Data Protection Declaration
according to Art. 13 EU General Data Protection Regulation (GDPR) and Art. 32 German Federal Data Protection Act (BDSG) 2018
Data protection has a high value for Brewery and tavern „Im Füchschen“ . By this data protection declaration, we would like to clarify your rights concerning personal data. Furthermore, we would like to inform you about the type, scope and purpose of the data collected and processed by us:
First of all, we would like to briefly point out the most important aspects of data protection at Brewery and tavern „Im Füchschen“. In the second part, you will find more detailed explanations on data protection issues if you would like to know more.
1. Data protection information (short version)
1.1 Who is responsible for and tasked with data protection?
The responsible person within the meaning of the General Data Protection Regulation (GDPR) is:
The company: Brewery and tavern „Im Füchschen“ Peter König e.K
Managing Director: Peter König
Address: Ratinger Straße 28, 40213 Düsseldorf, Germany
E-mail: info@fuechschen.de
Phone: +49(0) 211-13747-0-
Contact details of the data protection officer within the meaning of the GDPR:
E-mail: dpo.fuechschen@fgnd-core.eu
Address: Kelvinstr. 14, 50996 Cologne
Website: www.fgnd-core.de
Phone: +49 (0) 2236 / 490 90 80
If you have any questions or suggestions regarding data protection, you can contact our data protection officer directly at any time.
1.2 What rights do you have as the data subject?
You have the right to obtain information about what we have stored about you. Should your data stored by us be incorrect, you may request correction or deletion of these data. In addition, you may request that these data be blocked and thus further processing by us may only be carried out with your consent.
You also have the right to object to the further processing of your data at any time for reasons arising from your particular situation. Furthermore, if you wish, we will make the data you provided available to you for your further use. At your request, we will also send them to a recipient to be designated by you.
Furthermore, you have the right to revoke your consent to the processing of your personal data at any time. This does not affect the legality of the processing that took place until the revocation.
You are also entitled to complain to a supervisory authority. Corresponding addresses can be found on the websites of the Federal Commissioner for Data Protection and Freedom of Information (BFDI): https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/addresses_links-node.html
1.3 For what purpose and on what legal basis will my data be processed?
The personal data collected by us during your visit to our website will be processed and used within the scope of our field of activity as a personnel service provider specialising in temporary employment and personnel placement. Processing or use of the data collected by us and communicated by you takes place exclusively for the fulfilment of the aforementioned purposes either by us, our affiliated companies and companies commissioned by us for data processing (“contract processors”), provided that these also meet the data protection requirements of the GDPR. (For the processing of data collected on our websites not from us but from third parties, see below: “Who receives my data?”)
In addition, your data will only be collected, processed and used for other purposes (market research, consulting and information/advertising, including newsletters) if you have given us your corresponding consent or if the processing in accordance with Art. 6 para. 1 letters b-f GDPR is required, for example to protect the vital interests of natural persons or in the public interest.
We do not intend to use your personal data for any purpose other than that for which they were collected.
We do not carry out profiling within the meaning of Art. 4 GDPR with your data.
1.4 How is my data collected and who receives it?
A use of the Internet pages of Brewery and tavern „Im Füchschen“ is basically possible without active specification of personal data.
An exception to this are the following elements on our web pages:
Cookies
We have set cookies on our website in order to increase the convenience and functionality of our website for you. A typical field of application for cookies is the storage of a certain (login) status during web use, so that a user does not have to log in again for each sub-page of a website. In order to be able to distinguish between different users, a unique identifier is usually stored in a text cookie. The identification stored in the cookie has no personal reference per se. It becomes relevant under data protection law as soon as personal data are stored in a cookie or a link is established between the cookie ID and personal data. Depending on function and intended use, a distinction is made between five categories of cookies:
- Essential cookies: This type of cookie is required for navigation on the website and for providing the basic functions of the website.
- Functional cookies: Functional cookies enable the website to store information provided by the user during the visit (login, user name, language and location selection) in order to offer the user a simplified, extended range of functions when he visits the website again.
- Performance Cookies: Performance cookies serve to improve the user experience by increasing user-friendliness. For this reason, performance cookies collect information about how the website is used (e.g.: Information on the operating system, the browser used, the number of visits, the pages called up in this context and the average length of stay).
- Analysis cookies: The cookies serve the operator of the website to understand which preferences and search terms are used to access the main and sub-pages of the website.
- Marketing cookies: Marketing cookies serve the goal of generating added value for the user through relevant content that is tailored to his or her individual interests. This cookie type is also used to measure and control the effectiveness of advertising campaigns. In addition to the frequency of site visits, the marketing cookies also record the duration of use and stay with regard to the content offered. Marketing cookies are also gladly linked to page functionalities of third parties. The information collected in this way may be passed on to third parties, such as the operator of the website.
However, you can prevent the setting of cookies at any time by means of the corresponding settings of your Internet browser and thus permanently object to this. You can use your browser settings to delete individual cookies that have already been saved or the entire cookie inventory. In the following we have compiled links to information and instructions that describe the browser settings to be made in detail and in relation to the provider:
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Safari: https://support.apple.com/kb/PH21411?locale=de_DE&viewlocale=en_US
Google Chrome: https://support.google.com/accounts/answer/61416?hl=en
Mozilla Firefox: https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored
Opera: http://www.opera.com/en/help
You can also individually manage the cookies of many companies and features used for advertising. Use the corresponding user tools, available at http://optout.aboutads.info/?c=2&lang=EN or http://www.youronlinechoices.com/uk/your-ad-choices.
In addition, a large number of browsers have already implemented a “Do-Not-Track function” with which you can specify that you do not want to be “tracked” by websites. By enabling this feature, your browser tells advertising networks, websites and applications that you do not want to be tracked for behaviour-based advertising and the like. Information and instructions on how to edit this function are available from the links below, depending on the provider of your browser:
Internet Explorer: https://support.microsoft.com/en-us/help/17288/windows-internet-explorer-11-use-do-not-track
Google Chrome: https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=en
Safari: https://support.apple.com/kb/PH21416?locale=en_US&viewlocale=en_US
Mozilla Firefox: https://support.mozilla.org/en-US/kb/how-do-i-turn-do-not-track-feature
Opera: https://help.opera.com/en/opera36/be-safe-and-private/#notrack
You can also prevent scripts from being loaded by default. NoScript allows JavaScript, Java and other plugins to be executed only on trusted domains of your choice. For information and instructions on how to edit this feature, please contact the provider of your browser.
Server log files
Our Internet pages collect a series of general data with each call, above all of a technical nature, which is stored in the log files of the server. Among the data collected are the browsers and versions used, the operating system used, the website or sub-website from which you access our website (so-called referrer), the date and time of your access, your IP address and your Internet service provider. The collection of the data serves the optimised functionality as well as the security of our web offer. The server log files are stored separately from personal data collected specifically for statistical purposes. We do not evaluate the information in order to draw conclusions about your person.
Google Maps
We have included an API (application programming interface) from Google Maps on individual pages of our website to make it easier for you to find our locations. Data is transferred from your device to Google. As Google is certified as an EU-US Privacy Shield, the data is transmitted to the USA on the basis of a decision on appropriateness in accordance with the EU Privacy Shield Directive. Art. 45 GDPR. For more information, please refer to Google’s privacy policy, which you can access here: https://policies.google.com/privacy?hl=en
Use of the Mapbox map service
On our pages functions of the map service Mapbox are integrated. These functions are offered by the company Mapbox Inc. By using Mapbox, data is usually transferred to the servers of Mapbox Inc. in the USA and processed there. We would like to point out that, as the provider of the pages, we have no influence on the content of the transmitted data or its use by Mapbox.
Further information on this can be found in Mapbox’s privacy policy at https://www.mapbox.com/legal/privacy/
Google Fonts
This website uses external fonts: Google Fonts. Google Fonts is a service of Google Inc. (“Google”). Integration of these web fonts is implemented via a server access, typically a Google server in the United States. This transmits information to the server as to which of our website pages you have visited. The IP address of the browser on the visitor’s terminal device is also stored by Google. As Google is certified as an EU-US Privacy Shield, the data is transmitted to the USA on the basis of a decision on appropriateness in accordance with the EU Privacy Shield Directive. Art. 45 GDPR.
Google Fonts uses cookies on our website. You can prevent the setting of cookies at any time by means of an appropriate setting of your Internet browser and thus permanently object to this. Cookies that have already been saved can be deleted at any time.
For more information, please refer to Google’s privacy policy, which you can access here: https://policies.google.com/privacy?hl=en
juicer
The data controller has integrated a social wall from Juicer on this website. The Juicer system offers the possibility of playing out social media activities bundled in a social feed and integrating this as a social wall on the website. Here it is possible to integrate contributions from Instagram, Twitter and numerous other social media channels Hashtag based or alternatively to play all contributions of an account (Instagram, Twitter etc.) on the Social Wall. The social wall can be accessed by anyone, even by people who are not registered with Instagram, Twitter, etc. The social wall can also be accessed by anyone who is not registered with Instagram or Twitter. The operating company of Juicer is Juicer.io, 1515 7th Street, #424, Santa Monica, CA 90403.
Juicer and third party providers who work with Juicer are EU-DSGVO compliant. The DSGVO was developed to give the user more information and to better protect user data. Juicer has at no time and will at no time:
store or collect personal data of users who view the Juicer Feed (Social Wall) on a page.
Juicer will not disclose user data except for cookies, which enable the user to make better use of the system. Juicer collects a minimum amount of data and treats it discreetly.
share any kind of data with social networks
Font Awesome
Our website uses so-called web fonts or icons provided by Fonticons, Inc. for the uniform display of fonts and icons. When you call up a page, your browser loads the required web fonts or icons into your browser cache in order to display texts, fonts and icons correctly.
NextGEN Gallery ( wordpress plugin)
Does not store personal information but uses Google Fonts. This function has been specially adapted for our WordPress pages so that Google Fonts are not loaded from Google servers. This means that no data can be collected.
For this purpose, the browser you are using must connect to the Fonticons, Inc. servers. This enables Fonticons, Inc. to know that your IP address has been used to access our website. Font Awesome is used in the interest of a uniform and appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
If your browser does not support Font Awesome, a standard font will be used by your computer. Further information about Font Awesome can be found at https://fontawesome.com/help and in the Fonticons, Inc. privacy policy: https://fontawesome.com/privacy.
Typekit
We use Adobe Typekit to display fonts on our website. Adobe Typekit is a service that provides access to a font library provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe). When you open a page, your browser loads the Web fonts you need into your browser cache to display text and fonts correctly. In the course of providing the Typekit service, no cookies are placed or used to provide the fonts. To provide the Typekit service, Adobe may collect font information to identify the site itself and the associated Typekit account.
For more information, visit the Adobe Typekit Privacy page and Adobe’s Privacy Policy.
Imgur
Our website uses plugins of the online service Imgur. Provider is Imgur, Inc., 415 Jackson Street, 2nd Floor, Suite 200, San Francisco, CA 94111, USA.
When you visit one of our pages equipped with an Imgur plugin, a connection is established to Imgur’s servers. This will tell the Imgur server which of our pages you have visited. Imgur also obtains your IP address. This also applies if you are not logged in to Imgur or do not have an account with Imgur. The information collected by Imgur is transmitted to the Imgur server in the USA.
If you are logged in to your Imgur account, you enable Imgur to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Imgur account.
You can find further information about the handling of user data in Imgur’s data protection declaration at: https://imgur.com/privacy.
Retrieving Emojis and Smilies
Within our WordPress blog, graphic emojis (or smilies), i.e. small graphic files that express feelings, are used that are obtained from external servers. The server providers collect the IP addresses of the users. This is necessary so that the emojie files can be transmitted to the users’ browsers. The Emojie service is offered by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. Automattic’s privacy policy: https://automattic.com/privacy/. The server domains used are s.w.org and twemoji.maxcdn.com, which, to the best of our knowledge, are so-called content delivery networks, i.e. servers that only serve to transmit files quickly and securely and which delete users’ personal data after transmission.
The use of emojis is based on our legitimate interests, i.e. interest in an attractive design of our online offer according to Art. 6 Para. 1 lit. f. DSGVO.
SOCIAL MEDIA:
Facebook page
If you visit the Brewery and tavern „Im Füchschen“ Facebook page (www.facebook.com/1stsolutionconsulting), we will not collect personal information from you, unless you post on our Facebook page, comment on posts on our Facebook page. Page, use the Like feature, write us a Facebook message or use other Facebook offers to interactively connect to our Facebook page. In such cases, you will provide us with your username, your profile photo and any other information that is made public on your Facebook profile. We do not store any of this data additionally, unless you make requests to us that require storage for further processing. As soon as this purpose and possible legal retention periods cease to apply, we will delete your data.
We have no influence on the processing of your data by Facebook itself. For more information, please read Facebook’s privacy policy: https://www.facebook.com/privacy/explanation
Instagram profile
When you visit the Instagram Profile of the Brewery and Business “Im Füchschen” (https://www.instagram.com/fuechschen_alt), we do not collect any personal information from you unless you comment on contributions on our Instagram Profile, use the Like feature, write us an Instagram message, or use other Instagram offerings to interactively connect with our Instagram Profile. In these cases, you will disclose your username, profile photo, and any other information published on your Instagram profile to us. We do not store any of this data additionally unless you submit requests to us that require storage for further processing. We will delete your data as soon as this purpose and possible legal retention periods no longer apply.
We have no influence on the processing of your data by Instagram itself. To find out more, please read Instagram’s Privacy Policy: https://help.instagram.com/155833707900388
Youtube channel
If you visit the Youtube channel of the brewery and economy “Im Füchschen” (https://www.youtube.com/channel/UCV8DG_A4BIjiBc2qJbLGiTQ/feed), we do not collect any personal data from you, unless you comment contributions on our Youtube channel, write us a message about Youtube or use other offers of Youtube to interactively connect with our Youtube channel. In such cases, you will disclose to us your username, profile picture, posts on your own Youtube channel and any other information made public on your Youtube channel. We do not store any of these data in addition, unless you submit requests to us that require storage for further processing. We will delete your data as soon as this purpose and possible legal retention periods no longer apply.
We have no influence on the processing of your data by Youtube itself. To find out more, please read Youtube’s privacy policy: https://www.youtube.de/t/privacy
We have no influence on the processing of your data by Instagram itself. To find out more, please read Instagram’s Privacy Policy: https://help.instagram.com/155833707900388
Twitter profile
If you visit the Twitter profile of Brewery and tavern „Im Füchschen“ (www.twitter.com/Fuechschen-Alt), we do not collect any personal data from you, unless you comment posts on our Twitter profile, use the like function, write us a Twitter message or use other Twitter offers to interactively connect with our Twitter profile. In such cases, you will provide us with your username, your profile photo and any other information that is made public on your Twitter profile. We do not store any of this data additionally, unless you make requests to us that require storage for further processing. As soon as this purpose and possible legal retention periods cease to apply, we will delete your data.
We have no influence on the processing of your data by Twitter itself. For more information, please read Twitter’s privacy policy: https://help.twitter.com/de/rules-and-policies/update-privacy-policy
contact form
If you contact the brewery and business “Im Füchschen” via the contact form, your personal data will be transmitted to us via SSL and automatically saved for processing or contacting purposes. This personal data will not be passed on to third parties.
Newsletter
(1) With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.
(2) We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration we will send you an e-mail to the specified e-mail address in which we will ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we save the IP addresses you use and the dates of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
(3) Your e-mail address is the only mandatory information for sending the newsletter. The indication of further, separately marked data is voluntary and will be used to address you personally. After your confirmation we save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 Para. 1 S. 1 lit. a DS-GVO.
(4) You can revoke your consent to the sending of the newsletter at any time and cancel your subscription to the newsletter. You can withdraw your consent by clicking on the link provided in every newsletter e-mail, by sending an e-mail to info@fuechschen.de or by sending a message to the contact details given in the imprint.
(5) We draw your attention to the fact that we evaluate your user behaviour when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files stored on our website. For the evaluations we link the data mentioned in § 3 and the web beacons with your e-mail address and an individual ID. The data is collected exclusively under a pseudonym, i.e. the IDs are not linked to your other personal data, a direct personal reference is excluded.
You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us of another contact method. The information is stored as long as you have subscribed to the newsletter. After you have unsubscribed, we store the data purely statistically and anonymously.
Job applications
Online applications for job advertisements of Brewery and tavern „Im Füchschen“ or unsolicited applications can be sent to us by e-mail, via the speculative application form or via the input forms of the online job exchange you use. We place the highest value on demonstrable compliance with the GDPR. For this reason, your applicant data will be deleted after six months, unless you have agreed to your data being processed for a longer period of time. This data will not be passed on to third parties unless required to do so by law or for the purpose of criminal prosecution. Brewery and tavern „Im Füchschen“ has no influence on the processing of your personal data by the online job exchanges (e.g. stepstone, monster etc.). Please refer to their data protection declarations for relevant information.
1.5 How long will my data be stored?
The data collected from you will be stored by us for the duration of the business relationship, taking into account existing retention periods.
1.6 Is the collection and storage of my data mandatory or necessary?
We collect and store the data provided by you for the fulfilment of the contract to be concluded and implemented with you. In all other respects, we are obliged to do so in accordance with tax regulations.
2. Data protection information (detailed version)
2.1 Data processing
2.1.1 General information on the use of the homepage
Use of the Internet pages of Brewery and tavern „Im Füchschen“ is basically possible without active specification of personal data. If a data subject wishes to make use of special services of our company via our website (e.g. the use of the contact form), the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, the data subject generally must consent to us processing their data.
The processing of personal data, such as the name, address, email address or telephone number of a data subject, always takes place in accordance with legal requirements.
Brewery and tavern „Im Füchschen“ has implemented numerous technical and organisational measures as the responsible party for the processing of personal data in order to ensure that all personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transmissions can have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
2.1.2 Contact via the website
Due to legal regulations, the website of Brewery and tavern „Im Füchschen“ contains information which enables quick electronic contact to our company as well as direct communication with us. If a data subject contacts the responsible person by email or via a contact form, any personal data transmitted by the data subject is automatically stored.
Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties. This data will be deleted once the purpose has been achieved, unless legal or official storage obligations intervene.
2.1.3 Routine deletion and blocking of personal data
We process and store personal data of the data subject only for the period necessary to achieve the processing purpose or insofar as this is provided for in the GDPR or laws or regulations.
If the processing purpose no longer applies or if a statutory storage period expires, the personal data is deleted routinely and in accordance with the statutory provisions.
2.1.4 Legal basis for processing
Art 6 I (a), GDPR serves our company as a legal basis for processing operations through which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the processing is based on Art. 6 I b GDPR. The same applies to such processing processes that are necessary to carry out pre-contractual measures, for example in cases of enquiries about our products or services.
If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfil tax obligations, the processing is based on Art. 6 I c GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person.
In addition, processing operations could be based on Article 6 I (f) GDPR if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. Efficient, customer-friendly and high-quality service provision is one of the most justified interests.
2.1.5 Data protection for applications and in the application procedure
We collect and process the personal data of applicants for the purpose of facilitating the application process. Processing may also be carried out electronically. This is particularly the case if an applicant sends corresponding application documents to the responsible person by electronic means, for example by email or via a web form on the website. If the person responsible for processing concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the applicant, the application documents shall be deleted after six months at the latest.
2.2 Rights of the data subject
According to the GDPR, data subjects are entitled to the following rights. If you, as a data subject, wish to exercise one or more of these rights, you can contact our data protection officer or another employee of the data controller at any time.
2.2.1 Right to withdraw data protection consent
As a person affected by the processing of personal data, you have the right to revoke your consent to the processing of personal data at any time with effect for the future. An email or other written declaration to us is sufficient for this purpose. You can send your revocation to: info@1st-solution-group.com
2.2.2 Right to be informed
As a data subject affected by the processing of personal data, you have the right at any time to receive free information from the data controller about the personal data stored about you and a copy of the personal data. The right to information concerns the following information:
- the purposes of processing
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of a right to rectification or erasure of the personal data concerning you or of a restriction of the processing by the person responsible or of a right to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from the data subject, any available information as to their source
- the existence of automated decision-making, including profiling, referred to in Article 22 (I) and (IV) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
Furthermore, the data subject has a right of access to information as to whether personal data has been transferred to a third party or to an international organisation. If this is the case, the data subject has, in addition, the right to obtain information about the appropriate guarantees in connection with the transfer.
2.2.3 The right of rectification
As a data subject affected by the processing of personal data, you have the right to request the immediate correction of incorrect personal data concerning you. You also have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.
2.2.4 Right to deletion (“Right to be forgotten”)
As a data subject affected by the processing of personal data, you have the right to request that the personal data concerning you be deleted immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:
- The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary (i.e. the data are no longer required).
- The data subject withdraws consent to which the processing is based according to point (a) of Article 6 (I) of the GDPR, or point (a) of Article 9 (II) of the GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21 (I) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (II) of the GDPR.
- The personal data havebeen unlawfully processed.
- The personal data must be erased for compliance with a legal obligation under European Union or Member State law to which the data controller is subject.
- The personal data have been collected in relation to information society services provided in accordance with Article 8 I of the GDPR.
If the personal data has been made public by Brewery and tavern „Im Füchschen“ and if our company is responsible for deleting personal data as the person responsible pursuant to Art. 17 I GDPR, we take appropriate measures to protect others for data processing, taking into account the available technology and implementation costs, to notify the persons responsible who process the personal data published, in particular the deletion of all links to these personal data or of copies or replications of this personal data, as far as the processing is not necessary. The data protection officer of Brewery and tavern „Im Füchschen“ or another employee will arrange what is necessary in individual cases.
2.2.5 The right of restriction of processing
As a data subject affected by the processing of personal data, you have the right to request the restriction of processing if one of the following conditions is met:
- The accuracy of your personal information is contested by you for a period of time that allows us to verify the accuracy of your personal information.
- The processing is unlawful, you refuse to delete the personal data and instead demand a restriction on the use of the personal data.
- We no longer need the personal data for the purposes of processing, but you do need it to assert, exercise or defend legal claims.
- You have objected to the processing pursuant to Art. 21 I GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh yours.
2.2.6 The right of data portability
As a person affected by the processing of personal data, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to have this data communicated to another controller without hindrance by the controller, provided that the processing is based on the consent provided for in Article 6 I (a) GDPR or Article 9 II (a) GDPR or on a contract pursuant to Article 6 I (b) GDPR and that the processing is carried out using automated procedures or provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of public authority conferred on the data controller.
Furthermore, in exercising his or her right to data portability pursuant to Article 20 I of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
2.2.7 Right of objection
As a data subject affected by the processing of personal data, you have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out in order to safeguard a legitimate interest of the person responsible.
This also applies to profiling based on these provisions, whereby Brewery and tavern „Im Füchschen“ points out it does not carry out any profiling.
Brewery and tavern „Im Füchschen“ does not process the personal data in the event of an objection, unless we can prove compelling legitimate reasons for the processing, which outweigh the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defence of legal claims.
If Brewery and tavern „Im Füchschen“ processes personal data in order to operate direct mail, you have the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to any profiling connected with such direct advertising. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.
2.2.8 Automated individual decision-making including profiling
As a data subject, you are entitled not to be subject to a decision based exclusively on automated processing, including profiling, which has legal effect against you or significantly affects you in a similar manner, provided that the decision
- is necessary for entering into, or performance of, a contract between the you and a data controller;
- is authorised by Union or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- with your express consent.
Brewery and tavern „Im Füchschen“ does not use purely automated decision systems with regard to the processing of personal data that have a legal effect on you or significantly impair you in a similar way.
2.2.9 The right to file a legal complaint with a supervisory authority
As a data subject affected by the processing of personal data, you have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you consider that the processing of personal data concerning you is contrary to data protection law. Corresponding addresses can be found on the websites of the Federal Commissioner for Data Protection and Freedom of Information (BFDI): https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/addresses_links-node.html
2.3 Definitions
With the development of data protection law, terms have become established that are not always self-explanatory. The explanations in Art. 4 GDPR are quoted in extracts below:
- “Personal data” means all information, which relates to an identified or identifiable natural person (hereinafter “affected person”); a natural person is regarded as identifiable, if he/she can be directly or indirectly identified, especially by means of association with an identifier like a name, with an identification number, with location data, with an online identity or with one or several special features, the reflection of a physical, physiological, genetic, psychic, financial, cultural or social identity of this natural person
- “Processing” means any operation or series of operations carried out with or without the aid of automated procedures in relation to personal data, such as the collection, collection, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, erasure or destruction;
- “Restriction of processing” is the marking of personal data stored in order to limit its future processing.
- “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
- “Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that this additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or an identifiable natural person.
- A “Responsible person” is a natural or legal person, public authority, agency or other body, which either alone or with others, determines purposes and means of processing of personal data; where purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law
- An “Order processor ” is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the responsible person.
- “Recipient” means a natural or legal person, authority, institution or other body to which personal data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union law or the law of the Member States under a particular investigation mandate shall not be considered recipients; the processing of such data by the said authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing.
- A “Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the responsible person or order processor, is authorised to process personal data.
- “Consent” of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- “Breach of the protection of personal data” means a breach of security which, whether unintentional or unlawful, leads to the destruction, loss, alteration or unauthorised disclosure or access to personal data transmitted, stored or otherwise processed;