Privacy Policy

Data Controller

The Data Controller of personal data processed through the birrup.com website is:

• Name: EuroEuro s.r.l. – BirrUp brand

• Registered office: Via Messina 47, 20154, Milan, Italy​

• VAT number: IT-03885410963​

• Privacy contact e-mail: [email protected]

• Phone: +39 02 80887843

BirrUp is a brand of EuroEuro s.r.l., an independent company that provides content, data and insights about the beer industry.​

• EU Representative (if required): Marcello Peluso, [email protected]

• Data Protection Officer (DPO) : Marcello Peluso, [email protected]

The website primarily targets users located in the European Economic Area and processes personal data in accordance with Regulation (EU) 2016/679 (“GDPR”) and applicable national data protection laws.​

Categories of personal data processed

Data provided directly by the user

When using BirrUp’s services, you may voluntarily provide certain personal data, including:

• Identification and contact data: first name, last name, e‑mail address, company, job title, country, phone number and similar details, depending on the forms you fill in (for example, the contact form on the “Contacts” page).​

• Professional data: industry, company type, content preferences and business interests related to the beer market.

• Billing and payment data (if you purchase services, subscriptions or reports in the future): billing address, VAT number, and payment data processed by third‑party payment providers (Stripe, PayPal). 

• Content of communications: messages sent via contact forms, commercial requests, collaboration proposals, support requests, comments and any other information you decide to share.

Providing some data may be necessary to deliver the requested services; if you do not provide such data, BirrUp may not be able to fulfil your request.

Data collected automatically while browsing

While you browse birrup.com, certain technical and usage data are collected automatically, including:

• IP address .

• Information about your browser and device (user agent, operating system, screen resolution, language, etc.).

• Log data: visited pages, date and time of access, time spent on pages, referring URL (referrer) and interactions with the website.

• Information related to cookie consent and tracking preferences, managed via the consent management platform (Complianz). 

These data are mainly collected through cookies and similar technologies, as described in the Cookie Policy and in the cookie banner.​

Purposes and legal bases of processing

Personal data are processed for the following purposes and legal bases:

1. Provision of website content and services

   • To enable navigation on the website, access to articles and insights, download of materials, registration to events or updates and any other services related to BirrUp’s editorial and data activities about the beer sector.​

   • Legal basis: performance of a contract or pre‑contractual measures under Article 6(1)(b) GDPR.

2. Handling contact and support requests

   • To respond to information requests, commercial enquiries, collaboration proposals, press/media enquiries and support questions sent via the contact form or other channels.​

   • Legal basis: performance of pre‑contractual measures and/or the Controller’s legitimate interest in managing communications with users and prospects (Article 6(1)(b) and 6(1)(f) GDPR).

3. Newsletter, informational and marketing communications

   • To send newsletters, updates, market insights, articles, event invitations and other editorial or marketing content related to BirrUp and the beer industry (if such newsletter services are activated).

   • Legal basis: the user’s consent (Article 6(1)(a) GDPR), given through dedicated subscription forms or via the consent banner, which can be withdrawn at any time (for example by using the “unsubscribe” link included in every e‑mail).

4. Customer, partner and contract management

   • To manage customers, partners and suppliers, including orders, subscriptions, access to premium content (if any), invoicing, accounting and compliance with tax and regulatory obligations.

   • Legal basis: performance of a contract and legal obligations (Article 6(1)(b) and 6(1)(c) GDPR).

5. Analytics and website improvement

   • To use statistical and analytics tools (preferably privacy‑friendly or configured with IP anonymization) in order to measure traffic, understand how the website is used and improve content, performance, usability and the service offering.

   • Legal basis: the Controller’s legitimate interest (Article 6(1)(f) GDPR) or consent, when required via the cookie banner, depending on the tools implemented and the configuration within your consent management solution (Google Analytics 4)

6. Website security and prevention of abuse

   • To prevent fraudulent activities, unauthorized access, spam and cyber‑attacks, by means of system logs, firewalls, anti‑spam systems and other security tools.

   • Legal basis: the Controller’s legitimate interest in ensuring network and information security (Article 6(1)(f) GDPR).

7. Compliance with legal obligations and legal defence

   • To comply with legal obligations and requests from public authorities, and to establish, exercise or defend legal claims in court or in out‑of‑court proceedings.

   • Legal basis: legal obligation (Article 6(1)(c) GDPR) and the Controller’s legitimate interest (Article 6(1)(f) GDPR).

Cookies and similar technologies

This website may use technical, statistical and, where configured, profiling or third‑party cookies (for example for advanced analytics, advertising or social media integrations).​

• Technical cookies are necessary for the proper functioning of the website and do not require the user’s consent.

• Non‑technical cookies (e.g. advanced statistics, marketing, social media) are installed only after the user has given consent through the cookie banner managed by the chosen consent management platform (Complianz).

• You can change your cookie preferences at any time by using the “Manage consent” / “Cookie settings” link available in the footer of the website or via the options offered by the consent management tool. 

For more information on the types of cookies used, their purposes and retention periods, please refer to the dedicated Cookie Policy. 

Methods of processing and security measures

Personal data are processed using electronic and/or telematic tools, in accordance with the principles of lawfulness, fairness, transparency, data minimisation, accuracy, storage limitation and integrity.​

The Controller implements appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration or destruction, including for example:

• server and CMS security configurations, periodic updates and backups;

• access control procedures and management of user credentials;

• pseudonymisation or anonymisation of data for statistics and reporting purposes, where possible.

Recipients and categories of third parties

Personal data may be disclosed to third parties acting as Data Processors (Article 28 GDPR) or as independent data controllers, including:

• Hosting and IT infrastructure providers: service providers hosting the birrup.com website and related databases. 

• Newsletter and e‑mail marketing providers: platforms that manage mailing lists and send email communications (Mailchimp).

• Analytics and tracking providers: Google Analytics, configured according to the privacy settings adopted.

• Payment service providers: Stripe, PayPal.

• Professional advisors: law firms, tax and accounting consultants, and other professionals assisting EuroEuro s.r.l. with legal, administrative and tax obligations.

• Affiliated companies or business partners: in the context of joint projects or business initiatives in the beer industry, limited to the purposes described and in compliance with the applicable legal bases (and, where necessary, based on the user’s consent).​

An updated list of Data Processors can be requested from the Controller using the contact details provided above.

Transfers of personal data outside the EEA

Some service providers may be located or may process data outside the European Economic Area. In such cases, data transfers will take place in compliance with Chapter V of the GDPR, i.e.:

• to countries for which the European Commission has issued an adequacy decision, or

• on the basis of Standard Contractual Clauses (SCCs) adopted by the European Commission, or

• on the basis of other appropriate safeguards.

Specific information on international transfers related to individual services (e.g. e‑mail marketing, analytics or payment providers) is available in the privacy policies of those providers and can also be requested from the Controller. {here you can list specific extra‑EEA services if you use them}

Data retention periods

Personal data are retained only for as long as necessary to achieve the purposes for which they were collected, without prejudice to longer retention periods where required by law or where necessary to protect or enforce legal rights. In particular:

• Contact and enquiry data: retained for the time necessary to process the request and, in any case, for no longer than 12 months from the last meaningful interaction.

• Newsletter and marketing data: retained until the user withdraws consent or requests deletion (unsubscribe), without prejudice to limited retention for compliance and proof of consent management.

• Contract and billing data: retained for the entire duration of the contractual relationship and for the statutory retention periods required under tax and civil law (typically up to 10 years).

• Browsing data and system logs: retained for periods compatible with security and operational needs of the website, usually no longer than 12 months, unless longer retention is required by law or by a public authority.

After the retention periods have expired, personal data will be deleted, anonymised or aggregated in such a way that individuals can no longer be identified.

Data subject rights

Under the GDPR, you have the following rights (subject to the conditions and limits set out in the applicable law):​

• Right of access: to obtain confirmation as to whether personal data concerning you are being processed and to access such data.

• Right to rectification: to obtain correction of inaccurate personal data and completion of incomplete data.

• Right to erasure (“right to be forgotten”): to request deletion of personal data in certain circumstances.

• Right to restriction of processing: to request that processing be restricted in specific cases.

• Right to data portability: to receive your personal data in a structured, commonly used and machine‑readable format and to transmit those data to another controller, where technically feasible.

• Right to object: to object at any time, on grounds relating to your particular situation, to processing based on the Controller’s legitimate interest; you also have the right to object at any time to processing of your personal data for direct marketing purposes (including profiling for such purposes).

• Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before the withdrawal.

To exercise your rights, you can contact the Controller at:

• E‑mail: [email protected] 

• Postal address: EuroEuro s.r.l. – BirrUp brand, Via Messina 47, 20154, Milan, Italy

You also have the right to lodge a complaint with the competent Supervisory Authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement. In Italy, the Supervisory Authority is the Garante per la protezione dei dati personali (www.garanteprivacy.it). ​

Children’s data

BirrUp’s services are not intentionally directed to children under 18 years of age. 

If the Controller becomes aware that personal data of children have been collected without verifiable parental consent, reasonable steps will be taken to delete such information as soon as possible.

Links to third‑party websites

The birrup.com website may contain links to third‑party websites, content or services (for example, partners’ websites, external data sources, social networks, event registration tools or external marketplaces).​

These websites are operated independently by third parties and are governed by their own privacy policies, which you are encouraged to review. The Controller is not responsible for how such external websites handle personal data.

Changes to this Privacy Policy

The Controller reserves the right to modify this Privacy Policy at any time, for example to reflect changes in the law, in the services offered or in technical developments.​

Changes will be published on this page and, where appropriate, may be notified by a specific notice (for example, via a banner, a notice on the website or an e‑mail communication, when technically and legally feasible).

• Date of last update: 28.12.2025