Privacy Policy

Data Controller:

Brewbrain B.V.

Lulofsstraat 55, Unit 44

2521 AL Den Haag

Email: support@brewbrain.nl

Phone: +31 850 470 852

We appreciate your interest in our website. The protection of your privacy is very important to us. Below we provide detailed information about how we handle your data.

1. Access Data and Hosting

You can visit our website without providing any personal information. Each time a page is accessed, the web server automatically stores a so-called server log file containing, for example, the name of the requested file, your IP address, the date and time of the request, the volume of data transferred, and the requesting provider (access data). These access data are evaluated solely for the purpose of ensuring the smooth operation of the site and improving our offering. This serves our legitimate interests in the correct presentation of our offering pursuant to Art. 6(1)(1)(f) GDPR, which take precedence in the context of a balancing of interests. All access data are deleted no later than one month after the end of your visit. All access data are processed only for as long as necessary to achieve the above-mentioned processing purposes.

 Hosting

The services for hosting and displaying the website are provided in part by our service providers within the scope of processing on our behalf. Unless otherwise described in this Privacy Policy, all access data and all data collected via forms on this website are processed on their servers. If you have questions about our service providers and the basis for our cooperation with them, please use the contact details described in this Privacy Policy.

Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: USA.

The adequacy decision for the USA serves as the basis for third-country transfers, provided the respective service provider is certified. A certification pursuant to the European Commission’s decision is in place.

2. Data Processing for Contract Performance and Contact

 Data Processing for Contract Performance

We collect personal data when you voluntarily provide it to us in the course of placing an order or contacting us (e.g. via contact form or email). Mandatory fields are identified as such, as we require this data for processing the contract or handling your enquiry and you will not be able to complete the order or submit your enquiry without providing it. The data collected can be seen in the respective input forms.
We use the data you provide for contract performance and to process your requests (including requests related to and processing of any existing warranty claims, performance disruptions, rights of withdrawal, and any statutory update obligations) pursuant to Art. 6(1)(1)(b) GDPR. Further information on the processing of your data, in particular on sharing with our service providers for order, payment, and shipping processing, can be found in the following sections of this Privacy Policy. After full completion of the contract, your data will be restricted for further processing and deleted after expiry of any applicable tax and commercial retention periods pursuant to Art. 6(1)(1)(c) GDPR, unless you have expressly consented to further use of your data pursuant to Art. 6(1)(1)(a) GDPR or we have reserved the right to use the data for further purposes permitted by law and disclosed to you in this statement.

 Contact

As part of customer communication, we collect personal data pursuant to Art. 6(1)(1)(b) GDPR when you voluntarily provide it to us when contacting us (e.g. via contact form, live chat tool, or email). Mandatory fields are identified as such, as we require this data in order to process your enquiry. The data collected can be seen in the respective input forms. After your enquiry has been fully processed, your data will be deleted, unless you have expressly consented to further use of your data pursuant to Art. 6(1)(1)(a) GDPR or we have reserved the right to use the data for further purposes permitted by law and disclosed to you in this statement.

3. Data Processing for Shipping

For the purpose of fulfilling the contract pursuant to Art. 6(1)(1)(b) GDPR, we share your data with the shipping service provider commissioned to make the delivery, to the extent necessary for the delivery of the ordered goods. If you have questions about our service providers and the basis for our cooperation with them, please use the contact details described in this Privacy Policy.

 Sharing Data with Shipping Providers for Delivery Notifications

If you have given us your explicit consent during or after your order, we will share your email address and phone number with the selected shipping service provider on that basis pursuant to Art. 6(1)(1)(a) GDPR, so that the provider can contact you before delivery for the purpose of announcing or coordinating delivery.
This consent can be withdrawn at any time by sending a message to the contact address described in this Privacy Policy. After withdrawal, we will delete the data you provided for this purpose, unless you have expressly consented to further use of your data or we have reserved the right to use the data for further purposes permitted by law and disclosed to you in this statement. If you have questions about our service providers and the basis for our cooperation with them, please use the contact details described in this Privacy Policy.

4. Data Processing for Payment

For the processing of payments in our online shop, we work with the following partners: technical service providers, credit institutions, and payment service providers.

4.1 Data Processing for Transaction Handling

Depending on the payment method selected, we share the data necessary for processing the payment transaction with our technical service providers, the commissioned credit institutions, or the selected payment service provider, to the extent necessary for processing the payment. This serves contract performance pursuant to Art. 6(1)(1)(b) GDPR. In some cases, the payment service providers collect the data required for payment processing themselves, e.g. on their own website or through a technical integration in the order process. The privacy policy of the respective payment service provider applies in this respect.

Depending on the payment method selected, data may be transferred to third countries outside the EU/EEA for which the European Commission has issued an adequacy decision. Where data transfers to third countries outside the EU/EEA take place for which no such decision exists, the cooperation is based on the European Commission’s standard contractual clauses.

If you have questions about our payment processing partners or the basis for our cooperation with them, please use the contact details provided in this Privacy Policy.

4.2 Data Processing for Fraud Prevention and Payment Optimisation

Where applicable, we share additional data with the aforementioned service providers, which they use together with the data required for payment processing for the purposes of fraud prevention and optimisation of our payment processes (e.g. invoicing, handling of disputed payments, accounting support). This serves pursuant to Art. 6(1)(1)(f) GDPR our legitimate interests, which take precedence in the context of a balancing of interests, in protecting ourselves against fraud and in efficient payment management.

5. Email Advertising

5.1 Email Newsletter with Sign-Up and Newsletter Tracking

When you sign up for our newsletter, we use the data required for this purpose or separately provided by you to regularly send you our email newsletter based on your consent pursuant to Art. 6(1)(1)(a) GDPR. You can unsubscribe from the newsletter at any time, either by sending a message to the contact address described below or via a link provided in the newsletter. After unsubscribing, we will delete your email address from the recipient list, unless you have expressly consented to further use of your data pursuant to Art. 6(1)(1)(a) GDPR or we have reserved the right to use the data for further purposes permitted by law and disclosed to you in this statement.

We would like to point out that we evaluate your user behaviour when sending the newsletter. To this end, we also analyse your interaction with our newsletter by measuring, storing, and evaluating open rates and click rates for the purpose of designing future newsletter campaigns (“newsletter tracking”).

For these evaluations, the emails sent contain single-pixel technologies (e.g. so-called web beacons, tracking pixels) stored on our website. For the evaluations, we link in particular the following “newsletter data”:

• the page from which the page was requested (so-called referrer URL),
• the date and time of access,
• a description of the type of web browser used,
• the IP address of the requesting computer,
• the email address,
• the date and time of registration and confirmation

and the single-pixel technologies with your email address or IP address and, where applicable, an individual ID. Links contained in the newsletter may also contain this ID.

If you do not want newsletter tracking, you can unsubscribe from the newsletter at any time as described above.

The information is stored for as long as you are subscribed to the newsletter.

5.2 Newsletter Distribution

The newsletter and the newsletter tracking described above may also be sent by our service providers within the scope of processing on our behalf. If you have questions about our service providers and the basis for our cooperation with them, please use the contact details described in this Privacy Policy.

Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: USA, United Kingdom.

The adequacy decision for the USA serves as the basis for third-country transfers, provided the respective service provider is certified. A certification is in place.

Our service providers are located and/or use servers in the following countries: Australia, Singapore. No adequacy decision of the European Commission exists for these countries. Our cooperation with them is based on the following guarantees: Standard Contractual Clauses of the European Commission.

5.3 Sending Review Requests by Email

If you have given us your explicit consent pursuant to Art. 6(1)(1)(a) GDPR during or after your order, we will use your email address to request a review of your order via the review system we use. This consent can be withdrawn at any time by sending a message to the contact address described in this Privacy Policy or via a link provided in the review request. After withdrawal of your consent, we will delete your email address from the recipient list, unless you have expressly consented to further use of your data pursuant to Art. 6(1)(1)(a) GDPR or we have reserved the right to use the data for further purposes permitted by law and disclosed to you in this statement.

The review requests may also be sent by our service provider Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne (“Trusted Shops”).

In the course of sending review requests, we receive information from Trusted Shops on the respective status (e.g. whether the review request was sent and whether it was received). This is done pursuant to Art. 6(1)(1)(f) GDPR to fulfil our legitimate interest in receiving information about the review invitations in order to make optimisations where appropriate, and to fulfil the legitimate interest of Trusted Shops in being able to offer this service.

We are jointly responsible with Trusted Shops for the sending of review requests and for the collection and display of review and status information.

Within the framework of the joint responsibility between us and Trusted Shops, please direct any data protection questions and the exercise of your rights preferably to Trusted Shops, whose contact details you can find here. Further information on data protection can be found at the following link here. Regardless, you can always contact us using the contact details described in this Privacy Policy. Your request will then be forwarded to the other controller for response if necessary.

6. Cookies and Other Technologies

6.1 General Information

To make visiting our website attractive and to enable the use of certain functions, we use technologies including so-called cookies on various pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and allow us to recognise your browser on your next visit (persistent cookies). The storage duration can be found in the overview in the cookie settings of your web browser.

Privacy Protection on Devices

When you use our online offering, we use strictly necessary technologies to provide the digital service you have explicitly requested. The storage of information on your device or access to information already stored on your device does not require consent in this respect.

For non-essential functions, the storage of information on your device or access to information already stored on your device requires your consent. Please note that if consent is not given, some parts of the website may not be fully usable. Any consent you have given remains in effect until you adjust or reset the respective settings on your device.

Any Downstream Data Processing via Cookies and Other Technologies

We use technologies that are strictly necessary for the use of certain functions of our website. These technologies collect and process the IP address, time of visit, device and browser information, and information about your use of our website. This serves our legitimate interests in an optimised presentation of our offering pursuant to Art. 6(1)(1)(f) GDPR, which take precedence in the context of a balancing of interests.

We also use technologies to fulfil the legal obligations to which we are subject (e.g. to be able to demonstrate consent to the processing of your personal data) as well as for web analytics and online marketing. Further information, including the respective legal basis for data processing, can be found in the following sections of this Privacy Policy.

What types of cookies are used?

Cookie Settings

Cookie settings for your browser can be found at the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

To the extent you have consented to the use of technologies pursuant to Art. 6(1)(1)(a) GDPR, you can withdraw your consent at any time by sending a message to the contact address described in this Privacy Policy. Alternatively, you can click the privacy button. If cookies are not accepted, the functionality of our website may be limited.

6.2 Consent Manager Platform (CMP)

On our website, we use a consent management service (“Consent Manager Platform (CMP)”) to inform you about the cookies and other technologies we use on our website and to obtain, manage, and document any required consent to the processing of your personal data by these technologies. This is required pursuant to Art. 6(1)(1)(c) GDPR to fulfil our legal obligation under Art. 7(1) GDPR to be able to demonstrate your consent to the processing of your personal data, to which we are subject. The Consent Manager Platform (CMP) used is a service of Cookiescript – Objectis, UAB, Laisvės str. 60, LT-05120 Vilnius, Lithuania, which processes your data on our behalf.

After you submit your cookie declaration on our website, the web server stores the following data: IP address, device information, browser information, language settings, the page or URL accessed, the date and time of your consent declaration, and information about your consent behaviour.

The following technologies are also used, which contain information about your consent behaviour: Cookies.

Your data will be deleted after one year, unless you have expressly consented to further use of your data pursuant to Art. 6(1)(1)(a) GDPR or we have reserved the right to use the data for further purposes permitted by law and disclosed to you in this statement.

7. Use of Cookies and Other Technologies

On our website, we use the following cookies and other third-party technologies. Unless otherwise stated for the individual technologies, this is done on the basis of your consent pursuant to Art. 6(1)(1)(a) GDPR. After the purpose ceases to apply and our use of the respective technology ends, the data collected in this context will be deleted. You can withdraw your consent at any time with effect for the future. Further information on your withdrawal options can be found in the section “Cookies and Other Technologies”. Further information, including the basis for our cooperation with the individual providers, can be found under the individual technologies. If you have questions about the providers and the basis for our cooperation with them, please use the contact details described in this Privacy Policy.

7.1 Use of Google Services

We use the technologies of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) described below. The information automatically collected by Google technologies about your use of our website is generally transferred to and stored on a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Unless otherwise stated for the individual technologies, data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR concluded for the respective technology. Further information about data processing by Google can be found in Google’s privacy notices.

Our service providers are located and/or use servers in countries outside the EU and EEA for which the European Commission has determined an adequate level of data protection by decision.

Our service providers are located and/or use servers in countries outside the EU and EEA. No adequacy decision of the European Commission exists for these countries. Our cooperation with them is based on the Standard Contractual Clauses of the European Commission.

 Google Analytics

For the purpose of website analysis, data (IP address, time of visit, device and browser information, and information about your use of our website) are automatically collected and stored by Google Analytics, from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. If you visit our website from within the EU, your IP address is stored on a server located in the EU to derive location data and is then immediately deleted before traffic is forwarded to other Google servers for processing. Data processing is based on a data processing agreement with Google.

For web analytics, the Google Analytics extension function Google Signals enables so-called “cross-device tracking”. To the extent your internet-enabled devices are linked to your Google account and you have enabled the “personalised advertising” setting in your Google account, Google can create reports on your usage behaviour (in particular cross-device user numbers) even when you switch devices. We do not process personal data in this regard; we only receive statistics generated based on Google Signals.

If you do not give us consent pursuant to Art. 6(1)(1)(a) GDPR for the use of Google Analytics, no cookies will be stored on or read from your device. The data processing described in the preceding paragraphs does not take place. To close gaps in web analytics through behavioural and conversion modelling, pings containing data (user agent, information about your consent behaviour, screen resolution, IP address) are sent to Google.

 Google Ads

For advertising purposes in Google search results and on third-party websites, the so-called Google Remarketing Cookie is set when you visit our website. It automatically enables interest-based advertising through the collection and processing of data (IP address, time of visit, device and browser information, and information about your use of our website) and by means of a pseudonymous cookie ID based on the pages you have visited. Further data processing only takes place if you have enabled the “personalised advertising” setting in your Google account. In that case, if you are logged into Google while visiting our website, Google uses your data together with Google Analytics data to create and define audience lists for cross-device remarketing.

For website analysis and event tracking, we measure your subsequent usage behaviour via Google Ads Conversion Tracking if you have arrived at our website via a Google Ads advertisement. Cookies may be used for this purpose and data may be collected (IP address, time of visit, device and browser information, and information about your use of our website based on events we have defined, such as visiting a page or signing up for the newsletter), from which usage profiles are created using pseudonyms.

If you do not give us consent pursuant to Art. 6(1)(1)(a) GDPR for the use of Google Ads, no cookies will be stored on or read from your device. The data processing described in the preceding paragraphs does not take place. To close gaps in web analytics through behavioural and conversion modelling, pings containing data (user agent, information about your consent behaviour, screen resolution, IP address, page URL, information about ad clicks in URL parameters) are sent to Google. Your IP address is used to derive the IP country.

 Google Fonts

To ensure a consistent presentation of content on our website, the “Google Fonts” script code collects data (IP address, time of visit, device and browser information), which is transmitted to Google and subsequently processed by Google. We have no influence over this subsequent data processing.

 Google Tag Manager

The Google Tag Manager allows us to manage various codes and services on our website. When implementing individual tags, Google may also process personal data (e.g. IP address, online identifiers including cookies). Data processing is based on a data processing agreement with Google.

The use of Google Tag Manager enables the integration of various services and technologies.
If you have deactivated the use of individual tracking services, the deactivation will remain in effect for all affected tracking tags integrated via Google Tag Manager.

 YouTube Video Plugin

To embed third-party content, the YouTube Video Plugin in the enhanced data protection mode we use collects data (IP address, time of visit, device and browser information), which is transmitted to Google and subsequently processed by Google, but only when you play a video.

7.2 Use of Microsoft Services

We use the technologies of Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (“Microsoft”) described below. Data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR. The information automatically collected by Microsoft technologies about your use of our website is generally transferred to and stored on a server of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Further information about data processing by Microsoft can be found in Microsoft’s privacy notices.

Our service providers are located and/or use servers in countries outside the EU and EEA for which the European Commission has determined an adequate level of data protection by decision.

Our service providers are located and/or use servers in countries outside the EU and EEA. No adequacy decision of the European Commission exists for these countries. Our cooperation with them is based on the Standard Contractual Clauses of the European Commission.

For website analysis and event tracking, we measure your subsequent usage behaviour via Microsoft Advertising Universal Event Tracking (UET) if you have arrived at our website via a Microsoft Advertising advertisement. Cookies may be used for this purpose and data may be collected (IP address, time of visit, device and browser information, and information about your use of our website based on events we have defined, such as visiting a page or signing up for the newsletter), from which usage profiles are created using pseudonyms. To the extent your internet-enabled devices are linked to your Microsoft account and you have not disabled the “interest-based advertising” setting in your Microsoft account, Microsoft can create reports on usage behaviour (in particular cross-device user numbers) even when you switch devices, so-called “cross-device tracking”. We do not process personal data in this regard; we only receive statistics generated based on Microsoft UET.

7.3 Use of Meta Services

 Use of Meta Pixel

We use the Meta Pixel within the framework of the technologies of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Facebook (by Meta)” or “Meta Platforms Ireland”) described below. The Meta Pixel automatically collects and stores data (IP address, time of visit, device and browser information, and information about your use of our website based on events we have defined, such as visiting a page or signing up for the newsletter), from which usage profiles are created using pseudonyms. As part of so-called advanced matching, information is also collected and stored in hashed form for matching purposes, allowing the identification of individuals (e.g. names, email addresses, and phone numbers). When you visit our website, the Meta Pixel automatically sets a cookie that uses a pseudonymous cookie ID to automatically recognise your browser when you visit other websites. Meta Platforms Ireland will merge this information with additional data from your Facebook account and use it to compile reports on website activities and to provide further services related to website usage, in particular personalised and group-based advertising.
The information automatically collected by Meta Platforms Ireland technologies about your use of our website is generally transferred to and stored on a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Further information about data processing by Meta Platforms Ireland can be found in Meta Platforms Ireland’s privacy notices.

Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: Brazil, USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

The adequacy decision for the USA serves as the basis for third-country transfers, provided the respective service provider is certified. A certification is in place.

Our service providers are located and/or use servers in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Mexico. No adequacy decision of the European Commission exists for these countries. Our cooperation with them is based on the following guarantees: Standard Contractual Clauses of the European Commission.

 Meta Ads Manager

Via Meta Ads Manager, we advertise this website on Facebook (by Meta) and other platforms. We determine the parameters of the respective advertising campaign. Meta Platforms Ireland is responsible for the exact implementation, in particular the decision on the placement of advertisements to individual users. Unless otherwise stated for the individual technologies, data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR. The joint controllership is limited to the collection of data and its transmission to Meta Platforms Ireland. The subsequent data processing by Meta Platforms Ireland is not covered by this arrangement.

Based on the statistics about visitor activities on our website generated via Meta Pixel, we conduct group-based advertising on Facebook (by Meta) via Custom Audiences by determining the characteristics of the respective target audience. In the context of the advanced matching taking place to determine the respective target audience (see above), Meta Platforms Ireland acts as our data processor.

Based on the pseudonymous cookie ID set by the Meta Pixel and the data collected about your usage behaviour on our website, we conduct personalised advertising via Custom Audiences.

Via Conversions (via Meta Pixel or Conversions API), we measure your subsequent usage behaviour for web analytics and event tracking if you have arrived at our website via a Meta Ads Manager advertisement. Data processing is based on a data processing agreement with Meta Platforms Ireland.

8. Integration of the Trusted Shops Trustbadge / Other Widgets

If you have given your consent pursuant to Art. 6(1)(1)(a) GDPR, Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g. the quality seal, aggregated reviews) and to offer Trusted Shops products to buyers after an order has been placed.

The Trustbadge and the services promoted therewith are an offering of Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne (“Trusted Shops”), with whom we are jointly responsible for data protection pursuant to Art. 26 GDPR. We inform you below within the scope of this Privacy Policy about the key contractual contents pursuant to Art. 26(2) GDPR.

Within the framework of the joint responsibility between us and Trusted Shops SE, please direct any data protection questions and the exercise of your rights preferably to Trusted Shops using the contact details provided in their privacy information. Regardless, you can always contact the controller of your choice. Your request will then be forwarded to the other controller for response if necessary.

 Data Processing upon Integration of the Trustbadge / Other Widgets

The Trustbadge is provided by a US-based CDN provider (Content Delivery Network). An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission applicable to the USA, available here. Service providers from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information is available here. Where service providers are not certified under the DPF, standard contractual clauses have been concluded as appropriate safeguards.

When the Trustbadge is accessed, the web server automatically stores a so-called server log file that also contains your IP address, the date and time of the request, the volume of data transferred, and the requesting provider (access data). The IP address is anonymised immediately after collection, so the stored data cannot be associated with your person. The anonymised data are used in particular for statistical purposes and for error analysis.

 Data Processing after Order Completion

If you have given your consent, the Trustbadge accesses order information stored on your device after order completion (order total, order number, and where applicable the purchased product) as well as your email address, and your email address is hashed using a cryptographic one-way function. The hash value is then transmitted together with the order information pursuant to Art. 6(1)(1)(a) GDPR to Trusted Shops.

This is used to check whether you are already registered for Trusted Shops services. If so, further processing takes place in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered for the services or do not give your consent to automatic recognition via the Trustbadge, you will subsequently have the opportunity to manually register for the use of the services or to take out protection within the framework of your existing user agreement where applicable.

For this purpose, the Trustbadge accesses the following information stored on your device after your order is completed: order total, order number, and email address. This is necessary so that we can offer you buyer protection. Data is only transmitted to Trusted Shops once you actively choose to take out buyer protection by clicking the corresponding button in the so-called Trustcard. If you choose to use the services, further processing is governed by the contractual agreement with Trusted Shops pursuant to Art. 6(1)(b) GDPR, in order to complete your registration for buyer protection and secure the order, and to potentially send you review invitations by email.

Trusted Shops uses service providers in the areas of hosting, monitoring, and logging. The legal basis is Art. 6(1)(f) GDPR for the purpose of ensuring smooth operations. Processing may take place in third countries (USA, United Kingdom, and Israel). An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission applicable to the USA here, the United Kingdom here, and Israel here. Service providers from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information is available here. Where service providers are not certified under the DPF, standard contractual clauses have been concluded as appropriate safeguards.

9. Social Media

 Our Online Presence on Facebook (by Meta), Instagram (by Meta), YouTube, LinkedIn

To the extent you have given your consent pursuant to Art. 6(1)(1)(a) GDPR to the respective social media operator, when you visit our online presences on the social media listed above, your data will be automatically collected and stored for market research and advertising purposes, from which usage profiles are created using pseudonyms. These may be used to display advertisements inside and outside the platforms that are presumed to match your interests. Cookies are generally used for this purpose. For detailed information about the processing and use of data by the respective social media operator, as well as a contact option and your rights and settings options for the protection of your privacy, please refer to the privacy notices of the providers linked below. If you still need assistance in this regard, you are welcome to contact us.

Facebook (by Meta) is a service of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Facebook (by Meta) is generally transferred to and stored on a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Data processing in the context of visiting a Facebook (by Meta) Fan Page is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Further information (information on Insights data) can be found here.

Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: Brazil, USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

The adequacy decision for the USA serves as the basis for third-country transfers, provided the respective service provider is certified. A certification is in place.

Our service providers are located and/or use servers in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Mexico.
No adequacy decision of the European Commission exists for these countries. Our cooperation with them is based on the following guarantees: Standard Contractual Clauses of the European Commission.

Instagram (by Meta) is a service of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Instagram is generally transferred to and stored on a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. Data processing in the context of visiting an Instagram (by Meta) Fan Page is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Further information (information on Insights data) can be found here.

Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: Brazil, USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

The adequacy decision for the USA serves as the basis for third-country transfers, provided the respective service provider is certified. A certification is in place.

Our service providers are located and/or use servers in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Mexico.
No adequacy decision of the European Commission exists for these countries. Our cooperation with them is based on the following guarantees: Standard Contractual Clauses of the European Commission.

YouTube is a service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information automatically collected by Google about your use of our online presence on YouTube is generally transferred to and stored on a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Our service providers are located and/or use servers in countries outside the EU and EEA for which the European Commission has determined an adequate level of data protection by decision.

Our service providers are located and/or use servers in countries outside the EU and EEA. No adequacy decision of the European Commission exists for these countries. Our cooperation with them is based on the Standard Contractual Clauses of the European Commission.

LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). The information automatically collected by LinkedIn about your use of our online presence on LinkedIn is generally transferred to and stored on a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: USA.

The adequacy decision for the USA serves as the basis for third-country transfers, provided the respective service provider is certified. A certification is in place.

10. Contact Options and Your Rights

10.1 Your Rights

As a data subject, you have the following rights:

• pursuant to Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein;
• pursuant to Art. 16 GDPR, the right to immediately request the correction of inaccurate or completion of incomplete personal data stored by us;
• pursuant to Art. 17 GDPR, the right to request the deletion of your personal data stored by us, unless further processing is necessary:
  • for the exercise of the right to freedom of expression and information;
  • for compliance with a legal obligation;
  • for reasons of public interest; or
  • for the establishment, exercise, or defence of legal claims;
• pursuant to Art. 18 GDPR, the right to request the restriction of processing of your personal data where:
  • you contest the accuracy of the data;
  • the processing is unlawful but you refuse its deletion;
  • we no longer need the data but you require it for the establishment, exercise, or defence of legal claims; or
  • you have objected to processing pursuant to Art. 21 GDPR;
• pursuant to Art. 20 GDPR, the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller;
• pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority of your habitual place of residence, your place of work, or our company’s registered office.

Right to Object To the extent we process personal data as described above to protect our legitimate interests, which take precedence in the context of a balancing of interests, you may object to such processing with effect for the future. If the processing is for direct marketing purposes, you may exercise this right at any time as described above. Where the processing is for other purposes, you have a right to object only on grounds relating to your particular situation. After you exercise your right to object, we will cease processing your personal data for those purposes, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or where the processing serves the establishment, exercise, or defence of legal claims. This does not apply where the processing is for direct marketing purposes. In that case, we will no longer process your personal data for that purpose.

10.2 Contact Options

If you have questions about the collection, processing, or use of your personal data, or if you wish to request information, correction, restriction, or deletion of your data, or to withdraw consent you have given or object to a specific use of your data, please contact us directly using the contact details provided in our imprint.

11. Data Processing on the Brewbrain Platform (my.brewbrain.nl)

Our Float and Float Pro devices require the use of the Brewbrain platform at my.brewbrain.nl to function. When you purchase a Brewbrain device, you will therefore need to create a platform account. This section describes the personal and device data we process in the context of the platform.

The platform is hosted on a VPS server located within the European Union. No data is transferred to third countries in connection with the platform.

 Account Registration

To use the platform, an account is required. When registering a Brewbrain device, you provide an email address. If no account exists for that email address, a new account is created automatically. During registration we collect:

• Name
• Email address
• Password (stored in hashed form)

This data is processed on the basis of contract performance pursuant to Art. 6(1)(1)(b) GDPR, as an account is necessary to provide the service.

 Device Registration and Measurement Data

In order to receive and display data from your Brewbrain device, the following data is collected and stored when you register a device and during its operation:

• Device serial number and MAC address
• Device alias (user-defined name)
• Measurements transmitted by the device (e.g. specific gravity, temperature, and other brewing parameters)
• Wi-Fi network name (SSID) of the network the device is connected to
• Wi-Fi signal strength (RSSI)

This data is processed on the basis of contract performance pursuant to Art. 6(1)(1)(b) GDPR. The Wi-Fi SSID and signal strength are collected solely for diagnostic, connectivity, and technical support purposes.

Only Brewbrain devices can be registered on the platform.

 Data Retention

All account data and measurement data are stored indefinitely, allowing you to access your full brew history at any time. You may request deletion of your account and all associated data at any time by contacting us at support@brewbrain.nl. Upon a deletion request, all personal data and device data linked to your account will be permanently removed.

 Third-Party Integrations

The platform offers optional integrations with third-party brewing services (such as Brewfather). These integrations are disabled by default and must be explicitly enabled by you. If you activate an integration, the device measurement data recorded on our platform (see above) is forwarded to the respective third-party service. No account or personal information is shared with third-party integration services.

The activation of an integration constitutes your consent pursuant to Art. 6(1)(1)(a) GDPR for the transfer of your device data to the selected third-party service. You can withdraw this consent at any time by disabling the integration in your account settings. The privacy practices of third-party services are governed by their own privacy policies, which we encourage you to review before enabling an integration.

Privacy policy generated with Trusted Shops Rechtstexter