Information on Data Protection for the Gerolsteiner Website

I. General Information

This data protection declaration is designed to provide you with information on the way your data is handled while you are visiting this website. This will involve handling your personal data for the purposes described below. Personal data includes all information related to an identified or identifiable individual person (henceforth, “the person in question”). Anonymized or statistical data, which cannot be connected with you personally, or which could only be connected with you after disproportionately significant effort, are not considered personal data. This data protection declaration applies exclusively to our website. It does not include the websites of other companies to which we have provided links on this webpage.

1. Contact Information for the Party Responsible/Our Data Protection Officer

Gerolsteiner Brunnen GmbH & Co KG is responsible for data processing. If you have any further questions or suggestions with regard to data protection, we look forward to hearing from you:

Gerolsteiner Brunnen GmbH & Co KG Vulkanring

54567 Gerolstein


Tel.: + 49 (0) 6591 14-0

Data Protection Officer Dr. Gregor Scheja

2. Your Rights as the Affected Party

You have the following fundamental rights in connection with the handling of your personal data:


Asserting Your Legal Rights: To exercise all the rights detailed above, please contact:

Gerolsteiner Brunnen GmbH & Co KG Vulkanring




Right to Lodge a Complaint with the Supervisory Authority: You have the right to submit a complaint to the data protection regulatory authority: particularly that of the member state in which you have your main residence, your workplace or the place in which the alleged infringement took place, if you believe that personal data that pertain to you have been handled in an unlawful manner.

Right to Object

Individual Right to Object    

You have the right to object to the processing of your personal data subject to art. 6 para. 1 p. 1 e) German Datenschutz-Grundverordnung (German General Data Protection Regulation, DS-GVO) and art. 6 para. 1 p. 1 f) DS-GVO, at any time, for reasons relating to your personal situation. This also applies to profiling undertaken on the basis of these provisions. We will then cease to process your personal data for these purposes, unless we can show urgent, protection-worthy reasons for processing the data, which have priority over your interests, rights and freedoms or that the data processing is required in order to enforce, comply with or defend a legal claim.   

Right to Object to the Processing of Data for the Purposes of Direct Advertising

In individual cases, we process your data in order to conduct direct advertising. You have the right to lodge an objection at any time to the processing of personal data that pertain to you for the purposes of such advertising. This also applies to any profiling connected with said direct advertising. If you object to the use of your personal data for the purposes of direct advertising, your personal data will no longer be used for such purposes. 

To Exercise Your Right to Object, Contact:

Gerolsteiner Brunnen GmbH & Co KG Vulkanring

54567 Gerolstein


3. Location of the Data Processing and Recipients of Your Data

Your data are stored in our database and on our servers or on those of our data processors in Germany. Your personal data are only shared with other companies, such as our cooperation and advertising partners, if this is necessary to fulfill a contract with you, if you have agreed to this or if there is a legal requirement to do so (e.g. when ordering a subscription from Gerolsteiner WeinPlaces).

Employees of our company and of the processors who assist us in handling data for data processing (e.g. web analysis service providers) have access to your personal data to the extent necessary to enable them to fulfill the purposes detailed below.

In specific cases, we are legally obliged to submit personal data to certain authorities (e.g. requests for information from investigative bodies) or to natural or legal persons (e.g. to enforce the demands of copyright law).

You can prevent cookies from being saved by appropriately adjusting the settings of your browser software; however, we would like to remind you that, if you do so, you may not be able to fully use all of the features of this website (see above). You can also prevent the data generated by the cookie and related to your use of the website (including your IP address) from being collected by Google and this data from being processed by Google by downloading and installing the browser plug-in available via the following link 

As an alternative to the browser plug-in and for mobile end devices, you can prevent data from being collected by Google Analytics by clicking on the link below. It will use an opt-out cookie, which prevents your data from being collected in the future when you visit this website. For as long as you wish to maintain your objection, you should not delete the opt-out cookie. If this cookie is subsequently deleted by you, you must complete the deactivation procedure again.

You can find more detailed information about this at or at

4. Safety Measures to Protect the Data We Store

When we collect data, we store your data on specially protected servers. Access is restricted to a few specially authorized people, from our technical, commercial and editorial support teams. 

In order to avoid the loss or misuse of data stored by Gerolsteiner, we implement wide-ranging technical and operational safety precautions. These are subject to regular review and are adapted to the latest technological advances.

We use every technological and organizational means to process your personal data such that it is inaccessible to third parties. If you need to communicate confidential information, we recommend using our encrypted contact form or the mail service. If you contact us by, for example, email or messenger or through social media, we cannot guarantee complete data security.  

We would, however, like to point out that the way the internet is structured means that other people, companies or institutions, outside our sphere of responsibility, may not comply with the rules governing data protection or follow the safety measures detailed above. Our online offerings include links to other websites. We have no influence over whether or not those providers take appropriate safety measures. In addition, the user is responsible for protecting the data he or she provides against misuse, through encryption or other methods.  

5. Links to Other Websites

Our website contains so-called hyperlinks to the websites of other suppliers. Clicking on these links will take you directly from our website to the other suppliers’ websites. You can notice this by, among other things, the change to the URL.

6. Changes to these Data Protection Guidelines

We reserve the right to change these data protection guidelines to reflect changes in the law or to our internal company procedures. We therefore request that you review these data protection guidelines every time you view this website.

II. Concrete Data Processing

In the following section, we will explain which personal data we collect in connection with your visit to our website and the purposes for which we use such data.

You can take advantage of a large part of our online offerings without revealing your identity. However, if you wish to register for one of our personalized services (e.g. in order to place an order with one of our online shops), receive a message (e.g. using our contact form) or would like us to publish personalized information about you on our websites (e.g. your image, your events at WeinPlaces, your comments on blogs), we will need to process your personalized data in order to provide those services. You are free to decide whether you wish to provide such data. However, without that information, we will not be able to provide the desired service. You will find specific information about the exact procedures and, if appropriate, the necessary permissions at the relevant input sites and can freely decide whether to grant those permissions.

1. Log Files

When you call up our website, the following data are stored in a log file: the URL of the requested website and of the website requesting the data; the visitor’s stored cookies for the requested domain, the access status (file transferred, file not found, etc.); the date and time of the retrieval; the quantity of data transmitted during the connection, browser type and version used; the language used; the name and IP address of the internet service provider. Your IP address is anonymized and stored in a shortened form, without the final octet. We cannot make our website available to you, unless these data have been provided.

We process these data in order to detect and eliminate malfunctions. The log files are deleted immediately after the end of the session, unless they are to be evaluated in an anonymized form

2. Finalizing a Contract at the Online Shop

When you purchase a product from our website, we process your personalized data from the order form, in order to process your order and finalize a contract with you. We cannot finalize a contract with you unless you provide the requested data.

3. Newsletter

You can also register to receive one of our newsletters, on our website or in connection with a specific campaign. For this purpose, Gerolsteiner will use your name and email address, to send you the newsletter. Our newsletters contain interesting information about Gerolsteiner’s products, offers and campaigns as well as guidelines for healthy nutrition, relaxation and exercise. You can find out more by ordering the relevant newsletter. Your data are transmitted to us in encrypted form. Once you have placed your order, we will send an email to the email address you have provided, requesting you to confirm your email address. Only after you have clicked on the confirmation link included in that email will we send you a copy of our newsletter. You can cancel your newsletter subscription at any time with future effect, by using the unsubscribe button included in every newsletter or sending an email to

4. Contact Form

You can also send us a message using our contact form. We will process your data in order to process your request and for internal purposes, e.g. the management and improvement of our business procedures, economic analysis, the further development of services and products. Your contact request will be stored in our client databank for such purposes and deleted at the expiration of the legal retention period, in accordance with data protection regulations.

5. Competitions

If you take part in one of our competitions, you can find information on how your data will be handled detailed in the conditions of entry. 

6. Embedding External Content

On our website, we integrate content from third party providers. To facilitate this, your browser may, under certain conditions, establish a connection with the third party provider’s servers and share personalized data with these servers. The following section will provide information about integrated content and the resulting data processing:

a.       Video Content from YouTube

We have integrated You Tube videos into our online offerings. These are stored at and can be played directly from our website. YouTube is a video platform provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

As soon as you play one of the YouTube videos on our website, YouTube receives the information that you have called up the corresponding subpage of our website. The following data are then shared with YouTube: IP address, URL of the site visited, HTTP header information (e.g. the browser used, the operating system used, the resolution and the language selected); also, if applicable, available links. This takes place irrespective of whether YouTube has provided a user account through which you have logged in or whether any such user account exists. If you are logged in to Google, your data are directly associated with your account. If you do not wish the data to be associated with your YouTube profile, you should log out before pressing the button.    

You can find more information on the purpose and extent of YouTube’s data collection and processing in their data protection guidelines. These also provide further information on your rights and on configuration options to protect your privacy: Google also processes your personalized data in the US and is subject to the EU/US Privacy Shield:

b.       Map Content from GoogleMaps

This website uses Google Maps on some of its subpages, to present interactive maps and to generate directions. Google Maps is a mapping service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. The use of Google Maps allows information about the use of this website, including your IP address and the (starting point) address entered while using the route planning function to be shared with Google in the US.

When you call up a page from one of our websites, which contains Google Maps, your browser establishes a direct connection with Google’s servers. Google shares the content of the map directly with your browser and from there it is integrated into the website. We therefore have no influence on the extent of the data Google collects in this way.

If you do not wish Google to be able to collect, process or use data about you from your internet visit, you can disable Java Script in your browser settings. However, this means that you will not be able to use the map display feature.

For more about the purpose and extent of Google’s data collection and further processing and use of such data, as well as your related rights and configuration options to protect your privacy, please consult Google’s data protection guidelines:

c.       The Use of Social Plugins

This website uses so-called “social plugins” from the following social networks (henceforth, “social plugin providers”):

Facebook, Twitter and Pinterest

The plugins allow us to offer you the option of interacting with social networks and other users, which helps us to improve our offerings and enhance their appeal to you as a user.   

The three buttons allow you to share content on the respective social networks and make it easy for you to recommend our pages to your friends on the social platforms you use. However, we decided not to directly integrate these buttons into the pages themselves, but to first enable the individual social networks per mouse click. This is because integrating active buttons automatically shares information with the providers of the respective platforms. This would theoretically allow those providers to set up surfing profiles, at least of users registered with their respective platforms. Our disabled buttons cannot establish contact with the networks.

The buttons are only enabled once you have enabled this function and therefore permitted data to be shared. If you have made the appropriate selection, this activation will remain in force every time you visit our websites. However, you can disable the buttons again at any time, by clicking “Cancel.”

Once the buttons have been enabled, you can share your recommendation by clicking on the corresponding button for the social plugin provider of your choice. If you have not logged in with the corresponding social plugin provider, you will be prompted to log in, in a new window, and will then be able to post your recommendation. If you have already logged in, you can post your recommendation without opening another window. In Twitter, a popup window will first appear, in which you can edit the text of your tweet.

As soon as you have clicked on the buttons, your browser will use the social plugins to establish a direct connection with the servers of the respective social plugin providers. The social plugin provider will share the content of the chosen plugin directly with your browser, which will integrate it into the website you are visiting. We have no influence over the scope of the data collected by the chosen social plugin provider during this process. The administrators of the chosen social network will receive the information that you have called up the corresponding page on our website. If you are logged in to one of the social networks at the time, the administrator can assign the corresponding site visit to your account with the chosen social network. If you interact with the social plugin further: e.g. click the “like” button or post a comment, the corresponding information is shared with the social network in question. Even if you are not a member of one of the social networks mentioned, they may be able to learn and store your IP address via the social plugin.

The plugin providers save the information they have collected about you as a usage profile, which they use for advertising, market research and/or needs-oriented website design purposes. This type of evaluation (which is also undertaken with non-logged in users) is often used to display consumer-oriented advertising and to inform other users of the social network of your activities on our website.  

For more details on the purpose and scope of the processing, collection and use of data on the part of the social plugin providers and your corresponding rights and configuration options, please consult the following data protection guidelines:




If you do not want social networks to collect data about you via our website and connect it with your corresponding membership data (to build a so-called usage profile) do not click on the buttons (as described above). You can also block the social plugins with the help of add-ons for your browser, such as the Facebook plugin with the “Facebook Blocker.”

In addition, you have the right to object to the creation of usage profiles. To exercise this right, you will need to contact the respective plugin Providers.

7. Cookies

In some cases, we and our advertising partners may save co-called cookies during your visit to our website. Cookies are small text data units, containing information which allows us to recognize return visitors to a website. Cookies are stored on your terminal and do not cause any damage. They provide, for example, information about a website visit and the number of users. These “snippets of information” are needed for some of our webpage functions, to ensure that everything functions in the way you, the user, would expect. 

Web browsers usually accept cookies automatically. However, you can choose to disable cookies at any time, using your browser settings. You can find out how to change your browser settings by following the step-by-step instructions outlined by the Consumer Advice Centre here. Preventing the use of cookies can limit our internet offerings – and those of most other websites. You can find out more about the different types of cookies and about preventing the placement of cookies in the following sections.

a. Gerolsteiner Cookies (“First Party Cookies”)

Most of the cookies we use are so-called “session cookies.” They are automatically deleted at the end of your browser session.

We also use long-term cookies, which are mostly used to provide you, the visitor to our website, with long-term, recurring settings. 

b. Third Party Cookies

Our website also uses cookies from other providers. These providers collect the following categories of data when you visit our website: Cookie ID, anonymized IP address; website visited; product or product category viewed; date and time of the website view.

These cookies are used for interest-based marketing (so-called targeting cookies) and to optimize our website (so-called tracking cookies). Usage-based online advertising, also known as targeting, allows advertising companies to identify the user when supplying advertising and to allocate him/her to a target group. This information allows them to show the user more relevant advertising on the websites he or she visits, advertising tailored to his or her assumed preferences and therefore of greater interest to him/her. Usage-based advertising takes place in three steps: data capture using so-called tracking pixels or cookies; the storage and processing of log file information; and the final use of that information for retargeting or lookalike retargeting. In the following section, we will explain these steps in more detail.

Saving log file information in the cookie data: In order to capture your usage data, one of our advertising partner’s cookies will be saved on your terminal when you visit our website. This does not permit personal identification of you as an individual but our cooperation partners can read out and use it to place, optimize and assess online advertising. These cookies capture information such as a unique visitor ID and a Unix time stamp with the start and end of the current session, surfing behavior, subpages of the internet offerings visited and advertising banners that were clicked on. The stored visitor ID allows them to capture usage behavior. All data is stored using a pseudonym, such that it not easily possible to draw conclusions about you as an individual or make a personal identification.   

Use of cookie information for retargeting and lookalike retargeting: The cookie with the corresponding information permits recognition of the user’s browser and a corresponding so-called retargeting on external websites. The websites of partners of our cooperation partner’s advertising networks can then place advertisements for our products, which can be displayed to you. They will then capture information on visits to those websites which display our advertising, e.g. how often an advertisement was viewed, and share that information with us. Then statistical twins of the original cookie profile can be identified and targeted, on the basis of the cumulative cookie information. This is called lookalike retargeting.  

In the descriptions of the cookies of other providers which follow you will always find a link, which allows you to withhold permission, in which case the provider will place an opt out cookie on your terminal, which prevents further data from being captured. If you want to retain your right to withhold permission, do not delete the opt out cookie. Should you subsequently delete this cookie, you will have to repeat the deactivation procedure.   

aa. Use of etracker

Our website uses technology provided by etracker GmbH (Erste Brunnenstraße 120459 Hamburg, to collect and store data for marketing and optimization purposes. The etracker GmbH servers are located in Hamburg. These data allow us to create pseudonymous usage profiles. Cookies are placed for this purpose. The data collected using etracker technology are not used to personally identify visitors to our website, unless the party concerned has given their separate permission, and are not amalgamated with the pseudonymous user’s personal data.

You can deny permission for this data collection and storage at any time, with future effect, by visiting the following link: etracker will then place onto your terminal an opt out cookie which will prevent further data capture. Do not delete the cookie if you wish to deny permission for data to be stored. Should you delete the cookie, you will need to repeat the deactivation procedure.

bb. Use of Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA: “Google”). Google Analytics uses cookies. The information on your use of this website, generated by the cookie, is usually transferred to a Google server in the US, where it is saved. You should note that IP anonymization has been enabled on this website, i.e. Google will first shorten your IP address, if you are in a European Union member state or in a member state covered by the agreements governing the European Economic Area.  In exceptional cases only, the full IP address will be transferred to a Google server in the US and shortened there. On behalf of the administrator of this website, Google will use this information to evaluate your use of the website, compile reports on website activities and provide the website administrator with other services connected with website usage and internet usage. The IP address shared from your browser in connection with Google Analytics will not be amalgamated with other Google data.

If you do not wish to be shown interest-based advertising, you can disable Google’s use of cookies for these purposes by visiting the site or by clicking on the following link and downloading and installing the plugin provided: .

Users can also disable the use of cookies by third party providers, by visiting the advertising network initiative’s deactivation site  (available in English only) and following the detailed information provided there.

Please note that Google have their own data protection guidelines, which are independent of ours. For more information on the purpose and scope of Google’s data capture and subsequent processing and use of the data, as well as on configuration options to protect your privacy, please see Google’s data protection guidelines:

Activate Google Analytics Opt-out

cc. Use of Google AdWords Remarketing

We use AdWords remarketing, i.e. “similar target groups” technology, provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“). This function allows us to display targeted product recommendations and interest-based advertising to users of this website and other users with similar interests when they visit other websites within the Google display network or conduct a Google search. If you later visit another website within the Google display network, you will be shown advertisements which have a high probability of including similar product and information types to those recently viewed. If our advertisements are displayed on those websites, we will receive information about the website visit, e.g. how often our advertisement was viewed, how many clicks and visits a particular advertisement generated and what content was called up, following a click on an advertisement on our website. In order to analyze website usage, which forms the basis for the creation of interest-specific advertisements, Google places cookies while you visit a website within the Google display network or consult a specific Google service. These cookies contain information about your latest visit or about your browser settings, such as your language settings. The cookies are used to capture visits to the website, using the unique identification of a web browser on a specific computer, and not to identify an individual person. All data is stored under a pseudonym, so it would not be easy to trace an individual user or establish a personal identification.

The information about your use of this website generated by the cookie (including your IP address) is transferred to a Google server in the US, where it is stored. Google then shortens the IP address, removing the last three figures, such that a clear attribution of the IP address is no longer possible. Google is subject to the data protection regulations outlined in the EU/US Privacy Shield agreement and is registered with them. Google will use this information to evaluate your use of the website, compile reports on website activities for the website administrators and provide additional services connected with website usage and internet usage. Google may also share this information with third parties, if this is legally mandated or if third parties are processing this information on Google’s behalf. Third party providers, including Google, place advertisements on websites on the internet. Third party providers, including Google, used stored cookies to place advertisements on the basis of a user’s previous visits to this website. Under no circumstances will Google amalgamate your IP address with other Google data.

Please note that Google have their own data protection guidelines, which are independent of ours. For more information on the purpose and scope of Google’s data capture and subsequent processing and use of the data, as well as on configuration options to protect your privacy, please see Google’s data protection guidelines: You can find more detailed information on Google remarketing i.e. “similar target groups” at and

dd. Google Conversion Tracking

We also use Google Conversion Tracking, a analysis service provided by Google Inc.  (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. “Google”). This involves Google AdWords placing a cookie (“conversion cookie”) on your terminal, if you have been redirected to our website from a Google advertisement. These cookies expire after 30 days and are not used for personal identification. If you visit some of our webpages before the cookie has expired, we and Google can see that someone has clicked on the advertisement and been redirected to our webpage. Each AdWords client receives an individual cookie. Cookies cannot therefore be traced through the websites of AdWords’ clients. The information collected with the help of the conversion cookie is used to compile conversion statistics for AdWords clients who have opted for conversion tracking. The AdWords clients discover the total number of users who have clicked on their advertisement and been redirected to a webpage equipped with the conversion tracking tag. However, they do not receive any information which would allow them to personally identify users. If you do not wish to be part of a tracking procedure, you can block the necessary placement of cookies – through, for example, browser settings which automatically block the placement of all cookies. You can also disable conversion tracking cookies by configuring your browser to block cookies from the domain “”

If you do not wish to be shown interest-based advertising, you can disable Google’s use of cookies for these purposes by visiting the site or clicking on the following link and downloading and installing the plugin provided:

Users can also disable the use of cookies by third party providers by visiting the advertising network initiative’s deactivation site (only available in English) and following the detailed information provided there.

Please note that Google have their own data protection guidelines, which are independent of ours. For more information on the purpose and scope of Google’s data capture and subsequent processing and use of the data, as well as on configuration options to protect your privacy, please see Google’s data protection guidelines:

8. Pixels and other similar technology

a.       Tracking Pixels

Usage-based online advertising (see above) can also be facilitated through the use of tracking pixels.

Tracking pixels are small graphics on websites which permit log data capture and analysis, which can be used for statistical evaluation. When the user visits the website, the tracking pixels inscribe information onto the cookie data on the user’s browser (for more details, see “Third Party Cookies,” above).

b.       Use of Facebook Website Custom Audiences

Our website integrates the Website Custom Audiences Pixel provided by Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025. If you visit our website, with the integrated pixel, and then log on to Facebook, your Facebook account will be associated with the information that you have previously visited our website. If your Facebook account also fulfills certain previously defined parameters (e.g. age, sex, region) and therefore forms part of a specific target group (a so-called ‘audience’) of Gerolsteiner’s, Facebook can display interested-based Gerolsteiner advertising specifically tailored to that target group. We do not, however, receive any information about data stored in your Facebook account, in the process.

If you do not wish to be shown any more interest-based advertising within Facebook, you can change your Facebook account settings accordingly. Please follow the instructions provided in this link: .

For more information on the purpose and scope of Facebook’s data capture and subsequent processing and use of the data by Facebook, as well as on configuration options to protect your privacy, please see Facebook’s data protection guidelines which can be found at and

c.       Use of Adobe Typekit

We use web fonts provide by Typekit, a service provided by Adobe Systems Incorporated, 345 Park Ave, San Jose, CA 95110, USA. If you have enabled JavaScript, your browser will download font files from Adobe Typekit’s servers and the provider will be able to capture data about you. These could include, for example, your IP address, the date, time and webpages viewed. Under certain circumstances, data may be shared with servers outside the EU. We have no influence over the scope of the data captured by Adobe Typekit in this manner. For more information on Adobe’s data protection policies, please consult:

d.       Use of the GeoLite2 Database for Geolocation

This website uses the GeoLite2 database, provided by MaxMind Inc., 14 Spring Street, 3rd Floor, Waltham, MA 02451, USA. The GeoLite2 database assigns approximate location/geolocation data to IP addresses, on the basis of the country from which the IP address originates. In order to improve Gerolsteiner location search results, provide you with more relevant information and specific preset website configurations (e.g. language settings) tailored to you which can make your site-visit pleasanter, the GeoLite2 database hosted by Gerolsteiner ( communicates your country of origin, together with your IP address. This does not involve storing any personal data or sharing such data with third parties.

For more information, visit: You can access the relevant data protection information here: .

9. Additional Information on Gerolsteiner’s Facebook Presence (e.g. Fan Page, Facebook App)

If you interact with our Gerolsteiner Facebook presence, e.g. post a message on our Facebook wall, ‘like’ us, send us a message through Facebook or take part in our campaigns or competitions, we will collect the personal data you voluntarily share with us. We process this data for the sole purpose for which you have provided it (e.g. in order to answer your query or to implement or facilitate a campaign or competition). For further information, consult the conditions of entry for the specific campaign or competition.

In connection with Gerolsteiner’s Facebook presence, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA also captures and processes personal data which you have voluntarily provided. We have no influence over the scope of the data captured and processed by Facebook. For more details on the purposes and scope of Facebook’s data capture, processing and usage and your associated rights and configuration options, please consult Facebook’s data protection guidelines: and

Last updated: May 2018