• Home
  • Data protection

Data Protection Statement of E. WINKEMANN GmbH

Bremcker Linde 5, 58840 Plettenberg
August 2022

Data protection is important both for you and for us. Please take note of the following information:
To carry out the services of E. WINKEMANN GmbH it is necessary for us to collect, process, use and store personal data relating to you. We take personal data protection extremely seriously. All data that we collect when you visit our website is in principle collected, processed, used and stored according to the applicable legal provisions. By agreeing to the following data protection statement you are consenting to the collection, processing, use and storage of your personal data according to the purpose described below.

General information
Personal data (e.g. name, address, date of birth) that you enter via our website shall be collected,processed, used and stored by E. WINKEMANN GmbH. The latter is the controller within the meaning of the European General Data Protection Regulation (GDPR) as well as other data protection laws and other provisions of a data protection law nature that are applicable in the Member States of the European Union.

Name and Address of the Controller
E. WINKEMANN GmbH can be contacted as follows:
E. WINKEMANN GmbH, Bremcker Linde 5, 58840 Plettenberg, Telephone 02391 819-0,
e-mail:

Legal basis for the processing of your personal data
Art. 6 I lit. a) GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
If personal data is processed for the implementation of a contract, such as employment contracts, delivery contracts, etc., where the data subject is a contracting party
, as is the case for example with the processing required in order to deliver goods or to provide another service or service in return, then processing is based on Article 6(1) Point (b) of the GDPR. The same applies to the processing required for precontractual measures, for example in the case of enquiries about our products or services.

If our company is bound by legal obligation to process personal data, as is the case for example in the fulfilling of tax obligations, then processing is based on Art. 6(1) Point (c) of the GDPR.

In rare cases, the processing of personal data could become necessary to protect the vital interests of the data subject or another natural person. This would for example be the case if a visitor to our company were injured and his/her name, age, health insurance data or other crucial information needed to be provided to a doctor, hospital or other third party. In such a case, processing would be based on Art. 6(1) Point (d) of the GDPR.

Finally, processing could be based on Art. 6(1) Point (f) of the GDPR. This is the legal basis for processing which is not covered by the aforementioned legal provisions, if processing is necessary to protect a legitimate interest of our company or of a third party, insofar as they are not outweighed by the interests, fundamental rights and freedoms of the data subject. This type of processing in particular is allowed because it has been given especial mention by the European legislator, who took the view that a legitimate interest could be assumed if the data subject is a customer of the data controller (Recital 47, sentence 2 of the GDPR).

Definitions
The data protection statement is based on terminology used by the European directive and regulatory body when adopting the European General Data Protection Regulation (GDPR). Our data protection statement should be easily readable and comprehensible for both the public and our customers and business partners. In order to ensure this, we would like to first define the terminology used.We use the following terms (among others) in the data protection statement:

  • Personal data
    Personal data shall mean any information that relates to an identified or identifiable natural person (referred to hereafter as the ‘data subject’). A natural person shall be regarded as identifiable if they can be identified directly or indirectly, particularly through assignment to an identifier such as a name, to a code, to location data, to an online identifier or to one or more special features which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
  • Data subject
    The data subject shall mean every identified or identifiable natural person whose personal data is being processed by the controller.
  • Processing
    Processing shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
  • Restriction of processing
    The restriction of processing shall mean the marking of stored personal data with the aim of restricting its future processing.
  • Pseudonymisation
    Pseudonymisation shall mean the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is stored separately and the technical and organisational measures are in place to ensure that the personal data cannot be attributed to an identified or identifiable natural person.
  • Controller
    Controller shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. If the purposes and means of this processing are stipulated in EU law or the law of Member States, the controller, or rather the specific criteria he outlines, can be laid down in accordance with EU or Member State law.
  • Processor
    Processor shall mean a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.
  • Recipient
    Recipient shall mean a natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third party or not. Public authorities who receive personal data as part of a particular investigation mandate in accordance with EU or Member State law do not however qualify as recipients.
  • Third party
    Third party shall mean a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.
  • Consent
    Consent shall mean any declaration of intent freely submitted by the data subject in an informed way and without ambiguity for a specific instance, submitted in the form of a declaration or other clear act of confirmation, with which the data subject makes clear that they are in agreement with the processing of their personal data.

Collection and use of your data

Non-personal data
Non-personal data is data via which we cannot make any reference to your person. When visiting our website, the web servers we use store by default the name of your Internet service provider, the website from which you were referred to our site, and the date and duration of your visit. None of this data is personal data as no reference to your person can be made with this data. The data is stored exclusively for internal purposes such as the provision and improvement of the service and the monitoring of functionality.

Voluntary personal data
When we request personal data, we expressly indicate to you what data can be given voluntarily. The entering of such data is therefore not required and may be omitted. If you then share your personal data with us voluntarily, for example in questionnaires, competitions, etc., we will store this data electronically and treat it as strictly confidential. This data shall be used exclusively for our own purposes, for example, to improve our services. With your prior express consent, this data will be used for our own advertising purposes. It will not be forwarded to third parties. You may withdraw your consent at any time. To do this there is an option of revoke your consent in every e-mail.

Your e-mail address
Your e-mail address is also personal data. For this reason, we shall also only use your e-mail address for the purpose for which you provided it to us. That is for the complete processing of contracts and, if necessary, other organisational contact.

Routine deletion and blocking of personal data
The controller processes and stores personal data from the data subject only for the period necessary to achieve the purpose of the storage or as provided for by the European directive and regulatory body or any other legislator in laws or regulations to which we are subject. If the storage purpose ceases to apply or a storage period prescribed by the European directive and regulatory body or any other relevant legislator expires, the personal data is routinely blocked or deleted in accordance with the statutory provisions.

Server Log Files
The website provider automatically collects and stores information which your browser automatically transfers to us in server log files. This includes:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server enquiry
  • IP address

This data is not combined with other data sources. The basis of processing is Art. 6(1) Point (b) of the GDPR which allows data processing for the performance of a contract or for precontractual measures.

Use of cookies
Our website uses a technically necessary session cookie. Cookies are text files which are stored in the browser or on the user's computer when a website is visited. Session cookies are deleted as soon as the visitor closes the website down again. The cookie used by us, "csrf_https-contao_csrf_token“, is used for safety reasons and suppresses the possibilities of hacker attacks by the so-called "Cross Site Request Forgery" method. Personal data are not stored in the cookie, it merely contains an individual sequence of characters which makes an unambiguous identification of the browser possible during the visit to the website.

OpenStreetMap
This site uses the open-source mapping tool “OpenStreetMap” (OSM) via an API. The provider is the OpenStreetMap Foundation. To use the functions of OpenStreetMap, your IP address needs to be saved. This information is normally transferred to a server of OpenStreetMap and stored there. The provider of this site has no influence on this data transmission. The use of OpenStreetMap is in the interest of an attractive presentation of our online offers and of making it easy to find the places we indicate on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. More information on the handling of user data can be found on the OpenStreetMap data protection page and here wiki.openstreetmap.org/wiki/Legal_FAQ.

Map tiles
Our website uses Geoapify (Geoapify GmbH, Bgm.-Heinrich-Str. 6, 86415 Mering, Germany) to display interactive maps. Geoapify's services are hosted in EU data centres and comply with the GDPR. By using them, information including your IP address is transmitted to Geoapify.

Presence on facebook.com
For different information services in connection with topics related to training we refer to the technical platform and the services of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

We point out that you make use of this Facebook page and its functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, evaluation). Alternatively, you can also use the information offered via this page on our website at www. winkemann.de. When visiting our Facebook page, Facebook collects, among other things, your IP address and other information that is available in the form of cookies on your PC. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page. For more information, please contact Facebook at the following link:
http://de-de.facebook.com/help/pages/insights.

The data collected about you in this connection will be processed by Facebook Ltd. and, if necessary, transferred to countries outside the European Union. What kind of information Facebook receives and how it is used is described by Facebook in its data usage guidelines. There you will also find information about the contact possibilities to Facebook as well as the settings for advertisements. The data usage guidelines are available at the following link: http://de-de.facebook.com/about/privacy. The complete data usage guidelines of Facebook you will find here: https://de-de.facebook.com/full_data_use_policy.

How Facebook uses the data from the visit to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page are passed on to third parties, is not finally and clearly identified by Facebook and is not known to us. When accessing a Facebook page, the IP address assigned to your end devices is transmitted to Facebook. According to Facebook, this IP address will be anonymized (for "German" IP addresses) and deleted after 90 days.

Facebook also stores information about its users' terminal devices (e.g. as part of the "login notification" function); Facebook may be able to assign IP addresses to individual users. If you are currently logged in to Facebook as a user, there is a cookie with your Facebook ID on your device. This allows Facebook to understand that you have visited this page and how you have used it. This also applies to all other Facebook pages. Facebook buttons integrated into websites allow Facebook to record your visits to these websites and assign them to your Facebook profile.

This data can be used to offer content or advertising tailored to you. If you want to avoid this, you should log out of Facebook or disable the "Stay logged in" feature, delete the cookies on your device and quit and restart your browser. In this way Facebook information is deleted that can be used to identify you directly. This allows you to use our Facebook page without revealing your Facebook ID. When you access interactive features on the page (like, comment, share, messages, etc.), a Facebook login mask appears. After any login, you will again be recognizable to Facebook as a specific user. For information about how to manage or delete existing information about you, see the following Facebook Support pages: https://de-de.facebook.com/about/privacy.

We, as a provider of the information service, do not collect or process any further data from your use of our service. This data protection declaration can be found in the applicable version under the item "Data Protection" on the website www.winkemann.de. If you have any questions about the information offered, you can contact us using the contact details provided in this Data Protection Statement above.

Job applications
The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing can also be carried out electronically. This is particularly the case if an applicant submits relevant application documents by electronic means, for example by e-mail or via a web form located on the website, to the controller. This is particularly the case if an applicant submits relevant application documents by electronic means, for example by e-mail or via a web form located on the website, to the controller.

If the controller concludes an employment contract with an applicant, the transmitted data is stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant by the controller, the application documents shall be deleted 6 months after notification of the rejection decision, provided that this is not contrary to other legitimate interests of the controller or that you have given your consent for further storage. Other legitimate interests in this sense is, for example, an obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).

Your rights regarding your data
You can delete your account at any time and request the data we have stored on you. However, we do have to store and archive your data even after deleting your account for legal (e.g. tax ) reasons. This data shall, however, then be blocked for any use. All data for which we have no legal archiving obligation shall be deleted by us immediately after you have requested the deletion. You can at any time obtain information on all data that we have stored on you. Your rights in detail:

  • Right to confirmation
    Every data subject has the right as granted by the European directive and regulatory body to demand from the controller confirmation of whether their personal data is being processed. If a data subject would like to exercise this right to confirmation, they can contact us and our employees regarding this at any time via the above contact details.
  • Right to information
    Every person affected by the processing of personal data has the right, granted by the European directive and regulatory body, to request at any time free information about the personal data stored about them from the controller and to obtain a copy of this information. In addition, the European directive and regulatory body has granted the data subject information on the following:
    • the purposes of processing
    • the categories of personal data that are being processed
    • the recipients or the categories of recipients to whom the personal data has been or will be disclosed, in particular also in the case of recipients in third countries or international organisations
    • where possible the planned duration for which the personal data will be saved, or where this is not possible, the criteria for the determining the duration
    • the existence of a right to correct or delete the personal data pertaining to them, or to restrict the processing thereof by the controller, or the right to object to such processing
    • the existence of a right of appeal to a supervisory authority
    • where the personal data have not been obtained from the data subject: all available information about the origin of the data
    • the existence of automated decision making including profiling in accordance with Art. 22 (1) and (4) of the GDPR and — at least in these cases — meaningful information on the logic involved as well as the scope and envisaged effects of such processing for the data subject
    In addition, the data subject has the right to information on whether personal data has been transferred to a third country or international organisation. If this is the case, the data subject also has the right to receive information on the appropriate safeguards in connection with the transfer. If a data subject would like to exercise this right to information, they can contact us and our employees regarding this at any time via the above contact details.
  • Right to rectification
    Every person affected by the processing of personal data has the right, granted by the European directive and regulatory body, to demand the immediate correction of incorrect personal data relating to them. In addition, the data subject also has the right, in consideration of the purposes of the processing, to demand the completion of incomplete personal data - also by means of a supplementary explanation. If a data subject would like to exercise this right to rectification, they can contact us and our employees regarding this at any time via the above contact details.
  • Right to deletion (Right to be forgotten)
    Every person affected by the processing of personal data has the right, granted by the European directive and regulatory body, to demand from the controller the immediate deletion of personal data relating to them, provided one of the following reasons applies and as long as the processing is not necessary:
    • The personal data has been collected or otherwise processed for such purposes for which it is no longer necessary.
    • The data subject revokes their consent, on which the processing was based in accordance with Art. 6 (1) a) GDPR or Art. 9 (2) a) GDPR, and there is no other legal basis for the processing.
    • The data subject submits an objection to the processing in accordance with Art. 21 (1) GDPR, and there are no legitimate reasons for the processing, or the data subject objects to the processing in accordance with Art. 21 (2) GDPR.
    • The personal data was processed unlawfully.
    • The erasure of personal data is necessary to fulfil a legal obligation under the European Union or national law to which the controller is subject.
    • The personal data was collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.
    If any of the above reasons apply and a data subject wishes to arrange the deletion of personal data stored by E. WINKEMANN GmbH, they can contact us and our employees regarding this at any time via the above contact details.
  • Right to restriction of processing
    Every person affected by the processing of personal data has the right, granted by the European directive and regulatory body, to demand that the controller restricts processing if one of the following conditions applies:
    • The accuracy of the personal data is contested by the data subject; the restriction in this case shall be for a period of time that enables the controller to verify the accuracy of the personal data.
    • The processing is unlawful; the data subject has not consented to the deletion of the personal data and demands instead that the use of the data be restricted.
    • The controller no longer requires the personal data for processing purposes, but the data subject needs it to enforce, exercise or defend their rights.
    • The data subject has contested the processing in accordance with Art. 21 (1) GDPR and it has not yet been ascertained whether the justification given by the controller will outweigh that of the data subject.
    If any of the above conditions apply and a data subject wishes to request the restriction of the processing of personal data stored by E. WINKEMANN GmbH, they can contact us and our employees regarding this at any time via the above contact details. The employees of E. WINKEMANN GmbH will arrange the restriction of the processing immediately.
  • Right to data portability
    Every person affected by the processing of personal data has the right, granted by the European directive and regulatory body, to obtain the personal data they provided to the controller in a structured, common and machine-readable format. They also have the right to transfer this data to another controller, without being hindered by the controller to whom they made the data available, provided that the processing is based on the consent pursuant to Art. 6 (1) a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) b) GDPR and the processing is performed by automated procedures, unless the processing is necessary for the performance of a task that is in the public interest or for the exercise of official authority which has been assigned to the controller.

    In addition, when exercising their right to transfer the data in accordance with Art. 20 (1) GDPR, the data subject has the right to demand that their personal data be transmitted directly from one controller to another controller, provided that the technical requirements for this are available and this does not affect the rights and freedoms of other persons. In order to assert the right to data portability, the data subject can contact us and our employees at any time via the above contact details.
  • Right of objection
    Every person affected by the processing of personal data has the right, granted by the European directive and regulatory body, for reasons related to their particular situation to raise objection at any time to the processing of their data being carried out under Art. 6 (1) e) or f) of GDPR. This also applies for any profiling based on these provisions.

    In the case of an objection, E. WINKEMANN GmbH will no longer process the personal data, unless there are compelling and legitimate grounds for processing which outweigh the interests, rights and freedoms of the data subject, or processing serves to assert, exercise or defend legal claims.

    If E. WINKEMANN GmbH processes data for the purposes of direct advertising, the data subject has the right to object to the processing of their personal data for such advertising at any time. This also applies for profiling, provided it is connected with such direct marketing. If the data subject objects to E. WINKEMANN GmbH processing data for the purposes of direct advertising, E. WINKEMANN GmbH shall no longer process the personal data for these purposes.

    In order to assert the right of objection, the data subject can contact us and our employees at any time via the above contact details. Notwithstanding Directive 2002/58/EC, the data subject is also entitled in the context of the use of information society services to exercise their right of objection by means of automated procedures for which technical specifications are used.

  • Automated individual decision-making, including profiling
    Every person affected by the processing of personal data has the right, granted by the European directive and regulatory body, to object to being subject to an exclusively automated decision which has a legal impact on them or adversely affects them in a similar manner, provided that the decision

    • (1) is not necessary to fulfil a contract between the data subject and controller, or
    • (2) is permissible on the grounds of EU legislation or Member State law to which the controller is subject, and this legislation contains reasonable measures to protect the rights and freedoms as well as legitimate interests of the data subject, or
    • (3) it occurs with the express consent of the data subject.
    If the decision is (1) necessary for the fulfilment of a contract between the data subject and the controller or (2) it occurs with the express consent of the data subject, E. WINKEMANN GmbH shall take reasonable measures to protects the right and freedoms as well as the legitimate interests of the data subject, which will at the very least include the right to seek the involvement of the data subject on the part of the controller, the right to express their own viewpoint and to challenge the decision. If a data subject would like to exercise rights in respect of automated decision-making, they can contact us and our employees regarding this at any time via the above contact details.
  • Right to revoke consent in relation to data protection
    Every person affected by the processing of personal data has the right, granted by the European directive and regulatory body, to revoke consent for the processing of personal data relating to them at any time. If a data subject would like to exercise their right to revoke their consent, they can contact
    us and our employees regarding this at any time via the above contact details.

Protection of your data
We take the protection of your personal data extremely seriously. When collecting your sensitive data we use SSL (=Secure Socket Layer) technology. We use generally accepted industry standards to secure sensitive data and to protect it against unauthorised access or unlawful use.
We have introduced data protection processes in the company that ensure that personal data is handled in accordance with the requirements of the GDPR. These data protection processes are subject to regular monitoring.

Disclosure of the data to third parties
In certain cases, we may have to pass your data on to third parties. This disclosure is carried out in order to fulfil contractual obligations, such as passing on data to forwarders for the delivery of goods or to fulfil a legal obligation, e.g. under tax or social security law.
It is also possible that, in order to defend our legitimate interests in a legal dispute, your data is passed on to parties involved in the legal dispute, such as courts or lawyers.

Changes
The operator reserves the right to update this data protection statement. In the case of changes that could be disadvantageous to you, we will inform you with appropriate notice, and where this is necessary, obtain a new declaration of consent.

Revocation of the consent regarding voluntary data
You can revoke your consent to the processing of voluntarily provided data at any time with effect for the future. Please send the revocation to: .

Data protection officer
E. WINKEMANN GmbH has a legal obligation to maintain data protection and to compile a data protection statement. Should you have any questions regarding our data protection statement, we will gladly answer these via our contact options on our website www.winkemann.de.

Our data protection officer

Ms Michaela Dötsch
Lawyer
Tel.: +49 2351 665970
Mobile: +49 170 7764006
Fax: +49 2351 665069
E-mail:

will also gladly answer any questions you may have regarding our protection of data.