Data protection information

1. Data protection at a glance


a) General information

The following information provides a simple overview of what happens to your personal data when you visit our website. Any data that can be used to identify you personally is personal data. You can find comprehensive information on the topic of data protection in our data protection statement below this text.


b) Data gathering on our website

Who is responsible for the gathering of data on this website?

The website operator handles data processing on this website. You can find the operator's contact information in the site notice of this website.


How do we gather your data?

Your data is gathered when you provide it to us. This may involve data you enter in a contact form, for example.

Other data is gathered automatically by our IT systems when you visit the website. This is primarily technical data (e.g., Internet browser, operating system, or time of page view). This data is gathered automatically as soon as you access our website.


What do we use your data for?

A portion of the data is gathered in order to ensure that the website is presented without errors. Other data may be used to analyze your user behavior.


What are your rights concerning your data?

You have the right to receive information at any time at no charge about the origin, recipient, and purpose of your stored personal data. You also have the right to request correction, blocking, or deletion of this data. You can contact us at any time at the address provided in the site notice concerning this or other questions on the topic of data protection. You also have a right to lodge a complaint with the competent supervisory authority.

Under certain circumstances, you also have the right to request that the processing of your personal data be restricted. More information on this can be found in the "Right to restriction of processing" section of the Data Protection Statement.


c) Analysis tools and tools of third-party providers

When you visit our website, your browsing behavior may be analyzed statistically. This is primarily done through cookies and so-called analysis programs. Your browsing behavior is usually analyzed anonymously; the browsing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. You can find detailed information on this in the following data protection statement.

You can object to this analysis. We will inform you about the objection options in this data protection statement.

 

2. General information and required information


a) Data protection

The operators of these pages take the privacy of your personal data very seriously. We treat your personal data as confidential in accordance with the data protection legislation and this data protection statement.

When you use this website, various forms of personal data are gathered. Personal data is data that can be used to identify you personally. This data protection statement explains what data we gather and what we use it for. It also explains how this is done and for what purpose.

We would like to point out that data transfer over the Internet (e.g., in communication per email) can involve gaps in security. End-to-end protection of data against access by third parties is not possible.


b) Note on responsible authority

The responsible authority for the data protection of this website is:


Christian Winkler GmbH & Co. KG
Leitzstraße 47
70469 Stuttgart
Germany


Phone: +49 711 85999-0
Fax: +49 711 85999-109
E-mail: info@winkler.de


The responsible authority is the natural person or legal entity that decides on the purposes and means of the processing of personal data (e.g., names, email address, or the like), alone or jointly with others.


c) Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. If you have already given consent, you can revoke it at any time. Informal notification by email suffices for this purpose. The lawfulness of the data processing that occurred before the revocation remains unaffected by the revocation.


d) Right to object to data collection in special cases and to object to direct advertising (Art. 21 of the GDPR)

If data processing is carried out based on Art. 6, Para. 1 (e) or (f) of the GDPR, you are entitled at any time to object to processing of your personal data for reasons pertaining to your particular situation; this also applies to profiling based on these provisions. The legal framework on which data processing is based can be found in this Data Protection Statement. If you file an objection, we will no longer process your data unless we can prove the existence of binding reasons for processing that supersede your interests, rights and freedoms or that the processing serves the purpose of asserting, exercising or defending against legal claims (objection pursuant to Art. 21, Para. 1 of the GDPR).
If your personal data is processed for direct advertising, you are entitled to object at any time to processing of your personal data for such purposes; this also applies to profiling, in so far as it is associated with direct advertising. If you object, your personal data will no longer be used for direct marketing purposes (objection pursuant to Art. 21, Para. 2 of the GDPR).


e) Right to lodge a complaint with the competent supervisory authority

In the event of an infringement of the GDPR, the individuals concerned have the right to appeal to a supervisory authority, particularly in the member state of their residence, place of work or place of presumed infringement. The right of appeal shall be without prejudice to other administrative or judicial remedies.


f) Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract surrendered to yourself or a third party in a standard machine-readable format. If you request direct transfer of the data to another responsible party, this will only be done to the extent that is technically feasible.


g) SSL/TLS encryption

For security reasons and to secure the transfer of confidential content such as orders or queries you send us as the operator of the site, this site uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://", and by the lock icon in your browser bar.

When SSL or TLS encryption is enabled, the data you transfer to us cannot be seen by third parties.


h) Encrypted payment transactions on this website

If you are required to provide your payment information (e.g., account number for direct debit authorization) after a contract for payment is concluded, this data is needed to process the payment.

Payment transactions through standard means of payment (Visa/MasterCard or direct debit) are processed exclusively via an encrypted SSL/TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://", and by the lock icon in your browser bar.

During encrypted communication, the payment data you send to us cannot be seen by third parties.


i) Information, blocking, deletion and correction

Within the scope of the applicable legal provisions, you have the right at any time to receive information at no cost about your stored personal data, its origin and recipient, and the purpose of the data processing, and, if applicable, a right to correction, locking, or deletion of this data. You can contact us at any time at the address provided in the site notice concerning this or other questions on the topic of personal data.


j) Right to restriction of processing

You have the right to request that processing of your personal data be restricted. To this end, you can contact us at any time at the address provided in the legal notice. You have the right to restriction of processing in the following scenarios:

  • Should you dispute the accuracy of the personal data we have saved about you, we typically need a short amount of time to verify that this is, in fact, the case. During this time, you have the right to request that processing of your personal data be restricted.
  • If processing of your personal data has occurred in an unlawful manner, you can demand restriction of data processing instead of deletion.
  • If we no longer require your personal data, but you need it to exercise, defend or assert legal claims, you have the right to demand that processing of your personal data be restricted instead of the data being deleted.
  • If you have filed an objection pursuant to Art. 21 (1) GDPR, consideration must be taken into account between your interests and ours. As long as it is not yet apparent whose interests predominate, you have the right to request that processing of your personal data be restricted.

If you have restricted processing of your personal data, this data may not be processed ─ apart from saving it ─ without your consent, or for the purpose of asserting, exercising or defending legal rights, protecting the rights of another natural or legal person, or for reasons pertaining to an important public interest of the European Union or a member state.


k) Prohibiting advertising e-mails

We hereby disallow the use of the contact data published within the scope of the site notice requirement for the sending of advertising and informational material that has not been expressly requested. The operators of the sites expressly reserve the right to take legal steps in the event that unsolicited advertising is sent, for example through spam emails.


3. Data protection officer


We have appointed a data protection officer for our company.

Erich Zimmermann
c/0 ZiDa-Datensicherheit GmbH
Schwarzwaldstraße 17
D-68163 Mannheim
www.zida-datenschutz.de


E-Mail: e.zimmermann@zida-datenschutz.de


4. Data gathering on our website


a) Cookies

The Internet pages use so-called cookies in some cases. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our content more user-friendly, effective, and secure. Cookies are small text files that are saved on your computer and that your browser stores.

Most of the cookies we use are so-called "session cookies". They are deleted automatically after the end of your visit. Other cookies remain on your terminal device until you delete them. These cookies allow us to recognize your browser during your next visit.

You can set your browser in such a way that you are informed about the setting of cookies and only allow cookies in each individual case, disallow the acceptance of cookies for particular cases or in general, and enable automatic deletion of the cookies when the browser closes. If cookies are disabled, the functionality of this website may be restricted.

Cookies that are necessary in order to carry out the electronic communication process or provide particular functions you want (e.g., shopping cart function), are stored on the basis of Art. 6(1) point (f) of the GDPR. The website operator has a legitimate interest in the storage of cookies in order to provide its services in a manner that is free of errors and optimized. Insofar as other cookies (e.g., cookies for analysis of your browsing behavior) are stored, they are treated separately in this data protection statement.


Cookie Consent with Consent Manager Provider

Our website uses cookie consent technology from Consent Manager Provider to obtain your consent for us to save certain cookies on your end device and to document this consent in accordance with data protection requirements. The provider of this technology is Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden, website: www.consentmanager.de, (hereinafter referred to as “Consent Manager Provider”).

When you access our website, a connection is established with the servers of Consent Manager Provider for the purpose of obtaining your consent and providing you with further information about cookie usage. Next Consent Manager Provider saves a cookie in your browser so that it can allocate the consent or rejection of cookies issued by you. The data obtained in this way will be saved until you request that we delete it, until the Consent Manager Provider cookie deletes itself, or until its purpose for data storage is no longer required. Mandatory legal retention obligations remain unaffected.

Consent Manager Provider is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6(1)(c) of the GDPR.

 

b) Server log data

The provider of the pages automatically gathers and stores information in so-called server log files that your browser sends us automatically. This information concerns:

  •     browser type and browser version
  •     operating system used
  •     referrer URL
  •     hostname of the accessing computer
  •     time of the server query
  •     IP address

This data is not combined with other data sources.

This data is collected pursuant to Art. 6, Para. 1 (f) of the GDPR. The website operator has a legitimate interest in saving cookies in order to provide its services in a manner that is free of errors and optimized; for this purpose, server log files must be created.
 

c) Contact form

If you send us queries via the contact form, we store your information from the query form, including the contact data you provide, for the purpose of processing the query and in case of follow-up questions. We do not share this data without your consent.

Therefore, the data provided on the contact form is processed exclusively on the basis of your consent (Art. 6 (1) point (a) GDPR). You can revoke this consent at any time. Informal notification by email suffices for this purpose. The lawfulness of the data processing operations that occurred before the revocation remains unaffected by the revocation.

We retain the data you entered in the contract form until you request deletion or revoke your consent to storage, or the purpose of the data storage ceases to obtain (e.g., after the processing of your query has concluded). Mandatory legal provisions – especially retention periods – remain unaffected.


d) Registration on this website

You can register on our website in order to use additional functions of the site. We use the data entered in this way only for purposes of use of the respective content or service for which you have registered. The required information requested during registration must be provided in full. Otherwise, we will reject the registration.

We use the email address provided during registration in order to inform you of important changes, for example in the scope of the offerings, or in the event of technically necessary changes.

The data provided during registration is processed on the basis of your consent (Art. 6 (1) point (a) GDPR). If you have already given consent, you can revoke it at any time. Informal notification by email suffices for this purpose. The lawfulness of the data processing that has already occurred remains unaffected by the revocation.

We store the data gathered during registration as long as you are registered on our website; it is then deleted. Legal retention periods remain unaffected.


e) Processing of data (customer and contract data)

We only gather, process, and use personal data to the extent that it is necessary to establish, determine the content of, or modify the legal relationship (inventory data). This is done on the basis of is Art. 6(1) point (b) GDPR, which permits the processing of data for performance of a contract or to take pre-contractual steps. We only gather, process, and use personal data about the use of our Internet pages (usage data) to the extent necessary to allow the user to use the service or bill for it.

The customer data gathered is deleted after conclusion of the contract or termination of the business relationship. Legal retention periods remain unaffected.

 

f) Data transmission upon conclusion of the contract for online stores, dealers and shipment of goods


We transmit personal data to third parties only if this is necessary in the context of fulfilling the contract: for example, to the companies entrusted with delivering the goods or to the credit institution appointed to handle the payments. Further transfer of the data does not occur, or only occurs if you have expressly consented to the transfer. Our company regularly checks your credit standing when concluding contracts and in certain cases where there is a legitimate interest. In addition, we participate in the payment experience pool of the German Debtors' Register (DRD) operated by Creditreform. For this purpose, we transmit personal data such as address data as well as information on payment history to Creditreform Stuttgart Strahler KG, Theodor-Heuss-Str. 2, 70174 Stuttgart, Germany. The data is stored as long as its knowledge is necessary for fulfilling the stated purpose of the storage.

In the database of Creditreform, information is stored in particular on the name, company name, address, marital status, professional activity and financial circumstances, any liabilities as well as information on payment history. For further information on data processing at Creditreform, see the following link:
https://www.creditreform.de/stuttgart/datenschutz

In addition, we access information from Dun & Bradstreet Deutschland GmbH, Robert-Bosch-Strasse 11, 64293 Darmstadt, Germany. Among other services, Dun & Bradstreet Deutschland GmbH provides services for assessing the probability of creditworthiness. For this purpose, we use encryption procedures to provide Dun & Bradstreet Deutschland GmbH with data on the payment history of business partners. Dun & Bradstreet Deutschland GmbH receives the right to use this data, unlimited in time and space, and is obligated to observe the protective regulations on the use of personal payment history data in accordance with § 31 (1) of the German Federal Data Protection Act (BDSG). For further information on data processing at Dun & Bradstreet Deutschland GmbH, see the following link: https://www.dnb.com/de-de/daten-und-sicherheit/

Your data is not shared with third parties, for example, for advertising purposes, without your express consent. The basis of this data processing is Art. 6(1) point (b) GDPR, which permits the processing of data for performance of a contract or to take pre-contractual steps. Possible information that Dun & Bradstreet Deutschland GmbH may have stored about you: basic information such as your name, contact points such as your mailing address, detailed information such as your payment history.

g) Data transmission upon conclusion of the contract for services and digital content

We transmit personal data to third parties only if this is necessary in the context of fulfilling the contract: for example, to the credit institution appointed to handle the payments.
Our company regularly checks your credit standing when concluding contracts and in certain cases where there is a legitimate interest. In addition, we participate in the payment experience pool of the German Debtors' Register (DRD) operated by Creditreform. For this purpose, we transmit personal data such as address data as well as information on payment history to Creditreform Stuttgart Strahler KG, Theodor-Heuss-Str. 2, 70174 Stuttgart, Germany. The data is stored as long as its knowledge is necessary for fulfilling the stated purpose of the storage.

In the database of Creditreform, information is stored in particular on the name, company name, address, marital status, professional activity and financial circumstances, any liabilities as well as information on payment history. For further information on data processing at Creditreform, see the following link:
https://www.creditreform.de/stuttgart/datenschutz

 
In addition, we access information from Dun & Bradstreet Deutschland GmbH, Robert-Bosch-Strasse 11, 64293 Darmstadt, Germany. Among other services, Dun & Bradstreet Deutschland GmbH provides services for assessing the probability of creditworthiness. For this purpose, we use encryption procedures to provide Dun & Bradstreet Deutschland GmbH with data on the payment history of business partners. Dun & Bradstreet Deutschland GmbH receives the right to use this data, unlimited in time and space, and is obligated to observe the protective regulations on the use of personal payment history data in accordance with § 31 (1) of the German Federal Data Protection Act (BDSG). For further information on data processing at Dun & Bradstreet Deutschland GmbH, see the following link: https://www.dnb.com/de-de/daten-und-sicherheit/

Further transfer of the data does not occur, or only occurs if you have expressly consented to the transfer. Your data is not shared with third parties, for example, for advertising purposes, without your express consent.
The basis for data processing is Art. 6 (1) lit. b of the General Data Protection Regulation (DSGVO), which permits the processing of data to fulfill a contract or pre-contractual measures.

Possible information that Dun & Bradstreet Deutschland GmbH may have stored about you: basic information such as your name, contact points such as your mailing address, detailed information such as your payment history.

5. Analysis tools and advertising
a) Google Analytics

This website uses functions of the Google Analytics web analysis service. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". These are text files which are stored on your computer and allow your use of the website to be analyzed. The information generated by the cookie about your use of this website is generally sent to a Google server in the USA and stored there.

The Google Analytics cookies are stored on the basis of Art. 6(1) point (f) GDPR. The website operator has a legitimate interest in the analysis of the usage behavior in order to optimize both its web content and its advertising.


IP anonymization

We have enabled the IP anonymization function on this website. This causes your IP address to be truncated by Google within member states of the European Union or in other contracting parties to the Agreement on the European Economic Area before it is sent to the USA. Only in exceptional cases is the full IP address sent to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyze your use of the website, to compile reports about website activities, and to provide further services associated with website and Internet use. The IP address sent by your browser as part of Google Analytics is not combined with other data by Google.


Browser plugin

You can prevent cookies being stored by making the appropriate setting in your browser software; however, we would draw your attention to the fact that you will not have access to the full functionality of this website if you do so. Furthermore, you can prevent the gathering of the data for Google (including your IP address) concerning your use of the website generated through the cookie, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.


Objecting to data gathering

You can prevent Google Analytics from gathering your data by clicking the following link. An opt-out cookie is set that prevents your data from being gathered during future visits to this website: disable Google Analytics.

You can find more information on the handling of user data at Google Analytics in Google's data protection statement: support.google.com/analytics/answer/6004245.


Order processing

We have concluded a contract with Google for order data processing and fully implement the strict requirements of the German data protection authorities for use of Google Analytics.


Demographic features in Google Analytics

This website uses the "demographic features" function of Google Analytics. This allows reports to be created that contain information about the age, gender, and interests of the site visitor. This data comes from interest-based advertising of Google and visitor data from third-party providers. This data cannot be associated with a particular person. You can disable this function at any time through the ad settings in your Google account or forbid the gathering of your data by Google Analytics in general as described in the section "Objecting to data gathering".

 

6. Newsletter


a) Newsletter data

If you would like to get the newsletter offered on the website, we need an email address for you, as well as information that allows us to verify that you are the owner of the email address provided and consent to receive the newsletter. Further data is not gathered, or only gathered on a voluntary basis. We use this data exclusively in order to send the requested information and do not share it with third parties.

The data provided on the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 (1) point (a) GDPR). If you have granted consent to store the data and email address and use them to send the newsletter, you can revoke it at any time, for example with the "Unsubscribe" link in the newsletter. The lawfulness of the data processing operations that have already taken place remain unaffected by the revocation.

We store the data you save with us for the purposes of receiving the newsletter until you unsubscribe from the newsletter and delete it after you unsubscribe from the newsletter. Data that was stored with us for other purposes remains unaffected by this.
 

b) SC-Networks GmbH

This website uses Evalanche, an email marketing automation solution for sending newsletters. The provider is SC-Networks GmbH, Würmstraße 4, 82319 Starnberg. Evalanche is a service that can be used to organize and analyze newsletter distribution. The data you enter for the purpose of receiving newsletters (e.g. e-mail address) is stored on the servers of SC-Networks.

Data analysis by SC-Networks

The newsletters we send with Evalanche allow us to analyze the behavior of the newsletter recipients. This makes it possible to analyze how many recipients have opened the newsletter, which links were clicked in the newsletter, and how often, among other things.

Evalanche also allows us to subdivide ("cluster") newsletter recipients based on various categories. The newsletter recipients can be divided by age or gender, for example. This makes it possible to better adapt the newsletters to the respective target groups.

If you do not want Evalanche to analyze your data, you must revoke your consent to personalized tracking. For this purpose, we provide you with a form that allows you to manage your newsletter preferences. You will find the link to this form in every newsletter message. Alternatively, you can unsubscribe from the newsletter. For this purpose, an unsubscribe link is also provided in each newsletter. You can also unsubscribe from the newsletter directly on the website.


Legal basis

The data processing takes place on the basis of your consent (Art. 6 (1) point (a) of the General Data Protection Regulation [GDPR]). You can revoke this consent at any time by unsubscribing from the newsletter. The lawfulness of the data processing operations that have already taken place remain unaffected by the revocation.


Storage period

The data you stored with us for the purpose of receiving the newsletter is saved until you unsubscribe from the newsletter and is deleted from both our servers and the servers of SC-Networks after you unsubscribe from the newsletter. Data that was stored with us for other purposes remains unaffected by this.


Conclusion of a contract for order processing

We have concluded a contract with SC-Networks for order data processing and fully implement the strict requirements of the German data protection authorities when using SC-Networks' email marketing automation solution.

 

7. Plugins and tools


a) YouTube with expanded data protection

Our website uses plug-ins from YouTube. The operator of these pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
We use YouTube in expanded data protection mode. According to YouTube, this mode ensures that YouTube will not save any information on visitors to this website before they view the video. The transfer of data to YouTube partners, however, is not necessarily excluded, or ruled out, by the expanded data protection mode. As such, YouTube connects to the Google DoubleClick network regardless of whether you are watching a video.
When you play a YouTube video on our website, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube may also save cookies on your device after you start a video. YouTube can use these cookies to acquire information on visitors to our website. This information is leveraged to collect video statistics, improve overall usability and prevent fraud among other reasons. The cookies remain on your device until you delete them.

If necessary, additional data processing may be triggered after you start a YouTube video over which we have no control.

YouTube is used in the interest of presenting our online content in an attractive way. This constitutes a legitimate interest in the sense of Art. 6 (1) point (f) GDPR.

Additional information about data protection concerning YouTube can be found online in the YouTube privacy policy: policies.google.com/privacy.


b) Google and MyFonts Web Fonts

For uniform display of fonts, this site uses so-called web fonts, which are provided by Google and MyFonts. When a site is viewed, your browser needs web fonts in its browser cache in order to correctly display texts and fonts.

For this purpose, the browser you use must establish a connection to the Google and MyFonts servers. In the process, the providers learn that our website has been viewed through your IP address. Google web fonts and MyFonts web fonts are used in the interest of an attractive uniform presentation of our online content. This constitutes a legitimate interest in the sense of Art. 6 (1) point (f) GDPR.

If your browser does not support web fonts, a standard font of your computer is used.

You can find more information on Google web fonts at developers.google.com/fonts/faq and in the Google Privacy Policy: www.google.com/policies/privacy/.

You can find more information on MyFonts web fonts at www.myfonts.com/licensing/webfont/


c) Google Maps

This site uses an API of the Google Maps service. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps, it is necessary to store your IP address. This information is generally sent to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

Google Maps is used in the interest of presenting our online content in an attractive way and making it easier to find the locations we indicate on the website. This constitutes a legitimate interest in the sense of Art. 6 (1) point (f) GDPR.

You can find more information on the handling of user data in the Google data protection statement: www.google.de/intl/de/policies/privacy.


 d) Google reCAPTCHA

We use "Google reCAPTCHA" (referred to below as "reCAPTCHA") on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

ReCAPTCHA is intended to check whether data is entered on our websites (e.g., in a contact form) by a human or an automatic program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor on the basis of various features. This analysis begins automatically as soon as the website visitor enters the website. ReCAPTCHA analyzes various kinds of information (e.g., IP address, dwell time of the website user on the website, or mouse movements performed by the user). The data gathered during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.

The data is processed on the basis of Art. 6(1) point (f) GDPR. The website operator has a legitimate interest in protecting its webpages from abusive automatic spying and spam.

You can find more information on Google reCAPTCHA and Google's data protection statement at the following links: www.google.com/intl/de/policies/privacy/ and www.google.com/recaptcha/intro/android.html.

 Delete selection