Privacy

1. General information and principles of data processing

We are pleased that you are visiting our website. The protection of your privacy and the protection of your personal data, the so-called personal data, is an important concern to us.

In accordance with Article 4(1) General Data Protection Regulation (GDPR) personal data means any information relating to an identified or identifiable natural person. This includes, for example, information such as first and last name, address, telephone number, email address, but also an IP address.

Data that cannot be linked to your person, for example through anonymization, is not personal data. Processing of personal data (e.g. collection, readout, retrieval, use, transmission, deletion or destruction) pursuant to Article 4(2) GDPR always requires a legal basis or a consent. Processed personal data must be deleted as soon as the purpose of their processing has been achieved, and there are no longer any legally prescribed retention obligations.

Here you will find information on the handling of your personal data upon visiting our website. In order to provide the functions and services of our website, it is necessary for us to collect your personal data.

In the following, we explain the type and scope, purpose, legal basis and storage period of the respective data processing.

This data protection policy only applies to this particular website. It does not apply for other websites which are merely referenced via hyperlink. We cannot assume responsibility for the confidential handling of your personal data on these third-party websites, since we do not have any influence in the data protection compliance by these companies. Please inform yourself on the handling of personal data by these companies directly on their websites.

2. Controller

Responsible for the processing of personal data on this website (see imprint) is:

Bayerische Staatsbrauerei Weihenstephan
Alte Akademie 2
85354 Freising
Tel.: 08161 / 536-0
Fax: 08161 / 536-200
E-Mail: info@weihenstephaner.de

Vertreten durch den Direktor: Prof. Dr. Josef Schrädler

3. Data Protection Officer

If you have any further questions regarding data protection, please feel free to contact our data protection officer:

Robert Faußner, M.A.
Protection Officer
c/o HEUSSEN Rechtsanwaltsgesellschaft mbH
Brienner Straße 9 / Amiraplatz
80333 Munich
Germany
Tel: +49 89 290 97 0
Fax: +49 89 290 97 200
E-Mail: robert.faussner@heussen-law.de

4. Provision and use of the website / server log files

a) Type and extent of data processing

When you access our website (i.e. when you merely view it without registering and without otherwise providing us with information), we process the following personal data, which your browser automatically transmits to our server:

Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (visited page)
Access status/HTTP status code
Amount of transferred data
Web address from which the page or file was accessed or the requested function was initiated (referrer URL)
IP-address
Browser
Language and version of the browser software
Operating system

b) Purpose of data processing

This data described above is technically necessary to enable you to use our website. In addition, the data is technically necessary to ensure the stability of the website and IT security, in particular to protect our IT systems from misuse and to defend against attacks.

c) Legal basis

Legal basis for the processing of the data is Article 6(1)(f) GDPR respectively Section 25(2) TDDDG.

d) Storage period

The aforementioned data will be recorded for the duration of the communication process.
To guarantee IT security, the IP-address will be saved for an additional short period of time of no more than seven calendar days.

e) Right of objection

If your personal data is processed in accordance with Article 6(1)(f) GDPR you have a right of objection in accordance with Article 21 GDPR. However, in the case of the specific data processing operation, we have compelling legitimate grounds for the processing the data that are necessary for the protection of these data, because without the processing of these data we cannot provide and operate our website.

5. Use of cookies (Cookie policy)

We use cookies. Cookies are small files that are placed on your computer and stored by your browser. Some functions of our website cannot be offered without the use of technically necessary cookies, whereas other cookies allow us to perform various analyses. For example, some cookies can recognize the browser you are using when returning to our website and transmit various information to us. We use cookies in order to facilitate and improve the use of our website. For instance, through cookies we can create a more user-friendly and effective web offer for you, for example by retracing your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, this information will be directly collected via your browser. Cookies do not cause any damage to your terminal device. The cookies can neither run programs nor contain viruses. Various types of cookies are used on our website, their type and function are explained in the following.

If cookies or cookie-like technologies are used in the context of data processing on this website, the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of user is based on your consent pursuant to Section 25(1) German Telecommunications Digital Services Data Protection Act (TDDDG) in conjunction with the requirements of consent under data protection law pursuant to Article 4(11), 7 GDPR.

If the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or is strictly necessary in order to provide an digital service explicitly requested by the user, the data processing on this website is carried out on the basis of cookies or cookie-like technologies on the basis of Section 25 (2) TDDDG and a consent is not required.

For the following processing of personal data, the general requirements of the GDPR pursuant to Article 6(1) GDPR must be observed:

if you have given your consent, the legal basis for the subsequent processing of personal data is Article 6 (1)(a) GDPR.
if the processing of personal data is necessary due to our legitimate interest, the legal basis for the subsequent processing of personal data is Article 6 (1)(f) GDPR.

5.1. Temporary cookies/ session cookies

Our website uses so-called temporary cookies or session cookies, which are automatically deleted when you close your browser. Through this type of cookies, it is possible to record your session ID. This allows various requests from your browser to be assigned to a common session and makes it possible to recognize your terminal device during subsequent visits to the website. These session cookies expire at the end of the session.

5.2. Persistent cookies

Our website uses so-called persistent cookies. Persistent cookies are cookies that are stored in your browser over a longer period of time and can transmit information. The respective storage period varies depending on the cookie. Permanent cookies may be deleted independently via your browser settings.

5.3. Categories of cookies

We use the following categories of cookies:

5.3.1. Required cookies

Required cookies ensure functions that are essential to use our website as intended. These absolutely necessary cookies are used, for example, to ensure that registered users remain logged in when accessing various subpages. These are so-called first party cookies are only used by us. The legal basis for the data processing is Section 25(2) TDDDG respectively Article 6(1)(f) GDPR, as we have a legitimate interest in maintaining the functionality of our website. You have a right of objection pursuant to Article 21 GDPR. In the case of technically necessary cookies, however, we have compelling reasons worthy of protection for processing the data, because without processing this data we cannot properly provide our website or the respective functionality of the website.

As soon as the cookies are no longer required for the purposes described, they are deleted.

5.3.2. Statistics cookies

Statistics Cookies collect information about how a website is used in order to improve its attractiveness, content and functionality. For example, the following data is collected:

number of visits to a website or sub-pages
time spent on the website
sequence of visited pages
search terms
country, region, city from which access is made
analysis which areas of our website are of particular interest to you

The legal basis for the processing of this personal data is your consent pursuant to Section 25(1) TDDDG in conjunction with Article 4(11), 7 GDPR respectively Article 6(1)(a) GDPR for the following processing of personal data. As soon as the cookies are no longer required for the purposes described, the storage period ends or you withdraw your consent, these cookies are deleted.

5.3.3. Marketing cookies

Marketing cookies are used to display interest-based advertisements to website visitors. Besides they are also used to limit the frequency of display and measure the effectiveness of advertisement campaigns. The information obtained with third parties such as advertisers. Cookies to improve targeting and advertising are often linked to third party site functionalities.

5.3.4 Cookies by external services/ other cookieless data transmissions to external services

External content of video- or social media platforms are blocked by default. If you consent in using a cookie and / or the disclosure of your data to external services, we will display this external content and transmit your data to these external services.

5.4. Configuration of browser settings

Most web browsers are pre-set to accept cookies automatically. However, you can configure your browser to only accept only certain or reject all cookies. Having said this, we would like to point out that you may then no longer be able to use all of our website’s functions. Additionally, you can use your browser settings to delete cookies already stored in your browser. Furthermore, it is possible to set up your browser in such a way that you are informed before cookies are stored. Since the different browsers may vary in their respective functions, we ask you to use the help menu of your browser for the corresponding configuration options. Disabling the use of cookies may require the storage of a permanent cookie on your computer. If you subsequently delete this cookie, you will have to set it again for it to remain effective.

COOKIE SETTINGS

6. Services with required cookie

We only use required cookies for our consent management platform.

7. Services with statistics cookies

7.1. Google Analytics

a) Type and scope of data processing

On our website we use the tracking tool Google Analytics of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660 („Google“).

We have contracted a so-called data processing agreement with Google.

We have concluded a so-called order processing agreement insofar as Google acts as a processor for us. The data sharing settings to Google has been deactivated, so that consequently there is no joint controllership with Google. Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the site.

The information generated by cookies about your user behaviour on this website is transmitted by Google Ireland Limited to a Google server in the USA. On behalf of the operator of this website, Google will use this information for the purpose of systematically evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. Google Analytics uses AI (artificial intelligence) and machine learning by applying algorithms to evaluate user behaviour. The algorithms automatically measure the usage behaviour of the individual website user on the basis of event data.

The algorithm that analyses these events can also recognise specific usage behaviour on other devices, which enables cross-device behavioural analysis of website users. If you have different separate sessions on different devices, Google Analytics can automatically aggregate the sessions into a single cross-device user experience based on User ID, Google ID, or Device ID and create database models, including cross-device conversions.

We do not receive any personal data from Google, just statistics. If you would like to stop the cross-device analysis, you can deactivate the "personalised advertising" function in the settings of your Google account. To do so, follow the instructions on this page: https://support.google.com/analytics/answer/7532985?hl=de#zippy=%2Cthemen-in-diesem-artikel

If individual pages of our website are called up, the following data is stored:

three bytes of the IP-address of the calling system of the user (anonymized IP-address)
website accessed
website from which the user accessed the page on our website (referrer)
-subpages that are accessed from the accessed page
-date and time of the visit
-time spent on the website
-frequency with which the website is accessed
-scrolling behavior and clicks
-achievement of “website goals” (e.g. newsletter subscriptions)
approximate location
browser and device information
internet service provider

Google informs that the IP addresses in Google Analytics no longer need to be anonymised, as they are neither logged nor stored. Nevertheless, the IP address in Google Analytics is automatically shortened by the service (IP anonymisation). This means that the IP addresses are shortened by the last octet (e.g.: 192.168.79.***; so-called IP masking). It is no longer possible to assign the shortened IP address to the calling computer or end device of the user.

Google Ireland Limited transmits data to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The USA is a so-called third country, because it is located outside the EU. However, the USA has an adequacy decision from the European Commission (EU-U.S. Data Privacy Framework (DPF). The decision concludes that the United States ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to US companies under the new framework. Google LLC has certified itself according to the DPF (see https://www.dataprivacyframework.gov/list).

b) Purpose of data processing

The service of Google Analytics is used to analyse the usage behaviour of our online presence.

c) Legal basis

The legal basis for the use of Google Analytics is your consent pursuant to Article 6(1)(a) GDPR respectively Section 25(1) TDDDG.

d) Storage period

Google Analytics stores cookies in your web browser for a period of two months since your last visit. These cookies contain a randomly generated user ID with which you can be recognised on future website visits. The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user related data is automatically deleted after two months. Other data remains stored in aggregated form indefinitely.

e) Right of withdrawal

The stored data will be deleted as soon as you withdraw your consent by deselecting the selected cookie category "Statistics" under "Cookie settings".

f) Further information

Learn more about the terms of use of Google Analytics: https://marketingplatform.google.com/about/analytics/terms/gb/

Further information on Google Analytics data protection: https://support.google.com/analytics/answer/6004245?hl=en

Further information on Google’s privacy policy can be found here: https://policies.google.com/terms?gl=DE&hl=en

g) Recipients

As part of data processing, data is transferred to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

8. Services with marketing cookies

8.1. Facebook Custom Audience / Facebook-Pixel

a) Type and scope of data processing

We use the "visitor action pixel

" of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") within our Internet presence. The remarketing tag or pixel-code of Facebook was implemented. Facebook and we are jointly responsible for data processing.

The Facebook pixel enables Facebook to determine the visitors of our online offering as a target group for the display of advertising (so-called "Facebook ads"). The tracking of a user can also take place across several websites. We use Facebook pixel in order to display the Facebook advertising placed by us only to those Facebook users who have also shown an interest in our online offering or who exhibit certain features (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "custom audiences").

The Facebook pixel also enables us to track the effectiveness of Facebook ads for statistical and market research purposes ("Audience Insights") by showing us whether users were referred to our website after clicking on a Facebook ad ("Conversion").

The Facebook pixel is a JavaScript code that sends the following data to Facebook:

http header information: including IP address, web browser information, page location, document, web page URL and web browser user agent (computer, smartphone, tablet, other), and date and time of use
pixel-specific data: Pixel ID and Facebook cookie data, including Facebook ID (used to associate events with a specific Facebook advertising account to associate them with a Facebook user).
additional information about the visit and about standard and user-defined data events such as interactions with advertising, services and products and clicked elements

Further information can be found here. We also use the additional function "automatic advanced matching". Data such as first and last name, place of residence, e-mail addresses, telephone numbers or Facebook IDs of the users are transmitted to Facebook in encrypted form for the formation of target groups ("Custom Audiences" or "look alike audiences"). This also includes information from non-Facebook users and from users who are not logged on to Facebook when they visit our website. This can also be used to identify website visitors who have disabled the storage of third-party cookies. If no Facebook cookies are stored in your browser, no classification into one of the user groups referred to as "Custom Audience" will be made. If, however, the Facebook ID contained in the Facebook cookie is assigned to a Facebook user, Facebook assigns this user to a so-called "Custom Audience" according to the rules defined by us.

Meta Platforms Ireland Limited transmits data to Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. We would like to point out that the Court of Justice of the European Union (CJEU) has doubts about the adequacy of the level of data protection in the USA. In particular, there is a risk that personal data may be processed by government authorities for control and monitoring purposes, possibly also without any legal remedy.

b) Purpose of data processing

We use Facebook pixels to display the "Facebook ads" that we have placed with Facebook users who have also shown an interest in our online offering or who have certain features that we transmit to Facebook (so-called "custom audiences").

c) Legal basis

The legal basis for the use of Google Analytics is your consent pursuant to Article 6(1)(a) GDPR respectively Section 25(1) TDDDG.

d) Storage period

The stored data will be deleted as soon as the cookie expires, or you withdraw your consent.

e) Right of withdrawal

The stored data will be deleted as soon as you withdraw your consent by deselecting the selected cookie category "Marketing" under "Cookie settings".

f) Further information

You can find more information about this here and in the Facebook's Data Policy.

For further information, see Google’s privacy policy: https://policies.google.com/privacy?hl=en.

g) Recipients

As part of data processing, data is transferred to Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

9. Services with external media

9.1. Google Maps (plugin)

a) Type and scope of data processing

Google Maps In certain areas of our website, we use functions of Google Maps to integrate map content or map material. This content is provided by Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (‘Google’). Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660 ("Google") is responsible for the provision of the service in Europe.

Your IP address is collected when you access a page with an integrated map from Google Maps. Google Ireland Limited transmits personal data to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The USA is a so-called third country. Personal data can be transferred to the USA in accordance with the law, as there is an adequacy decision for the USA and Google LLC is certified under the EU-U.S. Data Privacy Framework (EU-US DPF): https://www.dataprivacyframework.gov/list

For this reason, the display of the map is initially blocked when you access our website. The transmission of data to third parties is thus blocked until you actively consent to the display of external content by clicking on ‘Please accept the marketing cookies to be able to see the map’.

By doing so, you consent to Google Maps transmitting your IP address, browser information or other personal information to Google, which may also be used to analyse user behaviour for market research and marketing purposes.

b) Purpose of data processing

We use Google Maps to display interactive maps directly on our website and to enable you to use the map function conveniently.

c) Legal basis

The legal basis for the use of Google Analytics is your consent pursuant to Article 6(1)(a) GDPR respectively Section 25(1) TDDDG.

d) Storage period and right of withdrawal

In principle, you have the right to withdraw your consent. However, revocation is not necessary in this case, as your consent is only valid for the duration of your visit to our website. Data processing is terminated when you close or leave the website, meaning that you will need to give your consent again when you visit our website again.

e) Further information

Learn more about the Google Maps Terms of Use: https://policies.google.com/terms?gl=DE&hl=en

Learn more about the Additional Terms of Service of Google Maps: www.google.com/intl/de_US/help/terms_maps.html

For more information see Google’s privacy policy: https://policies.google.com/privacy?hl=en

f) Recipients

As part of data processing, data is transferred to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

9.2. YouTube

a) Type and scope of data processing

We have included YouTube videos in our online offering, which are stored at YouTube.com and can be played directly from our website. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irleand, Tel: +353 1 543 1000, Fax: +353 1 686 5660 ("Google").

We use YouTube with the „enhanced privacy mode feature to display videos to you. Because of the „enhanced privacy mode“ there is no automatic connection to the YouTube server.

The following data, which is explained in more detail, is only transmitted to the YouTube server when you actually start a video. The videos and any data transfer are initially blocked by our consent management platform. As soon as you have given your consent to the data processing by Google via our Consent Management Platform or by consenting to the respective video, the videos will be activated and the data processing and data transfer to Google will take place.

YouTube collects cookies, your IP address, the date and time, and the website you visited. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. In addition, a connection to Google's advertising network “DoubleClick” is established. If you are logged in to YouTube at the same time, YouTube assigns the connection information to your YouTube account. To prevent this, you can either log out of your YouTube user account before visiting our website or make the appropriate settings in your YouTube user account to prevent this.

b) Purpose of data processing

We use YouTube to play videos on our website.

c) Legal basis

The legal basis for the use of Google Analytics is your consent pursuant to Article 6(1)(a) GDPR respectively Section 25(1) TDDDG.

d) Storage period and right of withdrawal

e) Further information

Further information on data processing by Google can be found in Google's privacy policy at https://www.google.com/intl/en/policies/privacy

f) Recipients

As part of data processing, data is transferred to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

9.3. Social Plugin Instagram

a) Type and scope of data processing

We currently use the following social media plug-ins from Instagram. The operator of the service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta).

The content is initially blocked. The transmission of data to Meta is thus blocked until you actively consent to the display of external content by clicking on “Please accept the marketing cookies to be able to see the feed”.
A direct connection to Meta's servers is therefore only established once you have given your consent. By doing so, you consent to Meta transmitting your IP address, browser information or other personal information to Google, which may also be used to analyse user behaviour for market research and marketing purposes.

Insofar as personal data is collected on our website and forwarded to Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing

The respective plug-in provider stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or customising its website. A cookie is set for this purpose. Such an evaluation is carried out in particular (even for users who are not logged in) to display customised advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Meta to exercise this right.

We offer you the opportunity to interact with the social networks and other users via the plug-ins so that we can improve our offering and make it more interesting for you as a user.

Data is passed on regardless of whether you have an account with the plug-in provider or are logged in there. If you are logged in with the plug-in provider, your data collected by us will be directly assigned to your existing account with the plug-in provider. If you do not want Instagram to be able to associate your visit to this website with your Instagram user account, please log out of your Instagram user account.

b) Purpose of data processing

The purpose of the data processing is the displaying content from Instagram directly on the website.

c) Legal basis

The legal basis for the use of Google Analytics is your consent pursuant to Article 6(1)(a) GDPR respectively Section 25(1) TDDDG.

d) Storage period and right of withdrawal

e) Further information

Further information on this can be found in Instagram's privacy policy. With regard to joint controllership in accordance with Art. 26 GDPR, please refer to our Instagram privacy policy.

f) Recipients

As part of data processing, data is transferred to Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

10. Use of Google Fonts

a) Type and scope of data processing

We use external fonts from Google Fonts on this website. Google Fonts is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660 („Google"). The use of Google Fonts takes place through their local integration on our web server, a transmission of personal data (user data) to Google servers does not take place.

b) Purpose of data processing

The purpose of using Google Fonts is the uniform presentation of fonts.

c) Legal basis

The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online services. This represents an overriding legitimate interest on our part within the meaning of Art. 6(1)(f) GDPR.

d) Storage period

The stored data will be deleted as soon as they are no longer required for our purposes.

e) Right of objection

You have the right to object to this processing. However, we have compelling legitimate grounds for processing the data, because without processing this data we cannot display the website fonts properly.

11. Processing for the implementation of pre-contractual measures and for contract fulfilment

a) Type and scope of data processing

In the pre-contractual area and at the conclusion of the contract we collect personal data about you (e.g., first and last name, address, e-mail address, telephone number, bank details.

b) Purpose of data processing

We collect and process this data exclusively for the purpose of contract execution and/or for the fulfilment of pre-contractual obligations.

c) Legal basis

The legal basis for this is Article 6(1)(b) GDPR. The processing of the data serves the fulfilment of a contract or the implementation of pre-contractual measures.

d) Storage period

The data will be deleted as soon as they are no longer required for the purpose of their processing

In addition, statutory retention obligations may exist, such as commercial or tax retention obligations in accordance with the German Commercial Code (HGB) or the German Fiscal Code (AO). If such storage obligations exist, we will block or delete your data at the end of these storage obligations.

12. Categories of recipients of personal data

We only pass on your personal data to third parties if:

a) you have given your explicit consent to do so in accordance with Article 6(1)(a) GDPR.

b) this is legally permissible and, in accordance with Article 6(1)(b) GDPR, is necessary for the fulfilment of a contractual relationship with you or the implementation of pre-contractual measures.

c) there is a legal obligation under Article 6(1)(c) GDPR for the transfer.

We are legally obliged to transfer data to state authorities, e.g. tax authorities, social security carriers, health insurances, supervisory authorities and law enforcement agencies.

d) the disclosure in accordance with Article 6(1)(f) GDPR is necessary to safeguard legitimate corporate interests and to assert, exercise or defend legal claims, and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.

e) we use external service providers (so-called processors) to process personal data in accordance with Article 28(3) GDPR. These processors have been carefully selected by us and are obliged by a data processing agreement to handle personal data in accordance with data protection regulations.

We use such external service providers in the following areas:

IT
Logistics
Telecommunication
Sales and distribution
Marketing

When transferring personal data to so-called third countries, i.e. outside the EU or EEA, we ensure that your personal data is treated with the same care as within the EU or EEA. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of data protection or where we have ensured the careful handling of personal data by contractual agreements or other suitable guarantees.

13. Contact form

a) Type and scope of data processing

On our website, we offer you the opportunity to contact us using a form provided. As part of the process of sending your enquiry via the contact form, reference is made to this privacy policy to obtain your consent.

If you make use of the contact form, the following personal data will be processed by you:

First name
Last name
Email address
Phone number
Message content

b) Purpose of data processing

If you send us a message via our contact form, we store and use your information to the extent that we need it to process your message, e.g. to respond to your inquiry or to fulfill your request for information.

c) Legal basis

If your inquiry serves the preparation of the conclusion of a contract or the conclusion of a contract with us, the legal basis for the processing of your personal data is Article 6(1) (b) GDPR. Otherwise, i.e. when contacting us via our contact form in cases other than those listed above, Article 6(1) (f) GDPR is the legal basis for the processing of your personal data.

Our legitimate interest for processing your personal data follows from the processing of your message, e.g. answering your inquiry or fulfilling your request for information.

d) Storage period

Your data will be deleted after final processing of your message, unless you have given us consent on the basis of which we are entitled to further storage and use.

Mandatory legal provisions – in particular retention periods according to the German Commercial Code (HGB) or the German Fiscal Code (AO) - remain unaffected by this.

14. Contact options by e-mail

a) Type and scope of data processing

You can contact us by e-mail. Our data collection is limited to the e-mail address of the e-mail account used by you to contact us as well as to the personal data provided by you in the course of contacting us. If you send us an e-mail without encryption, the e-mail is not protected against unauthorized access or modification by third parties during transmission.

b) Purpose of data processing

The purpose of data processing is to be able to answer your request appropriately.

c) Legal basis

The legal basis for this is Article 6(1)(f) GDPR. There is a legitimate interest in the processing of the above-mentioned personal data in order to be able to process your request appropriately, e.g. to answer your inquiry or to fulfil your request for information.

d) Storage period

The duration of the storage of the above-mentioned data depends on the background of your contact. Your personal data will be deleted on a regular basis if the intended purpose of the communication ceases to apply and storage is no longer necessary. This may result, for example, from processing your request.

15. Newsletter

a) Type and scope of data processing

You can subscribe to a free regular e-mail newsletter on our website. In order to be able to send you the newsletter regularly, we need your e-mail address.

Your data will be forwarded to our newsletter service provider in connection with the sending of the newsletter. Your data will not be passed on to third parties beyond this.

We use the so-called double opt-in procedure for sending newsletters.

This means that we will only send you an e-mail newsletter if you have expressly confirmed to us that you consent to the newsletter being sent. We will then send you a confirmation email asking you to confirm that you wish to receive future newsletters from us by clicking on a corresponding link. This is to ensure that only you, as the owner of the e-mail address provided, can subscribe to the newsletter. Your confirmation must be made promptly after receipt of the confirmation e-mail, otherwise your newsletter registration will be automatically deleted from our database. When you subscribe to the newsletter, we collect and store the data you enter in the input mask (e.g. surname, first name, email address). When you register for the newsletter, we also store your IP address entered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. In the confirmation e-mail sent for control purposes (double opt in email), we also store the date and time of the click on the confirmation link and the IP address entered by the Internet service provider (ISP).

b) Purpose of data processing

The data collected by us when you register for the newsletter will be used exclusively for the purpose of advertising by means of the newsletter.

c) Legal basis

The processing of your e-mail address for the newsletter dispatch is based on the declaration of consent voluntarily submitted by you in the following and revocable at any time in the future in accordance with Article 6(1)(a) GDPR and Section 7(2)(3) UWG (German law against unfair competition) respectively Section 25(1) TDDDG.

In addition, we process your personal data to document your consent (Article 6(1)(c) GDPR).

d) Storage period

Your e-mail address will be stored as long as you have subscribed to the newsletter. After you have unsubscribed from the newsletter, your e-mail address will be deleted, unless you have explicitly consented to further use of your data.

e) Right of withdrawal / right of objection

With regard to the e-mail newsletter, you have a right of cancellation. However, we have compelling legitimate grounds for processing the data, as we cannot guarantee the data security of the website without processing this data.

16. Application opportunity

a) Type and scope of data processing

When you apply, we collect and store the data you send us by e-mail. Further information can be found in our data protection information in the application process [Link].

b) Purpose of data processing

We process your data only for the purpose of processing your application.
It will not be passed on to third parties.

c) Legal basis

The legal basis for processing is Article 6(1)(b) GDPR. Insofar as you give us your consent to be included in our pool of applicants, the legal basis is Article 6(1)(a) GDPR.

d) Storage period

If we are unable to offer you a position, we will store your data for a maximum of six months after completion of the application process, taking into account § 61b(1) ArbGG in conjunction with § 15 AGG. The deadline starts with the receipt of the letter of rejection. If you have given us your consent to be included in our applicant pool, we will store your data for a maximum of two years.

e) Data transfer

Your data will only be made available to the bodies involved in the decision (responsible personnel or specialist departments, management, works council).

In addition, we are obliged to transmit your data to public bodies and institutions (e.g. public prosecutor's office, police, supervisory authorities, tax office, social insurance carriers, etc.).

Other data recipients may be those bodies for which you have given us your consent to transfer your data.

17 . Social media

We link our website to our social media platforms.

Therefore, we have linked a graphic of the respective network. When calling our website, there is no automatic connection to the respective server of the social network. The respective provider or operator of the pages is always responsible for the contents of the linked pages.

Only by clicking on the corresponding graphic you will be forwarded to the service of the respective social network.

Here the following data is processed by the respective network:

IP address
date, time
visited website

If you are logged in to your user account for the respective network during this time, the network operator may be able to assign the information collected during the visit to the user's personal account.

If you interact via a "share" button of the respective network, this information can also be stored in the user's personal user account and published if necessary. If you want to prevent the collected information from being directly assigned to your user account, the user must log out of the respective social network before clicking on the graphic.

You can also configure the respective user account accordingly.

We include the following social networks on our website by linking to them:

Facebook

Provider of the service: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Further information can be found in the privacy policy: https://www.facebook.com/policy.php

The privacy policy for data processing on the Facebook fan page is available here and on the Facebook fan page under ‘Info’ in the subsection “Imprint” and ‘Data policy’.

Instagram

Provider of the service: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

You can access the privacy policy for data processing at Instagram on this website.

TikTok

Provider of the service: TikTok Technology Limited,10 Earlsfort Terrace, Dublin, D02 T380, Irleand

Further information can be found in the privacy policy: https://www.tiktok.com/legal/privacy-policy-eea?lang=de

Spotify

Provider of the service: Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm,Sweden

Further information can be found in the privacy policy: https://www.spotify.com/de/legal/privacy-policy/

18. TikTok

With this privacy policy, we, the Bayerische Staatsbrauerei Weihenstephan, Alte Akademie 2, 85354 Freising (hereinafter: ‘Weihenstephan’), would like to inform you about how your personal data is processed when you use our TikTok site. Personal data is all data with which you can be personally identified.

TikTok privacy policy

With this privacy policy, Staatsbrauerei Weihenstephan, Alte Akademie 2, 85354 Freising “ (hereinafter: “Weihenstephan”) would like to inform you about how your personal data is processed when you use our TikTok site. Personal data is all data with which you can be personally identified.

a) Controller

According to the European General Data Protection Regulation (GDPR), a controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data. If you submit personal data to TikTok via our TikTok page, TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, 4 Lindsey St, Barbican, London EC1A 9HP, United Kingdom (hereinafter jointly referred to as ‘TikTok’) are joint controllers for data processing within the meaning of the GDPR.

b) Nature and scope of data processing

We do not store or process any personal data about you when you visit our TikTok site, but TikTok does collect your IP address and other information about your use of the TikTok site (so-called page insights), which are stored on your PC in the form of cookies. This information is used to provide us, as the operator of the TikTok site, with statistical information about the use of the TikTok site.

TikTok transmits data to Beijing ByteDance Technology Co Ltd, Room 10A Building 2 No. 48 Zhichun Road, Haidian District, Beijing China. We would like to point out that the European Court of Justice (ECJ) has doubts about the adequacy of the level of data protection in China. In particular, there is a risk that personal data may be processed by the state authorities for control and monitoring purposes, possibly without the possibility of legal recourse.

Information on which personal data is also processed by TikTok can be found in TikTok's privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en

Information on the available personalisation and data protection setting options for your TikTok account can be found here: https://support.tiktok.com/account-and-privacy/account-privacy-settings

You can also use the TikTok privacy form or archive requests to request information about your data, report privacy or security breaches or enquire about a specific privacy issue:
https://www.tiktok.com/legal/report/privacy?lang=en

c) Purpose of data processing

We use this TikTok page for public relations work and process the page insights in order to be able to analyse the actions taken on our TikTok page and to improve our company page based on this information.

In what way TikTok uses the data from visits to TikTok pages for its own purposes, to what extent activities on the TikTok page are assigned to individual users, how long TikTok stores this data and whether data from a visit to the TikTok page is passed on to third parties is not conclusively and clearly stated by TikTok and is not known to us.

d) Legal basis

The legal basis for the processing of personal data on the TikTok page of the samples is Article 6 (1) (f) GDPR. Our interest in using this social media platform is to interact with users and increase awareness.

The legal basis for the processing of personal data by TikTok can be found in TikTok's data protection information.

e) Right to object and storage period

You can object to the processing of your data for the aforementioned purposes at any time by changing your settings for advertisements in your TikTok user account accordingly by adjusting the ‘personalised advertising’ in the settings under ‘Settings and data protection’.

TikTok stores the data collected until it is no longer required to provide the services and TikTok products or until the account is deleted, whichever comes first, whereby TikTok is solely responsible for specifying the storage period; further information on this can be found in TikTok's privacy policy.

f) Fulfilment of data subject rights

TikTok will always fulfil your legal rights.

The following rights are available to you:

Right to revoke consent in accordance with article 7(3)(1) GDPR
Right to information under Art. 15 GDPR
Right of correction and completion under Art. 16 GDPR
Right to deletion and to be "forgotten" under Art. 17 GDPR
Right to restrict processing in accordance with Art. 18 GDPR
Right to data transferability according to Art. 20 GDPR
Right of objection under Art. 21 GDPR
Right not to be subject to a decision based solely on automated processing - including profiling - under Art. 22 GDPR
Complaint to a data protection supervisory authority under Art. 77 GDPR

Contact details of the data protection supervisory authority competent for TikTok:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Ireland

You can contact TikTok's data protection officer at the following link: https://www.tiktok.com/legal/report/DPO/en

19. Sweepstakes

a) Type and scope of data processing

When you participate in a sweepstakes, we process your declaration of participation, i.e. your answer to our sweepstakes question. Within the scope of the conditions of participation, we process the personal data you provide.

b) Purpose and legal basis of data processing

We process your (real) name, your contact data (street, house number, postal code, place of residence, e-mail address), if applicable a delivery address, insofar as this is necessary for the implementation and processing of the sweepstake. In addition, we process for age verification (for reasons of protection of minors) an indication of your age. in this case we store whether you are 18 years or older). The legal basis for this is Article 6(1)(b) GDPR.

If you provide us with further data, this information is voluntary. If applicable, a declaration of consent under data protection law is required for further use by us. The legal basis for further processing in this case is Article 6 (1)(a) GDPR. We reserve the right to ask you whether you agree that we publicly communicate the fact that you have won.

c) Categories of recipients

We will only pass on your personal data to third parties if you have given us your consent to do so or if this is permitted by law (as, for example, in the case of passing on the delivery address to the supplier for delivery of the prize or, for example, as in the case of order processing by an agency engaged by us). There is no intention to transfer your personal data to a third country or an international organization.

d) Storage period

The personal data of the participants will be deleted as soon as the competition has ended and the data is no longer required to inform the winners. Even after the competition has ended, it may be necessary to store personal data in order to comply with contractual or legal obligations, e.g. to fulfill commercial or tax law retention obligations. In these cases, the retention period depends on the respective retention period. In the case of non-cash benefits, the retention period is three years in order to fulfill warranty claims. In the case of media coverage of the winners of the competition, a different storage period may apply. If data was also collected for other purposes as part of the competition (e.g. consent to the sending of a newsletter), the retention period is based on the data protection information for this processing.

20. Podigee Podcast

a) Type and scope of data processing

We use the Podigee implemented on our website. Podigee is a programme for music and podcasts. The service provider is Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. The podcasts are loaded by Podigee or transmitted via Podigee. Podigee processes IP addresses and device information in order to enable podcast downloads/playbacks and to determine statistical data, such as call-up figures. This data is anonymised or pseudonymised before being stored in Podigee's database, unless it is required for the provision of the podcasts.

b) Purpose and legal basis of data processing

The use is based on our legitimate interests, i.e. interest in the secure and efficient provision, analysis and optimisation of our podcast offer in accordance with Article 6 (1) (f) GDPR.

c) Storage period

Personal data will only be stored for as long as necessary.

d) Recipients

The recipient of the personal data is Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany.

e) Further information

Further information and objection options can be found in Podigee's privacy policy: https://www.podigee.com/de/about/privacy

21. Data security and security measures

We are committed to protecting your privacy and treating your personal data confidentially. For this purpose, we take extensive technical and organisational security precautions, which are regularly checked and adapted to technological progress.

These include the use of recognized encryption procedures (SSL or TLS). Unencrypted data, e.g. when sent by unencrypted e-mail, may be read by third parties. We have no influence on this. It is the responsibility of the respective user to protect the data provided by him/her against misuse by means of encryption or in any other way.

22. Your rights (as a data subject)

Here you will find your rights regarding your personal data. Details of this are set out in Articles 7, 15-22 and 77 of the GDPR. You can contact the controller (Section 2) or the data protection officer (Section 3) in this regard.

22.1. Right to withdraw your data protection consent in accordance with Article 7(3) GDPR

You can withdraw your consent to the processing of your personal data at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

22.2. Right of access pursuant to Article 15 GDPR in conjunction with § 34 BDSG

You have the right to request confirmation as to whether we process personal data concerning you. If this is the case, you have the right to be informed about your personal data and to receive further information, e.g. the purposes of processing, the categories of personal data processed, the recipients and the planned duration of storage or the criteria for determining the duration.

22.3. Right to rectification and completion under Article 16 GDPR

You have the right to demand the correction of incorrect data without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.

22.4. Right to erasure ("right to be forgotten") in accordance with Article 17 GDPR in conjunction with § 35 BDSG

You have the right of erasure, as far as the processing is not necessary.
This is the case, for example, if your data are no longer necessary for the original purposes, if you have withdrawn your declaration of consent under data protection law or if the data was processed unlawfully.

22.5. Right to restriction of processing in accordance with Article 18 GDPR

You have the right to limit the processing, for example if you believe that personal data is incorrect.

22.6. Right to data portability pursuant to Article 20 GDPR

You have the right to receive personal data concerning you in a structured, common and machine-readable format.

22.7. Right to object pursuant to Article 21 GDPR

You have the right to object to data processing on grounds relating to particular situations. However, this only applies in cases where we process data to fulfill a legitimate interest.

If you can present such a reason and we cannot assert compelling legitimate grounds for the processing which override your interests, we will no longer process this data for the respective purpose.

22.8. Automated individual decision-making, including profiling in accordance with Article 22 GDPR

You will not be subject to any decision based solely on automated processing of your data, including profiling, which produces legal effects concerning you or similarly significantly affects you.

22.9. Right to lodge a complaint with a data protection supervisory authority pursuant to Article 77 GDPR

You can also lodge a complaint with a data protection supervisory authority at any time, for example if you believe that data processing is not in compliance with data protection regulations.

Competent supervisory authority:

Der Bayerische Landesbeauftragte für den Datenschutz (BayLfD)
Wagmüllerstraße 18
80538 München
Postanschrift: Postfach 22 12 19, 80502 München
Tel.: 089 212672-0
Fax: 089 212672-50
E-Mail: poststelle@datenschutz-bayern.de

Homepage: https://www.datenschutz-bayern.de

23. Changes to this policy

Our privacy policy serves the fulfilment of legal information duties. We update our data protection declaration as far as this becomes necessary.

Privacy

1. General information and principles of data processing

2. Controller

3. Data Protection Officer

4. Provision and use of the website / server log files

5. Use of cookies (Cookie policy)

6. Services with required cookie

7. Services with statistics cookies

8. Services with marketing cookies

9. Services with external media

10. Use of Google Fonts

11. Processing for the implementation of pre-contractual measures and for contract fulfilment

12. Categories of recipients of personal data

13. Contact form

14. Contact options by e-mail

15. Newsletter

16. Application opportunity

17 . Social media

18. TikTok

19. Sweepstakes

20. Podigee Podcast

21. Data security and security measures

22. Your rights (as a data subject)

23. Changes to this policy

This website uses cookies