Unless otherwise specified in other legal relationships, the “Controller” is:
Brauerei C. & A. Veltins GmbH & Co. KG
An der Streue
Phone: +49 2934 959 0
Fax: +49 2934 959 493
GENERAL INFORMATION ON DATA PROTECTION
Brauerei C. & A. VELTINS GmbH & Co. KG, as the controller defined by Art. 4 No. 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and on the repeal of Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR”), takes the protection of your personal data very seriously and adheres strictly to the rules of the data protection regulations.
Personal data is processed on the websites of the controller and within the scope of our entire business activity only to the extent that is technically necessary. Under no circumstances will your data be made available to third parties without your consent or without a legal or contractual basis.
Below we give you an overview of how we ensure the protection of your personal data and what kind of data is collected for what purpose.
In a nutshell:
We make use of suitable technical and organisational security measures – also via our service providers, which we contractually commit to comply with data protection – to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
We therefore reserve the right to change these security and data protection measures if this becomes necessary due to technical changes.
You will find our data protection information, which is not in connection with visiting the websites and telemedia services for which we are (co-)responsible, and which also applies in addition to this information, at the following link:
1. DATA PROCESSING ON OUR WEB PAGES AND WITHIN THE APP
Brauerei C. & A. VELTINS automatically processes information transmitted to us by the browser and other applications of your terminal device on the directly accessible Internet presences and services via the service providers commissioned by us. These are:
- Browser type/ version / plug-ins
- Operating system used
- General system information (such as end device, end device ID, screen resolution, etc.)
- Referrer URL (e.g. the page you visited previously)
- Host name of the accessing terminal device (e.g. IP address)
- Time of the server request
- Geo- and location data
- First name and surname
- E-mail address
- Device identification data of your end device
- Recognition/identity data (e.g. photos)
- Usage data
The data mentioned will be processed by us for the following purposes:
- to ensure a smooth connection for our services,
- to ensure a comfortable use of our services,
- to ensure basic functionality of our services
- to evaluate the system safety and stability, as well as
- for other administrative purposes.
When visiting our website and when using our services, we always use the SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the status bar of your browser (software-dependent).
2. DATA PROCESSING FOR REGISTRATION FOR OUR NEWSLETTER AND FURTHER INFORMATION
If you have expressly consented in accordance with Art. 6 para. 1 sentence 1 a) GDPR, we will use your e-mail address and any other data provided for this purpose to send you our newsletter and other information on a regular basis and, if you provide your address, also by post, about us and our campaigns. To receive the newsletter, it is sufficient to provide an e-mail address; further data is voluntary. You can unsubscribe at any time, e.g. via a link at the end of each newsletter. Alternatively, you can also send us your unsubscribe request at any time by e-mail to email@example.com or firstname.lastname@example.org.
As part of the newsletter dispatch, you will of course be informed separately and in detail about your existing rights.
3. DATA PROCESSING WHEN USING OUR CONTACT FORM
If you have any questions or concerns, we offer you the opportunity to contact us via forms (contact masks) provided on the respective websites and within the app or other services. The information of (at least) a valid e-mail address, as well as the first and last name is necessary, so that we know from whom the inquiry originates and to enable us to answer it. You can provide further data voluntarily, which we will then use according to your contact request.
The data processing for the purpose of establishing contact with us takes place in accordance with Art. 6 para. 1 sentence 1 a) GDPR on the basis of your voluntarily given consent as well as your related interest in the response, which legitimises us for data processing, Art. 6 para. 1 GDPR.
The personal data processed by us for the use of the contact form will be completely deleted automatically after completion of the request made by you at the end of reasonable retention periods.
4. DISCLOSURE OF YOUR DATA
Your data will generally only be transmitted if you have given us your consent, if it is necessary for the establishment, execution or termination of a contractual or quasi-contractual obligation or if it is necessary to safeguard the legitimate interests of the controller and there is no reason to assume that your interests worthy of protection in the exclusion of the processing or use outweigh or there are statutory transmission obligations.
If we transfer data to companies commissioned by us or cooperating with us, or to other third parties, we have entered into agreements with them in accordance with applicable law, in particular in accordance with Art. 26 and 28 GDPR. Under this provision, the other data-processing bodies undertake to guarantee an adequate level of data protection. Please contact us for details regarding this; we will be pleased to meet your justified claims for information (cf. section 12).
A transfer of your data to non-EU/non-EEA countries (so-called “third countries”), in particular to receiving agencies that cannot guarantee an adequate level of data protection, generally does not take place.
Where there is a derogation from this principle, this derogation is necessary for a number of reasons. The following information provides an overview of these exceptions:
Cookies are used to store information that is generated in connection with the specific end device used. This does not mean, however, that we will gain immediate knowledge of your identity.
The data processed by cookies are necessary for the purposes mentioned to safeguard our legitimate interests and those of third parties pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
(Third) companies are also involved in setting cookies.
Most browsers and devices automatically accept cookies. However, you can configure your browser or end device so that no cookies are stored on your end device or a message always appears before a new cookie is created. However, if you disable cookies completely, you may not be able to use all the functions of our services.
Our websites and services use so-called web fonts. These are digital fonts provided by third parties.
7. GOOGLE, GOOGLE-LOGIN AND GOOGLE-ANALYTICS
Our websites and the app use services of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043 USA (“Google”).
Among other things, we offer you the possibility to register for our service with a login via Google. An additional registration is then no longer necessary or possible. To login, you will be redirected to the Google page, from where you can login with your account information, which of course requires you to provide your account information. This will link your Google profile and our service. Through the link, we automatically receive the following information from Google LLC:
- Last name, first name
- Profile picture, therefore identification data
- E-mail address
- User ID
We use this data for the log-in process and do not transmit any data to Google ourselves for this purpose. This data is absolutely necessary for the log-in and/or the contract conclusion and service use, which require a log-in.
We also use Google Analytics, a (web) analytics service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”, which are small text files placed on your device, to help the website analyse how users use our services, and Java Script. The information generated by the cookie about your use of the respective website, whether via the browser or the app, is usually transmitted to a Google server in the USA and stored there.
8. INDIVIDUAL EXTERNAL FUNCTION PROVIDERS, IN PARTICULAR SOCIAL MEDIA
We use the technical platforms and services of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland and Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, if applicable, for the information services offered by us, e.g. in our Facebook fan pages and within the app (e.g. for logging in there via your Facebook account, so-called Facebook Connect).
In order, for example, to draw attention to our services and to contact you as a visitor and user of our services, we use the services of Facebook and the Facebook Group (Instagram, WhatsApp) in the exercise of legitimate interests pursuant to Art. 6 para. 1 f) GDPR and to fulfil specific legal transactions with you pursuant to Art. 6 para. 1 b) GDPR.
In what way Facebook uses the data from visits to Facebook services for its own purposes, to what extent activities on Facebook services are assigned to individual users, how long Facebook stores this data and whether data from a use of Facebook services is passed on to third parties, is not conclusively and clearly named by Facebook and is not known to us. When you access a Facebook service, the IP address assigned to your end device is transmitted to Facebook. According to Facebook, this IP address (including terminal device IDs) is allegedly anonymised (for “German” IP addresses) and deleted after 90 days. In addition, Facebook stores information about its users’ end devices (e.g. as part of the “registration notification” function); Facebook may thus be able to assign IP addresses to individual users. If you are currently logged on to Facebook as a user, there is a cookie with your Facebook identification on your end device. This enables Facebook to understand that you are using this service and how you used it. This also applies to all other Facebook services.
Facebook buttons included in our services also allow Facebook to track your visits to these websites and use of the services and associate them with your Facebook profile. This data can be used to tailor content or advertising to your needs.
For the rest, we refer you to the following information and the visible explanations of Facebook and its affiliated companies.
We would like to point out that you use this Facebook page and its functions under your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).
8.1.1 Facebook Membership
The complete privacy policies provided by Facebook can be found here: https://de-de.facebook.com/full_data_use_policy
Nevertheless, despite logging out or other countermeasures, we cannot rule out that Facebook and any other (third) companies may be able to assign your personal data to you and transfer it to other places, if applicable. Please be aware of this when visiting the websites.
We offer you the possibility to register for our services with Facebook-Connect. An additional registration is then no longer necessary and may no longer be possible. To login, you will be redirected to the Facebook page, from where you can login with your account information. This will link your Facebook profile and our service. Through this link we automatically receive the following information from Facebook Inc.:
- Last name, first name
- Profile picture, therefore identification data
- E-mail address
- User ID
We use this data for the login process and do not transmit any data to Facebook ourselves for this purpose. This data is absolutely necessary for the log-in and/or the contract conclusion and service use, which require a log-in.
8.1.2 Facebook Insights
When you visit our Facebook page and use our services, Facebook collects, among other things, your IP address and other information that is or may be present on your terminal in the form of cookies. This information is used to provide us, as operators of Facebook pages, with statistical information about the use of Facebook services.
More information about this can be found on Facebook at the following link:
Via these so-called Facebook Insights, statistical data from various categories can also be accessed by us. These statistics are generated and provided by Facebook, regardless of whether you are a Facebook member or logged in or out.
As the operator of this site, we have no influence on the generation and display of this information. We cannot deactivate this function or prevent the collection and further processing of the data. For a selectable period of time as well as for the categories fan, subscriber, reached persons and interacting persons, the following data will be provided to us by Facebook in relation to our Facebook pages:
- Total number of page views,
- “Like” figures,
- Activities on the page,
- Contribution interactions,
- Video views,
- Contribution range,
- Shared content,
- Proportion of men and women,
- Origin related to country and city,
- Views and clicks in the shop,
- Clicks on route planner,
- Clicks on phone numbers,
- Type of terminal equipment used.
It also provides information about the Facebook groups linked to our Facebook pages. This is done within the scope of what Facebook considers to be a joint responsibility (Joint Controllership as defined by Art. 26 GDPR) between us and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, although we have no influence on the data processing on Facebook, in particular on the means and purposes underlying the data processing.
The corresponding agreement pursuant to Art. 26 GDPR is available on the status of preparation of this data protection information at
8.1.3 Facebook Pixel
Within the information services offered by us, we use the so-called “Facebook Pixel” and thus access the corresponding service of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland and Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, if applicable.
With the use of this service we pursue marketing purposes, in particular the renewed addressing of users of our services who have already used services from us before (so-called retargeting). We use Facebook Pixel to display Facebook ads placed by us primarily only to Facebook users who have shown an interest in our online services or who have certain characteristics (e.g. interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Facebook (so-called “custom audiences”). With the help of Facebook Pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not appear annoying. With the help of Facebook Pixel, we can further track the effectiveness of Facebook ads for statistical and market research purposes by seeing if users were referred to our website after clicking on a Facebook ad (known as “conversion”).
In order to enable the use of the service, we transmit your Facebook ID, i.e. a combination of numbers that can be uniquely assigned to you and your existing Facebook profile, to Facebook, including data on the use of our services. We do not share any clear names, your Facebook profile name or other personal information with Facebook.
With the declaration made in the context of the pop-up “Age-Gate” before using our services, you have consented to the use of this service by us.
You can revoke this consent at any time by using the opt-out option granted via the following link:
You can find more details about the pixel used in the Facebook help section here:
In addition, Facebook’s basic data usage policy provides more information about the details that can be found here:
In all other respects the already mentioned references to Facebook integration within this section apply accordingly.
We use the technical platforms and services of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland, and, if applicable, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA for the information services offered on our Instagram presences.
Since Instagram belongs to the Facebook group and Facebook Ireland or Facebook Inc. are (also) controllers as defined by data protection law, the information named under the above bullet on Facebook is applicable.
On our web pages we also use plug-ins of the social network Instagram. Instagram is operated by Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA, and if you visit Facebook within the EU/EEA pages, Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. If you visit websites that have such an Instagram plug-in, your information about which of our web pages you have visited will be transferred to the servers used by Facebook.
Here, too, the notes on Facebook mentioned under 8.1 apply analogously.
We use the technical platforms and services of WhatsApp to fulfil some services, in particular distributing our WhatsApp newsletter as part of our VELTINS fan promotions.
These services are provided by WhatsApp Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, as a subsidiary of WhatsApp Inc. 1601 Willow Road Menlo Park, California 94025,USA, which has been part of Facebook Inc. since 2014.
WhatsApp itself processes the information you provide as an independent controller as defined by data protection law.
For example, we receive your contact data stored there – usually the mobile phone number – from WhatsApp only to fulfil the agreements made with you and are then again independent controller with regard to the processing of your personal data (besides) WhatsApp, see Art. 26 GDPR.
For the rest, our information on Facebook applies analogously.
For the information services offered by us on our websites, in particular the YouTube plug-in, we revert to the technical platforms and the services of YouTube LLC, San Bruno, California, USA, a subsidiary of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043 USA (“Google”), which operates in Europe under Google Ireland Limited (“Google”), a company registered and operated under Irish law (registration number: 368047) with registered office in Gordon House, Barrow Street, Dublin 4, Ireland.
In order, for example, to draw attention to our services and to contact you as a visitor and user of our website, we use the services of Google and the Google Group (YouTube) in the exercise of legitimate interests pursuant to Art. 6 para. 1 f) GDPR and to fulfil specific legal transactions with you pursuant to Art. 6 para. 1 b) GDPR.
Google does not conclusively and clearly name the way how Google uses the data from visits to Google pages for its own purposes, the extent how activities on the Google page are assigned to individual users, how long Google stores this data and whether data from a visit to the Google page and its companies are passed on to third parties, and this is not known to us. Google also stores information about the end devices of its users (e.g. as part of the “registration notification” function); Google may thus be able to assign IP addresses to individual users, if applicable. If you are currently logged in to Google services as a user, a cookie with your Google ID is stored on your terminal device. This enables Google to retrace that you visited this site and how you used it. This also applies to all other Google web pages or web pages of associated companies.
YouTube buttons integrated into websites also allow Google to record your visits to these websites and assign them to your Google profile. This data can be used to tailor content or advertising to your needs.
For the rest, we refer to the following notes and the available policies of Google and its affiliated companies:
We would like to point out that you use this website and its functions under your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).
The plug-ins of the information service YouTube are marked with a YouTube logo or the addition “YouTube plug-in” or similar. If you call up a website of the controller (i.e. us) which contains such a plug-in, a direct connection to the Google servers is established by clicking on the icon. The content of the plug-in is transmitted from there directly to your browser and integrated into the website by it. By integrating the plug-ins, Google receives, among other things, the information that you have called up the corresponding page of our website. If, for example, you are logged into YouTube or Google, Google can assign the visit to your personal account. If you interact with the plug-ins, for example by clicking a rating button or commenting, the corresponding information is transmitted directly from your browser to Google and stored there. The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights in this regard and setting options to protect your privacy can be found in the above data protection information from Google. If you do not want Google to collect data about you via our website when you use the plug-in, you must log out of Google before visiting our website and deactivate the “logged in” function, delete the cookies available on your end device and close and restart your browser. Please note the following: When you access interactive features on the page, a Google sign-in screen may reappear. After a possible (new) registration, you are immediately recognisable to Google as a specific user.
9. GOOGLE MAPS
10. PAYMENT/FINANCIAL SERVICES
On some of our websites and within our services, in particular in the VELTINS shop (https://secure.veltins.de/shop/), we use online payment services if you choose this payment method.
Within the scope of the respective transactions for the fulfilment of the contract according to Art. 6 para. 1 b) GDPR, your necessary personal data will therefore be transmitted to the respective independently responsible body.
We currently use the online payment service PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, which, within the European Union as a financial services institution (bank), is supervised by the responsible supervisory authority, the Luxembourg banking supervisory authority CSSF (Commission de Surveillance du Secteur Financier).
11. DATA PROTECTION OFFICERS
Please contact our data protection officers if you have any questions or requests for information, if you wish to assert your rights (section 13) or if you wish to revoke any consent you may have given to the use of your data:
Of course, you can also contact our data protection officers via the following contact details:
Brauerei C. & A. Veltins GmbH & Co. KG
An der Streue
Phone: +49 2934 959 0
Fax: +49 2934 959 493
12. YOUR RIGHTS
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or to object to processing, the existence of a right to object, the origin of your data if it has not been collected from us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on their details;
- in accordance with Art. 16 GDPR to immediately request the rectification of incorrect or incomplete personal data stored by us;
- to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless processing is necessary for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest or for asserting, exercising or defending legal claims;
- to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the accuracy of the data is disputed by you, the processing is unlawful but you refuse its erasure and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller;
- in accordance with Art. 7 para. 3 GDPR to withdraw your consent once given to us at any time. The consequence of this is that we may not continue the data processing based on this consent for the future, and
- to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of our place of business. The supervisory authority responsible for the controller is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Further information on the respective responsibilities, activities and data processing by the supervisory authority can be found in the relevant information, e.g. at https://www.ldi.nrw.de/.
Due to the further development of our website and offers about it or due to changed legal or official requirements, it may be necessary to change this data protection notice. The current data protection information can be retrieved and printed any time via the website at
INFORMATION ABOUT YOUR RIGHT TO OBJECT ACCORDING TO ART. 21 GDPR
INDIVIDUAL RIGHT OF OBJECTION
You have the right to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 e) or f) GDPR for reasons arising from your particular situation; this also applies to profiling based on these provisions.
If we use personal data for direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct advertising.
If you object to the processing for the purpose of direct marketing, the personal data will no longer be processed for these purposes.
If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
RECIPIENT OF AN OBJECTION
The objection can be made informally stating your name, your address and your date of birth and should be addressed to:
Brauerei C. & A. VELTINS GmbH & Co. KG
An der Streue
59872 Meschede-Grevenstein, Germany
Fax: +49 -2934-959-493
(for the attention of our data protection officer, if applicable).
In the event of withdrawal of your declaration of consent, we also ask you to contact us using the contact details just mentioned.