Data protection

Data protection information

Data Protection Statement

1 Scope of Application

1.1 The following Data Privacy Statement applies to the use of our websites and the services we offer through them. The present Data Privacy Statement provides information for you in accordance with Art. 12 et seq. of the General Data Protection Regulation (GDPR) about how we handle your personal data when you are using our websites. In particular, it explains what data we collect and what we use them for. It also provides information on how and for what purpose we collect personal data.
1.2 When you visit our website, various personal data are processed depending on the type and extent of your use. Personal data (hereafter also "data") is information relating to an identified or identifiable natural person (hereafter "data subject"). An identifiable natural person is one who can be identified directly or indirectly (for example, by linking to an online identifier). This includes information like the name, address, phone number and date of birth.
1.3 Processing your data can include any operation or set of operations that is performed on personal data or on sets of personal data, by automated means or manually, such as collection, recording, organization, structuring, storage, adjustment or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or another form of making them available, alignment or combination, restriction, erasure or destruction.

2 General Information

2.1 Owner
Unless otherwise listed, Christian Winkler GmbH & Co. KG is responsible in the meaning of Art. 4 (7) GDPR.
Our contact details:
Christian Winkler GmbH & Co. KG,
Leitzstraße 47, 70469 Stuttgart,
Germany
Phone: +49 711 85999-0
Fax: +49 711 85999-109
Email: info@winkler.de

2.2 Data protection officer
You can contact our data protection officer at
Christian Winkler GmbH & Co. KG,
data protection officer,
Leitzstraße 47, 70469 Stuttgart,
Deutschland

Email: datenschutz@winkler.com

2.3 Legal basis of processing
We process personal data only in the case of permission based on data protection regulations, a legal obligation or on the basis of your express consent. Specifically, the following legal bases are taken into account:
Data are processed on the basis of Art. 6 (1)(a) GDPR, if we have your consent for a specific processing purpose.
In situations in which the processing of personal data are necessary in order to fulfill a contract to which you are a party, a contract regarding the delivery of goods or services, for example, we rely on Art. 6 (1)(b) GDPR. This also applies if processing is necessary in order to carry out pre-contractual measures, like product inquiries, for example.
If we must attend to a legal obligation that requires processing personal data, like for tax-related purposes, this will happen in accordance with Art. 6 (1)(c) GDPR.
In some exceptional cases, it is possible that personal data must be processed in order to protect the vital interests of the data subject or a different natural person. For example, this could be necessary if, in an emergency, medical information must be forwarded to doctor. In these cases, Art. 6 (1)(d) GDPR applies.
Processing can also be based on Art. 6 (1)(f) GDPR. This legal basis applies for cases that are not included in previous provisions, and if we or a third party have a legitimate interest in processing data, as long as the interests of the data subject do not outweigh as part of the consideration.

2.4 Duration of data storage
Unless otherwise indicated, we initially process and save your personal data according to the duration required by the respective processing purpose. This could also include the time spans of the lead-up to a contract (pre-contractual legal relationship) and the execution of a contract. On this basis, personal data are regularly erased as part of fulfillment of our contractual and/or legal obligations unless their further processing is required for the following purposes for a limited duration:

Fulfillment of legal retention obligations resulting from the German Commercial Code (Sect. 238, 257 (4) HGB) and the German Fiscal Code (Sect.147 (3, 4) AO). The specified periods of storage or rather, documentation, are no more than ten years.
Retention of evidence under consideration of the statute of limitations. According to Sect. 194 et seq. of the German Civil Code (BGB), this statute of limitations could be up to 30 years, although the regular limitation period is three years.

2.5 Forwarding data to third parties
If you have shared personal data with us, this data will never be passed on to third parties. They will be forwarded only

as part of the consent granted by you. When the data are collected, you will be notified of the recipient or categories of recipients.
as part of job processing in accordance with Art. 28 GDPR, to external service providers (e.g., hosts). We have carefully selected and engaged them, bound them to our instructions and the provisions of the GDPR and they are monitored regularly.
as part of fulfillment of legal obligations to authorities entitled to receive information. You can find out whether or not we transmit data to recipients in a "third country" (headquarters outside of the European Economic Area) in the description of the respective data processing in this Data Privacy Statement, including the information on recipients and the underlying legal basis in accordance with Art. 46 (2) GDPR. Through adequacy decisions, the European Commission certifies some third countries as having a data protection standard comparable to the level in the European Economic Area. If a comparable data protection standard is not present in a country, we and our subcontracted processors ensure that adequate data protection is established through other measures. This is possible with standard contractual clauses of the European Commission around the protection of personal data (SSC), certificates or recognized codes of conduct.

2.6 Your rights
As a data subject, you have the following rights under the legal prerequisites:

Right of access
Under the prerequisites in Art. 15 GDPR, you can request information from us about whether or not and to what extent we process your data. If we do process your data, you have the right to access information about these data.

Right to rectification
If the data we have saved about you are incorrect or incomplete, you can demand that we rectify and complete the data, if required, at any time (Art. 16 GDPR).

Right to erasure and restriction of processing
If the legal prerequisites are present, you can demand the erasure (Art. 17 GDPR) or "blocking" (Art. 18 GDPR) of your data.

Right to data portability
If the data that we have received on the basis of your consent or a contract is processed by machine, you can assert your right to data portability (Art. 20 GDPR). We will send you your data in a machine-readable format. If you would like us to and it is technically possible, we will transmit the data to a third party. All of the above-mentioned rights can be restricted or excluded by law in specific cases.

2.7 Revocation of consent
If you have given us your consent to processing your personal data for specific purposes, the legitimacy of this processing pertains on the basis of your consent. Once granted, consent can be revoked. You can send your request for revocation to: datenschutz@winkler.com. Please note that your revocation can only be effective for the future. Processing that took place before your revocation will not be affected.

2.8 Objection to processing on the basis of a legitimate interest
We also collect and process your personal data in order to protect our legitimate interests or the legitimate interests of third parties to the extent that data processing is required for the protection of these legitimate interests. In these cases, you have the right to object to processing for the future. You can send your request to: datenschutz@winkler.com.

2.9 Right of complaint to a supervisory authority
Subject to the prerequisites of Art. 77 GDPR, you have a right of complaint to the responsible supervisory authority. In particular, you can contact the supervisory authority responsible for us or another responsible supervisory authority with a complaint.

The data protection supervisory authority responsible for us has the following contact data:
Baden-Württemberg State Authority for
Data Protection and Freedom of Information
P.O. Box 10 29 32
70025 Stuttgart
or:
Lautenschlagerstraße 20
70173 Stuttgart
Phone: +49 711/61 55 41-0
Email: poststelle@lfdi.bwl.de

2.10 Other matters
Our data protection officer is available for your detailed data protection questions and matters. Send your relevant requests and exercise the above rights in writing to the address indicated above or via email to: datenschutz@winkler.com

3 Safety

All the data collected on our website is transmitted via SSL encryption in order to protect them against misuse by third parties. We work with carefully selected service providers to ensure that your data are protected. Of course these service providers are contractually obligated to obey the regulatory provisions, in particular the data protection laws.

4 Data Processing via the Website
4.1 Log files
As with any website, our server automatically and temporarily collects data that the browser transmits in the server log files, if you have not deactivated this function. These data are technically necessary in order to show you our website and ensure its stability and security.

In detail, the following server log files are collected on our website:

browser type and browser version
operating system used
referrer URL
time of the server query
IP address

When you log into the online shop, the following server log files are also recorded:

SAP log data
IP address
Session ID
Country/Language
Login data (customer number, username, email)
Opened pages and products, search terms

Technically necessary data collection also includes saving your IP address, which can theoretically enable a correlation to your person but cannot be linked to specific persons at any time.
Alongside ensuring a functional website and system security, on the basis of Art. 6 (1)(f) GDPR, the collected data are used in an aggregated statistical evaluation to determine whether or not our internet service is optimized and designed to meet your needs. The evaluation does not refer to any persons and the data are not combined with other data sources. Your log data are saved on our web server for purposes of IT security for no more than 7 days.

4.2 Cookies and other technologies around web analysis

4.2.1 Cookies
This website uses cookies and other technologies (e.g., pixel tags). Cookies are small text files that contain an identification number (ID) and are saved on your computer, tablet or smartphone (hereafter: end device) when you open our website. If you open our website again, your end device can be recognized based on the identification number. With the help of the consent banner, you have the option to set cookies and similar technology to suit you and receive additional information about the processed data in detail.

4.2.2 Categories of cookies and other technologies
Depending on the function and purpose of the data processing that is taking place, we divide the technologies used on our website into the following three categories:

Required cookies ("Functional")
These technologies are required in order to offer you website functions and fulfill our legal obligations. The legal basis for processing your personal data is our legitimate interest (Art. 6 (1)(f) GDPR) to make our website useable for you and to fulfill our legal obligations Art 6 (1)(c) GDPR. In terms of access to your end device, the legal basis is Sect. 25 (2)(2) German Telecommunications Digital Services Data Protection Act (TDDDG).

Cookies for measuring reach ("Measurement")
We use these technologies for purposes of statistical analysis in order to statistically record the use of our website. Statistical cookies help us to improve our website and offer you content that is of particular relevance to you. The legal basis for processing your personal data is your consent granted via the cookie banner in accordance with Art. 6 (1)(a) GDPR and in terms of access to your end device, Sect. 25 (1) TDDDG. Your consent is always granted voluntarily and not required for use of the website itself.

Marketing cookies ("Marketing")
We use these technologies for marketing purposes, i.e., to make personalized advertising available to you, for example. The legal basis for processing your personal data is your consent granted via the cookie banner in accordance with Art. 6 (1)(a) GDPR and in terms of access to your end device, Sect. 25 (1) TDDDG. Your consent is always granted voluntarily and not required for use of the website itself.

4.2.3 Storage period
Session cookies are erased after you close your browser. We also use persistent ("permanent") cookies. You can find the details on the storage period in the following sections and on our consent banner.

4.3 Embedded services
The services we use are listed and described in detail in the following.

4.3.1 Required technologies ("Functional")

4.3.1.1 Consent banner
Our website uses a consent banner in order to request your informed consent to or rejection of saving specific cookies and other technologies on your end device and to document it in compliance with the data protection laws. The consent banner provider is consentmanager AB, Haltegelvägen 1b, 72348 Västeras, Sweden.
When you visit our website, a connection to the server of the provider is established in order to request your consent to or rejection of the use of cookies and comparable technologies. Next, the provider sets a cookie on your end device in order to link the consent you granted to you. The data recorded in this way will be saved until you request that we erase it, you delete the cookie yourself, or until the purpose of data storage is no longer applicable. Mandatory legal retention obligations remain unaffected. The legal basis for data processing is Art. 6 (1)(c) GDPR.
Data Privacy Statement: www.consentmanager.net/en/privacy/

4.3.1.2 MyFonts
To ensure the uniform representation of text, we use fonts that are provided by Monotype Imaging Holdings Inc. with headquarters at 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA and its subsidiaries (in summary "Webfonts"). If you access a page that contains the webfont tracking script or similar technology, Webfonts collects the identification number of the webfont project (anonymized), the URL of the licensed website, which is linked to a customer ID so that Webfonts can identify the licensee and the licensed webfonts, the number of times the pages were opened and the referrer URL for maximum 30 days. This is done to prevent unauthorized use of the Webfonts software.
MyFonts is used on the basis of our legitimate interest in the presentation of a functioning website with uniform fonts on the basis of Art. 6 (1)(f) GDPR.
Data Privacy Statement: www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy ; Basis for third country transfers: Data Privacy Framework (DPF)

4.3.1.3 SearchHub
With the help of SearchHub and in the background, we automatically optimize the search terms you entered to ensure that the search function of our online shop can supply you with suitable products. With this service, you can find the product you are searching for even in the case of typing mistakes or different spelling. We also differentiate between automated searches (bots) and human users. SearchHub is a product of CXP Commerce Experts GmbH, Am Schoßgatter 3, 75172 Pforzheim, Germany ("SearchHub").

In order to provide the search function, SearchHub collects a randomly generated ID without personal reference, browser information, error analysis data, search terms and the address of the page on which the search request was entered. For this purpose, SearchHub sets a cookie with a storage period of no more than 48 hours. Further, SearchHub uses the local storage of the browser to link user interaction to search phrases and maintain the link during the entire session (maximum 48 hours). The data recorded here are encrypted and transmitted to the SearchHub server via https. The IP address of the user is also transmitted, but it is not saved or evaluated.
It is technically necessary to process your data for the operation of our online shop and we have it done on the basis of our legitimate interest in providing a functional search in our online shop in accordance with Art. 6 (1)(f) GDPR.
Data Privacy Statement: www.searchhub.io/helping-search-understand-humans/privacy-policy/

4.3.1.4 Session cookies
On our websites, we use the "session cookies" required to operate the websites. We use session cookies that save a session ID and the language/country you have chosen, etc. on your end device when you visit our online shop. If you log into the online shop, session cookies will also collect the associated SAP logID and SAP shopID, as well as the products in your shopping cart.
These session cookies are only saved for the duration of your use of our website, and are only intended to simplify your use of the website and technically ensure that the online shop is connected to our merchandise management system. After every session is ended, we automatically deleted the session cookies.
The legal basis for processing your personal data is our legitimate interest in ensuring the operation and functionalities of our website, in particular the online shop (Art 6 (1)(f) GDPR).

4.3.2 Other technologies ("Marketing and statistics")

4.3.2.1 Google Analytics
Google Analytics is a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This service makes it possible to track and analyze your use of the website in detail. The data collected by Google are used to create comprehensive reports on user activities and integrate the results with further Google services. Google can also use the collected data to contextualize and personalize advertisements within its advertising network. The analysis is carried out on the basis of a pseudonym identification number that does not contain explicit data like names or email addresses. The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time via the consent banner. The lawfulness of the data processing operations that occurred before the revocation remains unaffected by the revocation.
Data Privacy Statement: policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF; Opt out: Opt out plugin: tools.google.com/dlpage/gaoptout

4.3.2.2 Google Ads
We use Google Ads. This advertising service is provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland ("Google"). The Google online advertising service is used to publish advertisements in the Google advertising network. With the help of these ads, we can systematically communicate with interested users by advertising our own offers on external websites. With Google Ads, we can analyze and improve the effectiveness of advertising campaigns. We collect data on whether or not you react to our ads through your click behavior, for example, and make use of our offers. Data processing is only carried out on the basis of your express consent in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time via the consent banner. The lawfulness of the data processing operations that occurred before the revocation remains unaffected by the revocation.
Data Privacy Statement: policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF)

4.3.2.3 Google Tag Manager
We use Google Tag Manager, a tag management system from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") to manage the tags (small code elements) set on our website using a centralized GUI. These tags are integrated into our website in order to analyze visitor activity. The main task of Google Tag Manager is to integrate and manage the tools and services we use on our website more simply and design them efficiently. When you use our website, your IP address, among other data, is transmitted to Google. Google Tag Manager does not create a user profile, but instead is used to tie-in and manage other Google services.
This data processing is only carried out on the basis of your express consent in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time via the consent banner. The lawfulness of the data processing operations that occurred before the revocation remains unaffected by the revocation.
Data Privacy Statement: policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF)

4.3.2.4 Google Maps
Our website uses Google Maps to visually present geographical information: for example, to show you our location and make it easier for you to physically visit us. The provider is Google Ireland Limited, with headquarters in Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). As soon as pages with Google Maps are opened, data like your IP address is transmitted to Google servers in the USA. In addition, Google Maps loads Google webfonts, which also establishes a connection to Google servers. This data is processed whether or not you have a Google user account. If you are logged in, the data are directly linked to your account; otherwise Google saves the data as a use profile.
Data processing is only carried out with your express consent in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time via the consent banner. The lawfulness of the data processing operations that occurred before the revocation remains unaffected by the revocation.
Data Privacy Statement: policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF)

4.3.2.5 Google reCAPTCHA
We use the Google reCAPTCHA service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") on our website. ReCAPTCHA is used to check whether data is entered on our website (e.g., on a contact form) by a human or an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor on the basis of various features. This analysis begins automatically as soon as the website visitor visits the website. ReCAPTCHA analyzes various kinds of information (e.g., IP address, dwell time of the website user on the website, or mouse movements performed by the user). The data gathered during the analysis is forwarded to Google. The data processing takes place on the basis of your consent in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time via the consent banner. The lawfulness of the data processing operations that occurred before the revocation remains unaffected by the revocation.
Data Privacy Statement: policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF)

4.3.2.6 YouTube videos
YouTube videos are embedded in our website. YouTube is a video portal that enables users to upload and view videos. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). When you visit one of our websites with an embedded YouTube video, your browser is instructed to download the video from YouTube. As a result, YouTube and Google find out which of our pages you are visiting. If you are logged into YouTube, this information is linked to your account, regardless of whether or not you click the video. To prevent this type of data transmission, log out of your YouTube account before visiting our page. The use of YouTube is based on your consent in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time via the consent banner. The lawfulness of the data processing operations that occurred before the revocation remains unaffected by the revocation.
Data Privacy Statement: policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF)

4.3.2.7 Meta Pixel
Meta Pixel is a tracking technology provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland ("Meta"). It uses pixel tags (invisible graphics, also called web beacons) to track visitor interactions on websites, particularly after users have clicked advertisements on Facebook or other Meta services. This technology enables us to measure conversion and is primarily used for analysis, marketing, retargeting, advertising, conversion tracking and personalization.
The collected information includes advertisements viewed, browser and device information, geographical locations and IP addresses. Data like the pixel ID, referrer URL, usage data and user behavior are also collected. If you are logged into Facebook, Facebook-specific information like the user ID and click behavior can also be collected. Primary processing takes place in the European Union, but data can also be transmitted to countries like Singapore, the USA and the UK. Meta Platforms Inc. can also be the data recipient. This data is processed on the basis of your consent in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time via the consent banner. The lawfulness of the data processing operations that occurred before the revocation remains unaffected by the revocation.
Data Privacy Statement: www.facebook.com/privacy/policy/; Basis for third country transfers: Data Privacy Framework (DPF)

4.3.2.8 TikTok Pixel
TikTok Pixel is a tracking technology provided by the Chinese company Beijing Bytedance Technology Ltd and for the European area, by the Irish company TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok"). It enables us to analyze user behavior on our website and track specific user actions. These data help to optimize advertising campaigns and improve the conversion rate. TikTok Pixel enables us to create user profiles and transmit the collected data to TikTok. Primary processing takes place in the European Union at the headquarters of TikTok Technology Limited in Ireland. However, data transmission to the parent company ByteDance in China cannot be excluded.
This data is processed on the basis of your consent in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time via the consent banner. The lawfulness of the data processing operations that occurred before the revocation remains unaffected by the revocation.
Data Privacy Statement: www.tiktok.com/legal/page/eea/privacy-policy/en; Basis for third country transfers: Standard contract clauses (SCC)

4.3.2.9 LinkedIn Pixel
We use LinkedIn Pixel, a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn") for statistical and marketing purposes. With the help of LinkedIn Pixel, we can understand your behavior on our website better in order to target and personalize our advertising measures on LinkedIn better. With LinkedIn Pixel, we can track how you interact with our website and which actions you execute. We can collect information like clicks, interaction duration, referrer URLs, IP address, browser information or the duration of your visit. LinkedIn also processes your personal data outside the European Union/European Economic Area.
The data processing takes place on the basis of your consent in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time via the consent banner. The lawfulness of the data processing operations that occurred before the revocation remains unaffected by the revocation.
Data Privacy Statement: www.linked in.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy; Basis for third country transfers: Standard contract clauses (SCC)

4.3.2.10 Instagram plugins
We set Instagram plugins, a service of Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland ("Meta"), on our website. You will recognize Instagram plugins by the Instagram logo or "Instagram button", or by Instagram stories that are directly integrated into our website. When you visit our website, the plugin established a direct connection between your browser and the Meta servers. Meta receives the information that you have visited our website with your IP address, and more. This occurs whether or not you are registered or logged into Instagram. If you are logged in with your Instagram account, you can click the Instagram button to link the content of this website to your Instagram profile. This enables Meta to link your visit to our website with your user account. We hereby emphasize that as the operator of this website, we do not know the content of the data that is transmitted to Meta through your Instagram account or how it is used by Meta.
To prevent Meta from directly linking the collected data to your Instagram profile, please log out of Instagram before visiting our website. The legal basis for processing personal data is based on your consent in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time via the consent banner. The lawfulness of the data processing operations that occurred before the revocation remains unaffected by the revocation.
Data Privacy Statement: privacycenter.instagram.com/policy/ ; Basis for third country transfers: Data Privacy Framework (DPF)

4.4 Online shop

4.4.1 Registration
If you register in our online shop and create a customer profile, we will save the account information you entered (in particular, name, invoice and delivery address, phone number, payment information and email address) such that you will not have to enter your data again each time you order. You can update or erase your profile at any time. The legal basis for this is Art. 6 (1)(b) GDPR.

4.4.2 Purchase orders
If you would like to order in our online shop, you must enter your personal data that we need to process your order so that we can conclude the contract with you. The mandatory information required to conclude the contract is marked separately; all other information is voluntary. To process your order, we will process the data you provided. For this purpose, we could also forward your payment data to our house bank or an online payment service we use. If you provide your payment data to us (e.g., account number for direct debit authorization), this data will be used for payment processing.
Payment transactions through standard means of payment (Visa/MasterCard or direct debit) are processed exclusively via an encrypted SSL/TLS connection.

4.4.3 Credit check
We will run a credit check on you if this is justified by a legitimate interest. A legitimate interest is present when there is a risk of non-payment. This is the case when we deliver advance performance (e.g., purchase on account). A credit check for a payment method with credit-side risk is permissible in accordance with Art. 6 (1)(f) GDPR. For other payment methods (without credit-side risk) your personal data will only be transmitted to third parties with your consent in accordance with Art. 6 (1)(a) GDPR.

For credit checks, we participate in the payment experience pool of the German Debtors' Register (DRD) operated by Creditreform. For this purpose, we transmit personal data, including address data, and information on payment history to Creditreform Stuttgart Strahler KG, Theodor-Heuss-Str. 2, 70174 Stuttgart, Germany. The data are stored as long as this is necessary for fulfilling the stated purpose of the storage.
In the database of Creditreform, information is stored in particular on the name, company name, address, marital status, professional activity and financial circumstances, any liabilities as well as information on payment history. For further information on data processing at Creditreform, see the following link: www.creditreform.de/stuttgart/datenschutz
In addition, we access information from Dun & Bradstreet Deutschland GmbH, Robert-Bosch-Strasse 11, 64293 Darmstadt, Germany. Among other services, Dun & Bradstreet Deutschland GmbH provides services for assessing the probability of creditworthiness. For this purpose, we use encryption procedures to provide Dun & Bradstreet Deutschland GmbH with data on the payment history of business partners. Dun & Bradstreet Deutschland GmbH is obligated to observe the protective regulations on the use of personal payment history data in accordance with Sect. 31 (1) of the German Federal Data Protection Act (BDSG). Your data is not shared with third parties, for example, for advertising purposes, without your express consent.
For further information on data processing at Dun & Bradstreet Deutschland GmbH, see the following link: www.dnb.com/about-us/company/our-security.html

4.4.4 For communication via the online shop via winkler NOW Chat, see the following section (4.5.4).

4.5 Communication with us

4.5.1 General contact information
If you share personal data with us via email, telephone or our website (last name, first name, email address, postal address), in general you do this voluntarily. These data are used to process our contractual relationship and to process your inquiries or rather, your orders. We do not use your data for other purposes; in particular, sharing your data with third parties for the purpose of advertising, market or opinion research. We delete the data accrued in this context after it is no longer necessary to save it or restrict its processing if a legal retention obligation exists. The legal basis for this is Art. 6 (1)(b) GDPR or Art. 6 (1)(f) GDPR.

4.5.2 Contact form
If you send us inquiries via the contact form, we will save your information from the form, including the contact data you provide, exclusively for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data with third parties without your consent.
We therefore process the data provided on the contact form on the basis of Art. 6 (1)(a) GDPR.
We retain the data you entered in the contract form until you request deletion or revoke your consent to storage, or the purpose of the data storage ceases to obtain (e.g., after the processing of your query has concluded). Mandatory legal provisions - especially retention periods - remain unaffected.

4.5.3 Newsletter
With your consent, you can subscribe to our newsletter, in which we inform you about our current, interesting offers. The promoted goods and services are listed in the declaration of consent. To register for our newsletter, we use the double opt-in method. This means that after you register, we send a email to the email address provided in which we request your confirmation that you would like us to send you the newsletter. If you do not confirm your registration, your information will be blocked and deleted at regular intervals. Further, we save the IP address you used, and the time of registration and confirmation. The purpose of the procedure is to document your registration and clarify any possible misuse of your personal data. The mandatory information for sending the newsletter is your form of address, first and last names, your email address, country, business area, desired newsletter subscription and your consent for advertising purposes. Your provision of additional, separately marked data is voluntary and they are used to communicate personally with you. After your confirmation, we save the data you provided for the purpose of sending the newsletter. The legal basis for this is Art. 6 (1)(a) GDPR. You can revoke your consent to sending you the newsletter at any time and unsubscribe from the newsletter. You can click the link provided in every newsletter email or send an email to newsletter-support@winkler.com to revoke your consent.
To optimize our newsletter, we also use the Evalanche service, an email marketing automation solution of SC-Networks GmbH for sending and analyzing newsletters. The provider is SC-Networks GmbH, Würmstraße 4, 82319 Starnberg. Evalanche saves the data you enter for the purpose of receiving newsletters (e.g. email address) on the servers of SC-Networks. With the solution we use, we can analyze the behavior of newsletter recipients by tracking how many recipients opened the newsletter or which links they click, for example. Evalanche also enables us to segment the recipients by criteria like age or gender in order to send more precisely targeted newsletters. If you do not want your behavior to be analyzed by Evalanche, you can revoke this tracking by using the form provided or unsubscribing from the newsletter. The unsubscribe link is present in every newsletter message. The data are processed on the basis of your consent in accordance with Art. 6 (1)(a) GDPR, which you can revoke at any time by unsubscribing to the newsletter. Data processing operations completely previously remain unaffected by your revocation. Your data that we have stored for the purpose of receiving the newsletter are saved and deleted by us and SC-Networks at regular intervals. Data for other purposes remain unaffected. We concluded a contract around job processing with SC-Networks in order to fulfill stringent data protection provisions.

4.5.4 winkler Now Chat
You have the option of using our chat function ("winkler NOW Chat") via our online shop. You can use the chat function to come into contact with our customer advisors.
Registration, chat record: The winkler NOW Chat is generally available to both registered users ("Registered Customers") and non-registered users ("Anonymous Users") of the online shop. However, certain inquiries can only be answered to registered users, especially if they are customer-specific inquiries or inquiries concerning confidential information.

If you already have access data for our online shop, you can use them to log into the winkler NOW Chat using the single sign-on procedure. We then use your login information to link your chat request to your customer account and assign you to the appropriate regional customer advisor for the respective request. As a registered customer, you can then view the current chat history and your completed requests at any time via your user account. All stored chat histories will be permanently deleted at the latest when your user account for the online shop is deleted, provided that no statutory retention periods require any further storage.

If you start winkler NOW Chat as an anonymous user, we will only collect your zip code in order to assign your request to a customer advisor who is responsible for your region. The chat history of anonymous users is not saved by us, but deleted immediately after completion. Legal retention periods remain unaffected.

The processing of your login information and all messages communicated via the chat takes place independently of a registration exclusively for the processing of your request on the basis of Art. 6 Abs. 1 S. 1 lit. b DSGVO.

5 Topicality of the Statement
We subject our Data Privacy Statement to verification at regular intervals and adjust it if necessary in order to ensure that the information it contains are up-to-date and the contents are correct. This Data Privacy Statement is currently valid and is the February 2025 version.