies: To make our website as user-friendly as possible, we, like many other reputable companies, use so-called cookies. Cookies are small text files that are stored in your internet browser. These files help us to detect the particular preferences of our visitors while surfing and structure our site accordingly. Most of the cookies used by us are so-called "session cookies", which are automatically deleted after your visit. We do also use permanent cookies however. These serve to improve user guidance. Our cookies do not collect any personal data and are not capable of identifying you on the websites of third parties. You can set your browser to inform you about the placement of cookies. By doing this, you can make the use of cookies transparent to you. You can also use your browser settings to always refuse cookie acceptance. However, this may mean that you will not be able to use all the features of the website.
IV. For what purposes and on what legal bases do we process your data?
- The processing of any personal data contained in the log files is carried out to enable you to use our website; this is done on the basis of Section 15, Para. 1 of the German Telemedia Act (TMG).
- We can also process the data collected in connection with your use of our website in order to fulfill legal obligations to which we are subject; this is carried out on the basis of Article 6(1)(c) of the GDPR.
- Where necessary, we also process your data, in addition to the aforementioned purposes, for the purpose of safeguarding our legitimate interests or the interests of third parties; this is carried out on the basis of Article 6(1)(f) of the GDPR. Our legitimate interests include, in particular,
a. The assertion of legal claims and defense in legal disputes;
b. The prevention and investigation of criminal offenses;
c. The control and further development of our business activities, including risk control.
V. Am I obligated to provide data?
Where we collect personal data from you in addition to this, we will inform you at the time of collecting whether the provision of this information is prescribed by law or contract or is required for the conclusion of a contract. When doing so we will usually identify information the provision of which is voluntary and is not based on one of the above-mentioned obligations or not required for the conclusion of a contract.
VI. Who gets my data?
Your personal data is generally processed within our company. Depending on the type of personal data, only certain departments / organizational units will have access to your personal data. These include in particular the departments concerned with the provision of our digital services (e.g. webpages) and our IT department. By means of a role and authorization concept, the access within our company is limited to the functions and scope required for the purpose of processing.
We may also share your personal data with third parties outside of our company to the legally permitted extent. These external recipients can include in particular
- Affiliated companies within the Bitburger Holding, with whom we share personal data for internal management purposes;
- The service providers engaged by us who provide services for us on a separate contractual basis, which may include the processing of personal data, as well as the subcontractors of our service providers engaged with our consent;
- Non-public and public bodies, as far as we are obligated to share your personal data based on legal obligations.
VII. Is an automated decision-making used?
We generally do not use an automated decision-making process (including profiling) in the sense of Art. 22 of the GDPR in connection with the running of our website. Where we use such procedures in individual cases, we will inform you about this separately to the extent provided for by law.
VIII. Will data be transmitted to countries outside the EU/EEA?
The processing of your personal data is generally carried out within the EU or the European Economic Area.
Only in connection with the engaging of service providers for the provision of web analytics services can a transmission of information to recipients in so-called "third countries” be carried out. "Third countries" are countries outside the European Union or the European Economic Area Agreement, where a level of data protection cannot be readily assumed that is comparable to that in the European Union.
Where the transmitted information also includes personal data, we will make sure prior to such transmission that the adequate data protection level required is ensured in the respective third country or at the recipient in the third country. This may result in particular from a so-called "adequacy decision” of the European Commission enabling an adequate level of data protection for a specific third country to be determined overall. Alternatively, we can also base the data transmission on the so-called "EU Standard Contractual Clauses” agreed upon with a recipient or, in the case of recipients in the USA, on the compliance with the principles of the so-called "EU-US Privacy Shield". We will provide you with more information about the appropriate and adequate guarantees for compliance with a reasonable level of data protection on request; see the contact information at the beginning of this information on data protection. You will also find information about the participants of the EU-US Privacy Shield here.
IX. How long will my data be stored for?
We generally store your personal data for as long as we have a legitimate interest in doing so and said interest is not outweighed by your interests in discontinuing storage.
Even without a legitimate interest we can still store the data where required to do so by law (to meet our obligation to preserve records for example). We will delete your personal data without any action on your part as soon as knowing it is no longer necessary for fulfilling the purpose of processing or storing it is otherwise legally inadmissible.
As a general rule:
- The log data will be deleted within seven days as far as continued storage is not required for purposes provided for by law such as the detection of misuse and the detection and elimination of technical malfunctions;
X. What rights do I have?
You have the right as an affected person:
- To receive information about the personal data stored about you, Art. 15 of the GDPR;
- To correction of inaccurate or incomplete data, Art. 16 of the GDPR;
- To deletion of personal data, Art. 17 of the GDPR;
- To restriction of processing, Art. 18 of the GDPR;
- To data portability, Art. 20 of the GDPR, and
- To object to the processing of the personal data concerning you, Art. 21 of the GDPR.
To exercise these rights, you can contact us at any time, e.g. via one of the communication channels specified at the beginning of this information on data protection.
If you have any questions regarding the processing of your data, you can also contact our data protection officer.
You are also entitled to file a complaint with a competent supervisory authority for data protection, Art. 77 of the GDPR.