General Information
Protecting your personal data is important for us. This data privacy statement provides information for you as a user of our website regarding the scope, nature and purpose of the collection and use of your personal data as you use our website. The basis of this is the applicable legal provisions for data protection.
Responsible Authority and Data Protection Officer
The responsible authority for processing your personal data is Privatbrauerei Eichbaum GmbH & Co. KG, Käfertaler Strasse 170 in 68167 Mannheim, Germany. You can reach us by phone at +(49) 621 – 33 70 - 0 or via e-mail at info@eichbaum.de.
You can also contact our Data Protection Officer at any time for all questions related to data protection and privacy. Our Data Protection Officer can be reached at the address above by adding "Data Protection Officer" to the address or via e-mail to: datenschutz@eichbaum.de.
What Is Personal Data?
Personal data includes all information and details in any form that can be used to establish a link to a natural person. This includes for example the name, address and phone number, e-mail address, IP addresses or details regarding a person's professional career.
External Hosting
This website is hosted by an external service provider (hoster). Personal data that is collected on this website is stored on the hoster's servers. This includes mainly IP addresses, contact requests, metadata and communication data, contract data, contact data, names, website access data and other data that is generated by a website.
The purpose of using the hoster is to fulfil contracts with our potential and existing customers (art. 6 para. 1 let. b of the General Data Protection Regulation (GDPR)) and in the interest of providing online offers quickly, securely and efficiently by a professional provider (art. 6 para. 1 let. f GDPR). If corresponding consent was requested and obtained, the processing is carried out exclusively on the basis of art. 6 para. 1 let. a of GDPR and § 25 para. 1 of the German Telecommunications Telemedia Data Protection Regulations, provided the consent includes saving cookies or accessing information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDPR. Consent may be revoked at any time.
Our hoster will only process your data to the extent required to fulfil its service obligations and will follow our instructions regarding this data.
Data Collected while Visiting Our Website
Data collection of server log files on these web pages is carried out on the basis of art. 6 para. 1 let. f of GDPR to safeguard our legitimate interests (e.g. secure operation of the web pages). When you use our website, the following data items (server log files) are logged during your visit: IP address, name of the calling website, date and time, browser type and version, operating system, host name of the accessing computer and the previously visited internet page (referrer). These data items are used without reference to any person and only to create web statistics. They are not merged with other data sources.
General information on the legal basis for the data processing on this website
If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9 (2)(a) GDPR, if special categories of data are processed according to Art. 9 (1) DSGVO. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49 (1)(a) GDPR. If you have consented to the storage of cookies or to the access to information in your end device (e.g., via device fingerprinting), the data processing is additionally based on § 25 (1) TTDSG. The consent can be revoked at any time. If your data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, if your data is required for the fulfilment of a legal obligation, we process it on the basis of Art. 6(1)(c) GDPR. Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Art. 6(1)(f) GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.
Recipients of personal data
In the scope of our business activities, we cooperate with various external parties. In some cases, this also requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is required as part of the fulfilment of a contract, if we are legally obligated to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Art. 6 (1)(f) GDPR, or if another legal basis permits the disclosure of this data. When using processors, we only disclose personal data of our customers on the basis of a valid contract on data processing. In the case of joint processing, a joint processing agreement is concluded.
Request via E-Mail, Phone or Fax
If you contact us via e-mail, phone or fax, your request including all personal data derived from it will be saved by us and processed for the purpose of responding to your request. We will not forward this data without your consent.
This data will be processed on the basis of art. 6 para. 1 let. b GDPR if your request is associated with the fulfilment of a contract or if required to implement pre-contractual measures. In all other cases, processing of the data is based on our legitimate interests in effective processing of requests directed to us (art. 6 para. 1 let. f GDPR) or on your consent (art. 6 para. 1 let. a GDPR), provided we have requested and obtained such consent. Consent may be revoked at any time.
The data sent by you via contact request will be retained by us until you request for it to be deleted, revoke your consent for data storage, or the purpose for the data being stored is no longer applicable (for example after processing of your request is completed). Mandatory legal provisions – in particular retention periods – remain unaffected.
Consent with PrivacyWire
Our website uses PrivacyWire consent technology to obtain your consent to store certain cookies on your device or for the use of certain technologies and to document this consent in a manner compliant with data protection regulations.
PrivacyWire is hosted on our servers, so no connection to the servers of the provider of PrivacyWire is established. PrivacyWire stores a cookie in your browser in order to be able to allocate the consents granted to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the PrivacyWire cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
PrivacyWire serves to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR.
Use of Cookies
Our internet pages use "Cookies". Cookies are small text files. They do not do any damage to your terminal device. They are stored on your terminal device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are deleted automatically after the end of your visit. Permanent cookies remain saved on your terminal device until you delete them yourself or they are deleted automatically by your web browser.
Cookies may originate from us (first-party cookies) or from third party companies (called third-party cookies). Third-party cookies make it possible to incorporate certain services from third-party service providers within websites (cookies for processing payment services, etc.).
Cookies have different functions. Numerous cookies are necessary for technical reasons, because certain website functions (such as contrast settings or display of videos) would not work without them . Other cookies can be used to evaluate user behaviour or for advertising purposes.
Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions you may want (functional cookies such as contrast settings), or to optimise the website (cookies for measuring the web public, etc.) are saved on the basis of art. 6 para. 1 let. f GDPR, provided no other legal basis is specified.
As a website operator, we have a legitimate interest in saving cookies for reasons related to providing our services in an optimised manner free of errors. If consent for saving cookies has been requested and obtained, the relevant cookies are then saved exclusively on the basis of this consent (art. 6 para. 1 let. a GDPR and § 25 para. 1 TTDPR). Consent may be revoked at any time.
You can set your browser so that you are informed when cookies are set and only allow cookies on a case-by-case basis, to exclude accepting cookies for specific cases or in general, and to automatically delete cookies when the browser is closed. If cookies are deactivated, the functionality of a website may be restricted.
If cookies of third-party companies or for analysis purposes are used, we will inform you about this specifically as part of this data privacy statement and ask for your consent if applicable.
Information on Cookies used
YouTube with expanded data protection integration
This website integrates videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of these websites on which YouTube is integrated, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
We use YouTube in extended data protection mode. According to YouTube, videos that are played in extended data protection mode are not used to personalize browsing on YouTube. Ads that are played in extended data protection mode are also not personalized. No cookies are set in extended data protection mode. Instead, so-called local storage elements are stored in the user's browser, which contain personal data similar to cookies and can be used for recognition. Details on the extended data protection mode can be found here: https://support.google.com/youtube/answer/171780.After activating a YouTube video, further data processing operations may be triggered over which we have no influence.
The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6(1)(f) GDPR, this is a legitimate interest. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under: https://policies.google.com/privacy?hl=en.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant- detail?contact=true&id=a2zt000000001L5AAI&status=Active.
Information, Correction and Deletion of Data
You have the right to obtain information about all of your data saved by us at any time. This right includes the right to have incorrect data corrected or deleted. You also have the right in certain circumstances to demand the restriction of processing of your personal data.
Please direct all requests for information, corrections or deletions, indicating your full name and postal or e-mail address, to our Data Protection Officer: Privatbrauerei Eichbaum GmbH & Co. KG, Datenschutzbeauftragte, Käfertaler Strasse 170 in 68167 Mannheim, Germany or datenschutz@eichbaum.de.
Right of Appeal
In accordance with art. 77, para. 1 GDPR, you have the opportunity to refer matters to a regulatory authority. The right of appeal in accordance with art. 77 GDPR is available to you in the EU member state where you reside, of your workplace and/or of the location where the alleged violation occurred. This means you can choose the regulatory authority you contact from the above list of locations. The regulatory authority to which you submitted your appeal will then instruct you regarding the status and results of your submission, including the possibility of a judicial remedy in accordance with art. 78 GDPR.
The data protection regulatory authority responsible for us is the state representative for data protection and freedom of information of Baden-Württemberg, Postfach 10 29 32, 70025 Stuttgart, Germany.
Storage Duration
If no special storage duration was named in this Data Privacy Statement, your personal data will be retained by us until the purpose for the data processing is no longer applicable. If you assert your right to request deletion of data or revoke your consent, your data will be deleted, provided we have no other legally permissible reasons to save your personal data (such as retention periods under tax or commercial law); in this latter case the data will be deleted after these reasons are no longer applicable.
Revocation of Your Consent to Data Processing
Many data processing processes are only possible with your explicit consent. You can revoke consent that has already been given at any time. The legality of the data processing that was carried out up until the revocation remains unaffected.
Right to Appeal in Accordance with Art. 21 GDPR
If the data processing is carried out on the basis of art. 6 para. 1 let. f GDPR, you have the right for reasons related to your particular situation to submit an objection against processing of your personal data at any time. This also applies to profiling based on these provisions. If you file an appeal, we will discontinue processing your personal data unless we can demonstrate compelling and legitimate reasons for processing it that outweigh your interests, rights and freedoms or processing the data serves to assert, exercise or defend legal claims (objection pursuant to art. 21 para. 1 GDPR).
If your personal data is processed to operate direct advertising, you have the right to submit an appeal against the processing of personal data related to you for the purpose of such advertising. The same applies to profiling, provided it is associated with such direct advertising. If you object, your personal data will then no longer be used for the purpose of direct advertising (objection pursuant to art. 21 para. 2 GDPR).
SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content such as orders or requests that you send to us as a website operator, our website uses SSL or TLS encryption. You can recognise an encrypted connection from the fact that the address line of the browser changes from "http://" to "https://" and by the lock icon in your browser line.
If SSL or TLS encryption is activated, the data that you transmit to us cannot be intercepted by third parties.
We draw your attention to the fact that data transmission on the internet (for example communication via e-mail) may have security gaps. Seamless protection of data against access by third parties is not possible.
Our social media appearances
This privacy policy applies to the following social media presence:
Data processing through social networks
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, X etc. can generally analyse your user behaviour comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.
Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.
Legal basis
Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).
Responsibility and assertion of rights
If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g., Facebook).
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
Storage time
The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.
We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g., in their privacy policy, see below).
Your rights
You have the right to receive information about the origin, recipient and purpose of your stored personal data at any time and free of charge. You also have the right to object, the right to data portability and the right to file a complaint with the responsible regulatory agency. Furthermore, you can request the correction, blocking, deletion and, under certain circumstances, the restriction of the processing of your personal data.
Individual social networks: Facebook
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter Meta). According to Meta’s statement the collected data will also be transferred to the USA and to other third-party countries.
We have signed an agreement with Meta on shared responsibility for the processing of data (Controller Addendum). This agreement determines which data processing operations we or Meta are responsible for when you visit our Facebook Fanpage. This agreement can be viewed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can customize your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381. Details can be found in the Facebook privacy policy: https://www.facebook.com/about/privacy/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant- detail?contact=true&id=a2zt0000000GnywAAC&status=Active.
Individual social networks: Instagram
We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/ and https://de-de.facebook.com/help/566994660333381.
For details on how they handle your personal information, see the Instagram Privacy Policy: https://privacycenter.instagram.com/policy/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant- detail?contact=true&id=a2zt0000000GnywAAC&status=Active.
Individual social networks: YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in the YouTube privacy policy: https://policies.google.com/privacy?hl=en.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant- detail?contact=true&id=a2zt000000001L5AAI&status=Active.