Privacy

1. Name and contact details of the data controller

The controller within the meaning of the General Data Protection Regulation is:
Reichsrat von Buhl GmbH Winery.
Weinstrasse 18-24
D-67146 Deidesheim
Phone: +49 6326 9650 0
Fax: +49 6326 9650 24
info@von-buhl.de
www.von-buhl.de

2. Privacy Policy

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations, as well as this data protection declaration. This data protection declaration informs you about the type, scope and purpose of the personal data collected and processed by us and states the legal basis for the respective data processing. In addition, we inform data subjects about the rights to which they are entitled.

As a matter of principle, we collect and use personal data of our users only to the extent necessary to provide a functional and operable website, as well as our content and services.

The collection and use of personal data of our users is regularly only carried out with the consent of the user. An exception is made in cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by legal regulations.

3. General Information
a. Definitions

This privacy policy is based on the terminology of the General Data Protection Regulation (DSGVO). In order to ensure easy readability and comprehensibility, the terminology used is explained in advance. For the purposes of the GDPR, "personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
"processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
"restriction of processing" the marking of stored personal data with the aim of limiting their future processing;
"profiling" any type of automated processing of personal data consisting in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location;
"pseudonymization" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data are not attributed to an identified or identifiable natural person;
"controller' means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law;
"processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
"recipient" means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients; the processing of such data by the aforementioned authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing;
"third party" means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or the processor;
"Consent" of the data subject means any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
"Personal data breach" means a breach of security leading to the destruction, loss or alteration, whether accidental or unlawful, or to the unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
"undertaking" means a natural and legal person engaged in an economic activity, regardless of its legal form, including partnerships or associations regularly engaged in an economic activity;
"supervisory authority" means an independent governmental body established by a Member State pursuant to Article 51;
"international organization" means an organization under international law and its subordinate bodies or any other body established by or pursuant to an agreement concluded between two or more countries.

b. Scope of processing of personal data

When visiting our website, we generally only process personal data of our users insofar as the user has previously consented to the processing or if the processing of the data is permitted by legal regulations (e.g. insofar as this is necessary for the provision of a functional website as well as our content and services).

Personal data of you will be processed by us if you register with us via the online registration form by providing the mandatory information there and other voluntary information and if you place orders via online shipping. We would like to point out that we only collect personal data on a case-by-case/purpose basis. Therefore, the following processing reasons are merely a list:

- To provide our products & services,
- to fulfil legal requirements,
- to check creditworthiness in the context of purchase processing for uncertain payment methods,
- for fraud prevention during purchases and/or
- for advertising purposes.

Unless otherwise stated in this privacy policy, the personal data will only be processed for purposes related to the processing of the order, as well as for the administration of search queries via the online mail order business, for the receipt of e-mail notifications from us and in anonymous form for our own statistical analysis. The storage of personal data collected by us takes place temporally until the order is processed and the contract is completely fulfilled (e.g. the purchase contract for your order) and otherwise until you unsubscribe from the newsletter. This data includes, in particular, your name and postal address, your e-mail address, your order data, your IP address, URL as well as data on payment and, if necessary, other information required to process the order.

c. Legal basis for the processing of personal data

Insofar as we process personal data after obtaining the data subject's prior consent, Art. 6 (1) lit. a DSGVO constitutes the legal basis. In the case of processing of personal data that is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures that are carried out at the request of the data subject, Art. 6 (1) lit. b DSGVO serves as the legal basis. Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) lit. c DSGVO serves as the legal basis. Insofar as the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Art. 6 (1) lit. d DSGVO shall provide the legal basis. If the processing of personal data is necessary to protect the legitimate interests of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f DSGVO serves as the legal basis. In the following, we will provide you with the specific legal basis with regard to each individual data processing by us.
Within the framework of the balancing of interests pursuant to Art. 6 (1) lit. a DSGVO for the protection of legitimate interests of Weingut Reichsrat von Buhl GmbH, we process your data, for example, on the basis of existing contracts or requests for needs-based information on further services and products (advertising) according to the following:
- Postal advertising, unless you have objected to this processing.
You can object to this advertising use at any time with effect for the future under the "Consent to receive newsletters" and "Objection to use of data for marketing purposes".
- Advertising by e-mail for our own similar products and services, provided that we have received your e-mail addresses from you in connection with the sale of products and services and you have not objected to this processing. You can object to this promotional use at any time with effect for the future using the contact details provided above under "Consent to receive newsletters" and "Objection to use of data for marketing purposes", which will not incur any further costs apart from the transmission costs of the objection. You will also be clearly informed again each time your e-mail address is used that you can object to this use at any time.
- Telephone advertising in the event of the existence of your presumed consent for this, provided that you have not objected to this processing. You can object to this promotional use at any time with effect for the future using the contact details provided above under "Consent to receive newsletters" and "Objection to use of data for marketing purposes".
- Insofar as you have given us consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent in accordance with Art. 6 (1) a) DSGVO. Consent given can be revoked at any time with effect for the future using the contact details provided above for "Consent to receive newsletters" and "Objection to use of data for marketing purposes". Consent can be given for sending the newsletter to your e-mail address, postal advertising and telephone advertising for other products and services.

d. Disclosure of data to third parties

As a matter of principle, Weingut Reichsrat von Buhl does not pass on any data to third parties without the customer's consent. We will only pass on your personal data to third parties for the purposes stated in this data protection declaration and only if
- you have previously given your express consent to the disclosure in accordance with Art. 6 Para. 1 lit. a DSGVO,
- this is legally permissible and necessary for the processing of contractual relationships with you according to Art. 6 para. 1 lit. b DSGVO,
- there is a legal obligation for the transfer according to Art. 6 para. 1 lit. c DSGVO,
- or the disclosure according to Art. 6 para. 1 lit. f DSGVO is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data.
Weingut Reichsrat von Buhl GmbH works together with service providers for the processing of payments and orders, so that data is passed on for the purpose of processing the order and payment.

e. Duration of processing, deletion or blocking of personal data

The personal data of the data subject shall be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a statutory storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract. In this context, we refer in particular to the 6-year or 10-year retention obligation under commercial law in accordance with § 257 HGB.

4. Data processing when visiting our website
a. Server log files

Whenever our website is visited, the following information is automatically sent to the server of our website by the browser used on the user's terminal device, which is temporarily stored in a so-called server log file until it is automatically deleted:
Used browser type and version and operating system of your end device;
Name of your access provider;
Date and time of access;
Name and URL of the website from which the access is made (so-called referrer URL);
Name and URL of the website that is accessed;
IP address of the requesting end device.
The temporary storage of the aforementioned information takes place for the purpose of transmitting the contents of our website to the end device of the user and to enable their correct display, to be able to optimize the contents of our website as well as the advertising for these as well as to ensure the permanent functionality of our information technology systems and the technology of our website and, in the event of a cyber attack, to provide law enforcement authorities with the information necessary for prosecution and to be able to enforce our own claims. In the aforementioned purposes lies our legitimate interest in data processing. The legal basis for the data processing is Art. 6 para. 1 lit. f DSGVO. A combination of this data with other personal data of the user does not take place. The collection and temporary storage of this data in server log files is absolutely necessary for the operation of our website; the user therefore has no right of objection in this regard.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest.

b. Cookies
We use so-called "cookies" in our online service under the URL www.von-buhl.de, which are stored by the user's browser on his or her terminal device when visiting our website. Cookies are small text files that contain certain information for exchange with our website via your browser and which allows an analysis of the use of the website by the user. This technology allows us to recognize you as a user of the Online Service and to provide you with individualized offers. The use of the Online Service requires that the system you use accepts so-called cookies. These are used to check your login status and to recognize you when you access your user account.

We use so-called "session cookies" to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change (e.g. language settings, shopping cart function, log-in information). The use of "session cookies" is for the purpose of simplifying the use of our website for users. Some functions of our website cannot be offered without the use of cookies, without the browser being recognized even after a page change. The data collected by these cookies are not used to create user profiles.

Important note: You can fully use some of the most interesting features on www.von-buhl.de only by using our cookies. For example, when you add an item to your shopping cart, our server reads the code from the cookie and remembers that the item belongs in your shopping cart. If you visit other websites after your visit to www.von-buhl.de and then return to our site, your shopping cart will still contain your previously selected products. This is only possible through the use of cookies. We therefore recommend that you leave the receipt of cookies switched on.
The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties. The legal basis for the data processing is Art. 6 (1) lit. f DSGVO. The user data collected in this way is pseudonymized by technical precautions; as a result, it is no longer possible to assign the data to the calling user. The data is also not stored together with other personal data of the users.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. The help function in the menu of most web browsers explains how to prevent your browser from accepting new cookies, how to have your browser notify you when you receive a new cookie, or even how to delete all cookies you have already received and block them from all further use.

c. Registration for our newsletter

We offer you the possibility on our website to register for our newsletter. To receive the newsletter, it is sufficient to provide an e-mail address as well as title, first and last name. The e-mail address entered by the user as part of the newsletter registration is transmitted to us and stored as long as you are registered for our newsletter. We use the user's e-mail address data only to send him our newsletter for our own advertising purposes. The processing of the data entered during registration for the newsletter is based on your consent given during the registration process and thus on the basis of Art. 6 para. 1 lit. a DSGVO. The data will not be passed on to third parties.

The data you provide to us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this. You can revoke any consent you have given to data processing as part of your newsletter registration at any time or unsubscribe from our newsletter at any time. To do so, you can either click on the "click here" unsubscribe link at the end of each newsletter or unsubscribe on our website at www.von-buhl.de/newsletter.html. You can also send us your unsubscribe request at any time by e-mail to info@von-buhl.de. After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest. Mandatory legal provisions - in particular retention periods - remain unaffected.

d. Contact forms and e-mails

For questions of any kind, we offer the possibility to contact us via a form provided on the website. If a user takes advantage of the option of our contact form, the data entered in the input mask is transmitted to us. These data are:

1. first name, last name
2. street, house number (optional)
3. postal code, city (voluntary information)
4. e-mail address
5. phone number (optional)
6. message

You can also contact us via the e-mail address given in the imprint. In both cases, the personal data of the user transmitted with the e-mail or with the contact form will be stored and processed by us for the purpose of processing your request and for the case of follow-up questions. The processing of the data in the e-mail or the data entered in the contact form is based on your voluntary consent and thus on the legal basis of Art. 6 para. 1 lit. a DSGVO. The processing is based on our legitimate interest in the effective processing of the requests sent to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this was requested.

The data you send to us via contact requests or e-mail will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

You can revoke your consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out on the basis of the consent until the revocation remains unaffected by the revocation. If the e-mail contact is aimed at the conclusion of a contract, Art. 6 para. 1 lit. b DSGVO additionally represents the legal basis for the processing.

Your personal data will not be passed on to third parties or used for advertising purposes.

e. Registration via our website

On our website, we offer users the opportunity to register and create a user account by providing personal data (title, surname, first name, e-mail address, address, telephone number) in order to use additional functions on our site or to register for online shopping via our online store. The profile data, which the customer enters himself, includes:

- Your salutation
- Your first and last name
- your date of birth (optional)
- Your contact details
- Your billing address
- Your delivery address
- company name and contact person (optional)

The customer then names a password of his own choice. The e-mail address and the password later form the login data. The profile data may also include further information about you and your interests. These may already be collected as part of the registration for the service or may only be added later. This is the case, for example, if you later add voluntary information to your profile or you want to use your customer account to register for a service that requires additional mandatory information.

The data entered by the user during registration, including the date and time of registration and the user's IP address, are transmitted to us and stored. We use this data only for the purpose of using the particular offer or service for which you have registered. The processing of the data entered during registration is based on your consent given during the registration process and thus on the basis of Art. 6 (1) lit. a DSGVO. You can revoke any consent you have given at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out on the basis of the consent until the revocation remains unaffected by the revocation. Your IP address is stored to prevent misuse and to ensure the security of our information technology systems. This represents our legitimate interest. The legal basis for the storage of your IP address is Art. 6 para. 1 lit. f DSGVO. If the registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, Art. 6 para. 1 lit. b DSGVO serves as an additional legal basis for the processing of the data.

The customer is free to change his data in the customer account or delete his profile at any time. In this case, write us an e-mail with your wish to delete your user account. The data stored by you for the purpose of online store use will be stored until your request to delete your user account with us or in our web store and deleted by us in the web store after the cancellation of the user account by e-mail by you. Data that has been stored by us for other purposes remains unaffected by this.

f) Use of our online store

If you place an order in our online store, the data you provide, such as address data or contact data, will be processed by us for the purpose of fulfilling the contract. Likewise, the products or services ordered by you will be processed as well as data for payment processing. This data will be passed on to service providers, such as logistics companies or payment processors, if necessary for the execution of the contract. Please refer to point 5.

Data processing for the purpose of contract performance is carried out in accordance with Art. 6 para. 1 S 1 lit. b DSGVO for the purpose of processing a contractual relationship that exists with you. The personal data collected by us for the order and transmitted by you will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Mandatory legal provisions - in particular legal retention periods - remain unaffected.

g) Links to other websites

Unless otherwise stated, all links are to be regarded as external links to third-party content. Weingut Reichsrat von Buhl GmbH accepts no liability for external links to other websites. We have no influence on the design and content of other external websites, which are beyond our control. We can therefore not control how the providers of linked websites handle your data, so this privacy policy and the liability of Weingut Reichsrat von Buhl GmbH do not extend to the offers of third parties.

Social media links to Facebook and Instagram:
We only use links (no plugins) to the social networks Facebook as well as Instagram stored on our website. Thus, no personal data from you will be disclosed. Facebook and Instagram are operated by Facebook Ireland Ltd, 4 GRAND CANAL SQUARE, GRAND CANAL, HARBOUR,D2 Dublin, IRELAND ("Facebook").

For settings options to protect your privacy, please refer to the privacy notices of the providers:
Facebook's privacy notice can be found here: www.facebook.com/policy.php
The privacy policy of Instagram can be found here: help.instagram.com/155833707900388/

5. transfer of data to payment or shipping service providers

As a matter of principle, Weingut Reichsrat von Buhl GmbH does not pass on any data to third parties without your consent. Weingut Reichsrat von Buhl GmbH cooperates with service providers for the processing of payments and for the processing of shipping orders, so that data is passed on for the purpose of processing the order and payment.

If we pass on your personal data to payment and/or shipping service providers, this is done exclusively on the basis of your prior consent pursuant to Art. 6 (1) a DSGVO or to fulfill a contract with you pursuant to Art. 6 (1) b DSGVO or to protect our legitimate interest in the economic and effective operation of our company pursuant to Art. 6 (1) f DSGVO.

In addition, data is sent to our external auditing and tax consultancy for accounting and recording purposes, as well as for the support/maintenance of EDP/IT applications, archiving, document processing, controlling, data screening in accordance with legal requirements, data destruction, auditing services and payment transactions.

1) Payment service provider

We offer as payment options, among others, prepayment, invoice, Sepa direct debit, Visa, Visa Electron, V Pay, Mastercard, Maestro and Giropay. For the payment processing we collect the payment data provided by you, such as:.

- preferred payment method, if applicable
- billing addresses
- IBAN and BIC or account number and bank code as well as account holder
- if applicable, creditworthiness data
- In case of payment by credit card: Your card number, card sequence number, verification number, card type (e.g. VISA) and card expiry date and verification number as well as the name of the cardholder.
- The transmission of the data is intended in particular for identity verification, payment administration and fraud prevention as well as credit assessment.

When using the payment methods credit card or direct debit or - if offered - purchase on account, we reserve the right to perform a credit check. If such a check should be carried out, your payment data will be transmitted to credit agencies for the purpose of establishing your identity and your ability to pay and thus to protect our legitimate interests within the meaning of Art. 6 (1) lit. f DSGVO.

2) Shipping service provider

For the shipment of orders, we work with various shipping service providers. These include: DHL, Deutsche Post, DHL Express, UPS and various transport companies such as freight forwarders. For the shipping process we collect the personal data provided by you, such as:

- Name, first name
- Delivery address (street, house number, postal code, city or packing station)
- telephone number (if applicable)
- Company name (optional)
- Contact person (optional)
- if applicable, delivery or opening hours
- if applicable, delivery date

With other companies that process our data on our behalf, we conclude in each case in accordance with Art. 28 DSGVO commissioned data processing agreements, by which these third parties undertake to comply with the data protection regulations towards us.

6. rights of the data subject

If personal data of yours is processed, you are a data subject within the meaning of the DSGVO and you are entitled to the following rights:

a. Right to information and confirmation

Any person affected by the processing of personal data has, pursuant to Art. 15 DSGVO the right to obtain from the controller, free of charge, information about the personal data stored about him or her and a copy of that information about the following: the purposes of processing; the categories of personal data processed; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations; if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration; the existence of a right to rectification or erasure of the personal data concerning them or to restriction of processing by the controller or a right to object to such processing; the existence of a right of appeal to a supervisory authority;
If the personal data are not collected from the data subject: Any available information about the origin of the data; the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
Furthermore, the data subject shall have the right to obtain information as to whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject shall also have the right to obtain information on the appropriate safeguards in connection with the transfer. In addition, any person concerned by the processing of personal data has the right to obtain confirmation from the controller as to whether personal data concerning him or her are being processed.

b. Right to rectification
Pursuant to Article 16 of the GDPR, every data subject has the right to obtain from the controller the rectification without delay of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

c. Right to restriction of processing

Pursuant to Article 18 of the GDPR, every data subject has the right to obtain from the controller the restriction of processing if one of the following conditions is met:
the accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data,
the processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data,
the controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the establishment, exercise or defense of legal claims, or
the data subject has objected to the processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

d. Right to erasure

Pursuant to Art. 17, every data subject has the right to obtain from the controller the erasure without delay of personal data concerning him or her, where one of the following grounds applies and insofar as the processing is not necessary:
The personal data were collected or otherwise processed for such purposes for which they are no longer necessary;
The data subject revokes his or her consent on which the processing was based pursuant to Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO and there is no other legal basis for the processing.
The data subject objects to the processing pursuant to Article 21(1) DS-GVO and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) DS-GVO.
The personal data have been processed unlawfully.
The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
The personal data was collected in relation to information society services offered pursuant to Article 8 (1) DS-GVO.
If the personal data have been made public by us and our company as a controller is obliged to erase the personal data pursuant to Article 17 (1) of the DS-GVO, we shall implement reasonable measures, including technical measures, taking into account the available technology and the cost of implementation, to inform other data controllers which process the published personal data, that the data subject has requested from those other data controllers the erasure of all links to the personal data or copies or replications of the personal data.

The right to erasure and our obligation to inform other data controllers of the data subject's request for erasure does not exist insofar as the processing is necessary for:
for the exercise of the right to freedom of expression and information;
for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the field of public health pursuant to Article 9(2)(h) and (i) and Article 9(3); for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1), where the right referred to in paragraph 1 is likely to make impossible or seriously prejudice the achievement of the purposes of such processing, or for the establishment, exercise or defense of legal claims.

e. Right to data portability

Pursuant to Article 20 of the GDPR, every person affected by the processing of personal data has the right to receive the personal data concerning him or her, which have been provided by the data subject to a controller, in a structured, commonly used and machine-readable format, and he or she has the right to transmit this data to another controller without hindrance from the controller to whom the personal data have been provided, provided that
the processing is based on consent pursuant to Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO or on a contract pursuant to Art. 6(1)(b) DS-GVO and
the processing is carried out with the help of automated procedures.
This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, when exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject has the right to obtain that the personal data be transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.

f. Right to object

Pursuant to Article 21 DSGVO, any person affected by the processing of personal data has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions. We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims. If we process personal data for the purposes of direct marketing, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing; this also applies to profiling where it is related to such direct marketing.
If the data subject objects to us to the processing for direct marketing purposes, we will no longer process the personal data for these purposes. In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her which is carried out by us for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the DS-GVO, unless such processing is necessary for the performance of a task carried out in the public interest. If you wish to exercise your right to object, it is sufficient to send an e-mail to our e-mail address specified in section 2 of this privacy policy.

g. Right to revoke consent granted under data protection law.
Many data processing operations are only possible with your explicit consent. Every person affected by the processing of personal data has the right to revoke consent to the processing of personal data at any time in accordance with Art. 7(3) DSGVO. If you wish to exercise your right of revocation, an e-mail to info(at)von-buhl.de will suffice. The legality of the data processing operations carried out on the basis of the consent until the revocation remains unaffected by the revocation.

h. Right of appeal to the competent supervisory authority

In the event of violations of data protection law, the data subject has a right of appeal to the competent supervisory authority in accordance with Article 77 DSGVO. The competent supervisory authority in matters of data protection law is the state data protection commissioner of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

7. data security

As the data controller, we implement numerous technical and organizational security measures on our website to ensure the most complete protection possible for the personal data processed via our website and thus to protect your data from accidental or intentional manipulation, misuse, partial or complete loss or destruction, or against unauthorized third-party access. Thus, all information relevant to data protection is stored in a secure operating environment or database that is not accessible to the public. For security reasons and to protect the transmission of confidential content, our website uses SSL (Secure Socket Layer) or TLS (Transport Layer Security) encryption. This means that communication between your computer and our servers takes place using a recognized encryption method. You can recognize an encrypted transmission of content on our website by the "padlock" symbol in front of our domain in the address bar of your browser. However, we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.


Deidesheim, 01.06.2020
Winery Reichsrat von Buhl GmbH