MEET US AT PROWEIN 2025.
Hall 4 / Booth C10
16–18 March 2025 / Düsseldorf
The World's No. 1 / International Trade Fair for Wines and Spirits
'%3e%3cpath%20id='Pfad_142'%20data-name='Pfad%20142'%20d='M7.5,18h21'%20fill='none'%20stroke='%23ffffff'%20stroke-linecap='round'%20stroke-linejoin='round'%20stroke-width='2'/%3e%3cpath%20id='Pfad_143'%20data-name='Pfad%20143'%20d='M18,7.5,28.5,18,18,28.5'%20fill='none'%20stroke='%23ffffff'%20stroke-linecap='round'%20stroke-linejoin='round'%20stroke-width='2'/%3e%3c/g%3e%3c/svg%3e)
Datenschutz
Privacy Policy
We, Oster Weinkellerei KG, Weingartenstraße 1, 56812 Cochem (hereinafter referred to collectively as ‘the company’, ‘we’ or ‘us’), are serious about protecting your personal data and would like to take this opportunity to inform you about data protection in our company. By coming into force, the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter ‘GDPR’) has imposed additional obligations on us that relate to our responsibility under data protection law. These obligations are designed to protect your personal data when you, the user (also referred to hereinafter as ‘data subject’, ‘customer’ and ‘you’[SJ1] ), visit this website. Insofar as we, alone or jointly with others, decide on the purposes and means of processing data, this primarily includes the obligation to inform you transparently about the nature, scope, purpose, duration and legal basis of the processing (cf. Art. 13 and 14 GDPR). We have prepared this notice (hereinafter ‘privacy policy’) to tell you about how we process your personal data.
Our privacy policy has a modular structure. It consists of general section relating to any processing of personal data and any processing situations that come into play each time a website is accessed (A. ‘General information’), and a special section, the content of which only relates to the processing situation specified there under the name of the respective offer or product, in particular visiting websites as detailed here (B. ‘Data processing in connection with the use of our website’).
A. General information
(1) Definitions
Following the example of Art. 4 GDPR, this privacy policy is based on the following definitions:
– ‘Personal data’ (Art. 4(1) GDPR) means any information relating to an identified or identifiable natural person (‘data subject’). A person is identifiable if they can be identified directly or indirectly, particularly by reference to an identifier such as a name, an identification number, an online identifier, location data or information relating to their physical, physiological, genetic, mental, economic, cultural or social identity. Identifiability can also be provided by linking such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photos, videos, and audio recordings can also contain personal data).
– ‘Processing’ (Art. 4(2) GDPR) means any operation performed on personal data, whether or not by automated means (i.e. using technical specifications). In particular, this includes collecting (i.e. procuring), capturing, organising, arranging, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, matching, combining, restricting, deleting and destroying personal data, as well as altering the objectives or purposes for which the data was originally processed.
– ‘Controller’ (Art. 4(7) GDPR) means the natural person or legal entity, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data.
– ‘Third party’ (Art. 4(10) GDPR) means any natural person or legal entity, public authority, agency or body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data; this also includes other legal entities within the group.
– ‘Processor’ (Art. 4(8) GDPR) means a natural person or legal entity, public authority, agency or other body that processes personal data on behalf of the controller, particularly in accordance with the controller’s instructions (e.g. IT service provider). Under the terms of data protection law, a processor is not a third party.
– ‘Consent’ (Art. 4(11) GDPR) of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, through a statement or other clear affirmative action, signify agreement to the processing of their personal data.
(2) Name and address of the data controller
The entity responsible for processing your personal data pursuant to Art. 4(7) GDPR is: Andreas Oster Weinkellerei KG, Weingartenstraße 1, 56812 Cochem, Germany; tel.: +49 2671 6005-0; fax: +49 2671 6005-60; info@andreasoster.com.com. For further information about our company, please refer to the legal notice on our website.
(3) Legal basis for data processing
Processing of personal data is prohibited by law and otherwise only permitted when at least one of the following justifications applies:
– Art. 6(1) (a) GDPR (‘consent’): the data subject has given voluntary, informed and unambiguously expressed consent, through a statement or other clear affirmative action, to the processing of their personal data for one or more specific purposes;
– Art. 6(1) (b) GDPR: processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject before entering into a contract;
– Art. 6(1) (c) GDPR: processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to retain data);
– Art. 6(1) (f) GDPR (‘legitimate interests’): processing is necessary for safeguarding the legitimate interests (especially legal or economic) pursued by the controller or by a third party, except where such interests are overridden by the interests or rights of the data subject (in particular when the data subject is a child).
For the processing operations that we carry out, we indicate the applicable legal basis in each case below. Processing can also be based on several legal grounds.
(4) Data deletion and storage duration
For the processing operations that we carry out, we indicate how long the data is stored by us and when it is deleted or blocked. If no specific storage period is given, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. Your data will only be stored on our servers in the EU, subject to any transfer that may take place in accordance with the provisions in part A, sections 7 and 8.
However, data may be stored beyond the specified period in the event of an (impending) legal dispute with you or other legal proceedings or if storage is governed by statutory provisions to which we are subject as the controller (e.g. section 257 of the German Commercial Code (HGB); section 147 of the German Fiscal Code (AO)). If the storage period defined in the statutory provisions expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.
(5) Data security
We take appropriate technical and organisational security measures to protect your data from accidental or deliberate manipulation, partial or total loss, destruction, and unauthorised access by third parties (e.g. TS encryption for our website), taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously to reflect technological changes.
We will be happy to provide you with more detailed information on request. Please contact our data protection officer.
(6) Cooperation with processors
As with any large company, we also use external domestic and foreign service providers to process our business transactions (e.g. for IT, logistics, telecommunications, sales and marketing). Such service providers only act in accordance with our instructions and are contractually obliged to comply with data protection regulations pursuant to Art. 28 GDPR.
If your personal data is passed on by us to our subsidiaries or passed on to us by our subsidiaries (e.g. for advertising purposes), this is done on the basis of existing contractual relationships.
(7) Requirements for the transfer of personal data to countries outside the EEA
As part of our business relationships, your personal data may be passed on or disclosed to third-party companies. Such companies may also be located outside the European Economic Area (EEA). The exclusive aim of processing your data in this way is to fulfil contractual and business obligations and to maintain your business relationship with us. We will inform you at the relevant places about the respective details of this data transfer.
The European Commission issues adequacy decisions to certify that some non-EEA countries have data protection standards comparable to the EEA standard (a list of these countries and copies of the adequacy decisions can be found here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). However, in other non-EEA countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is sufficiently guaranteed. This is possible through binding company regulations, through standard European Commission contractual clauses on the protection of personal data, through certificates, and through recognised codes of conduct.
(8) No automated decision-making (including profiling)
We do not intend to use personal data collected from you for automated decision-making (including profiling).
(9) No obligation to provide personal data
We do not make the conclusion of contracts with us dependent on you providing us beforehand with personal data that is not essential for concluding said contracts.
As a customer, you are under no legal or contractual obligation to provide us with your personal data. However, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case in relation to the products that we present and offer, you will be informed of this separately.
(10) Legal obligation to transmit certain data
In certain circumstances, we may be subject to a specific legal or statutory obligation to provide the lawfully processed personal data to third parties, particularly public authorities (Art. 6(1) (c) GDPR).
(11) Your rights
You can exercise your rights as a data subject with regard to your processed personal data at any time by contacting us using the contact details provided in part A, section 2. As the data subject, you have the right:
– in accordance with Art. 15 GDPR, to request information about your data processed by us. In particular, you can request information about the purposes of processing, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing, or objection, the existence of a right of complaint, the origin of your data if this data was not collected by us, and the existence of automated decision-making including profiling and, if applicable, substantive information about its details;
– in accordance with Art. 16 GDPR, to immediately request the correction of inaccurate data or the completion of your data stored by us;
– in accordance with Art. 17 GDPR, to request the deletion of your data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for complying with a legal obligation, for reasons of public interest, or for establishing, exercising or defending legal claims;
– in accordance with Art. 18 GDPR, to request that processing of your data be restricted, insofar as the accuracy of the data is disputed by you or the processing is unlawful;
– in accordance with Art. 20 GDPR, to receive your data, which you have provided to us, in a structured, commonly used and machine-readable format, or to request that this data be transmitted to another controller (‘data portability’);
– in accordance with Art. 21 GDPR, to object to the processing of your data if the processing is based on Art. 6(1) (f) GDPR. This particularly applies if the processing is not necessary for the performance of a contract with you. Unless you are objecting to direct advertising, when exercising an objection, we ask that you explain the reasons why we should not process your data as we have done. If you provide a reasoned objection, we will examine the merits of the case and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue to process your data;
– in accordance with Art. 7(3) GDPR, to withdraw your consent, given once, at any time, if you have given such consent. As a result, we may no longer continue the data processing that was based on this consent in the future;
– in accordance with Art. 77 GDPR, to complain to a data protection supervisory authority about the processing of your personal data in our company, such as the data protection supervisory authority responsible for us: The Officer for Data Protection and Freedom of Information of the State of Rhineland-Palatinate, P.O. Box 30 40, 55020 Mainz; email: poststelle(at)datenschutz.rlp. However, you can also contact a different data protection supervisory authority, such as the data protection supervisory authority in your place of residence.
In accordance with Art. 7(3) GDPR, you have the right to withdraw your consent at any time with future effect by post or email. This does not affect the lawfulness of processing based on consent until the withdrawal of such consent. If you withdraw your consent, we will delete the personal data that was processed on the basis of your consent, provided that there is no other legal basis for processing this data.
You can withdraw your consent informally by contacting us using the details in part A, section 2 of this privacy policy.
You can also withdraw your consent by deactivating the respective data processing services directly via our consent tool. Please note that you must carry out this step on every device on which you visit our website and have given consent for the processing of your data.
(12) Changes to the privacy policy
As part of the further development of data protection law as well as technological and organisational changes, our privacy policy is regularly reviewed to determine whether it needs to be adapted or supplemented. You will be informed of any changes, in particular on our website at https://andreasoster.com. This privacy policy is valid from May 2024.
Data processing in connection with the use of our website
(1) Explanation of the function
Please refer to our website in particular (https://www.andreasoster.com), including its associated sub-pages (hereinafter referred to collectively as ‘websites’), to obtain information about our company and the services that we offer. When you visit our websites, your personal data may be processed.
(2) Use of cookies, plugins and other services on our website
We use cookies on our websites. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive via a string of characters, through which certain information flows to the entity that sets the cookie. Cookies cannot execute programmes or transmit viruses to your computer and therefore cannot cause any damage. They help to make your internet experience more user-friendly and effective overall, i.e. more pleasant for you.
Cookies may contain data that makes it possible to recognise the device used. In some cases, however, cookies only contain information on certain settings that cannot be identified to a specific person. Cookies cannot directly identify a user.[SJ7]
There is a legal distinction between technically essential cookies, which are necessary for the user to move around the website and use its features, and cookies that are not essential but can enhance the user experience, provide the operator with information on website use, and enable targeted advertising (e.g. analysis, marketing, statistics).
Any use of cookies that is technically non-essential constitutes data processing that requires your explicit and active consent in accordance with Art. 6(1) (a) GDPR. In addition, we will only share your personal data processed through cookies with third parties if you have given explicit consent in accordance with Art. 6(1) (a) GDPR.
(3) Processed personal data
a) Using the website for informative purposes
When you use the websites for informative purposes, the following categories of personal data are collected, stored and processed by us.
‘Log data’: When you visit our websites, a log data record (server log file) is stored temporarily and anonymously on our web server. This consists of:
the page from which the page was requested (referrer URL)
– the name and URL of the requested page
– the date and time of the request
– the description of the type, language and version of the web browser used
– the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established
– the amount of data transferred
– the operating system
– the message as to whether the request was successful (access status/http status code)
– the GMT time zone difference
Processing of the log data helps to improve the user-friendliness and quality of our website, and particularly the stability and security of the connection (the legal basis is Art. 6(1) (f) GDPR).
b) Social media plugins
We do not use social media plugins on our websites. If our websites contain symbols from social media providers (e.g. ), we only use these for passive linking to the pages of the respective providers.