Privacy Policy and Community Guideline

Please find below our privacy policy. You’ll find our Community Guideline for our corporate communication channels here.

§ 1 Information about the collection of personal data

(1) In the following notice, we inform you about the collection of personal data when using our website. Personal data is any data that concerns you personally, e.g. your name, address, email addresses and usage patterns.

(2) The data controller for the purposes of EU General Data Protection Regulation (GDPR) article 4(7) is STOCK SPIRITS GMBH & CO. KG, Winsbergring 14-22, 22525 Hamburg, Germany (also see our Legal Notice). You can contact our external Privacy Officer (ePrivacy GmbH represented by Prof. Dr. Christoph Bauer, Burchardstrasse 14, 20095 Hamburg, Germany) at datenschutz@borco.com.

(3) Contact form: If you have questions of any kind, we offer you the option of contacting us using a form provided on our website. To use the form, you must enter a valid email address so that we know whom the enquiry is coming from and so that we can respond to it. You may enter additional information voluntarily. When personal data is processed for the purpose of contacting us, it is done in accordance with GDPR article 6(1)(a) on the basis of the consent you have granted voluntarily. The personal data collected by us so that you can use the contact form will be deleted automatically once your enquiry has been resolved.

(4) If we make use of contracted service providers for certain functions of our offering or would like to use your data for marketing purposes, we will inform you about the respective processes in line with the details below. We will also provide the specified criteria for retention periods.

§ 2 Your rights

(1) When it comes to us and our processing of personal data relating to you, you have the following rights:

  • Right to information and access
  • Right to rectification or erasure
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability

(2) Additionally, you have the right to lodge a complaint about our processing of your personal data with a supervisory authority for data privacy. You can contact the supervisory authority with jurisdiction over your habitual residence or place of work or over our company’s registered office.

§ 3 Collection of personal data when visiting our website

(1) When using our website purely for informative purposes, i.e. when you do not register yourself or convey information to us in some other way, we only collect the personal data that your browser transfers to our server. If you would like to view our website, we collect the following data which is technologically required to display our website to you and assure its stability and security (the legal grounds for this are provided in GDPR article 6(1)(f)):

  • IP address
  • Date and time of request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Volume of data transmitted each time
  • Website from which the request is coming
  • Browser
  • Operating system and its interface
  • Browser software language and version

The storage period of the server logs is 6 months.

(2) Cookies are stored on your computer alongside the aforementioned data when you use our website. Cookies are small text files that are assigned to the browser you use and are stored on your hard drive so that the entity setting the cookie (which in this case is us) has access to certain information. Cookies are not able to run programs or transfer viruses to your computer. We use them to make our overall online offering more user-friendly and effective.

This website uses the following types of cookies, with the scope and functionality of each being explained further below:

  • Transient cookies (see a)
  • Persistent cookies (see b)

a) Transient cookies are automatically deleted when you close your browser. These cookies include session cookies. They save a session ID that can be used to match various requests from your browser to the same session. This enables us to identify your computer when you return to our website. Session cookies are deleted when you log out or close your browser.

b) Persistent cookies are automatically deleted after a prescribed length of time that varies depending on the cookie. You can delete the cookies at any time in your browser’s security settings.

c) You can configure your browser settings as you desire, for example, to have your browser accept third-party cookies or reject all cookies. Do be aware that you may not be able to use all website functions in this case.

§ 4 Data Recipients

(1) Facebook: We operate a Facebook page (so-called „Fanpage“) on Facebook, a service of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland („Meta“).

During your visit, personal data is processed not only by us but also by Meta, even if you do not have a profile on Facebook or are not logged in. While using our fan page, user data (such as contact data), content data (such as entries in forms), usage data (such as websites visited, interests in content, access times), communication data (such as device information, IP addresses), are processed. On the one hand, this is done for the purpose of informing you and for communication, for example via contact requests and feedback forms, as well as for marketing.

If you are logged in when you open our fan page, we can view the information contained in your public Facebook profile. Meta also provides us with anonymous usage statistics („page insights“). We use these to improve the user experience. However, we do not have access to the usage data that Meta uses to create the statistics.

We are jointly responsible with Meta for collecting data from visitors to our fan page and forwarding it to Meta (this includes information on the types of content viewed, interactions with content, actions taken, technical information such as IP address, operating system, browser type, language settings, cookie data). Interests can be derived from this, and user profiles can be formed, but we cannot draw any conclusions about individual users from this. Meta also uses the data to provide „page insights“, which can be used to gain knowledge about interaction with the pages and the associated content. We have therefore entered into a joint responsibility agreement with Meta regarding the processing of your data in accordance with art. 26 GDPR. The agreement with Meta also regulates which security measures Meta must observe. The data subject rights, such as information or other requests, are also to be fulfilled by Meta. You can view the  https://www.facebook.com/legal/terms/page_controller_addendumterms of this agreement with Meta here. The further processing by Meta is not our joint responsibility.

Meta also stores so-called cookies on your end device when you visit our fan page, even if you do not have a Facebook profile or are not logged in there. This enables Meta to create user profiles based on your preferences and interests and to display advertising tailored to these preferences within and outside of Facebook. Cookies remain on your end device until you delete them. The details of this can be found in Meta’s privacy policy (see below).

The data processing is carried out with your consent based on art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future via our consent management platform, which you can access Furthermore, you can revoke your consent by setting your browser accordingly or as a logged-in user of the social network Facebook at https://www.facebook.com/settings/?tab=ads#_. You can also deactivate user-based advertising via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/), via http://www.youronlinechoices.com/de/praferenzmanagement/ or the US website (http://www.aboutads.info/choices). As a logged-in Facebook user, you can make an objection and further settings in the Advertising Settings section.

It cannot be guaranteed that Meta does not transfer data to the USA for the purpose of storage and further processing. If such data transfer to the USA takes place, it is based on the standard contractual clauses of the EU Commission: https://www.facebook.com/legal/EU_data_transfer_addendum and https://facebook.com/help/566994660333381.

For more information about Page Insights and how to exercise your data protection rights, please see the „Page Insights Information„. For more detailed information on how Meta processes what personal data, including how to exercise your data subject rights against Meta, please refer to Meta’s Data Policy at https://www.facebook.com/about/privacy.

(2) Instagram: We operate an Instagram Business Account (hereinafter “Instagram”), a service of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland („Meta“) with whom we jointfully use technologies, systems, insights, and information.

During your visit, personal data is processed not only by us but also by Meta, even if you do not have a profile on Instagram or are not logged in. While visiting our Instagram profile, user data (such as contact data), content data, usage data (such as websites visited, interests in content, access times), communication data (such as device information, IP addresses) are processed. On the one hand, this is done for the purpose of informing you and for communication, for example via contact requests and feedback forms, as well as for marketing.

If you are logged in when you open our Instagram profile, we can view the information contained in your public Instagram profile. Meta also provides us with anonymous usage statistics („Insights“). We use these to improve the user experience. However, we do not have access to the usage data that Meta uses to create the statistics.

We are jointly responsible with Meta for collecting data from visitors to our Instagram page and forwarding it to Meta (this includes information on the types of content viewed, interactions with content, actions taken, technical information such as IP address, operating system, browser type, language settings, cookie data). Interests can be derived from this, and user profiles can be formed, but we cannot draw any conclusions about individual users from this. Meta also uses the data to provide „page insights“, which can be used to gain knowledge about interaction with the pages and the associated content. We have therefore entered into a joint responsibility agreement with Meta regarding the processing of your data in accordance with art. 26 GDPR. The agreement with Meta also regulates which security measures Meta must observe. The data subject rights, such as information or other requests, are also to be fulfilled by Meta. You can view the terms of this agreement with Meta . The further processing by Meta is not our joint responsibility.

Meta also stores so-called cookies on your end device when you visit our Instagram business profile, even if you do not have an Instagram profile or are not logged into it. This enables Meta to create user profiles based on your preferences and interests and to display advertising tailored to these preferences within and outside of Instagram. Cookies remain on your end device until you delete them. The details of this can be found in Meta’s privacy policy (see below).

The data processing is carried out with your consent based on art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future via our consent management platform, which you can access Furthermore, you can revoke your consent by setting your browser accordingly or as a logged-in user of the social network Instagram at the privacy and security settings

You can also deactivate user-based advertising via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/), via http://www.youronlinechoices.com/uk/your-ad-choices or the US website (http://www.aboutads.info/choices). As a logged-in Instagram user, you can make an objection and further settings in the privacy and security settings. It cannot be guaranteed that Meta does not transfer data to the USA for the purpose of storage and further processing. If such data transfer to the USA takes place, it is based on the standard contractual clauses of the EU Commission:

For more information about Page Insights, please see the „Page Insights Information„. For more detailed information on how Meta processes what personal data, including how to exercise your data subject rights against Meta, please refer to Meta’s Data Policy at https://www.facebook.com/about/privacy and https://help.instagram.com, the cookie policy at: https://help.instagram.com/1896641480634370/?helpref=uf_share

(3) LinkedIn: We operate a LinkedIn Page (“Business Services”) on LinkedIn, a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn”).

We use our company page to contact and communicate with LinkedIn members and visitors, to provide information about our company and its products and services. If you contact us, we may view the information you have posted on LinkedIn as a LinkedIn member. If you share, like or comment on our content or if you mention our company profile on LinkedIn, we can also access to this information.

When a Member visits, follows or engages with the Page, LinkedIn processes personal data to provide Page Insights to us. It enables us to improve our marketing activities.  LinkedIn will process data that was provided by the Member to LinkedIn, such as job function, country, industry, seniority, company size, and employment status data from a member’s profile. Additionally, LinkedIn will process information on how a member has interacted with our company page.

We have concluded an agreement with LinkedIn, the Page Insights Joint Controller Addendum (the “Addendum”). This agreement is incorporated into the LinkedIn Pages Terms and sets out the responsibilities of LinkedIn and us with respect to the processing of Page Insights. The Page Insights Joint Controller Addendum is available here: https://legal.linkedin.com/pages-joint-controlleraddendum.

For more information about Page Insights and how to exercise your data subject rights, please see the „Page Insights Information“. For more detailed information about how LinkedIn processes personal data, including how you can exercise your data subject rights against LinkedIn, please see LinkedIn’s privacy policy which is published here: https://www.linkedin.com/legal/privacy-policy.

(4) Xing: We operate a XING fan page on XING, a service of New Work SE, Am Strandkai 1, 20457 Hamburg, Germany (hereinafter „XING“).

We use our company page to contact and communicate with XING members and visitors, to provide information about our company and its products and services. We also present recruiting information as part of job postings. When you contact us, we can view the information you have published in your XING profile (e.g. job title, education, contact details, photo).

When you visit our profile or when you interact with our site, XING processes personal data. XING may also use tracking tools and cookies. Information about your privacy and opt-out options can be found at https://www.xing.com/settings/privacy. For more detailed information on how XING processes which personal data and how you can exercise your data subject rights vis-à-vis XING, please refer to XING’s privacy policy: https://privacy.xing.com/en/privacy-policy.

(5) Microsoft Teams: We use the Microsoft Teams service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, through which meetings and/or webinars (hereinafter „online meetings“) can be held.

We use Microsoft Teams to enable digital conferences and meetings. During an online meeting, your personal data may be processed in the form of video or audio. However, you can decide whether the camera and microphone are turned on or off during these meetings. Furthermore, it is up to you to share content or not, whereby you can cancel the sharing of content at any time. When you participate in the chat function, we process your personal data contained in the chat texts and the other participants are also aware of this content. If you dial into the online meeting by phone, we process your phone number. Your IP address is stored in log files of the servers. Borco may make a recording of the online meeting. In such a case you will be notified about the recording. After the online meeting, the recording will be stored in Microsoft Stream, and we may share the recording with other participants.

To object or to withdraw your consent please contact: datenschutz@borco.com.

For more information, please visit the provider’s privacy policy: https://privacy.microsoft.com/de-de/privacystatement

§ 5 Use of the blog function

We maintain a blog where we publish various posts on topics related to our business activities, and you may submit public comments to it. Your comment will be published with the post under the username you have provided. We recommend that you use a pseudonym instead of your real name. You are required to provide your username and email address, though all other information is provided voluntarily. When you post a comment, we also store your IP address, which we delete after one week. We are required to store your IP address so that we can defend ourselves against liability claims in the potential scenario that unlawful content is published. We require your email address so that we can contact you if a third party contends that your comment is unlawful. The legal grounds for this are provided in GDPR article 6(1)(b) and (f). Comments are not moderated prior to publication. We reserve the right to delete comments if third parties contend that they are unlawful.

§ 6 Competitions

Insofar as we offer competitions, we collect personal data from the participants, but solely for the purpose of conducting the competition. The following data is collected: Name, first name, date of birth, address and telephone number. This data is required for age verification, communication, fraud detection and, if necessary, sending the prize. The data will not be passed on to third parties unless this is necessary for the purposes of the prize draw (e.g. by trade partners such as supermarkets) or prize shipment through the involvement of transport companies. After the end of the competition, the data will be deleted again, unless there are legal retention periods.

§ 7 Applicant Management

(1) We process the data you have sent us in connection with your application in order to assess your suitability for the position in question (or other open positions in our companies, if applicable) and to carry out the application process.

(2) The legal basis for the processing of your personal data in this application procedure is primarily Section 26 of the German Federal Data Protection Act (BDSG) in the version applicable as of 25.05.2018. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible. Should the data be required for legal prosecution after the conclusion of the application process, if applicable, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests pursuant to Art. 6(1)(f) GDPR. Our interest then consists in the exercising or defense of claims.

(3) Data of applicants will be deleted after 6 months in case of rejection of the application. If you have agreed to the further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after one year. If you have been given a position during the application process, the data will be transferred from the applicant data system to our HR information system.

(4) We use a software provider for the application process (see also information on Microsoft Teams). This provider acts as a service provider for us and may also receive knowledge of your personal data in connection with the maintenance and servicing of the systems. We have concluded a so-called data processing agreement with this provider, which ensures that the data processing is carried out in a permissible manner. Your applicant data will be viewed by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department managers for the respective open position. The further procedure is then coordinated. In principle, only those persons in the company have access to your data who require this for the proper handling of our application process.

§ 8 Objection to processing of your data or withdrawal of consent

(1) If you have given consent for us to process your data, you may withdraw that consent at any time. Withdrawing your consent cancels the permission we have to process your personal data with effect from the time you withdraw your consent.

(2) Where we use overriding interests as the legal grounds for processing your personal data, you may object to the processing of your data. This is particularly the case when it is not necessary to process your personal data to carry out a contract with you, which is illustrated in the following description of each function. When exercising your right to object, we ask that you provide the reasons why you would not like us to process your personal data as we have been doing. If your objection is valid, we will assess the situation and either stop or change the processing of the data or explain to you the compelling, legitimate grounds on which we continue to process the data.

(3) Of course you may at any time object to us processing your personal data when it is for the purposes of marketing and analytics. You can inform us of your objection to advertising by contacting us using the following details: BORCO-MARKEN-IMPORT MATTHIESEN GMBH & CO. KG, Winsbergring 12-22, 22525 Hamburg, Germany, datenschutz@borco.com, also look in our Legal Notice.

§ 9 Data security

(1) When you visit our website, we use common SSL technology (Secure Sockets Layer) in connection with the highest level of encryption supported by your respective browser. This usually involves 256-bit encryption. If your browser does not support 256-bit encryption, we will instead make use of 128-bit v3 technology. You can see whether a page on our website is loaded over an encrypted connection if the key or padlock symbol on the bottom status bar of your browser is illustrated as closed.

(2) We have also implemented appropriate technological and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction and unauthorised third-party access. Our security measures are enhanced on an ongoing basis to reflect technological developments.

§ 10 Web analytics

Use of Google Analytics and Google Tag Manager 

(1) This website collects and stores data for marketing and optimisation purposes using technologies provided by Google LLC („Google“) (http://www.google.com). This data can be used to create user profiles kept under pseudonyms. Cookies may be set for this purpose. Cookies are small text files that are stored locally in the cache of the visitor’s Web browser. Cookies allow us to identify your Web browser. The data collected using Google technologies is not used to personally identify visitors of this website and is not combined with personal data related to the person behind the pseudonym if the person concerned has not given their special permission. You can at any time object to your data being collected and stored with effect for the future. Please exclude me from Google Analytics tracking.

We use Google Analytics to analyse the use of our website and so that we can regularly improve it. Using the acquired statistics, we can improve our offering and make it more appealing to you as a user. The data collected is stored on a permanent basis and analysed using pseudonyms. The legal grounds for our use of Google Analytics are provided in GDPR article 6(1)(f).

Information about the external provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; https://policies.google.com/technologies/ads. The legal grounds for our use of Google Analytics are provided in GDPR article 6(1)(f).

(2) On our website we use the Google Tag Manager of Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland.

Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool (which implements the tags) is a cookie-less domain and does not collect any personal data itself. The tool takes care of triggering other tags, which in turn may collect data. The Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it remains in place for all tracking tags implemented with Google Tag Manager. Google’s privacy policy: https://policies.google.com/privacy?hl=en

§ 11 Validity

Validity and amendments of this privacy policy This privacy policy is currently valid and was last updated in May 2018. Due to the ongoing enhancement of our website and offering for it and due to changes of legal and official specifications, it may occasionally be necessary to amend this privacy policy. You can view and print our current, applicable privacy policy at any time by navigating to https://www.borco.com/datenschutz/.

Community Guideline

As one of the largest European spirits companies, we are committed to responsible drinking and as a member company of the BSI, we support the activities of its „Alcohol and Responsibility“ working group. We undertake to act in accordance with the principles of the working group and the alcohol advertising guidelines of the ZAW e.V., the German Advertising Federation, in our sales, marketing and advertising activities in order to prevent abusive consumption. This commitment is also reflected in our commercial communication, which includes our corporate channels such as Instagram, Facebook and the BORCO blog. We are happy for our content to be shared, but this should only be done to individuals over the age of 18.

The content that is shared is for inspiration, exchange as well as information about our products and our company. We look forward to an inspiring dialogue and exciting contributions as well as comments from users. A friendly and respectful interaction is our top priority. For this reason, we ask you to observe the following rules on our platforms:

  • Hate speech, bullying or defamation have no place on our platforms and are not allowed. This includes discrimination against people based on their origin, religious affiliation, nationality, physical condition, sexual identity, gender, income or age. We reserve the right to press charges if a criminal offense is committed. Anyone who publicly insults others on social media can be punished with a custodial sentence.
  • Please keep to a friendly tone. Think of virtual conversation as a „face-to-face“ conversation and do not hide behind digital anonymity. Dialogue and discussion are important, but it should always be factual and respectful. Comments should be content-based.

Do not share content which

  • contains offensive, youth-endangering, extremist, pornographic or criminal content.
  • promotes the abusive use of alcohol and encourages alcohol consumption in certain situations where alcohol may be associated with a risk to one’s own health or a risk to third parties, including in traffic, at work, during pregnancy and breastfeeding, during sports, and when taking medication and in certain age groups (children and adolescents).
  • insults people who do not drink alcohol.
  • publishes material for which you do not own the rights. Materials protected as intellectual property must be marked as such. Always observe copyright law.
  • spreads business-damaging statements and defamatory content, as well as directly and indirectly denigrates the brand image.
  • violates the rights of third parties (in particular copyright, trademark, name and labeling rights, right to one’s own image). Do not publish any personal data worthy of protection, such as addresses, telephone numbers or e-mail addresses.
  • violates the terms of use of the social media platforms.

All users are responsible for their own content. BORCO accompanies the community editorially and is not liable for the contributions created by users. We reserve the right to remove content in case of violations and to exclude community members from our channels in the event of serious or repeated violations.