Responsible body within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:
Peak River Craft Beers GmbH
Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the federal government (Data Protection Act, DSG), everyone has the right to the protection of their privacy and protection against misuse of their personal data. The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
In cooperation with our hosting providers, we strive to protect the databases as well as possible from unauthorized access, loss, misuse or falsification.
We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.
By using this website, you consent to the collection, processing and use of data as described below. In principle, this website can be visited without registration. Data such as pages accessed or the name of the file accessed, date and time are stored on the server for statistical purposes without this data being directly related to your person. Personal data, in particular name, address or email address, are collected on a voluntary basis as far as possible. The data will not be passed on to third parties without your consent.
Processing of Personal Data
Personal data is all information that relates to a specific or identifiable person. Eine betroffene Person ist eine Person, über die Personendaten bearbeitet werden. Processing includes all handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, deletion, storage, modification, destruction and use of personal data.
We process personal data in accordance with Swiss data protection law. In addition, we process – to the extent and insofar as the EU GDPR is applicable – personal data in accordance with the following legal bases in connection with Art. 6 Para. 1 GDPR:
- Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR) – The person concerned has given their consent to the processing of the personal data concerning them for a specific purpose or for several specific purposes.
- Fulfillment of contracts and pre-contractual inquiries (Art. 6 Paragraph 1 Sentence 1 lit. GDPR). Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures that are carried out at the request of the data subject.
- Legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR) – The processing is necessary to fulfill a legal obligation to which the person responsible is subject.
- Protection of vital interests (Art. 6 Para. 1 S. 1 lit. d. GDPR) – Processing is necessary to protect the vital interests of the data subject or another natural person.
- Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR) – Processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which protect personal data Data require, predominate.
- Application procedure as a pre-contractual or contractual relationship (Art. 9 Para. 2 lit.b GDPR) – Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants so that the person responsible or the person concerned can exercise his or her rights arising from labor law and social security and social protection law and his or her related rights Obligations can be fulfilled, their processing takes place in accordance with Art. 9 Para. 2 lit. b. GDPR, in the case of the protection of the vital interests of applicants or other persons in accordance with. Art. 9 para. 2 lit. c. GDPR or for the purposes of health care or occupational medicine, for assessing the employee’s ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector acc. Art. 9 para. 2 lit. h. GDPR. In the case of a communication of special categories of data based on voluntary consent, their processing takes place on the basis of Art. 9 Para. 2 lit. a. GDPR.
We process personal data for the duration that is necessary for the respective purpose or purposes. In the case of longer storage obligations due to legal and other obligations to which we are subject, we limit the processing accordingly.
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.
The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, ensuring availability and their separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to the threat to the data. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and data protection-friendly default settings.
Transmission of Personal Data
As part of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organizational units or persons or they are disclosed to them. The recipients of this data can include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.
Data Processing in Third Countries
Insofar as we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing in the context of the use of third-party services or the disclosure or transfer of data to other persons, offices or companies takes place, this is only done in accordance with the legal requirements.
Subject to express consent or contractually or legally required transmission, we process the data only in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
A distinction is made between the following types of cookies and functions:
- Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.
- Permanent cookies: Permanent cookies are saved even after you close your browser. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. The interests of users who are used to measure reach or for marketing purposes can also be stored in such a cookie.
- First-party cookies:We set first-party cookies ourselves.
- Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
- Necessary (also: essential or absolutely necessary) cookies: Cookies can be absolutely necessary for the operation of a website (e.g. to save logins or other user input or for security reasons).
Storage duration: If we do not provide you with any explicit information on the storage duration of permanent cookies (e.g. as part of a so-called cookie opt-in), please assume that the storage duration can be up to two years.
- Processed data types: usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. device information, IP addresses).
- Affected persons: users (e.g. website visitors, users of online services).
- Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Data Protection Declaration for SSL / TLS Encryption
This website uses SSL / TLS encryption for security reasons and to protect the transmission of confidential content, such as the inquiries that you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line.
If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
If you would like to receive the newsletter offered on this website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected. We use this data exclusively for sending the requested information and do not pass it on to third parties.
You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter.
Data Subject Rights
Right to confirmation
Every data subject has the right to request confirmation from the operator of the website as to whether personal data concerning data subjects are being processed. If you would like to make use of this right of confirmation, you can contact the data protection officer at any time.
Right to information
Any person affected by the processing of personal data has the right to receive free information from the operator of this website about the personal data stored about him and a copy of this information at any time. In addition, the following information can be provided if necessary:
- the purposes of processing
- the categories of personal data that are processed
- the recipients to whom the personal data have been disclosed or are still being disclosed
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
- the existence of a right to correction or deletion of the personal data concerning you or to restriction of processing by the person responsible or a right to object to this processing
- the existence of a right to lodge a complaint with a supervisory authority
- if the personal data are not collected from the data subject: All available information on the origin of the data
Furthermore, the data subject has a right to information as to whether personal data has been transmitted to a third country or to an international organization. If this is the case, the data subject has the right to receive information about the appropriate guarantees in connection with the transmission.
If you would like to make use of this right to information, you can contact our data protection officer at any time.
Right to rectification
Every person affected by the processing of personal data has the right to request the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data – including by means of a supplementary declaration.
If you would like to exercise this right to correction, you can contact our data protection officer at any time.
Right to erasure (right to be forgotten)
Every person affected by the processing of personal data has the right to demand that the person responsible for this website delete the personal data concerning them immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:
- The personal data were collected or otherwise processed for purposes for which they are no longer necessary
- The data subject revokes their consent on which the processing was based and there is no other legal basis for the processing
- The person concerned objects to the processing for reasons that arise from their particular situation and there are no overriding legitimate reasons for the processing, or the person concerned objects to the processing in the case of direct mail and associated profiling
- The personal data was processed unlawfully
- The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject
- The personal data was collected in relation to information society services offered that were made directly to a child
If one of the above reasons applies and you want to have personal data stored by the operator of this website deleted, you can contact our data protection officer at any time. The data protection officer for this website will arrange for the deletion request to be complied with immediately.
Right to restriction of processing
Every person affected by the processing of personal data has the right to request the person responsible for this website to restrict the processing if one of the following conditions is met:
- The correctness of the personal data is contested by the data subject for a period that enables the person responsible to check the correctness of the personal data
- The processing is unlawful, the data subject refuses to delete the personal data and instead requests that the use of the personal data be restricted
- The person responsible no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims
- The data subject has lodged an objection to the processing for reasons that arise from their particular situation and it has not yet been determined whether the legitimate reasons of the person responsible outweigh those of the data subject
If one of the above conditions is met, you can request the restriction of personal data stored by the operator of this website, you can contact our data protection officer at any time. The data protection officer of this website will arrange for the processing to be restricted.
Right to data portability
Every person affected by the processing of personal data has the right to receive the personal data concerning them in a structured, common and machine-readable format. You also have the right to have this data transmitted to another person responsible if the legal requirements are met.
Furthermore, the person concerned has the right to have the personal data transmitted directly from one person in charge to another person in charge, insofar as this is technically feasible and provided that this does not impair the rights and freedoms of other persons.
To assert the right to data portability, you can contact the data protection officer appointed by the operator of this website at any time.
Right of contradiction
Every person affected by the processing of personal data has the right to object to the processing of personal data concerning them at any time for reasons that arise from their particular situation.
The operator of this website will no longer process the personal data in the event of an objection, unless we can prove compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or if the processing requires the assertion, exercise or Serves defense of legal claims.
To exercise the right to object, you can contact the data protection officer for this website directly.
Right to withdraw consent under data protection law
Every person affected by the processing of personal data has the right to withdraw consent given to the processing of personal data at any time.
If you would like to assert your right to withdraw your consent, you can contact our data protection officer at any time.
Data Protection Declaration for Objection to Advertising Mails
We hereby object to the use of the contact data published within the framework of the imprint obligation for sending unsolicited advertising and information materials. We hereby object to the use of the contact data published within the framework of the imprint obligation for sending unsolicited advertising and information materials.
External Payment Service Providers
This website uses external payment service providers, through whose platforms the users and we can carry out payment transactions. For example about
- Visa (https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)
- Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)
- Payrexx AG (https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)
- Apple Pay (https://support.apple.com/de-ch/ht203027)
As part of the fulfillment of contracts, we use the payment service providers on the basis of the Swiss Data Protection Ordinance and, if necessary, Art. 6 Para. 1 lit. b. EU-GDPR. In addition, we use external payment service providers on the basis of our legitimate interests in accordance with. Swiss Data Protection Ordinance and, if necessary, in accordance with. Art. 6 para. 1 lit. f. EU GDPR in order to offer our users effective and secure payment options.
The data processed by the payment service provider includes inventory data, such as the name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract, sums and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. As the operator, we do not receive any information about your (bank) account or credit card, only information to confirm (accept) or reject the payment. The data may be transmitted to credit agencies by the payment service provider. The purpose of this transmission is to check your identity and creditworthiness. For this we refer to the terms and conditions and data protection information of the payment service providers.
The terms and conditions and data protection notices of the respective payment service providers, which can be accessed on the respective website or transaction applications, apply to payment transactions. We also refer to these for the purpose of further information and assertion of rights of revocation, information and other data subjects.
The copyright and all other rights to content, images, photos or other files on the website belong exclusively to the operator of this website or the specifically named rights holders. The written consent of the copyright holder must be obtained in advance for the reproduction of all files.
Whoever commits a copyright infringement without the consent of the respective rights holder can make himself liable to prosecution and possibly liable for damages.
We can adapt this data protection declaration at any time without prior notice. The current version published on our website applies. Insofar as the data protection declaration is part of an agreement with you, we will inform you of the change in the event of an update by e-mail or in another suitable manner.
Questions to the Data Protection Officer
If you have any questions about data protection, please send us an email or contact the person responsible for data protection in our organization listed at the beginning of the data protection declaration.