top of page

Privacy Policy

At Vestens Mikrobryggeri (“we”, “us”, “our”), we place a high priority on protecting your personal data. This privacy policy describes how we collect, process, store and protect your personal data when you visit www.vestensmikrobryggeri.dk and/or purchase soft drinks (with and without alcohol) from us – including when you verify your age via MitID when purchasing alcoholic beverages.

​

1) About us (data controller)

​

Company name: Vestens Mikrobryggeri
Contact person: Karsten Larsen, Owner & Brewmaster
Address: Vr. Kærupvej 37, 6851 Janderup, Denmark
CVR number: 26368030
Email: kl@vestensmikrobryggeri.dk
Phone: +45 31 12 28 11
Website: www.vestensmikrobryggeri.dk

 

We are the data controller for the processing of your personal data and we ensure that the processing complies with applicable data protection rules, including the EU General Data Protection Regulation (GDPR) and relevant national legislation.

​

2) What information do we collect?

​

We only collect information that is necessary to operate our webshop, handle purchases and delivery, provide customer service, comply with legal requirements and (where relevant) marketing – where permitted and/or based on consent.

​

A) Information you provide to us

​

When purchasing and contacting customer service

​

  • Name

  • Email address

  • Phone number

  • Delivery address and any billing address

  • Order information (items, quantities, prices, discounts, time)

  • Communication with customer service (e.g., emails)

 

Account (if you create one on the website)

​

  • Login details (typically email and password)

  • Order history and preferences (if you save them)

​

B) Payment information (Stripe)

​

As a rule, we do not receive your full card details. Payment is completed via Stripe, which processes card details in a secure payment flow.

​

We may receive/access information such as:

​

  • Payment status (approved/declined)

  • Transaction ID/receipt details

  • Partially masked payment information (e.g., card type)

  • Amount, currency and time

 

C) Age verification when purchasing alcohol (MitID via verifyid.dk)

​

When you purchase alcoholic beverages from us, you must verify your age so we can document that you are at least 18 years old. Age verification is carried out via an external partner integration from verifyid.dk.

In connection with age verification, we typically process:

​

  • Confirmation that the age requirement (18+) is met

  • Time of verification

  • A technical reference ID/log for documentation, operations and troubleshooting

 

We strive for data minimisation and only process what is necessary to carry out and document the age check. If the solution technically entails processing additional identity data, we limit the processing to what is necessary and only store it if required for documentation.

​

If age verification is not completed or not approved, we cannot complete purchases of alcoholic products.

​

D) Information we collect automatically

​

When you use the website, we may collect:

​

  • IP address (often shortened/anonymised where possible)

  • Device and browser information

  • Usage data (e.g., which pages you visit, clicks, time on page)

  • Cookies/technologies for functionality, statistics and (if you consent) marketing

 

See also our cookie information, where you can change your choices.

​

3) Purposes and legal basis for processing

​

We process your personal data for the following purposes:

​

A) To complete purchases, delivery and customer administration

​

Purpose

  • Create and manage orders

  • Delivery, returns, complaints and refunds

  • Customer service and communication

  • Administration of any account

 

Legal basis

  • GDPR Article 6(1)(b) (performance of a contract)

 

B) To comply with legislation and documentation requirements

​

Purpose

  • Bookkeeping, accounting and documentation

  • Handling of regulatory requirements and enquiries

 

Legal basis

  • GDPR Article 6(1)(c) (legal obligation)

 

C) Age verification when purchasing alcohol

​

Purpose

  • Ensure alcohol is only sold to persons over 18

  • Documentation that the age requirement is met

  • Prevention of misuse and circumvention

 

Legal basis

  • GDPR Article 6(1)(c) (legal obligation) and/or Article 6(1)(f) (legitimate interest in ensuring lawful trade)

 

D) Operation, security and improvement of the website

​

Purpose

  • Operations, troubleshooting, security and performance

  • Statistics and improvement of user experience

 

Legal basis

  • GDPR Article 6(1)(f) (legitimate interest) and/or consent, if required via cookie choices

 

E) Marketing

​

Purpose

  • Newsletter and campaigns where you have signed up or given consent (if required)

 

Legal basis

  • GDPR Article 6(1)(a) (consent) and/or Article 6(1)(f) (legitimate interest), depending on the type of marketing and applicable rules

 

You can always unsubscribe via the link in the newsletter or contact us.

 

4) Systems and processors

​

We use the following key suppliers to operate and complete purchases:

​

  • Webshop and hosting: Wix (website and webshop functionality, hosting, operations and security)

  • Payments: Stripe (payment gateway and payment flow)

  • Age verification: verifyid.dk (partner integration for age verification via MitID when purchasing alcohol)

 

In addition, depending on the setup, we may use providers for e.g. shipping, email/marketing and accounting:

​

  • Shipping/delivery

  • Email/marketing

  • Accounting/bookkeeping

 

We enter into data processing agreements where required and impose requirements for security, confidentiality and lawful processing.

​

5) Disclosure of information

​

We only disclose personal data when necessary to:

​

  • complete your purchase and deliver your goods (e.g., shipping)

  • complete payment (Stripe)

  • complete age verification when purchasing alcohol (verifyid.dk/MitID flow)

  • comply with legislation (e.g., bookkeeping or regulatory requirements)

 

We do not sell your personal data to third parties.

​

6) Transfers to countries outside the EU/EEA

​

Some suppliers may process data outside the EU/EEA. If this occurs, we ensure a valid transfer mechanism, e.g. the EU Commission’s Standard Contractual Clauses (SCCs) and any supplementary measures when required.

​

7) Retention period

​

We retain your personal data for as long as necessary for the purpose:

​

  • Order and invoice data: retained for the period required by applicable bookkeeping rules.

  • Customer service enquiries: deleted on an ongoing basis when no longer relevant, unless they form part of an active case.

  • Age verification data/logs: retained only as long as necessary for documentation, security and any disputes, and then deleted/anonymised.

  • Marketing consents: retained as long as the consent is active and for a reasonable period thereafter for documentation.

 

8) Security

​

We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or misuse. Access is limited to relevant persons and suppliers with a legitimate need.

​

9) Your rights

​

As a data subject, you have the following rights:

​

  • Right of access

  • Right to rectification

  • Right to erasure (in certain cases)

  • Right to restriction

  • Right to data portability (in certain cases)

  • Right to object (where processing is based on legitimate interests)

  • Right to withdraw consent (where processing is based on consent)

 

You can exercise your rights by contacting us at kl@vestensmikrobryggeri.dk.

​

10) Complaints

​

If you have a complaint about our processing of your personal data, you are welcome to contact us.
You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet).

​

11) Changes to this privacy policy

​

We may update this privacy policy if our practices or requirements change. The latest version will always be available on our website.

​

Last updated: 16 February 2026

bottom of page