Privacy Policy

Privacy Policy

General Information

We take the protection of your personal data very seriously. With these data processing notes, we aim to inform you about the nature, scope, and purposes of processing personal data for our products, services, and offerings, as well as within our online presence and associated websites and functions. We also explain which rights you have as an affected party to maintain and enforce the protection of your personal data.

Definitions
The definitions of the data protection terms used correspond to those of Article 4 of the EU General Data Protection Regulation (GDPR). Whenever the term "Data" is used in the data processing notes, it refers to personal data as defined by the GDPR.


Responsible Party and Data Protection Officer

Responsible for the data processing:

Winterhalder Selbstklebetechnik GmbH
Steinmattenstraße 8
79423 Heitersheim
Tel.: +49 (0)7634 5260 – 0
Email: info@winterhalder.de

Represented by the Managing Directors Hermann Hogg, Dr. Markus Wiethoff, and Joachim Klette

Data Protection Officer:
Email: datenschutz@winterhalder.de
For confidential matters, please contact our Data Protection Officer directly.


3. Legal Grounds for Data Processing

If you wish to exercise your rights or seek more information on how we use your personal data, please contact us as the responsible party or our Data Protection Officer using the provided contact details. 

You are entitled to the following rights:

a) Withdrawal of Consent pursuant to Article 7(3) GDPR
If processing is based on consent, you may withdraw your consent to the processing of personal data at any time for the future pursuant to Article 7(3) GDPR. This means that data processing based on this consent cannot continue in the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

b) Right to Information according to Article 15 GDPR
You can request information about your processed personal data at any time pursuant to Article 15 GDPR. In particular, information can be provided about the purposes of processing, categories of personal data, categories of recipients to whom your personal data have been or will be disclosed, the planned storage duration, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint with a supervisory authority, the origin of your personal data if not collected from you, the existence of automated decision-making including profiling as per Article 22(1-4) GDPR and – at least in these cases – meaningful information about the logic involved as well as the significance and envisioned consequences of such processing for the data subject. The restrictions of § 34 BDSG apply.

c) Right to Rectification under Article 16 GDPR
According to Article 16 GDPR, you can demand the immediate correction of inaccurate or completion of your stored personal data.

d) Right to Erasure under Article 17 GDPR
According to Article 17 GDPR, you can request the deletion of your stored personal data unless processing is necessary for exercising the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims. The restrictions of § 35 BDSG apply.

e) Right to Restriction of Processing under Article 18 GDPR
According to Article 18 GDPR, you can request the restriction of processing your personal data if the accuracy of the data is disputed, the processing is unlawful but you oppose the deletion, and your personal data is no longer needed but you require it for the establishment, exercise, or defense of legal claims.

f) Right to Object to Direct Marketing
You can object to the processing of your personal data for marketing purposes at any time. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

g) Right to Object under Article 21 GDPR
You have the right to object, for reasons arising from your particular situation, at any time to the processing of your personal data, which is based on Article 6(1), Sentence 1, lit. f) GDPR (data processing based on legitimate interests). When you exercise such an objection, we ask you to explain the reasons why we should not process your personal data as conducted. If you object, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or the processing serves the establishment, exercise, or defense of legal claims.

h) Right to Data Portability under Article 22 GDPR
You have the right to receive the personal data you have provided in a structured, commonly used, and machine-readable format pursuant to Article 20 GDPR, provided the processing is based on automated procedures and on either consent per Article 6(1), Sentence 1, lit. a) or Article 9(2) lit. a) or a contract pursuant to Article 6(1), Sentence 1 lit. b) GDPR. 

i) Right to Lodge a Complaint under Article 77 GDPR
If you suspect that the processing of your personal data is unlawful, you have the possibility, pursuant to Article 77 GDPR in conjunction with § 19 BDSG, to lodge a complaint with us or a data protection supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement. 

The competent authority in Baden-Württemberg is: 
The State Commissioner for Data Protection and Freedom of Information, Address: PO Box 10 29 32, 70025 Stuttgart, Tel.: 0711/615541-0, Fax: 0711/615541-15, Email: poststelle@lfdi.bwl.de


Data Processing When Visiting Our Website

Processing Purposes and Legal Basis
Each time you visit our websites, your browser sends data (so-called "server log files") to our web server, which may allow identification. 
Data processing is necessary for the functioning of the website visit. To facilitate the delivery of the websites, a technical connection must be established between your browser and our website. The legal basis is Article 6(1), Sentence 1 lit. b) GDPR. Further processing purposes include optimizing the stability and functionality of our websites, ensuring the security of our IT systems, identifying and prosecuting abuse. The legal basis is Article 6(1), Sentence 1 lit. c) in conjunction with Article 32(1) GDPR, our legal obligation to ensure the security of our offering, as long as this complies with data protection laws.

Data Categories and Data Origin
Depending on your browser configuration, the following data, among others, are processed: 

  • Accessed website

  • Date and time of access

  • Transferred data volume

  • Report on successful access

  • Used browser

  • Used operating system

  • Internet service provider

  • IP address of the calling system of the user

  • Website from which the user's system accessed the accessed website

Recipients of Personal Data
We use external service providers like hosting service providers as processors to provide our websites, who thus may have access to your personal data. 

Duration of Storage
The data is stored for 30 days. We reserve the right to review the files if there are concrete indications that justify the legitimate suspicion of unlawful use or a concrete attack on our website. Data that must be retained for evidential purposes will be deleted once they are no longer necessary for achieving the processing purpose.

Cookies

Processing Purposes and Legal Basis
Our website uses so-called "cookies." We use the Tool CookieYes to obtain and manage your consent.

Cookies have various functions. Many cookies are technically necessary since certain website functions will not work without them. Other cookies serve the purpose of analyzing user behavior or displaying advertising. 
Cookies required for the electronic communication process or optimizing the website are stored based on § 25 Subsection 2 Number 2 TDDDG. We have a legitimate interest in storing cookies for the technically flawless and optimized provision of our offering. 
All other cookies are set based on your consent obtained in the privacy settings during your first visit to our website. The legal basis is § 25(1) TDDDG in conjunction with Article 6(1), Sentence 1 lit. a) and Article 7 GDPR. The consent can be withdrawn anytime with effect for the future. 

Data Categories and Data Origin
Cookies are data records that are either temporarily stored for the duration of a session or permanently on your device's hard drive and assigned to the browser you use, allowing the party that sets the cookie to receive certain information. Cookies primarily serve to make the internet offering quicker and more user-friendly. You have the option when you first visit our website, and at any later time, to decide whether you generally allow the setting of cookies or to choose individual additional functions. 

Recipients of Personal Data
We use external service providers like hosting service providers as processors to provide our websites, who thus may have access to your personal data. When you visit our website, third party cookies (external content) may also be stored on your device, enabling us or you to use specific services of the third-party provider. 

Duration of Storage, Withdrawal of Consent
Session cookies are deleted automatically upon the end of your visit to our website. Permanent cookies remain stored on your device until you delete them or an automatic deletion is executed by your web browser. Information on the storage duration of cookies can be found in the privacy settings.

In the privacy settings, you can also change cookie settings and withdraw your given consent, except for the category "Essential," as these are technically necessary cookies for the correct display of our websites. You can set your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, as well as to activate the automatic deletion of cookies when closing the browser. Stored cookies can be deleted in your browser's system settings. Disabling cookies may lead to restrictions in the functionality of this website.

Web Analysis with Google Analytics

Processing Purposes and Legal Basis
We use Google Analytics from Google Ireland Ltd. on our websites to analyze visitor flows, analyzing user behavior. Your IP address is stored anonymously (IP anonymization).

Legal Basis: Your consent per Article 6(1) lit. a) GDPR
Objection: possible at any time via cookie settings
Data Transfer to Third Countries: possible, Article 49(1) lit. a) GDPR

Duration of Storage, Withdrawal of Consent
The data is deleted once it is no longer needed for our recording purposes. You can withdraw your consent to Google Analytics data processing anytime for the future by removing the checkmark for "Analytics & Performance" here.


Newsletter Service and Newsletter Analysis (Inxmail)

If you subscribe to our newsletter, we process your data to send you current information.

Dispatch and analysis are carried out by the service provider Inxmail.

Processing Purposes and Legal Basis
We offer you the opportunity to receive regular emails containing information about our products and services via our free email newsletter service. The legal basis for processing your personal data is your consent per Article 6(1), Sentence 1 lit. a) GDPR. The consent can be withdrawn at any time for the future. When subscribing to the newsletter, we document the given consents based on Article 6(1), Sentence 1 lit. c) in conjunction with Article 7(1) and Article 5(2) GDPR. Using link tracking in the newsletter analysis, we can analyze the success of our newsletter campaigns, such as whether the newsletter was opened or links were clicked. In this way, we can determine which content our newsletter recipients found particularly engaging. Newsletter analysis is performed with anonymized data, so a personal reference is excluded. Unfortunately, you cannot object to the newsletter analysis separately. Please unsubscribe from our newsletter service if you do not wish for newsletter analysis. 

Data Categories and Data Origin
When signing up for the newsletter service on our website, the data from the input form is transmitted to us. To sign up for the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide salutation, first and last names, and company for personalized newsletter addressing. We use the double-opt-in procedure for the subscription process. After registration, you will receive an email with a confirmation link. Only after this link is clicked will you be added to the newsletter distribution list. This prevents unauthorized third parties from signing up using your email address. We document the subscription process to demonstrate the procedure as required by law. The data from the input form and the date and time of the subscription confirmation are stored.

Recipients of Personal Data
We use an external service provider as a processor to provide newsletters and newsletter analysis, who processes your personal data on our behalf.

Duration of Storage
If you do not confirm your subscription to our newsletter service within 30 days of receiving the registration email, your information is automatically deleted. We process your personal data for the duration of the newsletter subscription. You can cancel the subscription at any time with future effect and thereby withdraw your consent to receive newsletters or object to the processing of your personal data for direct marketing purposes. For this purpose, a relevant option to unsubscribe is included on our website and in every newsletter. After withdrawing your consent or objecting to marketing, no further newsletters will be sent to you, and your personal data will be removed from our active distribution list. 

Withdrawal: possible at any time via the unsubscribe link in the newsletter


Contact (Contact Form and Email)

When using our contact form or email inquiries, we process your information to handle your request.

Data: Name, Email, Phone Number, Message
Legal Basis: Article 6(1) lit. b) GDPR or lit. f) GDPR
Storage Duration: until the matter is fully resolved


External Links

Our websites contain links to third-party websites. By clicking on a link, you leave our area of influence. Responsibility for processing personal data lies with the respective operator of the linked website. We recommend that you read the applicable data processing information before using linked websites.


Applications

Applications can only be submitted to us via email. The data will only be used for carrying out the application process.

Legal Basis: § 26 BDSG, Article 6(1) lit. b) GDPR
Storage Duration: 6 months after the process conclusion



10. Integration of Third-party Content

We use embedded content from the following providers:

  • Google Maps (to display locations)

  • YouTube (for video display)

  • Instagram & LinkedIn (links to our social media profiles)

By activating the content (e.g., by clicking), you consent to a possible data transfer to third countries (Article 49(1) lit. a) GDPR). For more information, please see the privacy policies of the respective providers.


Data Security

We implement technical and organizational measures in accordance with Article 32 GDPR, such as:

  • SSL encryption

  • Access restrictions

  • Regular security audits


Your Rights

You have the right to:

  • Information (Article 15 GDPR)

  • Rectification (Article 16 GDPR)

  • Erasure (Article 17 GDPR)

  • Restriction of Processing (Article 18 GDPR)

  • Data Portability (Article 20 GDPR)

  • Objection (Article 21 GDPR)

  • Withdrawal of your consent (Article 7(3) GDPR)

  • Complaint with the supervisory authority (Article 77 GDPR)

Competent Supervisory Authority:
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
PO Box 10 29 32, 70025 Stuttgart
Email: poststelle@lfdi.bwl.de


Automated Decision-making

No automated decision-making or profiling takes place according to Article 22 GDPR.


Changes

We reserve the right to adjust this privacy policy. The version available at the time of your website visit is always applicable.