Privacy Policy
1. DATA PROTECTION AT A GLANCE
General information
The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to identify you personally. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.
Data collection on our website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the legal notice of this website.
How do we collect your data?
On the one hand, your data is collected when you provide it to us. This may be data that you enter in a contact form, for example.
Other data is collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.
What do we use your data for?
Some of the data is collected to ensure that the website is provided without errors. We also use your contact details to notify you if you win a prize. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking or deletion of this data. You can contact us at any time at the address given in the legal notice if you have any further questions on the subject of data protection. You also have the right to lodge a complaint with the competent supervisory authority.
Analysis tools and tools from third-party providers
When you visit our website, your surfing behavior may be statistically evaluated. This is primarily done using cookies and so-called analysis programs. The analysis of your surfing behavior is usually anonymous; the surfing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. You can find detailed information on this below.
Links to other websites
Our website contains links to third-party websites or to other websites under our responsibility. If you follow a link to one of these websites (which are outside our responsibility), please note that this website has its own privacy policy and that we accept no responsibility or liability for this. Please check this privacy policy before you voluntarily submit any personal data to this website.
External links are marked with this symbol:
Only when you click on an external link will data be transferred to the link destination. This is technically necessary due to the protocol on which the Internet is based (TCP/IP = Transfer Control Protocol / Internet Protocol). The data transferred are in particular: your IP address, the time at which you clicked on the link and the page on which you clicked on the link.
Individual links may involve the transfer of data to countries outside Europe. As a result, it is possible that foreign third parties, authorities or secret services may receive connection data. If you do not want the aforementioned data to be transferred to the link destination or to be viewed by the aforementioned third parties, then do not click on the link.
2. HOSTING AND CONTENT DELIVERY NETWORKS (CDN)
External hosting
We host our website with Hetzner. The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter referred to as Hetzner). Details can be found in Hetzner's privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz. Hetzner is used on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Conclusion of a contract for order processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Shopify
We use the store system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online store on the basis of processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of Shopify's aforementioned services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on our behalf. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by an adequacy decision of the European Commission. Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz
Further processing on Shopify servers other than those mentioned above will only take place within the framework specified below.
Conclusion of a contract for order processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Cloudflare
We use the Cloudflare service. The provider is Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA.
Cloudflare offers a globally distributed content delivery network with DNS. The information transfer between your browser and our website is technically routed via the Cloudflare network. This enables Cloudflare to analyze the data traffic between your browser and our website and to serve as a filter between our servers and potentially malicious data traffic from the Internet. Cloudflare may also use cookies or other technologies to recognize Internet users, but these are used solely for the purpose described here.
The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here.
Further information on security and data protection at Cloudflare can be found here.
Conclusion of an order processing contract
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
3.General Notes and Mandatory Information
Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g., when communicating by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.
Controller Information
The controller for data processing on this website is:
OeTTINGER Brauerei GmbH
Brauhausstraße 8
86732 Oettingen i. Bay.
Phone: +49 (0) 9082 708-0
Email: mail@oettinger-bier.de
The controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Storage Duration
Unless a specific storage period is mentioned in this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, the deletion will take place after these reasons cease to apply.
Legally Required Data Protection Officer
We have appointed a data protection officer for our company.
Kutzschbach Electronic GmbH & Co.KG – Data Protection Officer – Markham Str. 15 86720 Nördlingen
Phone: +49 (0) 9081 2503 450 Email: datenschutz@oettinger-bier.de
Note on Data Transfer to the USA
This website may include tools from companies based in the USA. When these tools are active, your personal data may be transferred to the US servers of the respective companies. Please note that the USA is not a safe third country within the meaning of EU data protection law. US companies are obligated to hand over personal data to security authorities without you being able to take legal action against it. Therefore, it cannot be ruled out that US authorities (e.g., intelligence agencies) may process, evaluate, and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your express consent. You can revoke a previously given consent at any time. An informal notification by email is sufficient for the revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to Lodge a Complaint with the Supervisory Authority
In the event of violations of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the data protection officer of the federal state in which our company is located. A list of data protection officers and their contact details can be found at the following link.
Right to Object to Data Collection in Special Cases and Direct Marketing (Art. 21 GDPR)
If data processing is carried out on the basis of Art. 6(1)(e) or (f) GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims (objection under Art. 21(1) GDPR).
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling, insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for direct marketing purposes (objection under Art. 21(2) GDPR).
Right to Lodge a Complaint with the Supervisory Authority
In the case of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work, or the place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedies.
Right to Data Portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent technically feasible.
SSL/TLS Encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Encrypted Payment Transactions on this Website
If there is an obligation to provide us with your payment data after the conclusion of a paid contract (e.g., account number for direct debit authorization), this data is required for payment processing.
Payment transactions using common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL/TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. In the case of encrypted communication, your payment data, which you transmit to us, cannot be read by third parties.
Information, Blocking, Deletion
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient, and the purpose of data processing, and, if necessary, a right to rectification, blocking, or deletion of this data. For this purpose, as well as for further questions regarding personal data, you can contact us at any time using the address provided in the imprint.
Right to Restriction of Processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restrict processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the examination, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it for the exercise, defense, or assertion of legal
4. DATA COLLECTION ON OUR WEBSITE Cookies
Our websites use so-called "cookies." Cookies are small text files that do not harm your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them yourself or automatic deletion occurs through your web browser.
In some cases, cookies from third-party companies may also be stored on your device when you enter our site (third-party cookies). These allow us or you to use certain services of the third-party company (e.g., cookies for processing payment services).
Cookies serve various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or video display). Other cookies are used to evaluate user behavior or display advertisements.
Cookies necessary for the electronic communication process (necessary cookies) or for providing certain functions requested by you (functional cookies, e.g., for the shopping cart function) or for optimizing the website (e.g., cookies for measuring web audience) are stored based on Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent for the storage of cookies is requested, the storage of the relevant cookies is based solely on this consent (Art. 6(1)(a) GDPR); the consent can be revoked at any time.
You can configure your browser to inform you about the setting of cookies, allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website. If third-party cookies are used or employed for analytical purposes, we will inform you separately within this privacy policy and, if necessary, request your consent.
Cookie Consent with Usercentrics
This website uses the cookie consent technology from Usercentrics to obtain your consent for storing certain cookies on your device or for using certain technologies in a data protection-compliant manner and to document this. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, website: https://usercentrics.com/de/
When you enter our website, the following personal data is transmitted to Usercentrics:
- Your consent(s) or the revocation of your consent(s)
- Your IP address
- Information about your browser
- Information about your device
- Time of your visit to the website
Usercentrics also stores a cookie in your browser to assign the granted consents or their revocation. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected.
The use of Usercentrics is to obtain legally required consents for the use of certain technologies. The legal basis for this is Art. 6(1)(c) GDPR.
Contract for Data Processing Agreement
We have concluded a contract for data processing with Usercentrics. This is a legally required contract that ensures that Usercentrics processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address
These data are not merged with other data sources.
The basis for data processing is Art. 6(1)(f) GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures.
Contact Form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored with us for the purpose of processing the inquiry and in case of follow-up questions. We will not share this data without your consent.
The processing of the data entered into the contact form is based exclusively on your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time. An informal message to us by email is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The data entered by you in the contact form will remain with us until you request us to delete it, revoke your consent for storage, or the purpose for data storage no longer applies (e.g., after processing your inquiry is completed). Mandatory legal provisions - especially retention periods - remain unaffected.
Inquiries via Email, Phone, or Fax
If you contact us by email, phone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We will not share this data without your consent.
The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested.
The data sent to us via contact inquiries will remain with us until you request us to delete it, revoke your consent for storage, or the purpose for data storage no longer applies (e.g., after completing your request). Mandatory legal provisions - especially legal retention periods - remain unaffected.
Registration on this Website
You can register on this website to use additional features on the site. We use the data entered for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.
For important changes, such as changes to the scope of the offer or technically necessary changes, we use the email address provided during registration to inform you in this way.
The processing of the data entered during registration is based on the performance of the contract or the initiation of further contracts (Art. 6(1)(b) GDPR). The data collected during registration will be stored by us as long as you are registered on this website and will be deleted afterwards. Legal retention periods remain unaffected.
5. SOCIAL MEDIA Facebook Plugins (Like and Share Buttons)
On our pages, plugins of the social network Facebook, provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated. You can recognize the Facebook plugins by the Facebook logo or the "Like" button ("Gefällt mir") on our page. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/
When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account. We would like to point out that as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to Facebook's privacy policy at: https://www.facebook.com/policy.php
If you do not wish Facebook to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.
Twitter Plugin
This website incorporates functions of the Twitter service. These functions are offered by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transmitted to Twitter in the process. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by Twitter. For more information, please refer to Twitter's privacy policy at: https://twitter.com/de/privacy.
The use of the Twitter plugin is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a comprehensive presence on social media. If consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
You can change your Twitter privacy settings in your account settings at: https://twitter.com/account/settings.
Instagram Plugin
This website incorporates functions of the Instagram service. These functions are provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to our pages with your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by Instagram.
The storage and analysis of data are based on Art. 6(1)(f) GDPR. We have a legitimate interest in a comprehensive presence on social media. If consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, to the extent that the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) in the sense of the TTDSG. The consent can be revoked at any time.
To the extent that personal data is collected on our website and forwarded to Facebook or Instagram using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited to the collection of data and its transfer to Facebook or Instagram. The processing by Facebook or Instagram after the transfer is not part of the joint responsibility. The obligations jointly incumbent on us have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for the privacy-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook or Instagram products. You can assert your rights as a data subject (e.g., information requests) in relation to the data processed by Facebook or Instagram directly with Facebook. If you assert your rights as a data subject with us, we are obliged to forward them to Facebook.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum https://help.instagram.com/519522125107875 https://de-de.facebook.com/help/566994660333381
Further information on this can be found in Instagram's privacy policy.
Pinterest Plugin
On this website, we use social plugins of the Pinterest social network, operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
When you access a page that contains such a plugin, your browser establishes a direct connection to Pinterest's servers. The plugin transmits log data to Pinterest's server in the USA. This log data may contain your IP address, the addresses of the websites visited, which also contain Pinterest functions, the type and settings of the browser, date and time of the request, your use of Pinterest, and cookies.
The storage and analysis of data are based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a comprehensive presence on social media. If consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; consent can be revoked at any time.
For more information on the purpose, scope, and further processing and use of data by Pinterest, as well as your related rights and options to protect your privacy, please refer to Pinterest's privacy policy.
7. ANALYSIS TOOLS AND ADVERTISING
Google Analytics
This website uses features of the Google Analytics web analytics service. The provider is Google Ireland Ltd, Gordon House Barrow Street, Dublin 4, Ireland.
Google Analytics enables us to analyze the behavior of website visitors. We receive various usage data, such as page views, dwell time, operating systems used, and the user's origin. This data is aggregated into a user ID and assigned to the respective device of the website visitor.
Furthermore, with Google Analytics, we can record mouse and scroll movements and clicks. Google Analytics also uses various modeling approaches to supplement the collected data and employs machine learning technologies in data analysis.
Google Analytics uses technologies that allow the recognition of the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to and stored on a Google server in the United States.
The use of this analysis tool is based on Art. 6(1)(f) GDPR. We have a legitimate interest in analyzing user behavior to optimize our web offering. If consent has been obtained, the processing is based on Art. 6(1)(a) GDPR and § 25(1) TTDSG, to the extent that the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of TTDSG. The consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
IP Anonymization
We have activated the IP anonymization function on this website. As a result, your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide further services related to website usage and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
Browser Plugin
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link.
For more information on how Google Analytics handles user data, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.
Data Processing Agreement
We have concluded a data processing agreement with Google and fully implement the strict requirements of German data protection authorities when using Google Analytics.
Retention Period
Data stored by Google at the user and event level linked to cookies, user IDs (e.g., User ID), or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) will be anonymized or deleted after 14 months. Details can be found here.
Objection to Data Collection
You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set to prevent the collection of your data on future visits to this website: Disable Google Analytics.
For more information on how Google Analytics handles user data, please refer to Google's privacy policy.
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads allows us to display ads in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted ads can be displayed based on user data available at Google (e.g., location data and interests). As website operators, we can quantitatively evaluate this data by analyzing, for example, which search terms led to the display of our ads and how many ads resulted in corresponding clicks.
The use of Google Ads is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the most effective marketing of its products and services.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here.
Further information and the privacy policy can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=en.
Audience Building with Customer Matching
For audience building, we use, among other things, Google Remarketing's customer matching. In this process, we provide certain customer data (e.g., email addresses) from our customer lists to Google. If the relevant customers are Google users and logged into their Google accounts, they will be shown relevant advertising messages within the Google network (e.g., on YouTube, Gmail, or in the search engine).
Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
With Google Conversion Tracking, Google and we can determine whether the user has performed certain actions. For example, we can evaluate which buttons on our website are clicked frequently and which products are viewed or purchased most often. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information that personally identifies the user. Google itself uses cookies or similar recognition technologies for identification.
The use of Google Conversion Tracking is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its web offering and advertising. If consent has been obtained (e.g., consent to store cookies), the processing is based exclusively on Art. 6(1)(a) GDPR; the consent can be revoked at any time.
More information about Google Conversion Tracking can be found in Google's privacy policy: https://policies.google.com/privacy?hl=en.
Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It only serves to manage and play out the tools integrated through it. However, Google Tag Manager records your IP address, which can also be transmitted to Google's parent company in the United States. The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a quick and uncomplicated integration and management of various tools on its website. If consent has been obtained, the processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TTDSG, to the extent that the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of TTDSG. The consent can be revoked at any time.
Facebook Pixel
This website uses the visitor action pixel from Facebook for conversion measurement. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries.
This allows the behavior of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This enables the effectiveness of Facebook ads to be evaluated for statistical and market research purposes, and future advertising measures to be optimized.
The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, allowing a connection to the respective user profile and Facebook to use the data for its own advertising purposes, in accordance with Facebook's data usage policy. As a result, Facebook can enable the display of ads on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.
The use of Facebook Pixel is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If consent has been obtained (e.g., consent to store cookies), the processing is based exclusively on Art. 6(1)(a) GDPR; the consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here and here.
Further information on data protection at Facebook can be found in Facebook's privacy policy.
You can also disable the "Custom Audiences" remarketing function in the ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen, provided you are logged into Facebook.
If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance.
8. eCommerce and Payment Providers Processing of Data (Customer and Contract Data)
We collect, process, and use personal data only to the extent necessary for the establishment, content design, or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. We only collect, process, and use personal data on the use of this website (usage data) to the extent necessary to enable the user to use the service or to settle charges.
The collected customer data will be deleted after the completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Data Transmission during Contractual Processing for Online Shops, Merchants, and Product Shipping
We only transmit personal data to third parties if it is necessary for the processing of the contract, such as to companies entrusted with the delivery of goods or the financial institution handling the payment process. Further transmission of data does not occur unless you have expressly consented to the transmission. Your data will not be disclosed to third parties without explicit consent, for example, for advertising purposes.
The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures.
Data Transmission during Contractual Processing for Services and Digital Content
We only transmit personal data to third parties if it is necessary for the processing of the contract, such as to the financial institution handling the payment process.
Further transmission of data does not occur unless you have expressly consented to the transmission. Your data will not be disclosed to third parties without explicit consent, for example, for advertising purposes.
The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures.
Payment Services
We integrate third-party payment services on our website. When you make a purchase with us, your payment data (e.g., name, payment amount, account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. These transactions are subject to the respective contractual and data protection provisions of the respective providers. The use of payment service providers is based on Art. 6 para. 1 lit. b GDPR (contract processing) and in the interest of a smooth, convenient, and secure payment process (Art. 6 para. 1 lit. f GDPR). If your consent is required for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consents can be revoked at any time for the future. The following payment services/payment service providers are used on this website:
1. PayPalThe provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal").
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
Details regarding PayPal's privacy policy can be found here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
2. Shopify Payments
The provider of this payment service is Shopify Payments, 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, the payment processing is carried out by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we provide your information disclosed during the ordering process, along with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. Your data is only passed on to Stripe Payments Europe Ltd. for the purpose of payment processing and only to the extent necessary for this purpose. Details on the privacy policy of Shopify Payments can be found here: https://www.shopify.com/legal/privacy. Data protection information regarding Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy.
9. Audio and Video Conferences Data Processing
For communication with our customers, we use various online conferencing tools. The tools we use are listed below. When you communicate with us via video or audio conference over the internet, your personal data will be collected and processed by us and the provider of the respective conferencing tool.
The conferencing tools collect all data that you provide/use to use the tools (email address and/or phone number). Furthermore, the conferencing tools process the duration of the conference, start and end (time) of participation in the conference, number of participants, and other "contextual information" related to the communication process (metadata).
Additionally, the tool provider processes all technical data necessary for online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker type, and the type of connection.
If content is exchanged, uploaded, or otherwise provided within the tools, it is also stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during the use of the service.
Please note that we do not have complete control over the data processing operations of the tools used. Our capabilities depend significantly on the corporate policies of the respective providers. For further information on data processing by the conferencing tools, refer to the privacy policies of the tools listed below this text.
Purpose and Legal Basis
The conferencing tools are used to communicate with prospective or existing contractual partners or to offer specific services to our customers (Art. 6(1) lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6(1) lit. f GDPR). If consent has been obtained, the use of the respective tools is based on this consent; the consent can be revoked at any time with future effect.
Storage Duration
We have no influence on the storage duration of your data, which is stored by the operators of the conferencing tools for their own purposes. For details, please inquire directly with the operators of the conferencing tools.
Conferencing Tool Used: Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Details about data processing can be found in Microsoft Teams' privacy statement: https://privacy.microsoft.com/en-us/privacystatement.
Conclusion of a Contract for Data Processing
We have concluded a contract for data processing with the provider of Microsoft Teams and fully comply with the strict requirements of German data protection authorities when using Microsoft Teams.
10. Own Services Handling of Applicant Data
We provide you with the opportunity to apply with us through the online application form. The following information informs you about the scope, purpose, and use of your personal data collected during the application process. We assure you that the collection, processing, and use of your data are in accordance with applicable data protection laws and all other legal regulations, and your data will be treated strictly confidentially.
Scope and Purpose of Data Collection
When you submit an application to us, we process your associated personal data (e.g., contact and communication data, application documents, notes from job interviews, etc.) to the extent necessary for deciding on the establishment of an employment relationship. The legal basis for this is § 26 BDSG-new according to German law (initiation of an employment relationship), Article 6(1)(b) GDPR (general contract initiation), and – if you have given consent – Article 6(1)(a) GDPR. The consent is revocable at any time. Your personal data will only be disclosed within our company to individuals involved in processing your application.
If the application is successful, the data you provided will be stored in our data processing systems based on § 26 BDSG-new and Article 6(1)(b) GDPR for the purpose of implementing the employment relationship.
Data Retention Period
If we cannot offer you a job, you reject a job offer, or withdraw your application, we reserve the right to retain the data you provided based on our legitimate interests (Article 6(1)(f) GDPR) for up to 6 months after the conclusion of the application process (rejection or withdrawal of the application). Afterward, the data will be deleted, and physical application documents will be destroyed. The retention serves primarily for evidential purposes in the event of a legal dispute. If it becomes apparent that the data will be needed after the 6-month period (e.g., due to a pending or threatened legal dispute), deletion will only occur when the purpose for further retention ceases to exist.
Extended retention may also occur if you have given corresponding consent (Article 6(1)(a) GDPR) or if legal retention obligations prevent deletion.
Inclusion in the Applicant Pool
If we cannot offer you a job, there may be an option to include you in our applicant pool. In the case of inclusion, all documents and information from the application will be transferred to the applicant pool to contact you in the event of suitable vacancies.
Inclusion in the applicant pool is solely based on your explicit consent (Article 6(1)(a) GDPR). The consent is voluntary and unrelated to the ongoing application process. The data subject can revoke their consent at any time. In this case, the data from the applicant pool will be irrevocably deleted unless there are legal retention reasons.
Data from the applicant pool will be permanently deleted no later than one year after the consent is given. You can revoke your consent for the use of your personal data at any time with future effect. An email to recruiting@oettinger-bier.de is sufficient for revocation. Revocation results in the termination of the application process. You are responsible for the accuracy of the data you enter.
