You can in principle
use our websites www.private-brauereien.de , www.european-beer-star.de
(hereinafter “the Websites”) without
providing any personal data. If any of your personal data is processed, you are
the “data subject” within the meaning of the General Data Protection Regulation (= GDPR). If a user
or a data subject wishes to use the services of our Association via our Websites
and / or would like to visit the members' area, the processing of personal data
may become necessary. If the processing of personal data is necessary and if there
is no legal basis for such processing, then we obtain the consent of the data
subject. The processing of personal data (for example, name, address, e-mail
address of an affected person) is always in accordance with the GDPR and in
accordance with the country-specific data protection regulations that apply to
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations and the following explanations and information is:
Private Brauereien Bayern e. V.
80539 Munich (Germany)
General Manager Stefan Stang
09 56 0
In principle, we process personal data of our users only to the extent necessary to provide functioning Websites and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent is not possible for reasons of fact and the processing of the data is permitted by law.
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 (1) lit. a GDPR is the legal basis.
In the processing of personal data necessary for the performance of a contract of which the data subject is a party, Art. 6 (1) lit. b GDPR is the legal basis. This also applies to processing operations required to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation that our association is subject to, Art. 6 (1) lit. c GDPR is the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d GDPR is the legal basis.
If processing is necessary to safeguard the legitimate interests of our association or a third party, and if the interest, fundamental rights and fundamental freedoms of the data subject do not outweigh the former interest, Art. 6 (1) lit. f GDPR is the legal basis for processing.
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is deleted. In addition, it may be stored if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. A blocking or deletion of the data takes place even if a storage period prescribed by the mentioned standards expires, unless there is a need for further storage of the data for a conclusion of contract or a fulfilment of the contract.
You can basically use our Websites without disclosing your identity. However, every time our Websites are accessed, our system automatically collects data and information from the computer system of the calling computer. The following data are usually collected without their intervention:
The data is stored in the log files of our system. Not concerned by this are the IP addresses of the user or other data that allow the assignment of the data to a user. A storage of this data together with other personal data of the user does not take place.
The legal basis for the temporary storage of data and log files is Art. 6 (1) lit. f GDPR.
The temporary storage of the IP address by the system is necessary to allow delivery of the Websites to the computer of the user. To do this, the user's IP address must be kept for the duration of the session.
Storage in log files is done to ensure the functionality of the Websites. In addition, the data is used to optimize the Websites and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
In the stated purposes, our legitimate interest in the processing of data according to Art. 6 (1) lit. f GDPR. In no case will we use the data collected for the purpose of drawing conclusions about the data subject.
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of collecting the data for providing the Websites, this is the case when the respective session is completed.
In the case of storing the data in log files, this is the case after seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
The collection of the data for the provision of the Websites and the storage of the data in log files is essential for the operation of the Websites. There is consequently no option of contradiction on the part of the user.
In the case of a login in the password-protected area only temporarily valid session cookies are used in the main memory of the browser, which are lost again after closing the browser. These session cookies do not contain an IP address, so tracing or identifying the visitors via these temporary session cookies is not possible.
To register in the password-protected area we need your name, first name and your e-mail address. The user data is stored on the web server. Access to the data is exclusively encrypted via https. After registration, you will be asked to confirm the registration by e-mail to the specified e-mail address. You can then go to the password-protected area for further information retrieve.
The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f GDPR.
The setting of the cookie is necessary so that we can ensure that only authorized persons have access to the password-protected area, without us knowing which persons are accessing exactly. We need your data in order to check whether you are entitled to access the protected area, in particular, this area is intended only for commercial customers, especially for existing customers but also for interested parties.
For these purposes, our legitimate interest in the processing of personal data pursuant to Art. 6 (1) lit. f GDPR.
Your data provided at registration will be deleted once the purpose has been achieved. This is the case if we assume that you no longer want to access a protected area.
Access to the protected area can be terminated by the data subject at any time. Please contact us for this under the contact details given in the imprint or under Section I. This also allows a withdrawal of the consent of the storage of the personal data collected during the registration process.
aa) On our Websites you can, if applicable, subscribe to a free newsletter. When you sign up for the newsletter, the data from the input mask are sent to us, namely
In addition, the following data is collected at the time of registration, namely:
bb) If you purchase goods or services via our Websites and deposit your e-mail address here, this can subsequently be used by us for sending a newsletter. In such a case, the newsletter will only send direct mail for own similar goods or services.
cc) In connection with the processing of data for the sending of newsletters, there is no disclosure of the data to third parties. These data are used exclusively for sending the newsletter.
aa) Legal basis for the processing of the data after the user has registered for the newsletter is the consent of the user pursuant to Art. 6 (1) lit. a GDPR.
bb) The legal basis for sending the newsletter as a result of the sale of goods or services is § 7 (3) UWG (= Law against unfair competition).
The collection of the user's e-mail address serves to deliver the newsletter. The collection of other personal data as part of the registration process is intended to prevent misuse of the services or the e-mail address used.
aa) The data will be deleted as soon as they are no longer necessary for the purpose of their collection. The user's e-mail address will be saved as long as the subscription to the newsletter is active.
bb) If the newsletter is sent on the Websites due to the user's registration, the following also applies: The other personal data collected during the registration process are usually deleted after a period of seven days.
aa) Subscription to the newsletter may be terminated at any time by the user concerned. For this purpose, there is a corresponding link in each newsletter about the termination or deactivation.
bb) If the newsletter is sent on the basis of the user's registration on the Websites or on the basis of the use of a contact form, a revocation of the consent of the storage of the personal data collected during the registration process is also made possible.
On our Websites, we offer users, if applicable, the option of registering for a business partner area. Your data will in such a case be entered in a form on the Websites and sent to us online and then stored. Disclosure of the data to third parties will only take place exceptionally (see Sections IX and X).
The following data may be collected in individual cases during the registration process:
At the time of registration, the following data is also stored:
As part of the registration process, the consent of the user to process the data is obtained.
aa) Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 (1) lit. a GDPR.
bb) If the registration serves to fulfil a contract of which the user is a party or if it serves the purpose of implementing pre-contractual measures, an additional legal basis for the processing of the data is Art. 6 (1) lit. b GDPR.
aa) A registration of the user's data may be required for the provision of certain content and services on our Websites, for example in order to identify the user during subsequent visits to the Websites and to submit personalized offers to him.
bb) The registration may also be required to fulfil a contract with the user or to carry out pre-contractual measures. The collection of these data is then carried out in particular
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection.
If the registration does not conclude a contract with the user, then this is the case for the data collected during the registration process, if the registration on our Websites is cancelled or changed.
If the registration serves to conclude a contract with the user, then this is the case for the data collected during the registration process for the execution of a contract or for the performance of pre-contractual measures, when the data is no longer necessary for the execution of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contracting party in order to be able to fulfil contractual or legal obligations. Continuing obligations require the storage of personal data during the contract period. For purchase contracts, warranty periods must be observed. In addition, the storage of data also serves for tax purposes. The retention periods to be adhered to here can not be determined on a flat-rate basis, but must be determined on a case-by-case basis for the respective contracts and contractual parties.
As a user, you have the option of cancelling the registration on our Websites at any time. The personal data stored about you can be changed at any time. Follow the instructions on the Websites during the deletion process.
If the registration is used to conclude a contract with the user and if the data is required to fulfil a contract or to carry out pre-contractual measures, the data can only be deleted prematurely, provided that there are no contractual or legal obligations to cancel the deletion.
An email address will be provided on our Websites and possibly a contact form is available. Both can be used for electronic contact.
If a user realizes this possibility, the data entered in the input form of the contact form will be transmitted to us and saved. These data are:
At the time of sending the message, the following data is also stored:
If the user contacts us via the provided e-mail address, the user's personal data transmitted by e-mail will be stored.
There is no disclosure of data to third parties in this context. The data is used exclusively for processing the conversation.
Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 (1) lit. a GDPR.
The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e-mail, this also includes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the facts are finally clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days.
The user has the opportunity to withdraw his consent to the processing of personal data at any time.
If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation can not continue.
In the event of a revocation or an objection, follow the instructions on the Websites.
A transfer of your personal data from us to third parties is made to Payment Services commissioned in the context of the contract with the payment matter. In this case, the disclosure of your personal data is limited to the required minimum. The legal basis for the transfer is Art. 6 (1) sentence 1 lit. b GDPR.
If you choose a payment via PayPal, credit card, EC card, Sofortüberweisung (instant transfer) etc., we will pass on your payment data as part of the payment process to the payment service.
A transfer of your personal data to a payment service for a purpose other than the fulfilment of their liabilities does not take place.
Except in the cases mentioned above (registration for a member area, registration for a newsletter, etc.), we pass on your personal data to third parties only if:
A transfer of personal data to third countries outside the EU for the purpose of order processing (Art. 28 GDPR) takes place exclusively on the basis of suitable guarantees.
We use social plugins (plugins) from various social networks. These plugins are recognizable by the respective logos.
If any of your personal data is processed, you are the “data subject” within the meaning of the GDPR and you have the rights described above and below towards the controller.
The data subject can exercise his rights via the contact details according to Section I.
You shall have the right to obtain from the controller (see section I) confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.
You shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
You shall have the right to obtain from the controller restriction of processing where one of the following applies:
Where processing has been restricted under Art. 18 (1) GDPR, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.
You shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure does not exist if the processing is necessary
If you have the right of rectification, erasure or restriction of the processing to the controller, he / she is obliged to notify all recipients to whom the personal data concerning you have been corrected or deleted or processing restricted, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients.
You shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
In exercising your right to data portability pursuant to Art. 20 (1) GDPR, you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
The right referred to in Art. 20 (1) GDPR shall not adversely affect the rights and freedoms of others.
You shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Art. 6 (1) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise his or her right to object by automated means using technical specifications.
You shall have the right to withdraw your consent to data processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
The Decisions referred to shall not be based on special categories of personal data referred to in Art. 9(1) GDPR, unless point (a) or (g) of Art. 9(2) GDPR applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3) the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.