Privacy statement

Introduction

We, Windmöller GmbH, operate this website and as such are the responsible party regarding the processing of personally identifiable information about users of our website.

You will find our contact details in the legal notices section of this website. The contact persons for issues relating to the processing of personally identifiable information are named in this privacy statement.

We take the protection of both your privacy and your personal data very seriously. We only collect, save and use your personally identifiable information in line with the content of this privacy statement and in compliance with applicable data protection laws, in particular the European General Data Protection Regulation (GDPR) and national data protection laws.

With this privacy statement we would like to inform you to what extent and for what purpose personal data is processed in connection with the use of our website.

Personally identifiable information

Personally identifiable data is information about an identified or identifiable natural person. . It includes all information about your identity, such as your name, e-mail or postal address. By contrast, information that cannot be used to identify you personally (such as statistics about traffic on our website) is not classified as personally identifiable information.

You may use our website without disclosing your identity or providing any personally identifiable information. In this case, we only collect general data regarding your visit to our website. Many of the services we offer do, however, require you to provide personally identifiable information. We only ever process this data for purposes of further enabling your use of this website, in particular to provide you with the requested information. When providing personally identifiable information, you only have to disclose the data that is specified as mandatory. In addition to this data, you can provide further information, albeit on a voluntary basis. We indicate in each case whether disclosure is mandatory or voluntary. The specific details are explained in the relevant sections of this privacy statement.

Automated decisions in connection with your use of our website are not made on the basis of your personally identifiable information.

Processing personally identifiable information

We save your data on specially safeguarded servers within the European Union. Technical and organisational safeguards are in place to protect the data against loss, destruction, unauthorised access, alteration or circulation by unauthorised persons. Only a few authorised individuals can access your data. These people are responsible for the technical, commercial or editorial management of the servers. Despite regular checks, ensuring complete protection against all risks is, however, not possible.

Your personally identifiable information is encrypted for transmission via the internet. We use SSL (Secure Socket Layer) encryption when transmitting data.

Disclosure of personally identifiable information to third parties

We only ever use your personally identifiable information to provide the services you request. In the event that we engage external vendors as part of this service provision, they only access the data for the purpose of providing the service(s). Technical and organisational safeguards ensure compliance with data protection laws. We also ensure that our external service providers commit to such compliance.

Furthermore, we do not disclose your data to third parties without your express consent, and especially not for advertising purposes. We only disclose your personally identifiable information if you have consented to the same yourself or if we are entitled or forced to do so by law and/or official or court order. In particular, we may be required to provide information for purposes of prosecution, to avert danger or to defend intellectual property rights.

Legal basis for data processing

When we obtain your consent to process your personally identifiable information, the legal basis for such processing is established by Art. 6 (1) (a) GDPR.

When we need to process your personally identifiable information for the performance of a contract or contract relationship, the legal basis for such processing is established by Art. 6 (1) (b) GDPR.

When we process your personally identifiable information in order to comply with a legal obligation, the legal basis for such processing is established by Art. 6 (1) (c) GDPR.

A further legal basis governing data processing is established by Art. 6 (1) (f) GDPR when the processing of your personally identifiable information is necessary to protect a legitimate interest of our company or a third party, provided the protection of your personally identifiable information does not harm your interests nor infringe your fundamental rights and freedoms.

Throughout this privacy statement, we cite the legal basis governing our processing of your personally identifiable information.

Data erasure; duration of storage

We always erase or block your personally identifiable information as soon as the reason for saving it no longer exists. The data may be saved for longer if required under laws to which we are subject to, for example to comply with legal retention and documentation obligations. In such cases, we erase or block your personally identifiable information at the end of such legally specified periods.

Use of our website

Information about your computer

Regardless of whether you log in or not, we collect the following information about your computer every time you visit our website: your computer’s IP address, your browser request and the time of such request. We also record the status and volume of data transmitted under this request. Information about your browser product and version, and about your computer’s operating system is also collected, together with the name of the website from which you accessed ours. Your IP address is only saved while you are on our website and is subsequently deleted or shortened to anonymise it. The remaining data are saved.

We use this data to operate our website and especially to detect and rectify errors, to monitor traffic on our site and to implement adjustments and improvements. These uses also constitute our legitimate interest in data processing as defined in Art. 6 (1) (f) GDPR, which also forms the legal basis for such processing.

Use of cookies

Like many others, we use cookies on our website. Cookies are small text files that are embedded on your computer and save certain settings and data that are exchanged via your browser with our website. A cookie generally contains the name of the domain sending the cookie file, together with information about the age of the cookie and an alphanumerical identification code.

Cookies enable us to identify your computer and immediately activate any pre-setting’s. Cookies help us to improve our website and enable us to offer you a better service, which is more closely tailored to your interests. These efforts also constitute our legitimate interest in data processing as defined in Art. 6 (1) (f) GDPR.

We use what are known as session cookies, which are automatically deleted at the end of each browser session. Very occasionally, we may use cookies that are saved for longer periods to enable us to load your pre-setting’s and preferences when you visit our website the next time.

Most browsers are set to automatically accept cookies. You can change your browser settings to refuse cookies or to notify you as soon as cookies are sent. Moreover, you can change your browser settings to manually delete cookies that have already been saved. Please bear in mind, however, that you may then only have limited, or even no, access to our website offerings if you refuse cookies or delete necessary cookies.

Cookies needed for technical reasons

Some cookies are needed for technical reasons to enable you to use our website. We use these cookies to record and save the following data:

  • Language settings
  • Search settings
  • Contents of the application form
  • Information that enables us to identify or authenticate users
  • Contents of the registration form
  • Products in the basket

 

Cookies enable us to identify your computer and immediately activate any pre-setting’s. Cookies help us to improve our website and enable us to offer you a better, more user-friendly service. We also need to use cookies to make it easier for you to use our website offerings. Some of the functions can only be provided by using cookies. This applies to the search function, the application form, the registration form, the customer account and the shopping basket. These functions also establish our legitimate interest under Art. 6 (1) (f) GDPR as the legal basis for processing data with the aid of cookies.

Registration

You can register to use our online offering. To register, you must provide the information requested – such as name, address and email. In addition to this, we capture the date and time of registration and the IP address. The registration process also includes your consent for the use of the data. The benefit for you is that you do not have to re-enter this data each time you visit the website or place an order.

Consent in accordance with Art. 6 (1) (a) GDPR establishes the legal basis for processing data relating to registration. Art. 6 (1) (a) GDPR also establishes the legal basis for processing data when you register to complete or initiate a contract with us.

The mandatory information requested during the registration process is required for the performance, or preparation of performance, of a contract with us, governing specific performance elements. However, there is no obligation to register; you can order as a guest instead. In this case, however, you will have to re-enter all the data required to process the contract for every order.

If you register, this creates a customer account. The data in the customer account is saved for as long as there is an active customer relationship. If there is no discernible activity for a period of three years, the customer relationship status is set to inactive. You can request your customer account be deleted at any time.

Order processing

The personally identifiable information you provide when ordering is only used by our own company and affiliates, and by companies commissioned to process your orders.

Storage and disclosure of data relating to orders

We process orders in collaboration with various companies charged with providing payment processing and logistics services. We ensure that these partners also comply with data protection laws. Your address details (name and address) are therefore disclosed to the shipping company engaged to deliver the products you have ordered. Art. 6 (1) (b) GDPR establishes the legal basis for such disclosure. The processing of your personally identifiable information is necessary to enable performance of the contract.

The data is stored by us for as long as it is necessary for the fulfilment of the contract, and beyond such performance in order to comply with our post-contractual obligations and with the statutory retention periods specified in commercial and tax legislation. This statutory retention period is usually 10 years from the end of the respective calendar year.

Online application form 

You can apply for a position with us and submit all the necessary information and documentation using the online application form. We indicate in the form whether disclosure is mandatory or voluntary in each case. Use of the online application form is voluntary; you can also send us your application in other ways such as by email or by post.

When an application is received via the online application form, your documents are forwarded by us electronically to the relevant employee. If you have applied for an advertised position, your documents are automatically deleted three months after the recruitment deadline provided deletion does not contravene any other legitimate interest. Typical legitimate interests in this respect are burden of proof in a process in accordance with the General Equal Opportunities Act (AGG). For applications where there is not a deadline (applications on own initiative), the application is retained for as long as there is a possibility that the application is of interest. You can request your application be deleted at any time, including before the relevant deadline has been reached. In the event of a successful application, the data provided for the purpose of processing the employment relationship are saved in accordance with the relevant legal provisions. In any other event, the legal basis for saving your application data requires your consent in accordance with Art. 6 (1) (a) GDPR.

Your rights and contact

We strive very hard to explain as clearly as possible how we process your personally identifiable information and what rights you have in this respect. If you require more information or would like to exercise your rights, please feel free to contact us at any time so that we can deal with the matter.

Data subjects’ rights

You have extensive rights relating to the processing of your personally identifiable information. Firstly, you have a right to detailed information and may demand the rectification and/or erasure or blockage of your personally identifiable information, if appropriate. You may also impose restrictions on the processing and have the right to object. With regard to the personally identifiable information you provide to us, you also have the right to data portability.

If you wish to exercise one of your rights and/or to obtain more information about them, please contact our Customer Service department. Alternatively, please feel free to contact our Data Protection Officer.

Revoking consent; Voicing objection

Once you have given your consent, it can be freely revoked at any time with effect for the future. Revoking your consent does not affect the lawfulness of any processing based on consent given prior to the revocation. Here again, your contacts are our Customer Service department or our Data Protection Officer.

If your personally identifiable information is processed on some other legal basis and not on your consent, you may object to such data processing. Your objection will trigger a review and, if appropriate, the discontinuation of data processing. You will be notified of the outcome of this review and – if data processing is to continue regardless – details of why such data processing is permissible.

Data Protection Officer; Contact

We have appointed an external Data Protection Officer to advise us on issues relating to data protection laws. You can contact this Officer directly. Our Data Protection Officer and his team are available to answer any questions you have about how personally identifiable information is handled or to provide further information on topics relating to data protection laws:

Windmöller GmbH
Timo Müller
Nord-West-Ring 21
32832 Augustdorf, Germany

E-Mail: datenschutz@windmoeller.de

Complaints

If you believe that our processing of your personally identifiable information is not consistent with this privacy statement or not compliant with applicable data protection laws, you may file a complaint with our Data Protection Officer. The Data Protection Officer will then review the matter and let you know the outcome. You also have the right to complain to a supervisory authority.

 

Further information; Amendments

Links to other websites

Our website may contain links to other websites. These links are usually identifiable as such. We have no means of influencing the extent to which these linked websites comply with data protection laws. We therefore recommend that you study the relevant privacy statements of these other websites as well.

Amendments of this privacy statement

The date of this privacy statement is indicated (at the bottom). We reserve the right to amend this privacy statement at any time with future effect. Amendments will be implemented, in particular, following technical adjustments to our website or amendments to data protection laws. The currently valid version of this privacy statement can be accessed at any time on our website. We advise you to regularly check this privacy statement for amendments.

Date of this privacy statement: May 2018

 

Privacy statement compiled by:

RA Dr. Sebastian Meyer, LL.M.
c/o BRANDI Rechtsanwälte
Adenauerplatz 1, 33602 Bielefeld