Privacy policy

We, BRLO GmbH, collect certain data from our visitors and customers to the extent necessary. In the following privacy policy, you will learn what we do with your data, so-called personal data, and why we do it. We will also tell you how we protect your data, when the data is deleted and what rights you have thanks to data protection.

Who can I contact?

Responsible for this website is

BRLO GmbH
Schöneberger Straße 16
10963 Berlin
+49 30 555 77 606
info(at)brlo.de

You can also reach our data protection officer or another contact relevant to data protection via these contact details. Please contact us at any time if you have specific questions about your data, its deletion or your rights.

What are my rights?

You can contact us at any time if you have questions about your data protection rights or wish to exercise your rights below:

Right of withdrawal pursuant to Art. 7 (3) DSGVO (e.g. you can contact us if you wish to revoke a previously given consent to a newsletter).
Right to information according to Art. 15 DSGVO (e.g. you can contact us if you would like to know which data we have stored about you).
Correction according to Art. 16 DSGVO (e.g. you can contact us if your e-mail address has changed and we should replace the old e-mail address).
Restriction of processing pursuant to Art. 18 DSGVO (e.g. you can contact us if you do not want us to delete your e-mail address, but only to use it to send absolutely necessary e-mails).
Data portability according to Art. 20 DSGVO (e.g. you can contact us to receive your data stored with us in a compressed format, e.g. because you want to make the data available to another website).
Objection according to Art. 21 DSGVO (e.g. you can contact us if you do not agree with one of the advertising or analysis procedures stated here).
Right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 (1) DSGVO (e.g. if you have a complaint, you can also contact the data protection supervisory authority in your federal state directly: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html)

Deletion of data and storage period

Our offer contains links to external websites of third parties, on whose contents we have no influence. Therefore, we cannot assume any liability for these external contents. The respective provider or operator of the pages is always responsible for the content of the linked pages. The linked pages were checked for possible legal violations at the time of linking. Illegal contents were not recognisable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. If we become aware of any infringements of the law, we will remove such links immediately.

Visit the website

If you merely want to browse our website, we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website, first and foremost:

IP address (e.g. 95.91.215.example or 2a02:8109:9440:1198:bdb1:551f:example)
Approximate location based on IP range (e.g. Berlin & surroundings)
Internet provider (e.g. Kabel Deutschland or Deutsche Telekom)
Internet speed (e.g. 120 Mbit)
Date and time (e.g. 11:45 on 25.05.2021)
Last visited website (e.g. duckduckgo.de)
Browser (e.g. Chrome or Safari)
Operating system (e.g. Mac OS)
Hardware (e.g. Intel processor)

As a protective measure in favour of your privacy, we delete or anonymise the IP address after your visit to our website. This means that the other technical data can no longer be traced back to you and are only used for anonymous, statistical purposes to optimise our website. The purpose of the temporary storage of the data is, on the one hand, the technical necessity for establishing the connection and, on the other hand, the correct, error-free presentation of our website. The IP address and the technical data already mentioned are necessary to display the website, to prevent display problems for visitors and to correct error messages. The legal basis is the so-called legitimate interest, which has been examined in the context of the aforementioned protective measures as well as in accordance with the European data protection requirements from Art. 6 (1) lit. f DSGVO.

Contact form

You have the option of contacting us via our contact form. You can provide us with the following data:

First name/last name
Phone
E-mail address
Message or booking request

As a protective measure, contact is established - just like the visit to the rest of the website - via an encrypted connection. After the successful contact and completed contact request, your data will be deleted immediately. The sole purpose of the requested data is to contact you or communicate with you, which is why the data is only used for this purpose. The legal basis is the so-called legitimate interest, which has been examined in order to pursue the purpose and within the framework of the aforementioned protective measures as well as in accordance with the European data protection requirements from Art. 6 Para. 1 lit. f DSGVO.

Online order

If you wish to place an order for our products, we will only request the data from you that is necessary for the order and payment processing. This data is treated confidentially and is only processed by us, the payment provider and the shipping service provider. At least the following data is required for this:

First name/last name
Address
Contact details
Payment data

Insofar as this is necessary for the delivery of your order, we will pass on your data to a shipping company. Depending on your selection, we will pass on the necessary payment data to the respective credit institution or a payment service provider to process your payment. In some cases, you can create an account with the payment service provider yourself or register with an existing account. In the aforementioned cases, the data protection declarations of the service providers apply in each case.

Registration

You also have the option of registering on our website and then logging in with a user account at any time. To register with us, the following data is required:

First name/last name
Address
Contact details
Password

As a protective measure , the transmission of the data you enter - just like the visit to the rest of the website - takes place via an encrypted connection. In addition, we apply the principle of data minimisation and only collect the data that is actually required. Your data will be stored for as long as is necessary to process your order or until you request the deletion of the data. However, invoice-relevant data is subject to legal retention periods and can be stored for up to ten years. The purpose of the requested data is order and payment processing in order to provide you with the desired product. The legal basis is the mutual fulfilment of the contract in accordance with the European data protection requirements from Art. 6 para. 1 lit. b DSGVO.

As a protective measure, the transmission of the data you enter - just like the visit to the rest of the website - takes place via an encrypted connection. After successful confirmation, your data will be stored until you decide to delete individual data or the entire user account. The purpose of the requested data is to create a user account for the use of extended functions on the website. Registration is voluntary and can be revoked or the user data deleted at any time. The legal basis is your consent in accordance with the European data protection requirements from Art. 6 para. 1 lit. a DSGVO.

If you are interested in news about our company or our product, you can subscribe to our newsletter. You will then receive an e-mail in which you must click on a link to confirm receipt of the newsletter. We will then store your e-mail address until you unsubscribe from the newsletter. To do this, you will find a corresponding unsubscribe link in every e-mail of our newsletter. The newsletter is delivered by a specialised service provider.

As a protective measure, we request the so-called "double opt-in" to ensure that the e-mail address entered actually belongs to you. Furthermore, we have concluded a data protection contract (order processing) with the commissioned service provider. You also have the option to unsubscribe from the newsletter at any time and thus delete your email address from the service provider's database. The purpose of the data collection is the delivery of the newsletter to your personal e-mail address in order to meet your request for news about our company or our products. The legal basis is your consent in accordance with the European data protection requirements from Art. 6 para. 1 lit. a DSGVO.

Applications

If you apply to us online or otherwise respond to one of our job advertisements, we collect and process the personal applicant data for the purpose of processing the application procedure. The processing is primarily carried out electronically. This is particularly the case if an applicant submits relevant application documents to us electronically, for example by e-mail or via a web form located on the website. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be deleted six months after notification of the rejection decision - this retention period is justified by any obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG). If an applicant has given his/her consent, applications may also be kept for longer than six months.

We also use a recruiting and applicant management software called "coveto", which is provided by the service provider coveto ATS GmbH, Zeppelinstraße 9, 63667 Nidda, Germany. This software helps us to place job advertisements and manage applications centrally. For this purpose, we have concluded an order processing agreement to ensure that coveto only processes the personal data of our applicants in accordance with our instructions. Further information on data protection at coveto can be found in the service provider's data protection statement: https://www.coveto.de/datenschutz

The legal basis is the establishment and implementation of the employment relationship in accordance with § 26 BDSG. If the employment relationship does not materialise, the data will be deleted as stated above.

Cookies

Our website partly uses so-called cookies and a cookie banner in which you can freely choose whether you accept these cookies and third-party providers. Cookies are small text files that are usually stored in a folder of your browser. Cookies contain information about the current or last visit to the website:

Website name
Expiry date of the cookie
Any value

If cookies do not contain a precise expiry date, they are only temporarily stored and automatically deleted as soon as you close your browser or restart the terminal device. Cookies with an expiry date remain stored even if you close your browser or restart the terminal device. Such cookies are only removed on the specified date or when you delete them manually.

We use the following three types of cookies on our website:

Required cookies (we need these, e.g. to display the website correctly for you and to temporarily store certain settings).
Function and performance-related cookies (these help us to evaluate e.g. technical data of your visit and thus avoid error messages).
Advertising and analytics cookies (these ensure that, for example, advertisements for shoes are displayed if you have previously searched for shoes).

You can configure, block and delete cookies in your browser settings. If you delete all cookies from our website, some functions of the website may not be displayed correctly.Helpful information and instructions for the most common browsers are provided by the Federal Office for Information Security:
https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html

Recipients of data

Depending on how you use our website, we share your information with the following recipients who are essential to providing our service and communicating with you:

Webflow, provided by Webflow, Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103. This is a web service for the creation of forms & web pages, which is necessary for the provision of our offer. Depending on your location, the data is stored either in the European Union or the USA. For more information, please see Webflows' privacy policy.
Oracle NetSuite, provided by Oracle Corporation, 10 Van de Graaff Drive Burlington, MA 01803, USA. This is our central application for controlling business processes and customer management. Depending on your location, data is stored either in the European Union or the USA. For more information, please see Oracle's privacy policy.
Shopify, provided by Shopify International Ltd, c/o Intertrust Ireland, 2nd Floor 1-2, Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland. Shopify provides our online shop and makes it possible for you to order online from us in the first place. The data is stored in Canada and the USA. For more information, please see Shopify's privacy policy.
Extra Booking, provided by Extra Booking GmbH, Schiffmanngasse 22, 5020 Salzburg, Austria, Extra Booking is an integration we use to provide Brwhouse vouchers. For more information, please see Extra Booking's privacy policy.
Fareharbor, provided by FareHarbor B.V., Herengracht 597, 1017CE Amsterdam, The Netherlands. Fareharbor is an integration we use to offer brewery tours and create vouchers for them. For more information, please see Fareharbor's privacy policy.
Open Table, provided by OpenTable, Inc. 1 Montgomery St Ste 700, San Francisco CA 94104. Open Table is a booking platform that we use to facilitate reservations. For more information, please see Open Table's Privacy Policy.
Mailchimp, provided by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. We use Mailchimp to send our newsletter, for which you can register voluntarily. The data is stored in the USA. For more information, please see Mailchimp's privacy policy.
Google Analytics, provided by Google Ireland Limited, Gordon House, Barrow Street Dublin 4 Ireland. We use Google Analytics to analyse user behaviour and to serve personalised advertising. You can voluntarily agree to these functions within our cookie banner and also de-select them. Depending on your location, the data is stored either in the European Union or the USA. You can find more information in Google's privacy policy.
SalesViewer®: On this website, data is collected and stored for marketing, market research and optimization purposes using the SalesViewer® technology of SalesViewer® GmbH on the basis of legitimate interests of the website operator (Art. 6 para.1 lit.f DSGVO).
For this purpose, a javascript-based code is used to collect company-related data and the corresponding usage. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymized and is not used to personally identify the visitor to this website.
The data stored as part of Salesviewer will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.
You can object to the collection and storage of data at any time with effect for the future by clicking on this link https://www.salesviewer.com/opt-out to prevent the collection by SalesViewer® within this website in the future. In doing so, an opt-out cookie for this website will be placed on your device. If you delete your cookies in this browser, you must click this link again.

We only share data that is necessary for the performance of the mutual contract or if you have given us your consent, for example in the context of our newsletter or cookie banner. If no contract exists yet, we share the data in certain cases in the context of legitimate interests. This is the case, for example, if you only want to visit our website or contact us. When you visit our website, it is in the interest of both parties to provide access to the offer and to communicate with each other.

We have also entered into contract processing agreements with all external recipients to comply with European law requirements. Depending on your location, some of the above service providers - if specified - will also transfer your data to the United States. The European Court of Justice has ruled that the United States does not have an equivalent level of data protection to the EU and authorities may be able to access data without due process. Additional safeguards are therefore required to ensure a sufficient level of data protection. To meet this requirement, we have concluded additional contracts for commissioned processing called standard contractual clauses. In addition, we check each service provider together with our data protection officer and ensure that additional security measures are available, such as strong encryption of the data.

Status of the data protection declaration: November 2021

Privacy policy

Who can I contact?

What are my rights?

Deletion of data and storage period

Visit the website

Contact form

Online order

Registration

Newsletter

Applications

Cookies

Recipients of data

Pick and Mix in the Online Shop

In the shop THERE ARE Our bestsellers, MERCH AND MORE. FREE SHIPPING FROM 60,00€.

BRLO

House Of Brewing

Gastronomies

Available at

Boring Stuff

Are you already over 18?

Privacy policy

Who can I contact?

What are my rights?

Deletion of data and storage period

Visit the website

Contact form

Online order

Registration

Newsletter

Applications

Cookies

Recipients of data

Pick and Mix in the Online Shop

In the shop THERE ARE Our bestsellers, MERCH AND MORE. FREE SHIPPING FROM 60,00€.