Privacy notice (GDPR)
(mit Website https://insel-brauerei.de/ und Webshop https://insel-brauerei.de/shop/de/privatsphaere-und-datenschutz/)
Welcome to our website!
We take the protection of your data and privacy extremely seriously. For this reason, we provide the following notice to inform you about the collection and use of personal data when you use our website(s). The GDPR requires us as of 25 May 2018 to give you even more thorough information about the protection of your data and, furthermore, the legal background for it, which we are happy to do as part of the following notice.
§ 1. Information about the collection of personal data
(1) In the following notice, we inform you about the collection of personal data when using our website. Personal data is any data that concerns you personally, e.g. your name, address, email addresses and usage patterns.
(2) The data controller for the purposes of the EU General Data Protection Regulation (GDPR) art. 4(7) is:
Rügener Insel Brauerei GmbH
Expedition ins Bierreich
18573 Rambin auf der Insel Rügen
Deutschland – Germany
Phone: +49 (0) 38306 238 700
Registered at Stralsund District Court, HRB 8839
Managing Director: Markus Berberich
VAT identification no.: DE293963525
(also see our Legal Notices at https://insel-brauerei.de/impressum and https://insel-brauerei.de/shop/de/impressum)
(3) When you contact us by email or using our contact form, we store the data you share with us (your email address and potentially your name and phone number) so that we can answer your questions. We erase the data acquired in this context once we are no longer required to store it or we restrict its processing if the law obliges us to retain it.
(4) If we make use of contracted service providers for certain functions of our offering or would like to use your data for marketing purposes, we will inform you about the respective processes in line with the details below. We will also provide the specified criteria for retention periods where they are applicable.
§ 2. Your rights (rights of the data subject, right to object)
(1) When it comes to us and our processing of personal data concerning you, you have the following rights:
– Right to information and access
– Right to rectification or erasure
– Right to restriction of processing
– Right to data portability
– Right to object to processing
• According to GDPR art. 15, you have the right to request access to and information about the personal data concerning you that we process. In particular, you can request information about the purposes for processing, category of personal data, categories of recipients to whom your data was/is disclosed, planned retention period, existence of rights to rectification, erasure, restriction of processing or objection, existence of a right to complain, origin of the data if it was not collected by us and existence of automated decision-making, including profiling and in that case meaningful information about those specific processes.
• According to GDPR art. 16, you have the right to request prompt rectification of your incorrect or incomplete personal data that is stored by us. According to GDPR art. 17, you have the right to request erasure of your personal data that is stored by us if its processing is not necessary for exercising the right of freedom of expression and information, compliance with a legal obligation, reasons of public interest or the establishment, exercise or defence of legal claims.
• According to GDPR art. 18, you have the right to request restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful, you oppose its erasure and we no longer need the data, you require it for the establishment, exercise or defence of legal claims; or you have objected to processing pursuant to GDPR art. 21.
• According to GDPR art. 20, you have the right to obtain your personal data that you have provided to us in a structured, commonly used and machine-readable format or to transmit that data to another controller.
• In accordance with GDPR art. 7(3), you have the right at any time to withdraw the consent you have previously given to us. This will mean that we will in the future not be permitted to continue processing the data for which the consent was granted.
• If your personal data is processed on the basis of legitimate interests as defined in GDPR art. 6(1)(f), GDPR art. 21 provides you the right to object to the processing of your personal data if your particular situation gives you the grounds to do so or if you are objecting to direct marketing. In the latter case, you have a general right to object with which we will comply without you needing to provide a description of any special situation. If you would like to utilise your right to withdraw consent or to object, an email to the following address will be sufficient (firstname.lastname@example.org)
(2) Additionally, GDPR art. 77 gives you the right to lodge a complaint about our processing of your personal data with an authority supervising data protection compliance. Generally you can contact the supervisory authority with jurisdiction over your habitual residence or place of work or over our company’s registered office.
§ 3. Collection of personal data when visiting our website
(1) When using our website purely for informational purposes, i.e. when you do not register yourself or convey information to us in some other way, we only collect the personal data that your browser transfers to our server. If you would like to view our website, we collect the following data which is technologically required to display our website to you and assure its stability and security (the legal grounds for this are provided in GDPR art. 6(1)(f)):
– IP address
– Date and time of request
– Time difference to Greenwich Mean Time (GMT)
– Content of the request (specific site)
– Access status/HTTP status code
– Volume of data transmitted each time
– Website from which the request is coming
– Operating system and its interface
– Browser software language and version
(2) Cookies are stored on your computer in addition to the aforementioned data when you use our website. Cookies are small text files that are assigned to the browser you use and are stored on your hard drive so that the entity storing the cookie (which in this case is us) has access to certain information. Cookies are not able to launch programs or transfer viruses to your computer. They are used to make our overall online offering more user-friendly and effective.
a) This website uses the following types of cookies, with the scope and functionality of each being explained further below:
– Transient cookies (see b)
– Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close your browser. These cookies include session cookies. They save a session ID that can be used to match different requests from your browser to the same session. This enables your computer to be reidentified when you return to our website. Session cookies are deleted when you log out or close your browser.
c) Persistent cookies are automatically deleted after a given length of time that varies depending on the cookie. You can delete the cookies at any time using your browser’s security settings.
d) You can configure your browser settings as you desire, for example, to have your browser accept third-party cookies or reject all cookies. Do be aware that you may not be able to use all functions of this website.
f) The Flash cookies used are not captured by your browser but rather your Flash plug-in. Moreover, we partly use HTML5 storage objects that are stored on your device. These objects store the required data regardless of the browser you use and do not have an expiry date. If you would not like Flash cookies to be used, you must install a corresponding add-on, e.g. ‘Better Privacy’ for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer Cookie for Google Chrome. You can prevent HTML5 storage objects from being used by changing your browser to private mode. We also recommend that you regularly erase your cookies and browser history manually.
(4) Server log files
The provider of this website automatically gathers and saves information in server log files that your browser automatically transfers to us. This includes:
• browser type/version
• operating system
• referrer URL
• referrer host name
• time of server request
(5) Google Maps
(5.1) We make partial use of the Google Maps feature on this website. This enables us to display interactive maps to you directly on our website, which allows convenient use of the Maps function for you.
(5.2) By visiting our website, Google receives information that you have visited the corresponding page on our website. Additionally, the data listed in Paragraph 3.3 and 5.3 of this notice is transferred to Google. This occurs irrespective of whether Google supplies an account through which you have logged in or whether there is no account. If you are logged in to Google, your data will be matched with your account directly. If you do not want your data to be matched with your Google profile, you must log out before activating the button. Google stores your data in usage profiles and uses it for the purposes of marketing, market research and/or designing its website specific to user needs. In particular, data is analysed to provide advertising targeted to user needs (even for users not logged in) and to inform other users of the social network about your activity on our website. You have a right to object to the creation of such usage profiles, though you must contact Google to exercise this right.
(5.3) You will find additional information about the purpose and extent of the plug-in provider’s data collection and processing in the provider’s privacy policies. There you can also find additional information about your rights relating to it and options for changing settings to protect your privacy: http://www.google.de/intl/en/policies/privacy. Google also processes your data in the United States and is subject to the EU-US Privacy Shield framework, https://www.privacyshield.gov/EU-US-Framework.
(7) Use of Google Analytics
((2)) Google does not keep the IP address transmitted from your browser through the Google Analytics service with other data.
((3)) You can prevent cookies from being stored by activating the corresponding settings in your browser software, though be aware that you may not be able to use the complete functionality of this website in this case. Furthermore, you can prevent the data that is generated by the cookie and that relates to your use of the website (including your IP address) from being stored and processed by Google by downloading and installing the browser plug-in available over the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
((4)) This website uses Google Analytics with the ‘_anonymizeIp()’ extension. This means that IP addresses are abbreviated before they are further processed, thereby ruling out the ability to be drawn back to a specific person. Therefore if the data collected from you has any personal references, it will be immediately blocked and the personal data promptly deleted.
((5)) We use Google Analytics to analyse the use of our website and to be able to regularly improve it. Using the acquired statistics, we can improve our offering and make it more appealing for you as a user. For exceptional cases where personal data is transferred to the United States, be advised that Google is subject to the EU-US Privacy Shield framework, https://www.privacyshield.gov/EU-US-Framework. The legal grounds for our use of Google Analytics are provided in GDPR art. 6(1)(f).2
(8) Use of the Google ‘+1’ button
(9) Use of a ‘Pin it’ button from Pinterest
(10) Use of Instagram function
Functionality for the Instagram service if it the case from time to time is integrated into our website. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, United States. If you are logged in to your Instagram account, you can link the content on our website with your Instagram profile by clicking on the Instagram button. Instagram will be able to match your visit of our website with your user account as a result. We would like to point out that we as the website provider have no knowledge of the content of transferred data nor the way in which Instagram uses it.
(11) Use of Twitter functionality (‘Tweet’ button)
Our website also contains if it is the case from time to time functions provided by Twitter Inc., 795 Folsom Street, Suite 600, San Francisco, CA 94107, United States. If you use Twitter and the ‘retweet’ function in particular, Twitter matches your Twitter account with the websites that you frequently visit. These will be shown to other users on Twitter, including your followers. Accordingly, data is also transferred to Twitter in this manner. Twitter does not inform us, the provider of our website, about the content or use of the data transferred. You can find more information via the link below: http://twitter.com/privacy. However, please note that you have the option of changing your privacy settings for Twitter in your account settings for the network at http://twitter.com/account/settings.
(12) Use of a YouTube plug-in (‘YouTube button’)
(13) Use of Facebook remarketing (‘Facebook button’)
Our website contains if it the case from time to time the ‘Custom Audiences’ remarketing function provided by Facebook Inc. (‘Facebook’). This function is used to present interest-based advertising (‘Facebook ads’) to visitors of this website when they visit the Facebook social network. To enable this function, the Facebook remarketing tag has been implemented on this website. This tag establishes a direct connection to Facebook’s servers when you visit this website. Data concerning your visit of this website is transferred to Facebook’s servers over the connection and Facebook then matches this information with your personal Facebook account. You can find more information about data collection and use by Facebook and your rights and options for guarding your privacy by reading Facebook’s Data Policy at https://www.facebook.com/about/privacy/. Alternatively, you can deactivate the ‘Custom Audiences’ remarketing function at https://www.facebook.com/settings/?tab=ads#_=_. You must be logged on to Facebook to deactivate the function.
§ 4. Other functions and offerings of our website
(1) Alongside usage of this website purely for informational purposes, we also offer various services that you may use if you are interested. For these you will usually need to enter personal data that we will use to provide the respective service and that will be subject to the policies regarding data processing as described above.
(2) We make partial use of external service providers to process your data. We select and contract these providers carefully, and they are legally obliged to follow our instructions and are regularly monitored.
(3) Furthermore, we may share your personal data with third parties when we offer participation in campaigns (e.g. www.insel-brauerei.de/category/actions, competitions, new contracts or similar services jointly with our partners. You can find more detailed information about this when you enter your personal data or at the bottom of the specific details for each offer.
(4) Where our service providers or partners are based in a country outside of the European Economic Area (EEA), we will inform you about the consequences of their location in the specific description for each offer.
§ 5 Collection of personal data when you use our web shop
(1) When you order something in our web shop at https://insel-brauerei.de/shop/index, you will need to enter the personal data necessary to complete your order either as a customer who has already registered or as a new customer in order to establish the contract with us. Mandatory entries needed in order to establish the contract are marked with * and other entries are voluntary. We will process the data you enter for the purpose of filling your order. We may forward your payment information to our company’s bank for this purpose. The legal basis for this is established in Art. 6 Para. 1 S. 1 ltr. b GDPR.
When payment is made via PayPal, credit card via PayPal, bank transfer via PayPal, or – where available – “purchase on account” via PayPal, we will give your data to PayPal Europe in order to complete payment S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). PayPal reserves the right to perform a credit check for the payment methods of credit card via PayPal, bank transfer via PayPal, or – if available – “purchase on account” via PayPal. The results of the credit check relating to the statistical probability of default on payment will be used by PayPal to decide whether or not to provide the payment method concerned. The credit check may contain probability values (so-called score values). If score values are included in the credit check, these are based on a scientifically recognized mathematical statistical process. Address information is one of the types of data used to calculate the score values. Further data protection legal information, including the information agencies used, can be found in the PayPal data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-prev.
You are free to open a customer account, by allowing us to save your data for future purchases. When you create an account under “My Account”, the data you provide will be stored and eligible for revocation. All other data, including your user account, can be deleted in the customer area at any time. You can also order as a guest, in which case no data will be saved beyond what is needed to fill the order and the information will be deleted afterwards. If you place another order, however, you will have to enter the data again.
We can also process the data you provide to inform you of other interesting products from our portfolio or send you e-mails with technical information.
(2) Trade and tax-related requirements oblige us to save your address, payment, and order data for the duration of ten years. After two years, however, we can limit the processing of your information, meaning your data will only be used to comply with legal requirements.
(3) To prevent third parties from accessing your personal data without authorization, especially financial information, the order process will be encrypted using the TLS technique.
§ 6. Newsletter
(1) By giving your consent, you can subscribe via Website or via shop to our newsletter (e.g. https://insel-brauerei.de/shop/de/customer/login)) where we inform you about our current interesting offers. The goods and services advertised are each named in the consent statement for the newsletter.
(2) We use the double opt-in method for registrations for our newsletter. This means that after you register we send the provided email address an email asking for confirmation that you would like to receive the newsletter. If you do not confirm your registration within [24 hours], your information will be locked and automatically erased after one month. In addition, we save the IP addresses used by you and the times of registration and confirmation. This method is used to provide evidence of your registration and, if necessary, clarify any misuse of your personal data.
(3) The only information that is required for us to send the newsletter is your email address. You may provide other, separately marked data voluntarily so that we can address you by name. After you confirm, we store your email address for the purpose of sending you the newsletter. The legal grounds for this are provided in GDPR art. 6(1)(a).
(4) You can cancel your newsletter subscription at any time. You can do so by clicking on the link provided in every newsletter email, by sending an email to [Newsletter@insel-brauerei.de ] or by sending a message using the contact details provided in our Legal Notice.