Windmöller GmbH operates this website. We therefore act as the Controller when it comes to processing personally identifiable information about users of our website. You will find our contact details in the legal notices section of this website. The contacts for issues relating to the processing of personally identifiable information are named in this privacy statement.We take the protection of both your privacy and your personal data very seriously.
We only collect, save and use your personally identifiable information in line with the content of this privacy statement and in compliance with applicable data protection laws, especially the European General Data Protection Regulation (GDPR) and national data protection laws.
The purpose of this privacy statement is to explain which personally identifiable information we process for what purpose when you use our website.
Personally identifiable information
Personally identifiable information is data that enables identification of a natural person. It includes all information about your identity, such as your name, e-mail or postal address. By contrast, information that cannot be used to identify you personally (such as statistics about traffic on our website) is not classified as personally identifiable information.
You may use our website without disclosing your identity or providing any personally identifiable information. In this case, we only collect general data regarding your visit to our website. Many of the services we offer do, however, require you to provide personally identifiable information. We only ever process this data for purposes of enabling you to use this website, in particular to provide you with the required information. When providing personally identifiable information, you only have to disclose the data that is absolutely necessary. Above and beyond this data, you can provide further information, albeit on a voluntary basis. We indicate in each case whether disclosure is mandatory or voluntary.
The specific details are explained in the relevant sections of this privacy statement.Automated decisions in connection with your use of our website are not made on the basis of your personally identifiable information.
Processing personally identifiable information
We save your data on specially safeguarded servers within the European Union. Technical and organisational safeguards are in place to protect the data against loss, destruction, and unauthorised access, alteration or circulation. Only a few authorised individuals can access your data. These people are responsible for the technical, commercial or editorial management of the servers. In spite of regular checks, ensuring complete protection against all risks is, however, not possible.
Your personally identifiable information is encrypted for transmission via the internet. We use SSL (Secure Socket Layer) encryption when transmitting data.
Disclosure of personally identifiable information to third parties
We only ever use your personally identifiable information to provide the services you request. In the event that we engage external vendors as part of this service provision, they only access the data for the purpose of providing the service(s). Technical and organisational safeguards ensure compliance with data protection laws. We also ensure that our external service providers commit to such compliance.
Furthermore, we do not disclose your data to third parties without your express consent, and especially not for advertising purposes. We only disclose your personally identifiable information if you have consented to the same yourself or if we are entitled or forced to do so by law and/or official or court order. In particular, we may be required to provide information for purposes of prosecution, to avert danger or to defend intellectual property rights.
Legal basis for data processing
When we obtain your consent to process your personally identifiable information, the legal basis for such processing is established by Art. 6 (1) (a) GDPR.
When we need to process your personally identifiable information for performance of a contract or contract relationship, the legal basis for such processing is established by Art. 6 (1) (b) GDPR.
When we process your personally identifiable information in order to comply with a legal obligation, the legal basis for such processing is established by Art. 6 (1) (c) GDPR.
A further legal basis governing data processing is established by Art. 6 (1) (f) GDPR when the processing of your personally identifiable information is necessary to protect a legitimate interest of our company or a third party, provided the protection of your personally identifiable information does not harm your interests nor infringe your fundamental rights and freedoms.
Throughout this privacy statement, we cite the legal basis governing our processing of your personally identifiable information.
Data erasure; duration of storage
We always erase or block your personally identifiable information as soon as the reason for saving it no longer exists. The data may be saved for longer if required under laws to which we are subject, for example to comply with legal retention and documentation obligations. In such cases, we erase or block your personally identifiable information at the end of such legally specified periods.
Use of our website
Information about your computer
Regardless of whether you log in or not, we collect the following information about your computer every time you visit our website: your computer’s IP address, your browser request and the time of such request. We also record the status and volume of data transmitted under this request. Information about your browser product and version, and about your computer’s operating system is also collected, together with the name of the website from which you accessed ours. Your IP address is only saved while you are on our website and is subsequently deleted or shortened to anonymise it. All other data is saved for a limited period.
We use this data to operate our website and especially to detect and rectify errors, to monitor traffic on our site and to implement adjustments and improvements. These uses also constitute our legitimate interest in data processing as defined in Art. 6 (1) (f) GDPR, which also forms the legal basis for such processing.
Cookies enable us to identify your computer and immediately activate any presets. Cookies help us to improve our website and enable us to offer you better service that is more closely tailored to your interests. These efforts also constitute our legitimate interest in data processing as defined in Art. 6 (1) (f) GDPR.
Cookies needed for technical reasons
Some cookies are needed for technical reasons to enable you to use our website. We use these cookies to record and save the following data:
- Language settings
- Search settings
- Content in the forms for the newsletter, for contacting us and for ordering samples boxes
- Information that enables us to identify or authenticate users
- Data allowing audio or video content to be played without interference
- Products in the samples box
- Products on the wish list
We also use analysis cookies on our website to analyse user behaviour. We use these cookies to record and save the following data:
- Frequency of page loads
- Search terms
- Use of website functions
- …The data about you that we capture with the aid of cookies is pseudonymised to ensure it can no longer be assigned to a particular user.
For more details, please refer to tools.google.com/dlpage/gaoptout or www.google.com/intl/de/analytics/privacyoverview.html (general information about Google Analytics and data protection). Please be aware, that we have added the code " anonymizeIp();" to Google Analytics on our website in order to anonymise IP addresses by deleting the last octet.
Given the safeguards we have installed (anonymisation and opt-out option), we believe that our processing of data to optimise our website constitutes a legitimate interest under Art. 6 (1) (f) GDPR.
We use services provided by etracker GmbH, Erste Brunnenstrasse 1, 20459 Hamburg,
Germany (www.etracker.com) to analyse utilisation data. Cookies are used to enable statistical analysis of website utilisation by its visitors and to display use-related content or advertising. Cookies are small text files that internet browsers save on a user’s hardware. etracker cookies do not contain any information that would permit identification of a user.
etracker only processes and saves the data created with the use of etracker on our behalf in Germany. To this end, etracker has been impartially tested, certified and awarded the ePrivacyseal seal of data protection quality.
Data is processed on the legal basis of Art. 6 (1) (f) GDPR (legitimate interest). Our legitimate interest is established by the optimisation of our website offerings. etracker anonymises IP addresses as soon as possible, and converts login and hardware data into unambiguous but not personally identifiable code. etracker makes no further use of the data, nor collates it or discloses it to third parties.
You can object to the processing of your data at any time by clicking on the field below.
For more information about data protection at etracker, please refer to www.etracker.com/datenschutz/.
Form for ordering samples boxes
We provide a form for ordering samples boxes. To request samples, you must provide the information requested – such as name, address and e-mail.
Art. 6 (1) (b) GDPR establishes the legal basis for processing data relating to orders of samples boxes.
The mandatory information requested during the ordering process is required for the performance, or preparation of performance, of a contract with us governing specific performance elements.
The personally identifiable information you provide when ordering is only used by our own company and affiliates, and by companies we engage to process your orders.
Storage and disclosure of data relating to orders
We process orders in collaboration with various companies charged with providing payment and logistics services. We ensure that these partners also comply with data protection laws. Your address details (name and address) are therefore disclosed to the shipping company engaged to deliver the products you have ordered. Art. 6 (1) (b) GDPR establishes the legal basis for such disclosure. Processing of your personally identifiable information is necessary to enable performance of the contract.
We save the data as long as is necessary to enable performance of the contract, and beyond such performance in order to comply with our post-contractual obligations and with the statutory retention periods specified in commercial and tax legislation. This statutory retention period is usually 10 years to the end of the respective calendar year.
Communicating with us
Various options are available for you to contact us; one of which is the contact form on our website. We can also provide you with regular information by e-mail in our newsletter.
If you use the contact form on our website, we will capture the personally identifiable information that you indicate on the form, such as your name and e-mail, in particular. We also save IP addresses and the date and time of your enquiry. We only process the data provided in the contact form for the purpose of responding to your enquiry or the matter you raise.
You decide how much information you wish to provide in the contact form. The legal basis for processing your data is established by your consent as defined in Art. 6 (1) (a) GDPR.
Once we have responded to your message, we save the data in case you revert to us with any queries. You are entitled to demand the erasure of the data at any time. Otherwise, it will be erased once the matter in question has been dealt with, notwithstanding any statutory retention periods.
If you subscribe to our newsletter, we will use your e-mail for proprietary advertising purposes until you unsubscribe. To this end, you will receive regular information by e-mail about current topics, together with occasional e-mails detailing special campaigns, for example. With the aid of the information we have about you, we can personalise and individualise these e-mails.
Unless you have already given us your written consent, we use the double opt-in procedure for newsletter subscriptions. This means that we won’t e-mail you our newsletter until you have expressly confirmed that you want us to start sending it to you. We will then send you a notification e-mail asking you to click on a link in the e-mail to confirm that you want to receive the newsletter.
The legal basis for processing your data is established by your consent as defined in Art. 6 (1) (a) GDPR, provided you have expressly subscribed to our newsletter. Within the scope of legal regulations, you may also receive our newsletter without expressly having given your consent because you have provided us with your e-mail address when ordering goods or services and have not objected to receiving information by e-mail. In such instances, our legitimate interest in providing direct advertising constitutes the legal basis as defined in Art. 6 (1) (f) GDPR.
If you generally wish to discontinue receiving our newsletter, you may revoke your consent at any time for future consideration or may object to further receipt of the newsletter without incurring any cost above the basic transmission tariff. Just click on the unsubscribe link provided in every newsletter or send a message to us or our Data Protection Officer.
Our website contains links to social networks such as Facebook, Google+, Pinterest, Instagram and to short message service Twitter. The links are identifiable in each case by the logo of the respective provider.
Clicking on a link opens the relevant social media website, which is not covered by this privacy statement. For details of the provisions governing these sites, please refer to the relevant privacy statements of each provider. You will find them at:
No personally identifiable information is transferred to the relevant providers prior to clicking on any of these links. Your loading the linked website constitutes the basis for data processing by the relevant provider.
Our website incorporates videos that can only be played using a plug-in provided by the YouTube service operated by Google (“YouTube”). The service is operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you load a page on our website that includes a video, you will be connected to the YouTube servers. In the process, the YouTube server is notified of the pages you visited on our website.
If you are logged into your YouTube account, you will be allowing YouTube to assign your internet usage straight to your personal profile. You can prevent this by logging out of your YouTube account. For more details of how user data is handled, please refer to Google’s privacy statement: www.google.de/intl/de/policies/privacy/, which also applies to YouTube.
We use YouTube to be able to show you videos and thus tell you more about us and our products and services, which also establishes our legitimate interest as defined in Art. 6 (1) (f) GDPR.
Your rights; Contact
We strive very hard to explain as clearly as possible how we process your personally identifiable information and what rights you have in this respect. If you require more information or would like to exercise your rights, please feel free to contact us at any time so that we can deal with the matter.
Data subjects’ rights
You have extensive rights relating to the processing of your personally identifiable information. Firstly, you have a right to detailed information and may demand the rectification and/or erasure or blockage of your personally identifiable information, if appropriate. You may also impose restrictions on the processing, and have the right to object. With regard to the personally identifiable information you provide to us, you also have the right to data portability.
If you wish to exercise one of your rights and/or to obtain more information about them, please contact our Customer Service department. Alternatively, please feel free to contact our Data Protection Officer.
Revoking consent; Voicing objection
You may revoke at any time any consent you have given in the past for future consideration. Revoking your consent does not affect the lawfulness of any processing based on consent given prior to the revocation. Here again, your contacts are our Customer Service department or our Data Protection Officer.
If your personally identifiable information is processed on some other legal basis and not on your consent, you may object to such data processing. Your objection will trigger a review and, if appropriate, the discontinuation of data processing. You will be notified of the outcome of this review and – if data processing is to continue regardless – details of why such data processing is permissible.
Data Protection Officer; Contact
We have appointed an external Data Protection Officer to advise us on issues relating to data protection laws. You can contact this Officer directly. Our Data Protection Officer and his team are available to answer any questions you have about how personally identifiable information is handled or to provide further information on topics relating to data protection laws:
If you believe that our processing of your personally identifiable information is not consistent with this privacy statement or not compliant with applicable data protection laws, you may file a complaint with our Data Protection Officer. The Data Protection Officer will then review the matter and let you know the outcome. You also have the right to complain to a supervisory authority.
Further information; Amendments
Links to other websites
Our website may contain links to other websites. These links are usually identifiable as such. We have no means of influencing the extent to which these linked websites comply with data protection laws. We therefore recommend that you study the relevant privacy statements of these other websites as well.
Amendments of this privacy statement
The date of this privacy statement is indicated (at the bottom). We reserve the right to amend this privacy statement at any time with future effect. Amendments will be implemented, in particular, following technical adjustments to our website or amendments to data protection laws. The currently valid version of this privacy statement can be accessed at any time on our website. We advise you to regularly check this privacy statement for amendments.
Date of this privacy statement: May 2018