We welcome you as a visitor to our website and thank you for your interest in our company and services. The protection of your privacy rights while using our website is very important to us. As the responsible legal entity and service provider, we,
Palatia Malz GmbH
(hereinafter also referred to as „we“ or „Palatia Malz“)
wish to inform you concerning the processing of your personal data and your rights as a user of the website bestmalz.de (hereinafter referred to as the „Website“).
Processing of your personal data takes place exclusively within the framework of the statutory provisions of the data protection law of the European Union, in particular the EU General Data Protection Regulation (hereinafter „GDPR“) and, additionally, the German Federal Data Protection Act (Bundesdatenschutzgesetz hereinafter „BDSG“) as well as other statutory provisions on data protection (together „Privacy Laws“).
Should you be interested in reviewing the GDPR, you you can acquaint yourself with the full text on the internet at: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.
- Subject of data protection, legal basis and sources
- Data categories
- Server log data
- Communication by e-mail
- Distributor area (BESTributor login)
- Online shop (Fanshop)
- Google Analytics
- Third-party services and content
- Links to social networks and platforms
- Comments on this Website
- Recipient of personal data
- Data processing in third countries
- Storage time
- Your rights
- Our data protection officer
1. Subject of data protection, legal basis and sources
The subject of data protection is personal data. Personal data is information about the personal and factual circumstances of a specific or identifiable natural person. Your personal data therefore includes all data that could allow someone to identify you, such as your name, address, telephone number or e-mail address. Personal data also includes information resulting from the use of our Website, such as the beginning, end and scope of use, or your IP address. For details on the personal data categories processed by us, see section 2.
We process your data only if an applicable law allows this. The following are the primary legal basis for the processing of your data:
- Consent (Article 6 (1) sentence 1 (a) GDPR): We will process certain data only on the basis of your prior explicit and voluntary consent. You have the right to revoke your consent at any time with effect for the future.
- Contract fulfillment or implementation of pre-contractual measures (Art. 6 (1) sentence 1 letter b DSGVO): In particular for the initiation or execution of a contract with Palatia Malz, we require certain data from you.
- Fulfillment of a legal obligation (Art. 6 (1) sentence 1 (c) GDPR): In addition, we process your personal data in order to fulfill legal obligations, such as commercial and fiscal document retention requirements.
- Safeguarding of legitimate interests (Article 6 (1) (1) (f) GDPR): Palatia Malz will process certain data in order to safeguard its interests or those of third parties. This, however, only applies in individual cases if your interests do not predominate.
Please note that this is not a complete or exhaustive list of the possible legal basis, but is merely a list of examples with the purpose of making the data protection legal basis more transparent. For details on the legal basis of individual data processing cases on our Website, please refer to the passages below.. Dies gilt aber nur dann, wenn Ihre Interessen im Einzelfall nicht überwiegen.
This personal data is derived from the following sources:
- Mostly from yourself, especially resulting from your contact requests, orders and information granted during the conclusion of a contract,
- From our dealers and distributors in Germany and abroad as far as such information is required to process your orders and inquiries,
- From other business partners of our company in Germany and abroad as far as such partners need such information for delivering our products and providing accompanying services,
- From professional service providers and organizations in Germany and abroad who provide us with personal data in the course of the organization of trade fairs, sales and similar events – possibly in an unsolicited manner and without an explicit instruction to do so on our behalf.
2. Data categories
We regularly process the following data categories pertaining to individuals:
- Basic data, in particular your name, title and, if applicable, your company.
Contact details, in particular your postal address as well as possibly your telephone numbers, fax number and e-mail address.
- Contract data, in particular data that you provide us with when opening a distributor or customer account or for the execution of a contract.
- Invoice and payment data, in particular details concerning your payment method and other data regarding payments and billing.
- Content data, in particular texts, photos and data contained in your correspondence with us.
- Usage data, in particular which pages of our Website you visit, the access times and your IP address.
3. Server log data
You can access the public part of our website without prior registration and without giving any personal information. By visiting our website, the following information regarding your website access can be stored:
- IP address of the requesting device,
- file retrieved,
- http response code,
- the website from which you accessed our Website (referrer URL),
- date, time and time zone of the server request,
- browser type and version,
- operating system of the requesting device,
- search term with which the website was found, for example via Google.
We process this access data on the basis of Art. 6 (1) (1) (f) GDPR in order to provide access to the Website and to ensure the technical operation and security of our IT systems. In doing so, we pursue our interest of enabling and sustaining the use of our Website and its technical functionality. This data is processed automatically when you access our Website You cannot use our Website without this provision. We do not use this data for the purpose of drawing conclusions about your identity.
This automatically collected data is partially anonymized after seven days. The log files are deleted after nine weeks at the latest.
You cannot object to the collection and storage of your server access data as this information is essential for the smooth operation of the Website.
4. Communication by e-mail
If you contact us by e-mail, the collection, processing and use of your voluntarily communicated contact data (such as your name and e-mail address) occurs with the sole purpose of receiving, technically administering and, possibly, answering your request(s).
The processing of data, which is transmitted when contacting us by e-mail, occurs on the basis of Art. 6 (1) (1) (b) GDPR when it involves the initiation of a contractual relationship or on the basis of Art. 6 (1) (1) (f) GDPR. In the latter case, we have a legitimate interest in handling voluntarily transmitted contact requests.
We will delete the data that you provide as soon as the purpose of recording it no longer exists, unless their retention is necessary for the fulfillment existing statutory requirements.
Insofar as your data is processed on the basis of legitimate interests, you can object at any time to the storage of your personal data.
Since communication via e-mail does not take place via a secured data connection, please refrain from sending confidential information such as bank or credit card information. We recommend that you transmit confidential information in a secure way, such as by postal mail.
5. Distributor area (BESTributor login))
Upon request, we set up access for our distributors to a password-protected area of our Website. Here, as a distributor, you can read our Distributors’ newsletter, download marketing resources and purchase in our online shop at special rates.
Processing occurs for the purpose of providing contractual services as well as for the provision of additional distributor services on the basis of Art. 6 (1) (1) (b) GDPR (distributor agreement implementation) or Art. 6 (1) (1) (c) GDPR, if data storage takes place in order to fulfill legal retention requirements. The information required for the use of the distributor area is mandatory. In addition, you can provide voluntary information. Voluntary information is stored on the basis of Article 6 (1) (1) (f) GDPR, as we have a legitimate interest in processing data voluntarily provided by you. You may object to the processing of voluntarily provided data at any time.
With the login function „Remember me“ we intend to make visiting our Website as comfortable as possible. This feature allows you to use our Website without repeatedly logging in for each visit. For security reasons, however, you will be asked to enter your password again if, for example, you want to change your personal data or place an order. We recommend that you do not use this function if your access device is used by others. Please note that if you use a setting in your browser that automatically deletes stored cookies after each session „Remember me“ feature will not be available.
6. Online-Shop (Fanshop)
a) Order processing
In order to enable you to select and order products as well as administer their payment and delivery in our online shop „Fanshop“, we process your data as part of the ordering process.
Processed data includes basic data, contact details, contract data, invoice and payment data as well as usage data. Processing occurs for the purpose of providing contractual services regarding the operation of our online shop, for billing, delivery and for the provision of customer services.
If you have granted your explicit consent, we will pass on your email address and telephone number to the parcel service so that, if need be, they could contact you by email or telephone prior to delivery in order to coordinate the time of delivery or to send you status information regarding the shipment.
Processing occurs on the basis of Art. 6 (1) (1) GDPR (order processing) or Art. 6 (1) (1) (c) GDPR, if data storage takes place in order to fulfill legal retention requirements. The information required for the contract justification and fulfillment is designated as mandatory. In addition, you can provide voluntary information. Voluntary information is stored on the basis of Article 6 (1) (1) (f) GDPR, as we have a legitimate interest in processing data voluntarily provided by you. You may object to the processing of voluntarily provided data at any time.
We transmit your data to third parties only for the purpose of delivery, payment or, within the scope of our legal rights and obligations, e.g. to tax consultants, auditors and public authorities. Data will be processed in third countries only if this is necessary in order to fulfill the contract (e.g. delivery to a third country).
Data deletion takes place after expiry of our legal obligations regarding statutory warranties, statutes of limitations and document retention.
b) Customer account
As a customer, you can optionally create a customer account in which you can, among other things, view your orders and manage your contact details. Storage of processed information is based on Article 6 (1) (1) (f) GDPR, as we have a legitimate interest in processing data voluntarily provided by you. You may object to the processing of voluntarily provided data at any time.
Customer accounts are not public and cannot be indexed by search engines. If you as a customer have terminated your customer account, the relevant data will be deleted, unless their retention is necessary for commercial or tax reasons.
Regarding registration and logging in as a customer as well as the use of our online shop, we reserve the right to record the IP address and time of each access event. Storage is based on our legitimate interest in protecting our Website against unauthorized use (Article 6 (1) (1) (f) GDPR). Transmission of this data to third parties will only occur if this is necessary for us to pursue our legal claims or if we are legally obliged to do so (Article 6 (1) (1) (c) GDPR).
With the login function „Remember me“ we intend to make visiting our Website as comfortable as possible. This feature allows you to use our Website We recommend that you do not use this function if your access device is used by others. Please note that if you use a setting in your browser that automatically deletes stored cookies after each session „Remember me“ feature will not be available.
c) Payment processing
To process payments Palatia Malz optionally works with the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
If you choose this payment option, your payment data is transferred to the respective payment service provider for payment processing. We ourselves do not record your payment details.
For this reason, please take notice of the privacy and security information provided by PayPal (Europe) S.à r.l. et Cie, S.C.A.: https://www.paypal.com/de/webapps/mpp/ua/privacypps-full?locale.x=en_DE.
The legal basis processing this data is Article 6 (1) (1) (b) GDPR, since payment processing is required in order to fulfill the contract with you.
Cookies are small data sets that our web server sends to your browser and which are saved on your device, provided the appropriate default settings of your device have not been changed. These can be used e.g. to determine if your device has already communicated with us. They thereby serve the purpose of making the use of our Website more comfortable and to optimize our services. Processing occurs on the basis of Article 6 (1) (1) (f) GDPR with respect to essential Cookies and on the basis of 6 (1) (1) (a) GDPR, provided that you consented to the use of third-party Cookies. Personal data can be stored in Cookies if this is technically necessary or if you have given your consent.
When using our Website, you can give us your consent to the use and storage of third-party Cookies on your device. You may revoke your consent to the use and storage of such Cookies at any time with future effect by deactivating the Cookie settings of this website described below regarding third-party Cookies (paragraph 7 (c)).
Our website uses additional cookies of its own which, although not strictly necessary for the operation of the website, perform important tasks (a list of such cookies can be found in section 7(b)). By using our website, you consent to the use of these cookies.
If you are against the use of essential Cookies (paragraph 7 (a)) as well as additional Cookies (paragraph 7 (b)), you can choose „do not accept cookies“ in your browser settings. Please refer to your browser’s help function for instructions on technically managing and deleting Cookies in your browser settings.
In addition, you can technically manage and prevent the storage and use of all Cookies by using free browser plug-ins such as „Adblock Plus“adblockplus.org/de) in combination with the „EasyPrivacy“ list (easylist.to) or „Ghostery“ (ghostery.com).
Please note that if you prevent the storage of any Cookies, this may lead to functional limitations of the Website.
a) Essential Cookies
We use the following essential Cookies for the operation of our Website, for which we have a legitimate interest in storing and without which we would not be able to offer the use of our Website with certain basic functions (e.g. not requiring you to log in every time you open a new page):
|Cookie for storing simple information, which can e.g. be viewed on a different page when submitting a form.
|Stores the user’s confirmation regarding the use of third-party Cookies.
Essential Cookies can only be deactivated technically via your browser settings or browser plug-ins. This can lead to functional limitations of the Website.
b) Non-essential first-party Cookies
Non-essential first-party Cookies, which are not absolutely necessary for Website use, but nevertheless fulfill important tasks. They allow comfortable surfing on our Website, such as browser language detection. Furthermore, we can dynamically generate customized content. We use the following non-essential first-party Cookies on our Website:
|This Cookie can automatically redirect visitors based on their browser language.
|Cookie for storing the products last viewed.
Non-essential first-party Cookies can only be deactivated technically via your browser settings or browser plug-ins. This can lead to functional limitations of the Website.
c) Third-party Cookies
|_ga, _gid, _gat
|This web analytics service collects aggregate statistical information on the number of visitors to our website and their usage patterns, such as the duration and frequency of visits and pages visited.
|up to 2 years
You can revoke your consent here: Revoke Cookies
8. Google Analytics
If you have consented to the use and storage of third-party cookies, we use Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), with which the use of websites can be analyzed.
Standardly when using Google Analytics 4, so-called “cookies” are implemented. Cookies are text files that are stored on your device and enable analysis of your website use. The information collected by cookies about your website use (including the IP address transmitted by your device and shortened by the last few digits) is usually transmitted to a Google server, where it is stored and processed. This can also result in the transmission of information to the servers of Google LLC, based in the USA, and further processing of information there.
When using Google Analytics 4, the IP address transmitted by your device while browsing the website is automatically collected and processed in an anonymized manner, so that the information collected cannot be directly linked to a person. This automatic anonymization is implemented by shortening the IP address transmitted by your device by the last digits within member states of the European Union (EU) or from other contracting states of the Agreement on the European Economic Area (EEA).
On our behalf, Google uses this and other information to evaluate your use of the website, to compile reports on your website activities or your usage behavior and to provide us with other services related to your website and internet usage. The abbreviated IP address transmitted by your device as part of Google Analytics 4 is not merged with other Google data. The data collected as part of the use of Google Analytics 4 is stored for 2 months and then deleted.
With a special function, the so-called “demographic characteristics”, Google Analytics 4 also enables the creation of statistics with statements about the age, gender and interests of website users on the basis of an evaluation of interest-related advertising and the use of information from third parties. This makes it possible to determine and differentiate between groups of users of the website for the purpose of target group-optimized alignment of marketing measures. However, data recorded via the “demographic characteristics” cannot be assigned to a specific person and therefore cannot be assigned to you personally. This data recorded using the “demographic characteristics” function is stored for two months and then deleted.
All of the processing described above, in particular the setting of Google Analytics cookies for the storage and reading of information on the device you use to use the website, only take place if you have provided us with this in accordance with Art. 6 Para. 1 a GDPR have given your express consent. Without your consent, Google Analytics 4 will not be used while you are using the website. You can revoke your once given consent at any time with effect for the future. To exercise your revocation, please deactivate this service using the link in the footer area of this website.
We have concluded a so-called order processing contract with Google for our use of Google Analytics 4, through which Google is obliged to protect the data of our website users and not to pass them on to third parties.
To ensure compliance with the European level of data protection, even when data is transferred from the EU or the EEA to the USA and the possible further processing there, Google relies on the so-called standard contractual clauses of the European Commission, which we have contractually agreed with Google.
Further legal information on Google Analytics 4, including a copy of the standard contractual clauses mentioned, can be found at the following link: https://policies.google.com/privacy?hl=de&gl=de
Details on the processing initiated by Google Analytics 4 and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites
9. Third-party services and content
On our Website, we use plug-ins from third-party providers to provide their content, such as maps or fonts (hereinafter collectively referred to as „Content“), and other services. The processing of your data takes place on the basis of our legitimate interests (Article 6 (1) (1) (f) GDPR) regarding the economic operation, optimization (especially regarding user-friendliness) and usage analysis of our Website as well as the security of our technical systems.
Third-party Content providers will always be aware of your IP address, as they would not be able to transfer the content to your device without your IP address. The IP address is required for the presentation of the Content. Also, if you have consented to the use and storage of third-party Cookies, third-party Cookies may be stored on your device.
a) Google Fonts
We integrate web-fonts called Google Fonts from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, into our Website. For more information concerning Google’s use of data as well as configuration and consent options, please visit Google’s websites using the links listed in section 8.
b) Google reCaptcha
For recognizing bots, e.g. when accepting data from online submission forms, we use the human user recognition feature ReCaptcha offered by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. For more information concerning Google’s use of data as well as configuration and consent options, please visit Google’s websites using the links listed in section 8.
c) Google Maps
To display maps, we use the Google Maps service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The processed data may include, but is not limited to, IP addresses and location data, however it will not be collected without your consent (usually through appropriate device settings). For more information concerning Google’s use of data as well as configuration and consent options, please visit Google’s websites using the links listed in section 8.
10. Links to social networks and platforms
From our Website, we link to social networks and platforms such as Facebook, Twitter and Google Plus, without integrating their plug-ins into our Website. As long as you do not click the link of the respective provider on our Website, there will be no data transmission to the provider. After clicking one of the links, however, you will leave our Website and your data will be sent to the appropriate provider, even if you are not logged in to the provider’s website.
These social networks and platforms are each offered by the following providers:
- Facebook is operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland („Facebook“).
- Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103 („Twitter“).
- Youtube is operated by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA („Youtube“), a subsidiary company belonging to Google LLC.
- Instagram is operated by Instagram, LLC, 1601 Willow Road, Menlo Park, CA 94025, USA („Instagram“), a subsidiary company belonging to Facebook Inc.
For more information concerning the purpose and scope of data collection, its further processing and use of the data by Facebook, Twitter, Google, Youtube and Instagram as well as your rights in this regard and available configuration settings to protect your privacy, please refer to the respective Privacy policies of the providers:
11. Comments on this Website
In addition to your comment, the comment function on this Website will also include information on when the comment was created, your e-mail address and, if you are not anonymous, your chosen user name.
Our comment function stores the IP addresses of the users who write comments. Since we do not moderate comments on our Website before activation, we need this information in order to be able to take action against the author in the case of legal infringements, such as insults or propaganda.
The comments and related data (e.g. IP address) are stored and remain on our website until the commented content has been ultimately deleted or if we are obliged to delete the comments for legal reasons (e.g. offensive comments).
The storage of comments and associated data is based on our legitimate interests (Article 6 (1) (f) GDPR), since you post your comments voluntarily and with the intent purpose of them being published on our Website. You may object to their continued publication or other form of processing at any time. It suffices to send us an informal request to this regard by e-mail. Your revocation does not affect the legality of hitherto completed data processing operations.
12. Recipient of personal data
Your personal data will only be forwarded by us to external recipients if this is necessary for processing or handling your request, or we have your consent, or any other legal provision allows us to do so.
In particular, external recipients can be:
- Processors: These are service providers that we ourselves use to provide our services, for example, regarding the technical infrastructure and maintenance of our Website. Such processors are carefully selected and regularly reviewed by us to ensure that your privacy is preserved. These service providers may only use your data for the purposes specified by us and in accordance to our instructions. In compliance with the statutory requirements of Art. 28 GDPR, we are entitled to use such processors.
- Public bodies: These are public authorities, state institutions and other public entities, such as supervisory authorities, courts, prosecutors or tax authorities. Personal data will only be relayed to such public authorities for legally binding reasons. Here, the legal basis for relaying such data may be Article 6 (1) (1) (c) GDPR.
- Private agencies: Service providers and assistants to whom data is relayed on the basis of a legal obligation or for the safeguarding of legitimate interests, such as shipping service providers, payment service providers, tax c
13. Data processing in third countries
Provided that we transmit your data to third countries outside the EU or the EEA, as described above, we ensure that, notwithstanding legally permitted exceptions, the recipient either has an adequate level of data protection or your consent to the transfer of data. An appropriate level of data protection is ensured, for example, by an EU-US Privacy Shield certification of the recipient, the conclusion of EU standard contractual clauses or the existence of so-called Binding Corporate Rules (BCR).
14. Storage time
We only store your personal data for as long as this is necessary for purpose fulfillment or – in the case of consent – as long as you do not revoke your consent. In the event of a disagreement, we will no longer process your personal data, unless its processing is permitted or even required by relevant statutory provisions (for example, regarding commercial and tax-related retention obligations). We will also delete your personal data if we are obliged to do so for legal reasons.
In addition, please refer to the storage period details regarding your personal data in the respective statements in preceding paragraphs.
15. Your rights
As a data subject, you have many rights. Specifically, these are the following:
Right to information (Article 15 GDPR):
- You have the right to obtain information about the data we have stored about you.
- Right to rectification and cancellation (Articles 16 and 17 GDPR): You may request the correction of incorrect data and, insofar as the legal requirements are met, the deletion of your data.
- Right to restriction of processing (Article 18 GDPR): You can demand from us – as far as the legal requirements are met – that we limit the processing of your data.
- Right to data portability (Article 20 GDPR): If you have provided us with data based on a contract or your consent, you may, if the legal conditions are met, require that you receive the data you provide in a structured and standardized format or that we forward it to another responsible entity.
- Right to object to data processing based on legitimate interests (Article 21 GDPR): You have the right, for reasons arising from your particular situation, to object to our data processing at any time, insofar as these are based on legitimate interests within the scope of Article 6 (1) (1) GDPR. If you make use of your right to object, we will stop processing your data, unless we can provide compelling legitimate reasons for further processing, which outweigh your rights.
- Revocation of consent (Article 7 GDPR): If you have consented to the processing of your data, you can revoke it at any time with effect for the future. Your revocation does not affect the legality of hitherto completed data processing operations. If you wish to revoke your consent to the use of certain cookies, please refer to the information in section 7.
- Right to lodge a complaint with a supervisory authority (Article 77 GDPR): If you believe that the processing of your data violates applicable law, you can also lodge a complaint with the responsible supervisory authority. You may choose to contact either the Data Protection Authority responsible at your place of residence, your place of employment, or the location of the alleged breach, or the Data Protection Authority responsible for us. In our case, the supervisory authority responsible for data protection is the State Representative for Data Protection and Freedom of Information in Baden-Wuerttemberg (LfDI), accessible at Königstrasse 10a, 70173 Stuttgart, Tel: +49 711 615541-0, Fax: +49 711 615541-15, E-Mail: email@example.com, Website: https://www.baden-wuerttemberg.datenschutz.de
If you have any questions regarding the processing of your personal data, your rights or any consent given, our Data Protection Officer will be pleased to assist you. You can contact our Data Protection Officer under the communication channels mentioned in section 16. Please also contact our Data Protection Officer directly to exercise your data protection rights.
16. Our Data Protection Officer
We have appointed a company Data Protection Officer. Who can be reached as follows:
Mrs Stefanie Nowak
– Data Protection Officer –
Palatia Malz GmbH
Phone: +49 (6221) 6466-0
Fax: +49 (6221) 6466-99
We take technical and organizational security measures to protect your personal data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. These security measures are adapted according to the current state of the art.
Your personal data transmitted as part of the use of our Website is securely transmitted using encryption. We use the encryption protocol Transport Layer Security (TLS), which is more widely known under the predecessor name Secure Sockets Layer (SSL).
Our employees are committed to data secrecy.