Data protection information

Data protection information

Please click here for the Privacy Policy of Brauerei C. & A. VELTINS GmbH & Co. KG.

PRIVACY INFORMATION FOR CUSTOMERS, SUPPLIERS AND OTHER DATA SUBJECTS

With the following information, we would like to give you an overview of the processing of your personal data by us and your rights under data protection law. Which data is processed in detail and how it is used depends largely on the commissioned and agreed services. Therefore, not all parts of this information will necessarily apply to you.

WHO IS RESPONSIBLE FOR DATA PROCESSING, WHO CAN I CONTACT?

The controller is

Brauerei C. & A. VELTINS GmbH & Co. KG
An der Streue
59872 Meschede-Grevenstein, Germany
Phone +49-2934-959-0
Fax: +49 -2934-959-493
E-mail: veltinsinfo@veltins.de

You can reach our company data protection officers at:

Brauerei C. & A. VELTINS GmbH & Co. KG
Datenschutzbeauftragter
An der Streue
59872 Meschede-Grevenstein, Germany
E-mail: datenschutz@veltins.de

GENERAL INFORMATION ON DATA PROTECTION

Brauerei C. & A. VELTINS GmbH & Co. KG, as the controller as defined by Art. 4 No. 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and on the repeal of Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR”), takes the protection of your personal data very seriously and adheres strictly to the rules of the data protection regulations.

Personal data will only be processed within the scope of our entire business activity to the extent that it is technically necessary. Under no circumstances will your data be made available to third parties without your consent or without a legal or contractual basis.

Below we give you an overview of how we ensure the protection of your personal data and what kind of data is collected for what purpose.

In a nutshell:
We make use of suitable technical and organisational security measures – also via our service providers, which we contractually commit to comply with data protection – to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

We reserve the right to change these security and data protection measures if this becomes necessary due to technical changes.

WHAT SOURCES AND DATA DO WE USE?

We process personal data, which we receive from our customers, lottery participants, website visitors, employees, former employees and other data subjects within the scope of our business activities (e.g. conclusion of contracts and their initiation or processing) and on the basis of various other legal bases, in particular consents.

If your contact with us or the existing legal relationship between you and us is (also) based on the use of the information, communication and media services provided by us, our information on data protection and the fulfilment of other information obligations, which you can call up at:
https://www.veltins.de/datenschutz/

In addition, we process – to the extent necessary for the provision of our services or for the fulfilment of (pre- and post-) contractual obligations – personal data which we receive or collect from publicly accessible sources (e.g. debtor directories, land registers, commercial and association registers, the press, the Internet, etc.), or which are transmitted to us by other companies or by other third parties with permission.

Relevant personal data are e.g.

  • Personal master data (name, address and other contact data (e-mail address, telephone number, etc.), possibly birthday and place of birth, gender and nationality),
  • In special cases, legitimation data for personal master data (e.g. ID card data) and
  • If necessary, authentication data (e.g. specimen signatures).

In addition, this may also include order data (e.g. payment order data), bank data (e.g. account data, IBAN, BIC), data from the fulfilment of our contractual obligations, advertising/sales data, documentation data (e.g. protocol of your enquiry) and other data comparable with the above categories.

FOR WHAT PURPOSE DO WE PROCESS YOUR DATA AND ON WHAT LEGAL BASIS ARE THE PROCESSING OPERATIONS BASED?

We process personal data in accordance with the provisions of applicable law, in particular the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

  1. a) If you have given us your consent for data processing, the processing according to Art. 6 para. 1 a) GDPR is lawful.

The data processing takes place naturally only in the context of those purposes, for which you gave a consent. These are mostly precise purposes of information transfer (e.g. newsletter, advertising, etc.), your participation in a competition, your contact with us, your communication of your data (e.g. business card transfer, contact by you), photos in the context of events, data transfer in the context of events and other ways in which you have transferred your personal data to us for processing.

You can revoke your consent at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. The revocation of a consent is only effective for the future and does not contain the legality of the data processed until the revocation.

  1. b) In order to fulfil pre-contractual and post-contractual obligations, data processing is carried out in accordance with Art. 6 para. 1 b) GDPR.

The processing of data takes place for the fulfilment of one or more contracts of which you are the contracting party. Data processing may also be necessary for the implementation of pre-contractual measures, which are taken at the request of the data subject. The performance of the contract also includes post-contractual obligations, insofar as this makes the processing of personal data necessary.

The purposes of the data processing depend primarily on the concrete contract, the respective contract wish and the other legal relationship between you and us and can have various contract purposes and regulations as a basis. For this purpose, we can also make use of various needs analyses, possible advice and the execution of transactions. Further details on the data processing purposes can be found in the relevant contractual documents and the Terms and Conditions.

  1. c) If data processing is necessary to fulfil a legal obligation to which we are subject, data processing is lawful pursuant to Art. 6 para. 1 c) GDPR.

Like all companies, we are subject to various legal obligations, i.e. legal requirements arising from supervisory law, tax law, general regulatory law, data protection law, food law and other relevant areas of law. We must of course comply with these legal requirements, which is why it cannot be ruled out that your data may also be collected and processed for such purposes. This legal obligation also indirectly affects your data, which is why your rights in this regard are restricted by law.

  1. d) If necessary, we process your data beyond the actual fulfilment of the contract to protect the legitimate interests of third parties or us.

Examples of this are:

  • Review and optimisation of procedures for needs analysis in order to address customers directly;
  • Advertising or market/opinion research insofar as they have not objected to the use of their data;
  • Assertion of legal claims and defence in legal disputes;
  • Ensuring IT security and IT operations;
  • Prevention and investigation of criminal offences;
  • Measures for building and plant security (e.g. access controls);
  • Measures to ensure domestic authority;
  • Measures for business management and further development of services and products;
  • Risk management measures;
  • Measures to ensure compliance with food law obligations;
  • Measures to ensure proper business operations;
  • Measures to support sport (e.g. addressing clubs, sponsoring);
  • Measures for product and sales optimisation;
  • Press support measures;

We do not process your data if your interests or fundamental freedoms outweigh our legitimate interests pursuant to Art. 6 para. 1 f GDPR; in this respect we have established regular processes to carry out an independent assessment.

Insofar as data processing is necessary for the fulfilment of a legal obligation to which we are subject in respect of the aforementioned circumstances of permission, data processing is lawful pursuant to Art. 6 para. 1 c) GDPR.

WHO RECEIVES MY DATA?

Within the brewery, only those parties who need your data to fulfil the specified purposes will have access to your data.

Service providers and vicarious agents employed by us, in particular contract processors pursuant to Art. 28 GDPR and joint controllers pursuant to Art. 26 GDPR, may also receive data for these purposes if they comply with data protection regulations.

These are in particular companies in the fields of

  • Services,
  • IT services,
  • Logistics,
  • Banking industry (banks),
  • Telecommunications services,
  • Collection services,
  • Business and legal advice,
  • Distribution,
  • Marketing, and
  • other outsourced activities.

No data is transferred to such companies in the legal sense, as contract processing agreements pursuant to Art. 28 GDPR have been concluded with these companies. The companies are therefore not third parties within the meaning of the law according to the prevailing opinion in legal jurisdiction and literature, but are assigned to us within the framework of the data processing of the controllers. Unless expressly permitted by law or legitimised by your consent, data will therefore not be transmitted. Data transfer to third parties, e.g. joint controllers according to Art. 26 GDPR, is of course independent of this. In such cases, the third parties (joint controllers) are responsible for verifying the lawful processing of personal data. We examine the legality of the transmission to these third parties and do not transmit if no legitimate facts are fulfilled for the transmission.

IS DATA TRANSFERRED TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANISATION?

A data transfer to places in states outside the European Union or European Economic Community (EEA), so-called third states, does not take place.

In exceptional cases, the transfer of data to such third countries may be necessary and/or unavoidable in the absence of any other offer, insofar as it is necessary for the execution of your orders/contracts, it is required by law (e.g. tax reporting obligations) or you have given us your consent.

Should it come to an establishment of a data transfer process in such third countries, we will of course inform you about this.

We are already pointing out some basic principles:

If you use our offered information, communication and telemedia services via platforms such as our websites, Facebook, Instagram, WhatsApp or YouTube, we refer you to the respective information to be provided and our corresponding notes for the fulfilment of the information duties incumbent upon us and further duties in this regard:
https://www.veltins.com/data-protection

HOW LONG WILL MY DATA BE STORED?

We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations. It should be noted that some business relationships are structured as so-called continuing obligations, which are designed for the long term. Your data will then also be processed and, in particular, stored for the duration of such contracts.

On the other hand, the following applies of course:

If the data are no longer required for the fulfilment of contractual or legal obligations, they are regularly deleted unless their further processing – for a limited period of time – is necessary to safeguard legal obligations or legitimate interests. This includes in particular documentation and storage obligations, for example:

  • German Commercial Code (HGB),
  • Tax Code (AO),
  • German Banking Act (KWG),
  • Money Laundering Act (GWG),
  • General Data Protection Regulation (GDPR),
  • Federal Data Protection Act (BDSG),
  • General food law,
  • General civil law and civil procedure law,
  • Substantive criminal law and criminal procedural law,

The periods for storage or documentation specified in the laws can generally be 2-10 years.

The preservation of evidence within the framework of the statutory statute of limitations. According to §§ 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, for example, although the regular limitation period is generally 3 years.

WHICH RIGHTS DO I HAVE?

Each data subject shall have the following rights:

  • the right of access pursuant to Art. 15 GDPR,
  • the right to rectification pursuant to Art. 16 GDPR;
  • the right to erasure pursuant to Art. 17 GDPR,
  • the right to restriction of processing pursuant to Art. 18 GDPR;
  • the right to object under Art. 21 GDPR, and
  • the right to data transferability under Art. 20 GDPR

Furthermore, there is a right of appeal to a competent data protection supervisory authority, Art. 77 GDPR in conjunction with § 19 BDSG.

You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. Please note that the revocation will only take effect in the future. Processing operations, which took place before the withdrawal, are not affected by this.

Please do not confuse your right to withdraw your consent with the right to object under Art. 21 GDPR. If a processing by us is based on Art. 6 para. 1 e) or f) GDPR (necessity for the performance of a task which is in the public interest, in the exercise of public authority or to safeguard our legitimate interests or those of third parties), you can object to the processing of your personal data at any time. We shall then be obliged not to process the personal data unless we can prove that there are compelling reasons for the processing which are worthy of protection and which outweigh your interests, rights and freedoms, or which serve the processing, assertion, exercise or defence of legal claims. For details, refer to the following information box.

If you have any questions about the details of our processing of personal data, please contact us, e.g. our data protection officer, at the above-mentioned contact details.

Version: October 2018

INFORMATION ABOUT YOUR RIGHT OF OBJECTION ACCORDING TO ART. 21 GDPR

INDIVIDUAL RIGHT OF OBJECTION

You have the right to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 e) or f) GDPR for reasons arising from your particular situation; this also applies to profiling based on these provisions.

If we use personal data for direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct advertising.

If you object to the processing for the purpose of direct marketing, the personal data will no longer be processed for these purposes.

If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

RECIPIENT OF A NOTICE OF OBJECTION

The objection can be made without formal requirements, stating your name, your address and your date of birth and should be addressed to:

Brauerei C. & A. VELTINS GmbH & Co. KG
An der Streue
59872 Meschede-Grevenstein, Germany
Phone +49-2934-959-0
Fax: +49 -2934-959-493
E-mail: veltinsinfo@veltins.de

(if necessary to the attention (c/o) of our data protection officer).

In the event of revocation of your declaration of consent, we also ask you to contact us using the contact details just mentioned.