Henkell

DATA PRIVACY AND SECURITY DECLARATION

Henkell & Co. Sektkellerei KG and its associated platform henkell.com (hereafter “we”) respect your privacy and personality rights. We take the protection of your personal data such as your name, date of birth, address, e-mail address or telephone number very seriously.
This Data Protection Statement explains the collection, processing and utilisation (hereafter collectively referred to as “processing”) of your personal data if and when these are gathered during the use of our website. In addition, all persons subject to data processing are advised of the rights to which they are entitled.

We handle these data in strictest compliance with applicable statutory data protection regulations and the following principles.
We have implemented numerous technical and organizational measures to ensure the comprehensive protection of the personal data processed via our website.

1. CONTROLLER

The Controller of the data processing described in this Data Protection Statement is the following body:

Henkell & Co. Sektkellerei KG
Biebricher Allee 142
65187 Wiesbaden

Postal address
Postfach 3040
65020 Wiesbaden, Germany
E-Mail: info@henkell-sektkellerei.de

2. DEFINITIONS

The Data Protection Statement contains the following definitions of the EU General Data Protection Regulation 2016/679 (“GDPR“)

a. Personal Data
Personal Data are any information that refer to an identified or identifiable natural person (hereafter “you “). A natural person is considered identifiable when he or she can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, psychic, economic, cultural or social identity of that natural person.

b. Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

c. Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, as long as such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

d. Controller
Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. When the purpose and means of such processing are determined by EU or member state law, the controller or the specific criteria for its nomination may be provided for by EU or member state law.

e. Data Processor
Data Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

f. Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject, in the form of a statement or clear affirmative action, by which the person concerned signifies agreement to the processing of personal data relating to him or her.

g. Supervisory Authority
A supervisory authority is an independent public agency set up by a member state pursuant to Art. 51 GDPR.

3. DATA PROCESSING AND CONSENT

In all the following data processing cases, we observe the principles of data prevention and data economy. This means that we process as few data as possible.

a. We process your personal data if and when this is required to substantiate, perform or terminate a contractual or quasi-contractual relationship. The legal basis for the processing of personal data in connection with a contractual or quasi-contractual relationship is Art. 6 Subsec. 1 Clause 1 b GDPR. This also applies to processing required for the completion of pre-contractual measures. The personal data are deleted on termination of the contractual or quasi-contractual relationship taking the statutory archiving period into account.

As part of the contractual relationship, there may be a transmission of personal data to a third party which uses these data exclusively for the purpose of contract performance.

This applies in particular for postal delivery services for the delivery of goods and to payment providers for the performance of payment obligations.

b. In all other respects, we process your personal data if and when you have granted us your consent to do so whereby your data will be used only for the stated purpose and scope, e.g. we will inform you of our products and services only with your consent. The legal basis for data processing on the basis of your consent is Art. 6 Subsec. 1 Clause 1 a GDPR whereby you are entitled to a right of revocation in the future. You may submit your revocation by regular mail or e-mail to the Controller at the contact address stated in Item 1. The legality of data processing up to the time of asserting your rights remains unaffected by the objection. The personal data will be deleted after fulfilling the purpose for which consent was granted, taking the statutory archiving period into due account. As part of the consent, there may be a transmission of your personal data to a third party which uses these data exclusively for the purpose for which the consent was granted.

c. Besides, your personal data will be processed anonymously. If the processing is required to safeguard the legitimate interest of ours or of a third party and if the interests, basic rights and basic liberties of the data subject do not prevail over the interests of the former, Art. 6 Subsec. 1 Clause 1 f GDPR serves as the legal basis whereby there is the possibility in principle to object to the data processing in the future. You may submit your objection by regular mail or e-mail to the Controller at the contact address stated in Item 1. The legality of data processing up to the time of asserting your rights remains unaffected by the objection. The personal data will be deleted after meeting the legitimate interest or objection taking the statutory archiving period into due account. As part of the legitimate interest, there may be a transmission of your personal data to a third party which uses these data exclusively for the purpose of meeting the legitimate interest.

4. REGISTRATION, APPLICATION AND ENTRY INTO CONTACT

Our website may provide for a registration or application (e.g. for the newsletter) by quoting personal data. Which personal data are transmitted to the Controller at such a time is shown in the respective registration mask. The data entered by you will be used exclusively for the purposes in connection with registration. When you contact us by e-mail, via a contact form or by a comparable method (e.g. enquiries about our products or services), the personal data transmitted by you will also be processed. However, this type of data processing is limited to the processing of enquiries or to enter into contact with you.

During registration and application, your IP address at the time of registration, application or entry into contact as well as the date and time of access will be processed. This data processing is necessary to prevent the abuse of our services so that offences committed by means of these data can be investigated This represents a legitimate interest in the data processing. The legal basis for this type of processing if consent was granted is Art. 6 Subsec. 1 Clause 1 a GDPR whereby in this case you are entitled to a right of revocation in the future. You may submit the revocation by regular mail or e-mail to the Controller at the contact address stated in Item 1. The legality of data processing up to the assertion of your rights remains unaffected. As part of contractual or quasi-contractual relationships, the legal basis rests on Art. 6 Subsec. 1 Clause 1 b GDPR. This applies e.g. to an entry into contact which aims at the conclusion of a contract.

Otherwise, the legal basis rests on Art 6 Subsec. 1 Clause 1 f GDPR. The legitimate interest results from the above-mentioned legitimate reasons. There is the possibility of raising an objection against this data processing in the future. You may submit the objection by regular mail or e-mail to the Controller at the contact address stated in Item 1. The legality of data processing up to the assertion of your rights remains unaffected. The personal data are deleted after a revocation or when the legitimate interest is met or after an objection taking the statutory retention period into account. When entering into contact, your data are deleted as soon as the respective enquiry was dealt with or if you object to data processing whereby in the latter case the correspondence with you will be terminated.

5. AUTOMATICALLY GENERATED DATA

With every visit of our website, data from your terminal device are automatically pro-cessed into log files which may also include personal data. This applies to the following data:

• The operating system of your terminal device
• The type of browser you use
• Name of your provider
• Your IP address
• Date and time of your visit
• Websites visited including possible search items
• Websites which referred you to our website

We do not process these data together with other personal data from you, i.e. we do not allocate the above data to your person.

The legal basis for the processing of automatically generated data is Art. 6 Subsec. 1 Clause 1 f GDPR. This processing is required to ensure the functional integrity of the website and to optimise and properly display the contents of our website, and to supply the necessary information needed by investigators in the case of a cyber attack. This is another part of legitimate interest in the data processing. The automatically generated data are deleted when they are no longer needed for the above purposes, i.e. when the respective website visit has ended. Your IP ad-dress if processed will be deleted latest in 30 days. The processing of the above data for the supply of the website and the possible storage in log files is imperative for the operation of the website. Consequently, no objection is possible.

6. HOSTING

The hosting services employed by our webpages serve to supply the following services: Platform and infrastructural services, processing capacity, storage location and database services, security services, technical maintenance services used by us to supply our webpages. For this purpose we or our hosting provider offer the following data: Meta or communication data, inventory data, contact data, contents data, contract data, access data, prospects and visitors on the basis of our legitimate interest in an efficient and secure display of this website as per Art. 6 Subsec. 1 lit. f GDPR in connection with Art. 28 GDPR (Conclusion of Data Processing Agreement).

7. COOKIES

The following describes the various kinds of cookies and comparable technologies used on our website.

a. Description and Scope of Data Processing
Our website uses cookies. These are text files which are created and stored in your browser during the first visit of our website. On your next access of the website using the same terminal device, the user data stored in it will either be returned to the same webpage that created them (First Party Cookie) or to another webpage to which it belongs (Third Party Cookie). The website thus recognizes on later visits by the user if and that it has already been accessed once before by that browser. This allows the website to better meet the requirements of the user on subsequent visits. In particular website use can be statistically analysed and the representation of displayed contents varied. The term “cookies” is hereafter used for all technologies by which user data are locally stored and possibly transferred to us or a third-party provider during your visit to our website.

b. Cookie Categories
Cookies have different storage periods. Our website uses both "permanent cookies" and "session cookies”.

a. Session cookies are stored only during your actual visit to our website and serve to provide for the unrestricted use of our services and the most comfortable use of our website at the occasion of the current visit. When session cookies are disabled, it cannot be guaranteed that all our services can be used without restriction.

b. Permanent cookies remain stored temporarily (temporary cookies) also after your visit to our website and serve to provide you with the most comfortable use of our services and the most comfortable use of our website also beyond your current visit and are used by us for this purpose. A deactivation of these cookies does not as a rule have any effect on the usability of our website. Depending on their function and intended use, cookies can be subdivided into the following categories:

aa. Necessary Cookies (Type 1)
These cookies are mandatory to ensure that our website and its functions work properly. They allow improving comfort and performance of websites and make available various functions. This allows e.g. to store data already entered (as e.g. user names, age, language selection or your physical location) to save you from having to enter these data once again.

bb. Functional Cookies (Type 2)
These Cookies serve to provide information on your use of our website. They make it possible e.g. to identify especially popular areas of our online offer which in turn enables us to adapt the contents of our website to reflect your needs. More detailed information on these cookies and their individual deletion can be found under lit. e).

cc. Marketing and Third-Party Cookies (Type 3)
These cookies are used to display advertisements that are more relevant to the user and more in line with his or her interests. This information may be shared with third parties such as advertisers, e.g. Cookies to improve the approach to the target audience and advertising are often linked with webpage functions of third parties. For more information on marketing cookies and their individual deletion, see lit. e.
Our webpage may also include contents of third-party providers such as Facebook services or YouTube videos. These third parties may deposit cookies while you are viewing our website and in this way receive information on your website use. These cookies are primarily used to integrate social media contents and social plug-ins on our page. Further information on the above can be found in Item 8 and on the website of the third-party provider.

c. Legal Bases and Other Information
The cookies process exclusively anonymized and pseudonymized data (data processing). The supply of these data is neither legally nor contractually prescribed, nor required for contract conclusion. If personal data in the form of pseudonymized data are processed, the legal basis for this is the consent granted by you on accessing our website (Art. 6 Subsec. 1 Clause 1 a GDPR) or our legitimate interest or that of the third-party provider in direct mail (Art. 6 Subsec. 1 Clause 1 f GDPR).

d. Deletion of Cookies
You can visit our website also without any cookies. The storage of new cookies and the deletion of cookies already deposited can be achieved with the following measures: In the event of data processing on the basis of legitimate interest (Art. 6 Subsec. 1 Clause 1 GDPR), an objection to all or only to selected cookies can be declared by activating Accept No Cookies in your browser settings. However, it is possible that some website functions can then no longer be used to the full extent if some or all cookies for a website are disabled. For information on the automated deletion of Cookies, please see the operating instructions of your browser or manufacturer of your terminal device.

Additional information on functional cookies and marketing cookies (Type 2 & Type 3) and on their individual deletion vis-a-vis specific third parties is given below.

e. Special Cookies
Our website uses various performance and marketing cookies introduced in greater detail below.

Google: To improve comfort and quality of our service, this website uses the following website services of Googler Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google receives and processes the data generated on our website through the use of the appropriate cookies.

(a) Google Analytics: Google Analytics uses temporary cookies which allow analysing your website use. The stored data on our website including your IP address (“access data”) are as a rule transferred to a Google server in the USA and stored there. We point out that on our webpages, Google Analytics is enhanced by the code „gat._anonymizeIp();;“ to ensure the anonymised logging of IP addresses (so-called IP masking). Through the activation of IP anonymization on our website, the IP-address is truncated by Google within the member states of the European Union or in other member states of the Treaty on the European Economic Area. Only in excep-tions is the complete IP address transferred to a Google server in the USA and truncated there.

Google will use the said data on our instructions to analyse your use of our website, to compile reports on website activities for us and to provide further services connected to the use of the website and of the Internet. These data are transferred by Google to a third party only when required by law or as part of data processing. You can prevent the storage of cookies by a corresponding setting of your browser. We point out, however, that in this case you may not be able to use all functions of our website to the full extent. In addition, you may prevent the logging of cookie-generated data on your use of the website (including your IP address) to Google and the processing of these data by Google by downloading and installing the browser plug-in available at the following link
More details on Google Analytics can be found at this link: http://tools.google.com/dlpage/gaoptout?hl=en

Deactivate Google Analytics

(b) Google DoubleClick: In addition to Google Analytics (see above), the Analytics advertising function DoubleClick is activated on this website which allows access to further data by way of temporary cookies that go beyond the standard implementation of Google Analytics. For this purpose, in additional to Google Analytics cookies, our website also uses cookies from Google third-party providers. DoubleClick serves to present our ads or those of a third-party provider liable to be of interest to you. When doing so, a pseudonymous identification number (ID) is allocated to verify which ads were faded into your browser and which ads were clicked on. The use of DoubleClick cookies allows showing advertisements based on previous visits to our and other websites. The information generated by the cookies is transferred by Google to a server in the USA and stored there. You can prevent the storage of cookies by a corresponding setting of your browser. We point out, however, that in this case you may not be able to use all functions of our website to the full extent.
In addition, you may prevent the logging of cookie-generated data referring to your use of the website (including your IP address) to Google and the processing of these data by Google by downloading and installing the browser plug-in available at the following link
from menu item DoubleClick- Deactivation Extension. Alternatively, you can disable Doubleclick cookies on the page of Digital Advertising Alliance at the following link.

The notes on the preceding section “Google Analytics“ also apply to the Analytics advertising functions. More detailed information on DoubleClick can be found under the following link: https://policies.google.com/technologies/ads?hl=en

(c) Google AdWords: This website uses Google AdWords, an Analyser service of Google Inc., and conversion tracking as part of Google AdWords. For Google AdWords, a temporary Cookie for conversion tracking (a so-called “conversion cookie“) is deposited on youth terminal device when you click on an advertisement provided by Google. These cookies lose their validity after 30 days and are not used for identifying a user. If you visit certain parts of our website, we and Google can recognize that you clicked on this ad and were routed to this page. The information obtained with the help of the conversion cookies serves to prepare statistics for AdWords customers who use conversion tracking. These statistics tell us the total number of users who have clicked on an ad provided by Google and were routed to a webpage with a conversion tracking tag. Next to conversion tracking, the remarketing or “similar target group” function is also used.

Using a temporary cookie, the re-marketing function allows reaching users who have already visited our website. In this way we can present our advertisements to users who have already shown interest in our products and services, also on other websites of the Display Network (see below). Using the context-referenced search engine, AdWords also determines, based on the user conduct on websites in the advertising network of Google (“Display-Network“) in the last 30 days which common interests and characteristics users of our website share. On the basis of this information, AdWords finds new potential customers for marketing purposes whose interests and characteristics are similar to those of our website users. The target group-specific remarketing is made by combining the use of cookies as e.g. Google Analytics cookies und Google DoubleClick-Cookies, in the browsers of website surfers.

If you do not wish to take part in tracking, you can prevent the installation of cookies through a corresponding setting of your browser software (deactivation option). Alternatively, you can follow the link below and install the plug-in provided there: https://support.google.com/ads/answer/7395996?hl=en.
Moreover, you can deactivate the use of cookies by third-party providers by going to the deactivation page of the Network Advertising Initiative at http://www.networkadvertising.org/choices/ and implementing the opt-out provided there. Apart from this, the information provided above regarding "Google Analytics" also applies to Google Adwords.

Further information on Google AdWords is provided at this link: https://policies.google.com/technologies/ads?hl=en

8. RIGHT TO REVOCATION AND OBJECTION

a. Right to Revocation of Data Processing Consent
You have the right to revoke your consent for the processing of personal data at any time. The legality of data processing up to the time of the revocation remains unaffected by the revocation.

b. Right to Objection
You have the right to lodge an objection at any time against the processing of your personal data pursuant to Art. 6 Subsec. 1 Clause 1 lit. e or f GDPR (Art. 21 Subsec. 1 GDPR). The legality of data processing up to the time of the objection remains unaffected by the objection. In the case of an objection, we no longer process the personal data except if we can demonstrate cogent protection-worthy reasons for the processing which prevail over your interests, rights and liberties, or if processing serves the assertion, exercise and defence of a legal claim.

If your personal data are used for direct mail, you have a right of objection against this practice at any time (Art. 21 Subsec. 2 GDPR). In the case of an objection, we no longer process the personal data. The legality of data processing up to the time of the objection remains unaffected by the objection.

You may forward your revocation and objection at any time by regular mail or e-mail to the Controller at the contact address stated in Item 1 above.

9. MISCELLANEOUS RIGHTS

a. Right to Confirmation
You have the right to demand from us a confirmation whether your personal data are being processed by us.

b. Right to Information
You have the right to demand from us at any time and free of charge information on your personal data and receive a copy of this information. You furthermore have the right to demand information whether your personal data were transferred to a non-member state or to an international organisation. If this is the case, you are also entitled to receive information on suitable guarantees in connection with the transfer.

c. Right to Correction
You have the right to demand the prompt correction of incorrect personal data on your person. You furthermore have the right to demand the completion also by way of a supplementary declaration, taking the processing purpose into due account.

d. Right to Erasure (Right to Be Forgotten)
The GDPR provides for a right of erasure. Accordingly, you may demand from us that personal data concerning you are promptly deleted if any of the following reasons applies and provided that processing is not required:

• The personal data were collected for purposes or processed in other ways for which they are no longer required.
• You revoke your consent on which processing was based pursuant to Art. 6 Subsec. 1 a GDPR or Art. 9 Subsec. 2 a GDPR, and there is no other legal basis for the processing.
• You lodge an objection to the processing in the sense of Art. 21 Subsec. 1 GDPR and there are no cogent or prioritary reasons for the processing.
• You lodge an objection to the processing in the sense of Art. 21 Subsec. 2 GDPR.
• The personal data were unlawfully processed.
• The erasure of the personal data is required for the performance of a legal obligation under EU law or the laws of a member state.
• The personal data were collected for services offered in an information society as per Art. 8 Subsec. 1 GDPR.

e. Right to Processing Restriction
You have the right to demand a processing restriction if any of the following conditions is fulfilled:

• The veracity of the personal data is disputed by you for a period of time that allows the Controller to verify the veracity of your personal data.
• Processing is unlawful. You refuse the erasure of the personal data and instead demand that access to your personal data is restricted.
• We no longer require the personal data for processing purposes while you still require them to assert, exercise or defend a legal claim.
• You have lodged an objection against the processing as per. Art. 21 Subsec. 1 GDP and it is not yet clear whether legitimate reasons or those of your own will prevail.

f. Right to Data Portability
You have the right to receive the personal data supplied by you in a well-structured, commonly used and machine-readable format. You also have the right to transfer these data to another controller without any interference on our part provided processing rests on consent as per Art. 6 Subsec. 1 Clause 1 a GDPR or on a contract as per Art. 6 Subsec. 1 Clause 1 b GDPR and processing is made with the use of automated processes, furthermore provided that processing was not required for the completion of a task in the public interest or undertaken in exercise of official authority assigned to the Controller. Furthermore, when exercising your right to data portability, you have the right to demand that the personal data are transmitted directly from one controller to another when this is technically feasible and provided the rights and liberties of other persons are not affected thereby.

g. Right of Complaint to a Supervisory Authority
In addition to these rights, you have a right of complaint to the supervisory authority competent for data protection (in Hesse: Hesse State Officer for Data Protection and Freedom of Information, Wiesbaden).

10. THIRD-PARTY ACCESS TO YOUR PERSONAL DATA

Because of our justified interests (art. 6 sub-section 1 lit. f. EU-GDPR), we use content and services provided by third-party providers on our website (referred to as "content" hereinafter). This e.g. comprises the integration of videos, the use of fonts, etc. To make sure that the content is shown correctly, the third-party providers, in part, need to know your IP address since, otherwise, the content cannot be sent to the browser.

Moreover, because of our justified interests (art. 6 sub-section 1 lit. f EU-GDPR), third-party service providers can also use so-called pixel tags for marketing purposes or statistical surveys. This allows information, such as e.g. visitor traffic on the pages of this website, to be analysed. The information recorded can be saved in cookies on the users' device; however, only in an anonymised or pseudonymised form. This, e.g., includes information on the browser and operating system used, referring websites, the time of the visit and further information on the use of our website and, moreover, such information can be combined with anonymised and pseudonymised information from other sources.

a. Youtube:
We integrate videos on our web pages using the “YouTube” platform of provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For the Data Protection Statement of the provider, see: https://www.google.com/policies/privacy/ The Opt-Out can be added by using the link: https://adssettings.google.com/authenticated.

b. Google ReCaptcha:
We use "ReCaptcha" with forms on our website to allow us to identify and exclude bots. ReCaptcha is offered by provider Google LLC, 1600 Am-phitheatre Parkway, Mountain View, CA, USA. For the Data Protection Statement of the provider, see: https://www.google.com/policies/privacy/ The Opt-Out can be added by using the link: https://adssettings.google.com/authenticated.

c. Fonts.com:
For the optimal display we use fonts from Fonts.com. They are offered by Monotype GmbH, Werner-Reimers-Straße 2–4, 61352 Bad Homburg, Germany. For the Data Protection Statement of the provider, see: https://www.monotype.com/de/rechtshinweise/datenschutzrichtlinie/

d. Content Delivery Netzwerke (CDN):
To reduce loading times, and to ensure the smooth presentation of our website and hence a smooth surfing experience, the following program libraries are reloaded by a client (i.e., by your computer). For this purpose, your IP address is pseudonymized and transmitted to the following Content Delivery Networks (CDN) to allow loading the chosen contents:
- cdnjs.com | Cookie Consent

11. NOTES ON DATA TRANSFERS TO NON-MEMBER STATES

In the event that your personal data are transferred to agencies in states outside the EU or EEA, this is done only when the EU Commission has decided that the non-member state in question, or a territory or several specific areas in the non-member state, offer an adequate protection level or that an adequate or suitable data protection guarantee in the sense of Arts. 46, 47 or 49 GDPR is available.

12. CHILDREN

We do not process data of persons below the age of 16. Data found to have been transmitted to us without the consent of the parents or guardian will be erased by us promptly. This presupposes the receipt of relevant hints from parents or guardians.

13. STORAGE DURATION, ERASURE AND PROCESSING RESTRICTIONS / BLOCKING

We process your personal data only for the period required to meet the storage purpose or when the storage is required under applicable statutory data protection regulations. If the storage purpose lapses or when the archiving period prescribed by applicable statutory data protection regulations runs out, the personal data will be routinely erased or access restricted or blocked in line with statutory provisions.

14. OBLIGATORY DATA SUPPLY

The supply of your personal data is partly prescribed by law (e.g. by tax provisions) or results from contractual arrangements (e.g.information on a contract partner). It may also be necessary for the conclusion of a contract that you supply personal data to us which must subsequently be processed by us. The non-supply of personal data would mean that a contract with you could not be concluded. If you are unwilling to submit your personal data in such a case, you may contact the Controller as per Item 1 also by regular mail or e-mail. We will clarify on a case-by-case basis whether the supply of the personal data is legally or contractually required or needed for contarct conclusion, whether there is an obligation to supply the personal data and the possible consequences of a non-supply of the data.

15. UPDATE OF DATA PROTECTION STATEMENT

We maintain the present Data Protection Note at all times up-to-date. Thus it may be necessary to adapt it to actual or legally required changes in framework conditions. These updates are accepted with the use of our website.

16. DATA PROTECTION OFFICER

For questions on the collection, processing or use of your personal data, for information, corrections, blocking or deletion of data, please contact:

E-Mail: datenschutz@henkell-sektkellerei.de

Postal address:
Henkell & Co. Sektkellerei KG
Biebricher Allee 142
65187 Wiesbaden