Information on data protection

Privacy policy – last updated: April 2019

We take the protection of your data very seriously and operate this website in accordance with the applicable legal provisions on data protection including the provisions of the EU General Data Protection Regulation (hereinafter: GDPR). Below, we inform you about the nature and extent of the processing of your personal data, as well as the rights you are entitled to.

1. Contact details

Responsible as data controller within the meaning of the General Data Protection Regulation (hereinafter: GDPR):

Brauereigasthof Rothaus GmbH
Managing directors: Marcus Reichl and Andreas Ihle
Rothaus 2
79865 Grafenhausen

Phone: +49 (0)7748 522-9600
Fax: +49 (0)7748 522-9699

The data protection officer of the person responsible is:

Dr. rer. nat. Rainer Harwardt


2. Data processed when visiting our website

When you visit our website, the browser you use on your terminal device automatically sends information to our website's server. This information is retained temporarily in a so-called log file. The following information is collected and retained until automatically deleted:

  • IP address of the requesting computer
  • date and time of the request
  • name and URL of the retrieved file
  • website from which the request emanates (referrer URL)
  • the browser used and, if applicable, the operating system of your internet-enabled computer

The legitimacy of our data processing is based on Article 6(1)(f) GDPR. We do not use the collected data to draw conclusions about you as an individual. Our legitimate interest derives from the following purposes:

  • to ensure a smooth connection setup of our website
  • to ensure and improve the user-friendly application of our websiter
  • to guarantee system security and  stability
  • to avert danger/prosecute in the event of a cyber attack.

We also use cookies when you visit our website. You will find more detailed explanations in the Cookies section below.

3. Data security

We also apply appropriate technical and organisational security measures to safeguard your data against accidental or unlawful destruction, disclosure, access or against manipulation or loss, as well as against other misuse.

For your security, your data is encrypted using an SSL (Secure Socket Layer) website certificate. The 256 bit encryption certificate we use is usually supported by modern browsers without problem. You can recognise a secure SSL connection by the “s” attached to the http (i.e. http://......) in the address bar of your browser or by the closed padlock symbol in the bottom status bar of your browser.

Please bear in mind that when using the Internet that security depends on various circumstances and cannot be completely guaranteed at all times.

4. Data erasure and retention period

Data that we retain will be blocked for further use upon loss of the corresponding authorisation, in particular after the purpose of retention ceases to apply, and erased after the statutory tax and commercial retention periods have elapsed, unless you have expressly consented to the further use of your data or determined otherwise by contractual agreement.

Data that you enter as part of an application process is retained for a maximum of 6 months.

5. Children and teenagers

Our services are generally intended for adults. Persons under 18 years old should not transmit any personal information to us without the consent of their parents or legal guardians.

6. Third-party website

We have no control over the current content of third-party websites linked via this website or their business practices. We are not responsible for the privacy practices or the content of these websites.

7. Disclosure of data

We do not disclose personal data to third parties without cause.

Possible reasons for disclosing your personal data to third parties could be:

  • you have given your express consent in accordance with Article 6(1)(a) GDPR
  • disclosure pursuant to Article 6 (1)(f) GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data
  • that there is a legal obligation to pass on the data pursuant to Article 6(1)(c) GDPR, and
  • it is legally permissible and necessary for the execution of contractual relationships with you pursuant to Article 6(1)(b) GDPR

8. Categories of recipients/external service providers

We also outsource various services to external service providers (hereinafter: recipients), whom we carefully select and review. The categories of recipients are listed below:

As data controller, we forward various personal data to our processors within the context of order data processing. We have ensured the security of your data by concluding order data processing agreements.

Our processors can be divided into the following categories:

  • provision of services: this includes but is not limited to the web hosting and programming of this website, newsletter dispatch, payment service provider
  • operation of services: maintenance and servicing of hardware and software

We only disclose data to the authorities and third parties in accordance with statutory provisions or a court order. Information can be given to authorities on the basis of a statutory regulation in order to avert danger or for purposes of criminal prosecution. Third parties will only receive information if this is required by law.

9. Data processing by explicit contact

On our website, we provide various possibilities for you to get in touch with us and send us news. You can contact us by e-mail, telephone or by using the contact form provided. If you contact us, the data you provide (your e-mail address, your name, and your telephone number if applicable) will be retained by us and processed in order to answer your questions. Article 6(1)(b) and (f) GDPR constitute the legal basis of our data processing. Our legitimate interests lie in the efficient and structured collecting and processing of customer enquiries. We delete the relevant data after retention is no longer necessary, or restrict the processing if statutory retention obligations exist.

10. Data processing when using the contact form

If you have any questions, you can contact us via a form provided on the website. We require a valid e-mail address so that we know who sent the request and are able to answer it. In addition, we collect additional mandatory information in order to simplify communication with you and avoid queries. The mandatory fields are marked in bold or with an asterisk (*). Further information can be provided voluntarily.

Data processing for the purpose of establishing contact with us is carried out in accordance with Article 6(1)(a) GDPR on the basis of your voluntary consent.

11. Data processing when using our booking forms

When you make a booking or send an enquiry, the process requires that you provide the personal information we need to process your request. Required mandatory information is indicated in bold or with an asterisk (*). Further information can be provided voluntarily. We use the data you provide only for the purpose of processing your enquiry or booking.

Data processing for the purpose of a booking or enquiry with us is carried out in accordance with Article 6(1)(a) GDPR on the basis of your voluntary consent.

12. Data processing for advertising purposes

Data processing for advertising purposes generally constitutes a legitimate interest pursuant to Article 6(1)(f) GDPR.

Furthermore, the data processing takes place under the conditions of Article 7(3) of the Act against Unfair Competition.

If you are registered or listed as a customer with us, we process your contact data and inform you about products and services as well as relevant news irrespective of a newsletter subscription.

You are entitled at any time and free of charge to object to data processing for advertising purposes separately for the respective communication channel with effect for the future. As a result of your objection, the contact address in question for the respective communication channel will be blocked for further data processing for advertising purposes. You can lodge an objection by e-mail or by post to the contact details provided.

13. Data processing in e-mail campaigns/newsletters

We only send e-mail campaigns (e.g. newsletters) with the consent of the recipient in accordance with Article 6(1)(a) GDPR. The data entered during registration for the information service is used solely for this purpose. After registering, you will receive information about new or interesting products or services, competitions and events via various e-mail campaigns. We do this to pursue our own advertising and information purposes.

Subscribing to the newsletter is done using the double opt-in procedure. Once you have entered your e-mail address and registered, you will receive an e-mail asking you to confirm your subscription. This prevents anyone from registering with an e-mail address that is not their own. We log the receipt of the registration for the newsletter by storing the IP address of the calling computer as well as the date and time of registration.

The data is used exclusively for the dispatch of the newsletter dispatch and is not passed on to third parties.

You can revoke your consent to receiving e-mail campaigns at any time for the respective e-mail campaign. The link to unsubscribe can be found at the end of each e-mail.

You can also unsubscribe online at any time using the unsubscribe form at

14. Cookies

We use cookies on our website. These are small files which your browser automatically creates and which are saved on your terminal device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not harm your terminal device and contain no viruses, trojans, or other malware.

Information is stored in the cookie which, in each case, results from the connection with the specific terminal device used. This does not mean, however, that we are immediately aware of your identity.

The data processed by cookies is necessary for the purposes mentioned to safeguard our legitimate interests pursuant to Article 6(1)(f) GDPR.

Most browses accept cookies automatically. However, you can configure your browser so that no cookies are saved on your computer or so that a prompt always appears before a new cookie is created. Disabling cookies completely, however, may mean that you are unable to use all the functions of our website.

The length of time cookies are stored depends on their purpose and is not the same for all.

We use the following types of cookies:

Session cookies
The use of cookies only serves to make the use of our services more pleasant for you. We use so-called session cookies to recognise that you have already visited individual pages of our website. These cookies are automatically deleted when you leave our website.

Temporary cookies
To optimise user-friendliness, we also use temporary cookies, which are stored on your terminal device for a specified period of time. If you visit our website again to use our services, the system automatically recognises that you have been here before, and which entries and settings you made, so that you do not have to enter them again..

15. Analysis and tracking tools

– We do not use any analysis or tracking tools on our website. –

16. Social media plug-ins and tools

Our website uses social media plug-ins in accordance with Article 6(1)(a) and (f) GDPR, to make us better known or to offer you an additional beneft. The advertising purposes of these represent a legitimate interest to us. Responsibility for operation in compliance with data protection law is to be ensured by each provider.

Google Maps
This website uses the map service Google Maps via API. This service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

In order to use the functions of Google Maps storage of your IP address is required. This information will usually be transferred to and stored on a server in the USA. The provider of this website has no influence on this data transmission.

We use Google Maps to provide an attractive presentation of our online services and to make it easy to find the places we have indicated on the website.

For further information on how user data is handled, please see Google's Privacy Policy:

17. Your rights

Right to information and access
You may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the origin of your data, insofar as it was not collected directly from you.

Right to rectification
You may request the correction of inaccurate data or the completion of accurate data.

Right to erasure
You can request erasure of your personal data if one of the following reasons applies and if processing is not necessary:

  • The personal data is no longer needed for the purposes for which it was collected or otherwise processed.
  • You revoke your consent on which the processing was based, and there is no other legal basis for the processing.
  • You lodge an objection to the processing in accordance with Article 21(1) GDPR, and there are no overriding legitimate reasons for the processing, or you lodge an objection to the processing in accordance with Article 21(2) GDPR.
  • The personal data has been unlawfully processed.
  • Erasure of the personal data is necessary in order to fulfil a legal obligation under EU law or the law of the Member States to which we are subject.
  • The personal data was collected in relation to information society services offered pursuant to Article 8(1) GDPR.

Right to data portability
You have the right to receive the personal data which you have given to us, in a structured, commonly used and machine-readable format or you may request that the data provided by you be transferred to another data controller.

Right to complain
To do this, you can contact the supervisory authority in the Member State of your usual residence or the supervisory authority responsible for us.

Right to restriction
You may exercise your right to object to the processing of personal data if the accuracy of the personal data is contested, the processing is unlawful and the data subject refuses to erase the personal data and instead requests that the use of the personal data be restricted, the controller no longer needs the personal data for the purposes of the processing but the data subject needs it to exercise or defend legal claims, or the data subject has lodged an objection to the processing in accordance with Article 21 GDPR, as long as it has not yet been established whether the legitimate reasons of the data controller outweigh those of the data subject.

Right of objection
The general right of objection applies to all processing purposes described here which are processed on the legal basis of Article 6(1)(f) GDPR. Unlike data processing, which is described under the heading “Data processing for advertising purposes”, we are only obliged to implement the objection if you state reasons of overriding importance which result from a particular situation.

18. Validity and amendment of this privacy policy

This privacy policy is currently valid and was last revised in April 2019.

As a result of the further development of our website and the products and services we offer, or due to changes in legal or official requirements, it may be necessary to change this privacy policy. You can view and print out the current privacy policy on the website at policy at any time.