Privacy

Preview (data protection):

 

In the following, we will inform you about the type, scope and purpose of the processing of personal data by our company in accordance with the legal requirements of data protection law (in particular in accordance with BDSG n.F. and the European General Data Protection Regulation 'GDPR'). This data protection declaration also applies to our websites and social media profiles. With regard to the definition of terms such as "personal data" or "processing", we refer to Art. 4 GDPR.

Name and contact details of the person responsible
Our responsible person (hereinafter "responsible person") i.S.d. Art. 4 no. 7 GDPR is:

Francesco Giombolini-Red Barrel
Albrecht-Dürer-Strasse 14
90403, Nuremberg, Bavaria
Managing Director Francesco Giombolini
Email address: hello@redbarrelwines.com

 

Types of data, purposes of processing and categories of data subjects

 

In the following we inform you about the type, scope and purpose of the collection, processing and use of personal data.

  1. Types of data we process
    Usage data (access times, websites visited etc.), contact data (telephone number, e-mail, fax etc.), content data (text entries, videos, photos etc.), communication data (IP address etc.), 

    2. Purposes of processing in accordance with Art. 13 Paragraph 1 c) GDPR
    Improve the user experience, make the website user-friendly, avoid spam and abuse, customer service and customer care, handle contact requests, provide websites with functions and content, security measures, uninterrupted, secure operation of our website, 

    3. Categories of data subjects according to Art. 13 Paragraph 1 e) GDPR
    Visitors / users of the website, customers, suppliers, interested parties, 


The data subjects are collectively referred to as "users".

 

 
Legal basis for processing personal data

 

In the following, we will inform you about the legal basis for processing personal data:

  1. If we have obtained your consent for the processing of personal data, Art. 6 Para. 1 S. 1 lit. a) GDPR legal basis.
  2. If the processing is necessary to fulfill a contract or to carry out pre-contractual measures, which take place at your request, Art. 6 Para. 1 S. 1 lit. b) GDPR legal basis.
  3. If processing is necessary to fulfill a legal obligation to which we are subject (e.g. statutory retention requirements), Art. 6 Para. 1 S. 1 lit. c) GDPR legal basis.
  4. If processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6 Para. 1 S. 1 lit. d) GDPR legal basis.
  5. If the processing is necessary to safeguard our interests or the legitimate interests of a third party and your interests or fundamental rights and freedoms do not outweigh your interests, Art. 6 Para. 1 S. 1 lit. f) GDPR legal basis.

 

 
Forwarding of personal data to third parties and processors

 

In principle, we will not pass on any data to third parties without your consent. If this is the case, the transfer will take place on the basis of the aforementioned legal bases, e.g. when passing on data to online payment providers for the fulfillment of a contract or due to a court order or due to a legal obligation to release the data for the purpose of criminal prosecution, to avert danger or to enforce intellectual property rights.
We also use contract processors (external service providers e.g. for web hosting our websites and databases) to process your data. If data is passed on to the processors within the framework of an agreement for order processing, this always takes place in accordance with Art. 28 GDPR. We carefully select our processors, check them regularly and have been granted the right to issue instructions with regard to the data. In addition, the processors must have taken suitable technical and organizational measures and the data protection regulations in accordance with. BDSG n.F. and comply with the GDPR

 

 
Data transfer to third countries

 

The adoption of the European General Data Protection Regulation (GDPR) created a uniform basis for data protection in Europe. Your data will therefore mainly be processed by companies for which the GDPR applies. Should the processing by third party services take place outside the European Union or the European Economic Area, these must meet the special requirements of Art. 44 ff. GDPR. This means that processing takes place on the basis of special guarantees, such as the establishment of a data protection level that is officially recognized by the EU Commission or compliance with officially recognized special contractual obligations, the so-called “standard contractual clauses”. For US companies, submission to the so-called "Privacy Shield", the data protection agreement between the EU and the USA, fulfills these requirements.

 

 
Deletion of data and storage duration

 

Unless expressly stated in this data protection declaration, your personal data will be deleted or blocked as soon as the purpose for storage no longer applies, unless further storage is necessary for evidential purposes or if there are statutory storage obligations. This includes, for example, commercial law retention obligations for business letters in accordance with Section 257 (1) HGB (6 years) and tax retention obligations in accordance with Section 147 (1) AO of documents (10 years). When the prescribed retention period expires, your data will be blocked or deleted, unless the storage is still necessary for the conclusion or fulfillment of a contract.

 

 

Existence of automated decision-making

 

We do not use automatic decision-making or profiling.

 
Provision of our website and creation of log files

 

  1. If you only use our website for information purposes (i.e. no registration and no other transmission of information), we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data: • IP address;
    Internet service provider of the user;
    • the date and time of the request;
    • browser type;
    • language and browser version;
    • content of the call;
    • time zone;
    • Access status / HTTP status code;
    • amount of data;
    • websites from which the request came;
    • Operating system.
    This data is not stored together with other personal data from you.
  2. These data serve the purpose of user-friendly, functional and secure delivery of our website to you with functions and content as well as their optimization and statistical analysis.
  3. The legal basis for this is our legitimate interest in data processing according to Art. 6 Paragraph 1 S.1 lit. f) GDPR.
  4. For security reasons, we store this data in server log files for a storage period of days. After this period these are automatically deleted, unless we need to keep them for evidence in the event of attacks on the server infrastructure or other legal violations.

External payment service providers 

We use external payment service providers, through whose platforms the user and we can carry out payment transactions (e.g., each with a link to the privacy policy)

Shopify (https://www.shopify.de/legal/datenschutz) 

Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full),

Visa (https://www.visa.de/datenschutz),

Mastercard (https://www.mastercard.de/de-de/datenschutz.html), 

American Express (https: //www.americanex- press.com/de/content/privacy-policy-statement.html)

As part of the fulfillment of contracts, we use the payment service providers on the basis of Art. 6 Para. 1 lit. b. GDPR. In addition, we use external payment service providers based on our legitimate interests in accordance with. Art. 6 para. 1 lit. b. GDPR in order to offer our users effective and secure payment options.

The data processed by the payment service providers include inventory data, such as the name and address, bank details such as Account numbers or credit card numbers, passwords, TANs and checksums as well as contract, sums and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. I.e. We do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data will be transmitted to credit agencies by the payment service provider. The purpose of this transmission is to check your identity and creditworthiness. For this we refer to the terms and conditions and data protection information of the payment service providers.

For payment transactions, the terms and conditions and the data protection notices of the respective payment service providers apply, which can be called up on the respective websites or transaction applications. We also refer to these for the purpose of further information and assertion of rights of revocation, information and other data subjects


Cookies

 

  1. We use so-called cookies when you visit our website. Cookies are small text files that your internet browser stores and stores on your computer. When you visit our website again, these cookies provide information in order to automatically recognize you. The information obtained in this way is used to optimize our website technically and economically and to enable you to access our website more easily and securely. When you visit our website, we will inform you about the use of cookies for the aforementioned purposes and how you can object to them or prevent their storage ("opt-out") by means of a reference to our data protection declaration. Our website uses session cookies, persistent cookies and third-party cookies:

    Session cookies:We use so-called cookies to recognize multiple use of an offer by the same user (e.g. if you have logged in to determine your login status). When you visit our site again, these cookies provide information in order to automatically recognize you. The information obtained in this way is used to optimize our offers and to give you easier access to our site. When you close the browser or log out, the session cookies are deleted.

    • Persistent cookies: These are automatically deleted after a specified period, which can differ depending on the cookie. You can delete cookies at any time in the security settings of your browser.

    • Third-party cookies (third-party cookies): You can configure your browser settings according to your wishes and e.g. B. Reject the acceptance of third-party cookies or all cookies. However, we would like to point out at this point that you may then not be able to use all functions of this website. Read more about these cookies in the respective data protection declarations for the third party providers.
  2. The legal basis for this processing is Art. 6 Para. 1 S. lit. b) DS-GVO, if the cookies for contract initiation e.g. are set for orders and otherwise we have a legitimate interest in the effective functionality of the website, so that in this case Art. 6 Para. 1 S. 1 lit. f) GDPR is the legal basis.
  3. Objection and "opt-out":You can generally prevent cookies from being saved on your hard drive by selecting “do not accept cookies” in your browser settings. However, this can restrict the functionality of our offers. You can opt out of the use of cookies from third party providers for advertising purposes via this American website (https://optout.aboutads.info) Or this European website (http://www.youronlinechoices.com/de/praferenzmanagement/) contradict.

 
Contact via contact form / e-mail / fax / post

 

  1. When you contact us via the contact form, fax, post or email, your details will be processed for the purpose of processing the contact request.
  2. If you have given your consent, the legal basis for processing the data is Art. 6 Para. 1 S. 1 lit. a) GDPR. The legal basis for the processing of data transmitted in the course of a contact request or email, letter or fax is Art. 6 Para. 1 S. 1 lit. f) GDPR. The person responsible has a legitimate interest in the processing and storage of the data in order to be able to answer user inquiries, to preserve evidence for reasons of liability and, if necessary, to be able to comply with his statutory retention requirements for business letters. If the contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 S. 1 lit. b) GDPR.
  3. We can save your information and contact requests in our customer relationship management system ("CRM system") or a comparable system.
  4. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified. We store inquiries from users who have an account or contract with us for up to two years after the end of the contract. In the case of legal archiving obligations, the deletion takes place after their expiry: End of commercial law (6 years) and tax law (10 years) retention obligation.
  5. You have the option at any time to withdraw your consent in accordance with Art. 6 Para. 1 S. 1 lit. a) To revoke the GDPR for the processing of personal data. If you contact us by e-mail, you can object to the storage of personal data at any time.

 
Google Maps

 

  1. We have integrated maps from “Google Maps” (Google Ireland Limited, Register No .: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) on our website. This enables us to display the location of addresses and directions directly on our website in interactive maps and enable you to use this tool.
  2. When you visit our website, where Google Maps is integrated, a connection to the Google servers in the USA is established. Your IP and location can be transmitted to Google. In addition, Google receives the information that you have accessed the corresponding page. This is also done without a Google user account. If you are logged into your Google account, Google can assign the above data to your account. If you do not want this, you have to log out of your Google account. Google creates user profiles from such data and uses this data for the purpose of advertising, market research or optimizing its websites.
  3. The legal basis for this is our legitimate interest in data processing according to Art. 6 Paragraph 1 S.1 lit. f) GDPR.
  4. You have the right to object to the creation of user profiles by Google. Please contact Google directly using the data protection declaration below. You can make an opt-out objection to the advertising cookies here in your Google account:
    https://adssettings.google.com/authenticated.
  5. In the Google Maps Terms of Use under https://www.google.com/intl/de_de/help/terms_maps.htmland in Google's privacy policy for advertising at https://policies.google.com/technologies/ads you will find further information on the use of Google cookies and their advertising technologies, storage duration, anonymization, location data, functionality and your rights. General data protection declaration from Google: https://policies.google.com/privacy.
  6. Google is certified according to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) and therefore obliged to comply with European data protection law.

 
Presence on social media

 

  1. We maintain profiles or fan pages in social media in order to communicate with the users connected and registered there and to provide information about our products, offers and services. The US providers are certified according to the so-called Privacy Shield and are therefore obliged to comply with European data protection. When you use and call up our profile in the respective network, the respective data protection information and terms of use of the respective network apply.
  2. We process the data you send to us via these networks in order to communicate with you and to answer your messages there.
  3. The legal basis for the processing of personal data is our legitimate interest in communication with users and our external presentation for the purpose of advertising in accordance with Art. 6 Para. 1 S. 1 lit. f) GDPR. Insofar as you have given the person responsible for the social network your consent to the processing of your personal data, the legal basis is Art. 6 Para. 1 S. 1 lit. a) and Art. 7 GDPR.
  4. The data protection notices, information options and objection options (opt-out) of the respective networks can be found here:

    Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) Privacy Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

    • Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) - Privacy Policy / Opt-Out: http://instagram.com/about/legal/privacy/.

 


Social media plug-ins

 

  1. We use social media plug-ins from social networks on our website. We use the so-called. "Two-click solution" Sharifffrom c’t or heise.de. When you visit our website no personal data transmitted to the providers of the plug-ins. Next to the logo or the brand of the social network you will find a regulator with which you can activate the plug-in with a click. After activation, the provider of the social network receives the information that you have accessed our website and that your personal data is transmitted to the provider of the plug-in and stored there. These are so-called third-party cookies. With some providers such as Facebook and XING, according to their information, your IP will be anonymized immediately after collection.
  2. The plug-in provider saves the data collected about the user as a usage profile. These are used for advertising, market research and / or the needs-based design of its website. Such an evaluation takes place in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about the user's activities on our website. The user has a right to object to the creation of these user profiles, whereby one must contact the respective plug-in provider to exercise this right.
  3. The legal basis for the use of the plug-ins is our legitimate interest in improving and optimizing our website by increasing our awareness via social networks and the possibility of interacting with you and the users among each other via social networks in accordance with Art. 6 Para. 1 S. 1 lit. f) GDPR.
  4. We have no influence on the data collected and the data processing procedures. We also have no knowledge of the scope of data collection, the purpose of processing and the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.
  5. With regard to the purpose and scope of data collection and processing, we refer to the respective data protection declarations of the social networks. There you will also find information about your rights and setting options for protecting your personal data.

 

Facebook

 

  1. We have plug-ins from the social network Facebook.com (company headquarters in the EU: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) on our website as part of the so-called "two-click solution" "Integrated by Shariff. You can recognize this by the Facebook logo" f "or the addition" Like "," Like "or" Share ".
  2. As soon as you willingly activate the Facebook plug-in, a connection is established from your browser to the Facebook servers. Facebook receives the information, including your IP, that you have accessed our website and transmits this information to Facebook servers in the USA, where this information is stored. If you are logged into your Facebook account, Facebook can assign this information to your account. When using the functions of the plug-in, e.g. If you click on the “Like” button, this information is also transferred from your browser to the Facebook server in the USA and stored there and displayed in your Facebook profile and, if applicable, with your friends.
  3. The purpose and scope of the data collection and its further processing and use of the data by Facebook as well as your related rights and setting options to protect your privacy can be found in Facebook's data protection information: https://www.facebook.com/about/privacy/. Data collection with the "Like" button: https://www.facebook.com/help/186325668085084. You can manage and object to your settings regarding the use of your profile data for advertising purposes on Facebook here: https://www.facebook.com/ads/preferences/.
  4. If you log out of Facebook before visiting our website and delete your cookies, no data about your visit to our website will be assigned to your profile on Facebook when the plug-in is activated.
  5. You can also prevent the loading of the Facebook plug-in using so-called “Facebook Blocker”, which you can install as an add-on for your browser: Facebook Blocker for FirefoxChromeand Opera or 1blocker for Safari, iPad and iPhone.
  6. Facebook has submitted to the Privacy Shield and thus ensures that European data protection law is complied with: https://www.privacyshield.gov/EU-US-Framework.

 

Instagram

 

  1. We have integrated plug-ins from the social network Instagram (Instagram LLC., 1601 Willow Road, Menlo Park, CA, 94025, USA) on our website as part of Shariff's so-called "two-click solution". You can recognize this by the Instagram logo in the form of a square camera.
  2. If you willingly activate the plug-in, a connection will be established from your browser to the Instagram servers. Instagram receives the information, including your IP address, that you have visited our site and transmits the information to Instagram servers in the USA, where this information is stored. If you are logged into your Instagram account, Instagram can assign this information to your account and you can click the Instagram button and thus share and save the content of our pages on your Instagram account and, if necessary, display it to your friends there. We have no knowledge of the exact content of the transmitted data, their use and storage duration by Instagram.
  3. If you log out of Instagram before visiting our website and delete your cookies, no data about your visit to our website will be assigned to your profile on Instagram when the plug-in is activated.
  4. You can find more information in Instagram's privacy policy at https://help.instagram.com/519522125107875and about the privacy protection settings here: https://help.instagram.com/196883487377501.

 


Data protection for applications and in the application process

 

  1. Applications that are sent electronically or by post to the person responsible are processed electronically or manually for the purpose of handling the application process.
  2. We expressly point out that application documents with "special categories of personal data" according to Art. 9 GDPR (e.g. a photo that provides information about your ethnic origin, religion or your marital status), with the exception of any severe disability that you may have want to disclose free choice are undesirable. You should submit your application without this data. This does not affect your chances of being a candidate.
  3. The legal basis for processing is Article 6, Paragraph 1, Sentence 1, lit. b) GDPR and § 26 BDSG n.F.
  4. If, after completion of the application process, an employment relationship is entered into with the applicant, the applicant data will be stored in compliance with the relevant data protection regulations. If you are not offered a position after completing the application process, your application letter and documents will be deleted 6 months after the rejection has been sent in order to be able to satisfy any claims and obligations to provide evidence under the AGG.

 
Rights of the data subject

 

  1. Objection or revocation against the processing of your data

    Insofar as the processing is based on your consent according to Art. 6 Para. 1 S. 1 lit. a), Art. 7 GDPR, you have the right to withdraw your consent at any time. This does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

    Insofar as we base the processing of your personal data on the balancing of interests pursuant to Art. 6 Para. 1 S. 1 lit. f) GDPR, you can object to the processing. This is the case, in particular, if the processing is not required to fulfill a contract with you, which we will describe in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue processing.

    You can object to the processing of your personal data for advertising and data analysis purposes at any time. You can exercise your right of objection free of charge. You can inform us about your objection to advertising using the following contact details:

    Francesco Giombolini-Red Barrel
    Albrecht-Dürer-Strasse 14
    90403, Nuremberg, Bavaria
    Managing Director Francesco Giombolini
    Email address: hello@redbarrelwines.com
  2. Right to information
    You have the right to request confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have the right to information about your personal data stored by us in accordance with Art. 15 GDPR. This includes, in particular, information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, unless it was collected directly from you.
  3. Right to rectification
    You have the right to correct incorrect data or to complete correct data in accordance with Art. 16 GDPR. 
  4. Right to cancellation
    You have the right to have your data stored by us deleted in accordance with Art. 17 GDPR, unless this is contrary to statutory or contractual retention periods or other statutory obligations or rights to further storage. 
  5. Right to restriction
    You have the right to request a restriction on the processing of your personal data if one of the requirements in Art. 18 Para. 1 lit. a) to d) GDPR is fulfilled:
    If you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to check the accuracy of the personal data;

    • the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;

    • the person responsible no longer needs the personal data for processing purposes, but you need them to assert, exercise or defend legal claims, or

    • if you have lodged an objection to the processing in accordance with Art. 21 Paragraph 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
  6. Right to data portability
    You have the right to data portability in accordance with Art. 20 GDPR, which means that you can receive the personal data we have stored about you in a structured, common and machine-readable format or you can request that it be transmitted to another person responsible. 
  7. Right to complain
    You have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority in particular in the member state of your place of residence, your place of work or the location of the alleged violation.