Privacy statement

Introduction

Windmöller GmbH (hereinafter: “We”) is the Controller of this website and as such we are the office responsible for processing personally identifiable information about users of our website.

We take the protection of both your privacy and your personal data very seriously. We only collect, save and use your personally identifiable information in line with the content of this privacy statement and in compliance with applicable data protection laws, especially the European General Data Protection Regulation (GDPR) and national data protection laws.

The purpose of this privacy statement is to explain which personally identifiable information we process for what purpose when you use our website.

Section 1 Data Controller

Windmöller GmbH
Nord-West-Ring 21
32832 Augustdorf
Tel.: +49 (0) 52 37 / 609 – 0
Fax:  +49 (0) 52 37 / 609 – 309
E-mail: info(at)windmoeller.de
Directors authorised to represent the company: Matthias Windmöller, Christoph Ester, Dr. Karsten Derks

Section 2 Name and contact details of the Data Protection Officer

We have appointed an external Data Protection Officer to advise us on issues relating to data protection laws. You can contact this Officer directly.

Michael Herzig
pco GmbH & Co. KG
Hafenstraße 11, 49090 Osnabrück
E-mail: datenschutz(at)windmoeller.de

Section 3 General information on data processing when visiting our website

Nature and purpose of the processing: Information of a general nature is automatically collected when you access our website. This information (server log files) includes the type of web browser, operating system used, information about the browser type and version, the domain name of your internet service provider, the hostname of the accessing computer, your IP address, the website from which the website was accessed, websites accessed via our website, the date and time of access, the message indicating whether the retrieval was successful, and the amount of data transmitted.

The data is processed in particular for the following purposes:

• Ensuring a smooth connection setup of the website
• Ensuring smooth use of our website
• Evaluation of system security and stability as well as
• for further administrative purposes

These purposes also constitute our legitimate interest in data processing. We do not use your data to draw conclusions about your person. We may evaluate information of this kind for statistical purposes, if necessary, in order to optimise our internet presence and the underlying technology.

Legal basis: The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

Recipients: Recipients of the data are technical service providers who act as processors for the operation and maintenance of our website.

Duration of storage: The data will be deleted as soon as the purpose for which it was collected no longer applies. This is generally the case for data used to display the website when the respective session is ended.

Provision prescribed or mandatory: The provision of the aforementioned personal data is neither legally nor contractually required. However, the service and functionality of our website cannot be guaranteed without the IP address. Individual services and features may also not be available or restricted. For this reason, objections are excluded.

Section 4 General information on the use of cookies and other technologies

Nature and purpose of the processing: Our website may use so-called cookies. Cookies are small files created by the browser when pages are accessed, to store data about a browser during and after a visit to a page. Typically, unique character strings are stored in cookies, which a server can use to recognise a browser. Cookies can also contain personal data.

We use cookies, among other things, to ensure the functionality of the website (cookies needed for technical reasons) and optionally, to integrate further online services from third-party providers on our website (cookies not needed for technical reasons). Cookies can be stored by the visited page (first-party) or by online services of a third-party provider (third-party), if you have enabled a third-party service.

Currently, we only use cookies that are needed for technical reasons. We do not use cookies or other tracking tools for which we require your consent. That is why we do not have a consent banner on our website.

Legal basis:

Cookies needed for technical reasons: Our predominant legitimate interest as defined in Art. 6 (1) s.1 (f) GDPR in conjunction with § 25 (2) no. 2 TTDSG establishes the legal basis for the use of cookies needed for technical reasons.

Cookies not needed for technical reasons: Your consent as defined in Art. 6 (1) s. 1 (a) GDPR in conjunction with § 25 (1) TTDSG establishes the legal basis for the use of cookies not needed for technical reasons.

Recipients: Recipients of the data may include technical service providers who act as processors for the operation and maintenance of our website. For further recipients, please refer to the information below on the additional technologies used.

Duration of storage: We use session cookies on our website, which are automatically deleted after your browsing session.

Provision prescribed or mandatory: You can of course navigate our website without cookies. Web browsers are usually set to accept cookies. Generally, you can disable the use of cookies at any time through your browser settings. Please note that certain functions of our website may not work properly if you have disabled the use of cookies.

Section 5 Technologies and providers used

Google Maps

Nature and purpose of the processing: We use the services of Google Maps on our website. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google"). This allows us to display interactive maps directly on the website, facilitating the convenient use of the map feature.

For more information on data processing by Google, please refer to Google's data protection information. You can also modify your personal privacy settings in the Privacy Centre.

Legal basis: Your consent as defined in Art. 6 (1) (a) GDPR establishes the legal basis for the integration of Google Maps and the associated data transfer to Google.

Transfer to third countries: When using Google Maps, your data may be transferred to the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. Further information can be found here: Data Privacy Framework

Furthermore, Google uses so-called Standard Contractual Clauses (SCCs). With the help of these Standard Contractual Clauses and the EU-US Data Privacy Framework, Google commits to maintaining the European level of data protection, even if your personal data is stored and processed in the USA.

Recipients: By visiting the website, Google obtains information that you have accessed the respective subpage of our website. This happens regardless of whether you have a Google account, and are logged into it, or if you do not have a Google account. If you are logged into Google, your data will be directly associated with your account. If you do not want it to be linked to your Google profile, you must log out of Google before activating the button. Google stores your data as usage profiles and uses them for advertising, market research, and/or the tailored display of its websites You have the right to object to the creation of these user profiles, and to exercise this right, you must contact Google directly.

Duration of storage: Our company does not collect any personal data through the integration of Google Maps. According to Google's statements, the data is deleted once it is no longer necessary for processing purposes.

Provision prescribed or mandatory: The provision of your personal data is voluntary, based exclusively on your consent.

Revoking your consent: You can withdraw your consent at any time using our Cookie Consent Tool. Additionally, you can prevent the storage of cookies by changing your browser settings accordingly. However, please note that by doing so, you may not be able to fully utilise all the features of this website.

Social Plug-Ins

Nature and purpose of the processing: On our website, you have the option of using so-called "Social Media Buttons." To protect your data, these buttons are only integrated into the website as icons containing a link to the respective website of the button provider. By clicking on the icon, you will be redirected to the services of the respective provider. Only then will your data be sent to the respective provider. If you do not click on an icon, no data is exchanged between you and the providers of the Social Media Buttons. Information about the collection and use of your data by social media networks can be found in the respective terms of use of the corresponding providers.

We have integrated the Social Media Buttons of the following companies on our website:  LinkedIn, Xing

Section 6 Processing of your data in the context of business communication and transaction processing

Nature and purpose of the data processing: We collect and process your data in order to communicate with you for business purposes. This may include business initiation or fulfilling contractual and legal obligations, providing services, as part of addressing your request, and strengthening the business relationship, which also constitutes our legitimate interest in data processing.

There may be an obligation to provide your personal data arising from the respective contractual relationship. Without the provision of your personal data, we may often be unable to fulfil the aforementioned purposes.

The legal bases for processing your data may vary depending on the stage of our interaction with you:

• To perform pre-contractual measures or to fulfil a contract, this is Art. 6 (1) (b) GDPR.
• To fulfil legal obligations to which we are subject, this is Art. 6 (1) (c) GDPR.
• To safeguard our legitimate interests, this is Art. 6 (1) (f) GDPR.
• If you have consented to data processing, this is Art. 6 (1) (a) GDPR.
• For processing special categories of personal data (e.g., health-related data), Art. 9 (2) GDPR, § 22 (1) BDSG.

Recipients or categories of data recipients: Within our company, we ensure your data is only sent to individuals who require it to fulfil contractual and legal obligations. In some cases, we may engage additional service providers to handle business transactions. These may include IT service providers, insurance companies, courier and postal services, banks, internet service providers, manufacturers, lawyers, auditors, and tax consultants.

Some of our service providers may process data in countries outside the EU. In such cases, we ensure that essential safeguards (EU adequacy decisions, EU standard contractual clauses, or other measures) are in place to protect your data. You may access relevant documents through our Data Protection Officer.

Duration of storage: Your personal data is deleted or blocked as soon as the purpose for which it was stored no longer applies. Additionally, your data may be retained to comply with commercial and tax retention periods (usually six or ten years), unless the period needs to be extended to defend against legal claims.

Provision prescribed or mandatory: There may be an obligation to provide your personal data arising from the respective contractual relationship.

Section 7 Contact form

We invite you to get in touch with us using the e-mail address, telephone number, and contact form provided. In order to use the contact form, you must first provide your e-mail address and name. Depending on your query, it may be necessary to provide additional information. Your IP address and the time of the request will also be logged.

When you contact us, the personal data you provide will be stored. This data will only be processed for the purpose of addressing your enquiry.

Legal basis: Art.6 (1) s.1 (f) GDPR establishes the legal basis for processing data transmitted by e-mail or via our contact form. If the purpose of contacting us by e-mail is to conclude a contract (e.g., request for an offer), Art. 6 (1) s.1 (b) GDPR establishes the legal basis for this processing. Similarly, the aforementioned applies to postal mailings.

Recipients or categories of recipients: Depending on the nature of your enquiry, we may need to forward your data to our distributors, trading partners, or manufacturers to fulfil your request. We sometimes engage external IT service providers to process your data as part of contract processing under Art. 28 GDPR.

Transfer of data to third countries: Some of our service providers may process data in countries outside the EU. In such cases, we ensure that essential safeguards (EU adequacy decisions, EU standard contractual clauses, or other measures) are in place to protect your data. You may access relevant documents through our Data Protection Officer.

Duration of storage: Your personal data is deleted or blocked as soon as the purpose for which it was processed no longer applies. The purpose is determined by the content of the communication and the specific business transaction. There is no universally applicable storage period; rather, it must be determined on a case-by-case basis for each individual business transaction. If your data must be retained in order to comply with commercial and tax retention periods, the usual retention period is six or ten years, unless the period needs to be extended to defend against legal claims.

Provision prescribed or mandatory: The provision of personal data is not legally or contractually required but may, under the reasons stated above, be necessary for concluding a contract. Failure to provide the data may result in us being unable to contact you.

Section 8 Application and use of various social networks

General information on the processing of your data: We manage numerous company profiles on various social networks and comparable platforms, including Facebook, Instagram, LinkedIn, XING, and YouTube. We use these profiles to promote the company and provide a way for interested parties and customers to contact us. We regularly feature links to these profiles on our website.

If you interact with our social network profiles (for example, by writing a  comment, reacting to one of our posts, or sending us a private message), any data you provide will be processed solely for the purpose of establishing contact with you and addressing your enquiry.

However, we would like to inform you that when you visit our profiles on the aforementioned networks, your personal data may also be collected, used, and stored by the operators of each respective social network. This will happen even if you do not have a profile or account on the respective social network. The individual data processing operations and their scope vary depending on the operator of each social network, and they may not necessarily be traceable by us. Consequently, it is also possible that your data may be processed by the provider of the respective platform for market research and advertising purposes. For example, usage behaviour and resulting user interests may be used to create usage profiles. Such usage profiles can then be used to display advertisements within and outside the respective platforms that presumably correspond to the user’s interests. Furthermore, data from the devices used by the user, as well as location data and other so-called meta-data, may be stored in the usage profiles. To this end, cookies are typically stored on the user’s computer, and they contain information on the user’s usage behaviour and interests. Most platforms will also use so-called tracking pixels.

For a detailed explanation of the respective processing activities and options for opting out of these, please refer to the information provided by the respective providers linked below:

Facebook fan page: As the operator of a Facebook fan page, we can only view public information stored in your Facebook account, and then only if you are logged into your FB profile (if you have one) while visiting our fan page. Facebook also provides us with anonymous usage statistics that we use to enhance the user experience when visiting our fan page. However, we do not have access to the individual visitor usage data that Facebook collects to create these statistics. We also do not make decisions regarding the processing of page insights data and all other information arising from Art. 13 GDPR, including legal basis, identity of the data controller, and storage duration of cookies on user devices. Facebook has committed to assuming primary responsibility under the GDPR for processing this data, fulfilling all obligations under the GDPR regarding this data, and ensuring transparency for data subjects (see https://www.facebook.com/legal/terms/page_controller_addendum).

(Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

Privacy statement: https://www.facebook.com/about/privacy/

Information about page insights data:

https://www.facebook.com/legal/terms/information_about_page_insights_data

Instagram:

Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)

Privacy statement: http://instagram.com/about/legal/privacy/

Linkedin:

LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)

Privacy statement: https://www.linkedin.com/legal/privacy-policy

XING:

XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)

Privacy statement: https://privacy.xing.com/de/datenschutzerklaerung

Google (YouTube):

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy statement:  https://policies.google.com/privacy

Legal basis

Communication data: When communicating with you, the following legal bases for processing your data may vary depending on the stage of our interaction with you:

• To perform pre-contractual measures or to fulfil a contract, this is Art. 6 (1) (b) GDPR
• To fulfil legal obligations to which we are subject, this is Art. 6 (1) (c) GDPR
• To safeguard our legitimate interests, this is Art. 6 (1) (f) GDPR
• If you have consented to data processing, this is Art. 6 (1) (a) GDPR

Other instances of processing: Data is also processed within social networks for both our legitimate interests and those of the respective platform providers. Our objective is to improve the user experience when engaging with our company profiles to make it more targeted and relevant. Art. 6 (1) (f) GDPR establishes the legal basis for these data processing activities. If users are asked by the respective platform provider to consent to the aforementioned data processing, Art. 6 (1) (a) GDPR establishes the legal basis for this processing.

Duration of storage: We delete stored data when it is no longer required or if you request its deletion. In the case of legal retention obligations (usually six or ten years), we restrict the processing of stored data accordingly, unless the retention period needs to be extended to defend against legal claims.

Recipients: We do not disclose the data we collect from you to third parties. However, we cannot exclude or control the extent to which the operators of the respective networks may share your data with third parties (e.g., business partners, advertising companies, etc.).

Transfer to third countries: We would like to inform you that data collected when you visit social media networks may also be processed outside the European Union. This may entail risks for users, as it could, for example, make it more difficult to enforce the user’s rights.

Your rights as a data subject: Building upon the section "Your rights as a data subject," it is worth noting that your rights, particularly regarding requests for information, are most effectively pursued directly with the providers themselves. Only the providers have access to a user’s data and are in a position to take the appropriate direct measures and provide information. However, if you still need assistance, you can of course contact us.

Section 9 Applicant data

Purpose of the processing: We analyse your application data to evaluate your suitability, qualifications, and professional competency for the applied position.

The data we process is limited to information associated with your application, comprising general personal details (such as name, address, contact information, etc.), details regarding your professional qualifications and educational background, records of professional development, and any additional data you have provided in the context of your application. Applications can be submitted by post, e-mail, or through our online application form.

Legal basis: The legal basis for this processing is Art. 88 GDPR in conjunction with § 26 BDSG, as well as, if applicable, Art. 6 (1) (b) GDPR for initiating or fulfilling contractual relationships. Furthermore, we may process personal data you provide if this is required to fulfil legal obligations (Art. 6 (1) (c) GDPR) or to defend against legal claims made against us. Art. 6 (1) (f) GDPR establishes the legal basis for this. The legitimate interest is, for example, an obligation to provide evidence in a procedure under the General Equal Treatment Act (AGG). If you give us your express consent to process personal data for specific purposes, the legality of this processing is established through your consent in accordance with Art. 6 (1) (a) GDPR. You may withdraw your consent at any time, but its effect is not retroactive (see Section 9 of this data protection notice).

If you enter into an employment relationship with us, we may, in compliance with Art. 88 GDPR in conjunction with § 26 BDSG, continue processing the personal data we have already received from you for the purposes of the employment relationship. This processing is done to the extent necessary for carrying out or terminating the employment relationship, or for exercising or fulfilling rights and obligations of the employee representation arising from statutory provisions or collective agreements, works agreements, or service agreements (collective agreements).

Data recipients: The personal data included in the application documents is shared internally with the relevant personnel managers. Additionally, we may involve external IT service providers to handle your data. These service providers are carefully selected and formally contracted by us, and operate under our explicit instructions.

Transfer of data to third countries: Some of our IT service providers may process data in countries outside the EU. In such cases, we ensure that essential safeguards (EU adequacy decisions, EU standard contractual clauses, or other measures) are in place to protect your data. You may access relevant documents through our Data Protection Officer.

Duration of storage: We store your personal data for long as it is required to evaluate your application. Your personal data and application documents will be deleted within six months of concluding the application process (e.g., upon notifying you of a rejection decision), unless a longer retention period is mandated or permitted by law. Additionally, we only retain your personal data to the extent required for asserting, exercising, or defending legal claims during any legal disputes. If applicable, you may be invited to join our talent pool after the application process. This allows us to consider you in our candidate selection process for future job openings. With your consent, we will retain your application data in our talent pool according to your consent or any future consents you provide. In the event you are hired or asked to join a training or internship programme following the application process, your data will initially continue to be stored, to the extent necessary and permitted, before being transferred to the personnel file.

Provision prescribed or mandatory: Supplying personal data is crucial for maintaining legal compliance throughout the selection process. Please be aware that if your application does not contain all of the personal data needed for making a decision, this could lead to you not being considered for the position/vacancy.

Section 10 Processors used to operate our website

Our website's technical maintenance is handled by processors. This means that all personal data may also be transmitted to them. These processors include a host provider and the CMS (Content Management System) provider. Our website operates using external services.

Section 11 Your rights as a data subject

You can exercise the following rights regarding all the data processing activities described above, using the contact details provided for our Data Protection Officer:

• Access to your stored data and its processing (Art. 15 GDPR)
• Correction of inaccurate personal data (Art. 16 GDPR)
• Deletion of your stored data (Art. 17 GDPR)
• Restriction of data processing, in cases where we are legally obligated to retain your data and deletion is not yet permissible (Art. 18 GDPR)
• Objection to our processing of your data (Art. 21 GDPR), and
• Data portability, if you have consented to data processing or have concluded a contract with us (Art. 20 GDPR)

If you have provided us with your consent, you can revoke it at any time but please note this does not apply retroactively. You also have the option to file a complaint with a supervisory authority at any time, including the relevant supervisory authority in the federal state where you reside or the authority overseeing us as the Controller. You will find a list of supervisory authorities (for the private sector) along with their addresses at:

 https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Section 12 Additional information

Objection to promotional e-mails:

We do not authorise the use of contact details, as mandated by the imprint requirement, for transmitting unsolicited advertisements or informational content. The operators of the pages explicitly reserve the right to pursue legal action in response to the receipt of unsolicited promotional material, including but not limited to spam e-mails.

SSL and/or TLS encryption:

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can identify an encrypted connection when the website's address in your browser changes from 'http://' to 'https://' and a lock symbol appears in the browser's address bar.

If SSL or TLS encryption is activated, any data you send to us is secure and cannot be accessed by third parties.

Automated decisions in connection with your use of our website are not made on the basis of your personally identifiable information. Sections of this privacy statement were created with the assistance of activeMind AG, among others, experts for external Data Protection Officers, (Version #2019-04-10).

Amendments of this privacy statement:

The date of this privacy statement is indicated (at the bottom). We reserve the right to amend this privacy statement at any time with future effect. Amendments will be implemented, in particular, following technical adjustments to our website or amendments to data protection laws. The currently valid version of this privacy statement can be accessed at any time on our website. We advise you to regularly check this privacy statement for amendments.

Date of this privacy statement: March 2024