Privacy Policy

The protection of your privacy is of greatest importance to Windmöller & Hölscher KG.
In the following, we would like to provide you with an overview of the processing of your personal data as well as your associated rights in accordance with Articles 13, 14 European General Data Protection Regulation (GDPR).
The information is presented on general and purpose-specific information, depending on which target group (e.g. website visitors, business partners, applicants) you belong to.

Responsible authority
The responsible authority according to European General Data Protection Regulation (GDPR), German Federal Data Protection Act (BDSG) as well as the Telecommunications Act (TMG) is:

Windmöller & Hölscher KG
Münsterstraße 50
49525 Lengerich
Telefon: +49 5481 14-0
Fax: +49 5481 14-2649
Email: info@wuh-group.com
Data Protection Officer
If you have any questions or comments about this privacy statement, on the subject of data protection in general or on asserting your rights, please do not hesitate to contact our company data protection officer via email datenschutz@wuh-group.com or by post at the address shown above.
Scope of the collection and the use of your data including the purposes of the processing operation
Depending on the target group you belong to (e.g. website visitor, business partner, applicant), below you find each of one section with information concerning privacy policy.

Website visitors

Visit our website

To implement and guarantee the functionality of the website, we process the data transmitted to us by your Internet browser. These include the date and time of your visit to the website, the IP address, country of origin of the IP address, content of the request (specific page), browser settings, the amount of data transmitted in each case, the website from which the request comes, browser, language and version of the browser software and the operating system used.

Newsletter

On our website we offer you to receive information about our offers by newsletter. For the registration process we use the so-called double opt-in procedure. After you have given us your email address, we will send you a confirmation message to this email address. Only when you click on the confirmation link contained therein will your email address be taken into account when sending the newsletter. This ensures that only the actual owner of the email address can order the newsletter. The data processing within the scope of the newsletter is based on your consent. You have the right to revoke this consent at any time with effect for the future.
Here you can unsubscribe from the newsletter and thus revoke your consent.

Use of our contact data

You can contact us directly via the e-mail addresses / telephone numbers provided on our Internet pages. We collect, process and use the personal data and information provided by you by e-mail / telephone exclusively for the processing of your request. This correspondence will be stored in compliance with the statutory retention periods and deleted after any retention periods have expired.

Use of cookies

We use cookies, tracking tools, targeting methods and social media plug-ins on our website. These enable us to make the visit to our websites more attractive and to enable the use of certain functions. Cookies are small text files that are sent to your browser by our web server when you visit our website and are stored by the browser on your computer for later retrieval. When you visit our website, you will be asked which data we may process.

We distinguish between the following categories of cookies.

Essential: These technologies are necessary to enable the core functionalities of the website.

Functional: These technologies allow us to provide certain features of the website, including embedded videos, maps or content from social media plugins.

Statistics and Analytics: These technologies allow us to analyze the use of the website in order to measure and improve performance.

Marketing: These technologies are used by advertisers to serve ads that are relevant to your interests.

Information about cookies, cookie settings and opt-out options can be found here.

Social-Media-Plug-ins

We currently use the following social media plug-ins: LinkedIn, Xing and YouTube.

We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the plugin providers. You have the possibility to communicate directly with the provider of the plug-in by clicking on the logo of the respective plug-in provider in the footer of our homepage. Only if you click on the logo and thereby activate it will the plug-in provider receive the information that you have called up the corresponding website of our online service. In addition, the data mentioned under topic Visit to our website of this declaration will be transmitted.

In the case of Xing, the IP address is anonymized immediately after collection, according to the respective provider in Germany. By activating the plug-in, personal data is transferred from you to the respective plug-in provider and stored there (for US providers in the USA). Since the plug-in provider collects data mainly via cookies, we recommend that you delete all cookies before clicking on the grayed-out box using your browser's security settings.

We have no influence on the data collected and data processing processes, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.

The plug-in providers save the data collected about you as user profiles and use these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (also for not logged in users) for the representation of demand-fair advertisement and in order to inform other users of the social network about your activities on our website.You have a right of objection to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user(Legal basis as mentioned below).

The data is transferred regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.

For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the data protection declarations of these providers as notified below. They will also provide you with further information about your rights in this regard and setting options to protect your privacy.

Addresses of the respective plug-in providers and URL with their data protection information:

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA;https://www.linkedin.com/legal/privacy-policy

Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany; https://privacy.xing.com/de/datenschutzerklaerung

YouTube LLC, 901 Cherry Ave., San Bruno, California 94066, USA; https://policies.google.com/privacy

Legal basis

We process your personal data in accordance with

  • Article 6 paragraph 1 letter a) of the GDPR, in so far as you have granted your consent. This includes sending of a newsletter as well as the consents for the use of cookies that you have given via our Consent Management Platform. When obtaining consent, we will inform you about the specific purpose of the intended processing. You can revoke any consent given to us at any time with effect for the future.
  • Article 6 paragraph 1 letter c) of the GDPR for the documentation and storage of your consents given through our Consent Management Platform.
  • Article 6 paragraph 1 letter f) of the GDPR, insofar as we have a justified interest in this, insofar as your interests or fundamental rights, which require the protection of your personal data, do not predominate. The use of the above mentioned cookies, the use of tools to evaluate your usage behavior on our website and the integration of social media plug-ins are examples of how we guarantee and optimize the functionality of our website.
We process your personal data only for the purposes for which we have received or collected this data. If we intend to process data for other purposes that are not founded on consent or a legal provision, we shall provide you with information about this other purpose prior to further processing in accordance with Articles 13, 14 of the GDPR.

Forwarding within Windmöller & Hölscher Group and forwarding to third parties/third countries

A transfer of your personal data for the fulfillment of the contract or implementation of pre-contractual / post-contractual measures within Windmöller & Hölscher KG may be made to the specialist department that requires it, e.g. to the HR department for job applications and, if necessary, to supporting service providers such as logistics companies, financial service providers, insurance companies, legal counsel as well as to financial authorities, law enforcement agencies insofar as there is a reporting, verification or legal obligation to do so. Service providers who process personal data on our behalf are contractually obliged to comply with the applicable data protection requirements under Article 28 DS-GVO.In addition, your personal data will be passed on the basis of a legitimate interest within Windmöller & Hölscher KG, e.g. to marketing for advertising purposes and outside Windmöller & Hölscher KG to parts of the group and to commercial agents who serve you as business partners in your area. If these companies process your data outside the European Economic Area (EEA), this will only be done if the third country has been confirmed by the EU Commission as having an adequate level of data protection, other appropriate data protection guarantees are in place or you have given us your consent.

Business partner

We process personal data which we receive from you within the scope of a business relationship or when establishing a business relationship. In addition, we process data that we have obtained from public directories (e.g. press, commercial registry, Internet) in compliance with the data protection legal guidelines.

Personal data is usually contact data of the business partners such as name, title, address, position and function as well as all data relevant to the business relationship that is necessary for the initiation, conclusion, processing or termination of contracts.

Legal basis

We process your personal data in accordance with

  • Article 6 paragraph 1 letter b) of the GDPR for the purpose of contract fulfillment. This includes sending information and offers in the pre-contractual stage provided that you have made inquiries with us regarding our products/services as well as in the post-contractual stage when processing complaints, spare parts deliveries and services.
  • Article 6 paragraph 1 letter c) of the GDPR, for the fulfilment of legal obligations. These include, for example, obligations under trade and tax laws, EU regulations, comparisons (compliance checks) with national and international anti-terror lists.
  • Article 6 paragraph 1 letter f) of the GDPR, to the extent that we have a legitimate interest therein, unless your interests or fundamental rights that require the protection of your personal data outweigh this. This includes, for example, the transmission of data within the corporate group for internal administrative purposes, guaranteeing IT security and IT operations, requests regarding satisfaction, assessment of the creditworthiness of the business partner.
  • Article 6 paragraph 1 letter a) of the GDPR, in so far as you have granted your consent.
We process your personal data only for the purposes for which we have received or collected this data. If we intend to process data for other purposes that are not founded on consent or a legal provision, we shall provide you with information about this other purpose prior to further processing in accordance with Articles 13, 14 of the GDPR.

Forwarding within of Windmöller & Hölscher Group and forwarding to third parties/third countries

Your personal data will only be transferred within Windmöller & Hölscher KG if it is necessary for the above-mentioned purposes to corresponding departments within Windmöller & Hölscher KG which require it, to subsidiaries of Windmöller & Hölscher KG which will look after you as a business partner in your area and outside Windmöller & Hölscher KG to supporting service providers such as logistics companies, financial service providers, insurance companies, legal advisors as well as to financial authorities, law enforcement agencies, in case as there is a reporting, verification or legal obligation to do so.

Service providers within the scope of order processing, such as service providers for IT services, are contractually obliged to comply with the applicable data protection requirements pursuant to Article 28 GDPR.

Salesforce Sales Cloud

We use Salesforce Sales Cloud to manage customer data. The provider is salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich (hereinafter referred to as "Salesforce").  Salesforce Sales Cloud is a CRM system and allows us, for example, to manage existing and potential customers, as well as customer contacts and to organize sales and communication processes. The use of the CRM system also enables us to analyze our customer-related processes.

The processing of personal data takes place mainly within the European Union (EU), as we have limited our central storage location to data centers in the EU.  We cannot exclude the possibility that data in a Salesforce product will be processed on servers outside the EU.

We have concluded EU standard contractual clauses with Salesforce Inc. to ensure an adequate level of data protection. Salesforce has Binding Corporate Rules (BCR) approved by the French Data Protection Authority. These are binding corporate rules that legitimize the company's internal data transfer to third countries outside the EU and the EEA. For details, see Salesforce's Privacy Policy:

https://www.salesforce.com/company/privacy/full_privacy/

Applicants

As part of the application process, we process personal data which we receive from you within the scope of application procedure. This includes, in particular, any data and information about you that result from your CV (surname, first name, nationality), from your application letter (contact details e.g. address, telephone number and e-mail address), your certificates (e.g. qualification data, grades), certificates of participation and assessments from third parties (e.g. job references), travel expense statements (account data, etc.) and log data that arise when using IT systems.

In addition, we may also process special categories of personal data such as health data (e.g. information on a severe disability) or your religious affiliation, provided you have voluntarily indicated this in your application.

Legal bases

We process your personal data in accordance with:

  • Art. 6 para. 1 lit. a GDPR in connection with § 26 para. 2 BDSG (“Bundesdatenschutzgesetz”), insofar as you have given us your consent to do so. We obtain this consent separately. This includes, for example, the storage of your data beyond the legally prescribed duration.
  • Art. 6 para. 1 lit. b GDPR for the purpose of fulfilling a contract, i.e. for the establishment or performance of an employment relationship.
  • Art. 6 para. 1 lit. c GDPR in order to be able to fulfill our legal obligations as an employer, in particular in the area of tax and social security law, if an employment contract is concluded.
  • Art. 6 para. 1 lit. f GDPR, insofar as we have a legitimate interest in this, unless your interests or fundamental rights, which require the protection of your personal data, prevail. This includes, for example, the assertion of legal claims and defense in legal disputes.

We only process your personal data for the purpose of the application process. If we intend to process data for other purposes that are not based on consent or a legal provision, we will provide you with information about this other purpose in accordance with Art. 13, 14 GDPR before further use.

Application and registration via our applicant management system

We use an applicant management system or recruiting portal to carry out the application process. The provider of this is softgarden e-recruiting GmbH (hereinafter referred to as 'softgarden'), Tauentzienstraße 14, 10789 Berlin. Softgarden acts for us as a processor; corresponding contractual arrangements have been made in this regard. When using the Windmöller & Hölscher Recruiting Portal, the personal data you provide will be stored in the Windmöller & Hölscher applicant account and forwarded to the Windmöller & Hölscher Group. The data will be forwarded to the person responsible for the position for which you have applied. Furthermore, your contact details will be used to get in touch with you and provide you with information about the recruiting process, to clarify questions about the recruiting portal or the applicant account or generally to exchange further information in relation to the recruitment process. We process data that is processed in the course of the recruiting process on the basis of the contract initiation. In the event of questions or support, we process your data on the basis of our legitimate interest in being able to clarify your request. After submitting your application documents, you will receive a confirmation of receipt as well as an e-mail in which you will be given the opportunity to create an applicant account.

Important notes on the use of softgarden:

softgarden uses the service of the ISO 27001 certified provider Cloudflare Inc, 101 Townsend St, San Francisco, USA or the subsidiary Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich Germany ("Cloudflare") to increase the security of the platform, in particular to protect against DDoS attacks, and to improve the speed of delivery. Cloudflare provides a network of servers capable of delivering optimized content to the end user and intercepting virus-laden traffic. The services provided by Cloudflare include the product "Data Localization Suite" with the components "Regional Services" and "Metadata Boundary for Customers". Both components ensure that the transfer of personal data when using our platform takes place exclusively within the EU. The "Regional Services" ensure that the customer content traffic, in this case the end customer traffic, is securely transmitted to Cloudflare PoPs within the region selected by softgarden and checked within a Point of Presence (PoP) in this defined region. softgarden has chosen Germany as the selected region, therefore all traffic is checked exclusively on servers in Germany. Metadata Boundary ensures that Cloudflare does not transmit any customer logs originating from the services used outside the European Union. The personal data processed by Cloudflare includes all content transmitted by customers and applicants, i.e. beyond the IP address, all files (application documents) and multimedia images, graphics, audio or video, as well as any interaction of their browser with the softgarden system. Cloudflare is the recipient of your personal data and acts as a processor for softgarden. This corresponds to the legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR to ensure security and security as well as user-friendliness on the platform. Your personal data will be stored by Cloudflare for as long as is necessary for the purposes described, usually 124 calendar days.

Applicant account

In principle, you can send us your application documents via softgarden without creating an applicant account. However, if you would like to open an applicant account, it is necessary for you to register beforehand. To register, you will be asked for your surname, first name, user name, e-mail address and password. By submitting your data, you consent to the processing of your data. By creating an applicant account, we can identify you as an applicant and you have the option of managing your profile. You can also track the current status of your application in your applicant account. By registering, it is also possible for Windmöller & Hölscher to consider your application for other vacancies with a similar background in order to check all possibilities for a successful application. You can withdraw your consent at any time with effect for the future. All you need to do is send an informal email to datenschutz@wuh-group.com.

Talent pool

If you decide to be included in the Windmöller & Hölscher talent pool, responsible employees of the Windmöller & Hölscher Group may access your personal data for possible job placements. You can join the talent pool by accepting an invitation from a recruiter during the application process. 18 months after your registration, the system will send you an automatic message to ask for your consent to save your profile in the Talent Pool again. If you wish to be deleted from the Talent Pool in the meantime, please contact us directly (datenschutz@wuh-group.com).

Feedback module

In order to optimize our application processes, Windmöller & Hölscher will give you the opportunity to provide anonymous feedback at various stages of the application process. Only the position title and location of the position for which you have applied will be recorded. This information, together with your anonymous feedback, can also be transmitted to external partners such as kununu. No personal data other than the position title and location of the position will be collected. Personal data will not be transmitted.

Subscribe to job offers

In our careers section, you have the option of being automatically informed about new job vacancies at the Windmöller & Hölscher Group. This is done either by means of an e-mail newsletter or via an RSS feed. The target group, job category and location can be entered to specify the subscription. However, you can also be informed about new vacancies without further specification. If you wish to be informed about new job vacancies via the e-mail newsletter, we will process your e-mail address. You can revoke your consent to receive the newsletter at any time via the unsubscribe link in the newsletter. No personal data is processed via the RSS feed to inform you about new job advertisements.

Forwarding of data within the Windmöller & Hölscher Group and forwarding to third parties/third countries

As part of the application process, your data may be forwarded by e-mail to responsible employees within the Windmöller & Hölscher Group who are involved in the application process. Data will not be transferred to third countries unless your application explicitly refers to advertised positions in our group of companies in third countries or you have given us your consent. Contracts have been concluded within the Group and with the service providers involved in accordance with GDPR Art. 28.

Duration of storage

We store personal data for the duration of the application process. If no employment relationship is established, we delete the data after the end of the application process (e.g. the announcement of the rejection decision) within the statutory periods, unless longer storage is required due to legal disputes, but after 6 months at the latest. In the event that you have consented to your personal data being stored for a longer period, e.g. for the talent pool, we will store it in accordance with your declaration of consent. If an employment relationship is established following the application process, your data will, if necessary and permissible, initially continue to be stored and then transferred to the personnel file.

Non-availability of data

Providing of your personal data is necessary for initiation and if applicable conclusion of an employment contract. Without this data, we are not able to process your application and to conclude a contract with you.

Visitors and users of our webshop

In our webshop you will find information about spare parts and have the possibility to place quotation requests or orders for spare parts.

In order to use the online shop, it is necessary to set up a personalized and password-protected customer account. With the customer account you have access to offers, placed orders and active order processes. With your customer account you also have access to the PDE (Parts and Documentation Explorer). Your customer account can also be limited to the PDE - order and quotation functions are not available in this case.

As a registered customer account holder with administration rights, you can activate additional users, make user settings and terminate account access for users. All actions taken by you in the context of user administration are your own responsibility.

If you leave the online shop as a registered customer, you will be logged out automatically, unless you log out manually.

We as operator assume no liability for password misuse, unless this was caused by us as operator ourselves.

All data that you voluntarily enter in our registration/contact form within the scope of the mentioned purposes will be stored. This includes company/customer number, first name/last name, e-mail address, IP address, last login date, last password change, actions within the scope of the integrated user self-administration (e.g. creation and deactivation of users).

Legal basis

We process your personal data in accordance with

  • Article 6 paragraph 1 letter a) of the GDPR, in so far as you have granted your consent (e.g. registration customer account, use of econda mentioned below).
  • Article 6 paragraph 1 letter b) and c) of the GDPR for the purpose of contract fulfillment. his includes the processing of personal data on the occasion of pre-contractual measures (e. g. the processing of your requests communicated via contact form as well as for ordering via our webshop).
  • Article 6 paragraph 1 letter f) of the GDPR, to the extent that we have a legitimate interest therein, unless your interests or fundamental rights that require the protection of your personal data outweigh this. This includes, for example, the transmission of data within the corporate group for internal administrative purposes, requests regarding satisfaction.

Transfer within of Windmöller & Hölscher Group and forwarding to third parties/third countries

Your personal data will only be transferred within Windmöller & Hölscher KG if it is necessary for the above-mentioned purposes to specialist departments within Windmöller & Hölscher KG which need it, to subsidiaries of Windmöller & Hölscher KG which will look after you as a business partner in your area and outside Windmöller & Hölscher KG to supporting service providers such as logistics companies, financial service providers, insurance companies, legal advisors as well as to financial authorities, law enforcement agencies insofar as there is a reporting, verification or legal obligation to do so.

Service providers within the scope of order processing, such as service providers for IT services, are contractually obliged to comply with the applicable data protection requirements pursuant to Article 28 of the GDPR.

Use of econda

On our webshop website we use the web analysis service econda GmbH (Zimmerstr. 6, 76137 Karlsruhe, Germany, Managing Director: Christian Hagemeyer, Commercial Register: Amtsgericht Mannheim HRB 110559) to analyze and regularly improve the usage. The statistics obtained allow us to improve our services and make them more interesting for you as a user.

Cookies are stored on your computer for this evaluation. The information collected in this way is stored exclusively on the responsible person's server in Germany.

Preventing the use of econda is possible by removing the corresponding check mark in the query after you log in to the webshop, thus deactivating the opt-out plug-in. You can decide here whether a unique web analysis cookie may be stored in your browser to enable the website operator to collect and analyze various statistical data.

You can adjust the evaluation by deleting existing cookies and preventing cookies from being stored or by clicking on this link https://www.econda.de/en/data-protection/revocation-for-data-storage/.

You can obtain information on data protection from the third party provider at: https://www.econda.de/service/datenschutz/.

Image search

Our webshop works with a technology from the company nyris GmbH for image recognition, represented by the managing directors, Dr. Anna Lukasson-Herzig and Markus Lukasson (Warschauer Str. 58a, 10243 Berlin, tel.: +49 (0)211 97 63 38 99, mail.: support@nyris.io, web.:http://www.nyris.io, registered office of the company: Berlin, registered with the registry court of the district court of Berlin (Charlottenburg) under HRB 169967), hereinafter referred to as nyris.

With the optional use of nyris, images can be transmitted to nyris by the user for visual object search. The request is anonymized in the software of the webshop page for nyris. Thus, a transmission of personal data on the technical level to nyris is excluded.

The user is responsible for ensuring that no personal data is visible on the transmitted product image when using nyris.

Visitors of Events

Our company offers people the opportunity to participate in virtual, hybrid or live events (summarized hereafter under events) where visitors attend machine demonstrations, webinars, video conferences or (digital) meetings.

Participants of our events can register for the events using the registration/contact form or they will receive an invitation from us by e-mail. In virtual events every participant receives a password-protected user account.

Registrations are considered, checked and confirmed by mail in the chronological order of their arrival. Participation is only guaranteed after the confirmation. Cancellations must be made in written form and will be then confirmed by the organizer. Changes at the registration are not possible afterwards.

All the personal data you provide in relation to the virtual events will be saved, for instance your first name/last name and e-mail address.

Reference: Virtual Event

In virtual events the user profile with your name will also be visible to other participants of the event as well as any information you have added yourself, such as your photo. You can use the question-and-answer functions anonymously. If you post using your name, this will also be visible to other participants.

The meeting metadata collected includes the title of the meeting, participant IP addresses, device/hardware information and, if applicable, the following additional data.

With recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.

When dialing in by phone: Information on the incoming and outgoing number, name of the country, start and end time. If necessary, additional connection data, such as the IP address of the device, can be saved.

If we wish to record virtual events or chat events, we will transparently inform you of this in advance and - if need be - ask for your consent.

Reference: Photo-, video- and sound recordings

At events of the Windmöller & Hölscher Group (as organizer or cooperation partner) we collect personal data from you (surname, first name, e-mail address etc.) which is required for participation and for event execution. We reserve the right to create, process and distribute photo, video and audio recordings of speakers, participants and guests for public relations purposes, provided these do not contradict in individual cases. This will be indicated in a suitable manner both at the electronic event registration and at the event location. We will inform you about the photo processing and photo publication of your personal data and the data protection claims and rights to which you are entitled. The data is collected, stored and, if necessary, published by us, insofar as it is necessary to take and publish photographs during an event or a trade fair.

No automated decision-making is used, as referred to in Art. 22 General Data Protection regulation (GDPR).

Legal basis

We process your personal data in accordance with

  • Article 6 paragraph 1 letter b) of the GDPR for the purpose of contract fulfillment. This includes sending information in the pre-contractual stage provided that you have made inquiries with us.
  • Article 6 paragraph 1 letter f) of the GDPR, to the extent that we have a legitimate interest therein, unless your interests or fundamental rights that require the protection of your personal data outweigh this. This includes, for example, the transmission of data within the corporate group for internal administrative purposes and requests regarding visitor satisfaction. Our legitimate interest includes the documentation of corporate events and trade fairs, in particular for press and public relations work and to present the company's activities in order to increase awareness, strengthen the brand and promote participation in comparable events and activities. The implementation takes place through the production of photos, image and sound recordings of events. This will be indicated in a suitable manner both at the electronic event registration and at the event location.
  • Article 6 paragraph 1 letter a) of the GDPR, in so far as you have granted your consent. This includes if you voluntarily provide information about yourself when participating, if you voluntarily use functions that are not necessary and by photos, images and sound recordings. The consent to data processing can be revoked by the data subject at any time with effect for the future.
  • Article 88 GDPR in conjunction with § 26 Federal Data Protection Act (BDSG), if you participate as an employee of our company, if personal data is required for the implementation, justification of the employment relationship.

Covid-19 restrictions for Live-Events

To protect your and our health, we follow special Covid-19 restrictions when participating in W&H events. The data will only be checked, but no personal health data will be saved. The following rules applies:

a) Proof of complete vaccination status OR

b) Proof of "recovered" status (max. three months) OR

c) Proof of a negative rapid test (test center) or PCR test that is not older than 24 hours on the day of participation

In case of complete vaccination [see: a)] or status "recovered [see: b)], please prove your status at the registration desk. A previously performed antigen rapid or PCR test [see: c)] must also be shown at check-in.

IMPORTANT: We ask for your understanding that participation in W&H events cannot be granted without following the alternative ways a), b) or c) or in case of a positive test result.

If you do not feel healthy before arrival, we kindly ask you to consult a doctor or to not attend the event.

The participant is obliged to follow the instructions of the organizer and the venue. Failure to do so may result in exclusion from the event.

The organizer hereby reserves the right to change the program or cancel the event in the case of extraordinary circumstances. In special cases, the organizer is allowed to take such measures, in cases of act of nature beyond control, due to governmental regulations, in case of danger for health, life and body of the participants. In these cases, the organizer is not obligated to pay compensation and/or reimbursement of expenses to the participants. This also applies to cancellation fees incurred by third parties (e.g., hotel bookings, train or airline tickets).

Transfer of data within the Windmöller & Hölscher Group and forwarding to third parties/third countries

Personal data that is processed in connection with participation in events will not, in principle, be passed on to third parties unless it is intended for disclosure. Please note that content from “video conferences” as well as from personal meetings is often used to communicate information with business partners, prospective customers or third parties, and is therefore intended for distribution.

The virtual events organized by our company use Microsoft Enterprise and Developer products (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). To access Microsoft's Privacy Policy, visit: https://privacy.microsoft.com/en-US/

Service providers who necessarily receive knowledge of the above data are contractually obliged to comply with the applicable data protection requirements pursuant to Article 28 GDPR.

In principle, data is not processed outside the European Union (EU), as we have restricted our storage location to data centers within the European Union. However, we cannot rule out the possibility that data is routed via Internet servers located outside the EU. This can be the case in particular if participants in “online meetings” are in a third country.However, the data is encrypted during transport over the Internet and thus protected against unauthorized access by third parties.

When you access the “Microsoft Teams” website, the provider of “Microsoft Teams” is responsible for data processing. However, participants only need to visit the “Microsoft Teams” website to download the software to use “Microsoft Teams”.If you do not wish to or cannot use the “Microsoft Teams” app, you can also use “Microsoft Teams” through your browser. The service is then also provided via the “Microsoft Teams” website.

We publish the photos/videos on the following channels: websites, advertising material, advertisements in print magazines, online banner advertising, direct mailings, e-mail newsletters, third-party press reports, social media (Twitter, LinkedIn, Xing, YouTube) considering legal basis.

RUBY User

RUBY is the W&H IoT system for collecting and evaluating machine data and making it usable for value-added services.
When using RUBY, we generally do not process any personal data of you as a user. All data is stored on your local systems.
The RUBY Cloud connection allows ruby machine data to be sent to the W&H RUBY Cloud and you have the option of using the RUBY App.

When you use the Ruby app for the first time, the user's personal data is synchronized into the W&H Cloud in order to grant you access with your user account. Essentially, these are First name, last name, IP address, Userid (combination of numbers), username, e-mail address. The administration of user accounts remains your responsibility.

Legal bases

We process your personal data in accordance with

  • Article 6 paragraph 1 letter f) of the GDPR, to the extent that we have a legitimate interest therein, unless your interests or fundamental rights that require the protection of your personal data outweigh this. The processing is necessary to ensure the functionalities when using RUBY App.
We process your personal data only for the purposes for which we have received or collected this data. If we intend to process data for other purposes that are not founded on consent or a legal provision, we shall provide you with information about this other purpose prior to further processing in accordance with Articles 13, 14 of the GDPR.

Forwarding within of Windmöller & Hölscher Group and forwarding to third parties/third countries

Your personal data will only be transferred if it is necessary for the above-mentioned purposes within Windmöller & Hölscher KG to corresponding departments, subsidiaries that need them and outside Windmöller & Hölscher KG to supporting service providers.

Service providers within the scope of order processing are contractually obliged to comply with the applicable data protection requirements pursuant to Article 28 GDPR.

Matomo

We use Matomo (formerly Piwik) for web analysis, in the open-source version. The protection of your data is important to us, which is why we have configured Matomo in such a way that we do not set cookies and your IP address is only recorded anonymously (shortened). Therefore, it is not possible to draw conclusions about your person.

Further information on Matomo's terms of use and the data protection regulations can be found at: https://matomo.org/privacy/

If you do not want your visits to our websites to be recorded, you can activate the 'Do not track' option in your browser and Matomo will not collect any data from you.

Visual Studio App Center (Microsoft)

With the App Center, we receive crash and diagnostic data as well as evaluations of the use in the context of the use of the RUBY app.

The data collected by App Center is not linked to a user and does not contain any personal information.

To access Microsoft's Privacy Policy, visit: https://privacy.microsoft.com/en-US/.

When downloading the RUBY App, certain required information is transmitted to the App Store selected by you (e.g. Google Play or Apple App Store). In particular, information on country code language manufacturer and version of the operating system of the devices on which the apps are installed can be processed. The processing of this data takes place exclusively by the respective App Store and is beyond our control.

Addresses to the Google Play Store and Apple App Store and links to their privacy notices:

Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; https://policies.google.com/privacy.

Apple Inc., 1 Apple Park Way, Cupertino, California, USA, 95014; https://www.apple.com/legal/privacy/de-ww/.

Online-Bookings

Online-Bookings
We offer you the possibility to make an appointment directly with our team at your desired time. This way you can enter the desired duration, date and time yourself. For this purpose, our website uses the service Microsoft Bookings (part of Microsoft 365) of the provider Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 (hereinafter: "Microsoft"). The connection to the service is only established when you call up the online booking function via a link or button on our website or are invited to book an appointment by e-mail. You will then be redirected to a so-called "self-service site" of Microsoft (a new window opens for making an appointment).
To make the appointment, your entries such as surname, name, e-mail address, reason for your request in the form will be transmitted to Microsoft. In addition, Microsoft processes further technical data, such as your IP address, the browser fingerprint (aggregated hardware and software data to recognize the device). For more information about how Microsoft processes your personal data, please visit: https://learn.microsoft.com/de-de/microsoft-365/bookings/bookings-faq?view=o365-worldwide and https://privacy.microsoft.com/de-de/privacy.

Legal basis
We process your personal data pursuant to

  • Art. 6 para. 1 lit. a) GDPR, by providing your contact details and arranging an appointment, you consent to being contacted.
  • Art. 6 para. 1 lit. b) GDPR for the purpose of fulfilling the contract. This includes the processing of personal data on the occasion of contractual or pre-contractual measures (e.g. making appointments regarding contract content).
  • Art. 6 para. 1 lit. f GDPR, insofar as we have a legitimate interest in this, unless your interests or fundamental rights, which require the protection of your personal data, prevail. This includes, for example, the transfer of data within the group of companies for internal administrative purposes, to keep the scheduled appointment and to answer your questions.

Since the tool is a Microsoft service, we cannot completely exclude a transfer to third countries. According to Art. 49 para. 1 lit. a DSGVO, your consent also includes the transfer of your personal data to third countries, e.g. to the USA. In this case, it is possible that the transferred data will be processed by local authorities within the respective third country without a judicial decision.

Transfer of data within the Windmöller & Hölscher Group and transfer to third parties/third countries
Your personal data will only be passed on if it is necessary for the above-mentioned purposes within Windmöller & Hölscher KG to specialist departments that require it, to subsidiaries of Windmöller & Hölscher KG that serve you as a business partner in your area and outside Windmöller & Hölscher KG to supporting service providers as well as to law enforcement authorities insofar as there is a reporting, verification or legal obligation to do so.

Service providers within the scope of order processing, such as service providers for IT services, are contractually obligated to comply with the applicable data protection requirements in accordance with GDPR Art. 28.

The Microsoft Bookings service used by our company is part of the cloud application Microsoft 365. Data processing outside the European Union (EU) does not take place in principle, as we have limited our storage location to data centers in the European Union. However, we cannot exclude the routing of data via Internet servers located outside the EU. We have signed data protection agreements and EU standard contracts with Microsoft to guarantee a minimum level of data protection. Please note that we have no control over Microsoft's data processing practices. For Microsoft's privacy policy, visit: https://privacy.microsoft.com/en-US/.

Microsoft Forms

Microsoft Forms

We use the online survey creator "Forms" from Microsoft for internal and external surveys and queries. The provider of the "Forms" service is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 (hereinafter: "Microsoft"). The connection to the service is only established if you are redirected to our website via the link in the email or the button.

The so-called 'form owners' have access to Microsoft Forms and can create and distribute surveys, forms and questionnaires directly, either alone or with other owners. They are also the sole recipients of the responses. These are prepared graphically in Microsoft and are only available to the form owners.

When using "Microsoft Forms", various types of data (including personal data) may be processed. The type and scope of the data depends on the questions asked and answered as well as any upload of additional services.

In principle, this involves the following personal data:

  • Surname, first name
  • E-mail address
  • Profile picture (optional, if stored in Microsoft 365)
  • Preferred language
  • Status (such as online, available, etc. - optional if stored in Microsoft 365)
  • Date and time of opening the questionnaire
  • Date and time the reply was sent
  • Responses to the survey

If you participate in an anonymous survey, your response will not contain any contact information or your first and last name and cannot be traced back to you.

Legal basis
We process your personal data in accordance with:

  • Art. 6 para. 1 lit. a) GDPR on the basis of your consent. You have the option of voluntarily taking part in a survey. By participating, you consent to the processing. You can withdraw your consent at any time with effect for the future.
  • Art. 6 para. 1 lit. b) GDPR should the survey be necessary for the initiation and/or fulfillment of contracts.
  • Art. 6 para. 1 lit. f) GDPR for surveys based on our legitimate interest in the effective planning and implementation of projects and processes, unless your interests or fundamental rights, which require the protection of your personal data, prevail.

Transfer of data within the Windmöller & Hölscher Group and transfer to third parties/third countries

Your personal data will only be passed on within Windmöller & Hölscher KG to specialist departments or to subsidiaries of Windmöller & Hölscher KG that require this data and outside Windmöller & Hölscher KG to supporting service providers and to law enforcement authorities if there is a reporting, verification or legal obligation to do so.

Service providers in the context of order processing, such as service providers for IT services, are contractually obliged to comply with the applicable data protection requirements in accordance with GDPR Art. 28.

The Microsoft Forms service used by our company is part of the Microsoft 365 cloud application. The service provider of "Microsoft Forms" necessarily obtains knowledge of this data as a processor as part of its service provision.

Data processing outside the European Union (EU) does not generally take place, as we have limited our storage location to data centers in the European Union. However, we cannot rule out the possibility that data may be routed via internet servers located outside the EU. We have concluded the EU standard contracts with Microsoft in order to guarantee a minimum level of data protection. In addition, Microsoft is certified in accordance with the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link:https://www.dataprivacyframework.gov/list.

Despite the "DPF", surveillance laws in the USA may require US service providers to disclose personal data to security authorities without data subjects being able to appeal against this. It can therefore not be ruled out that US authorities, such as secret services, will process, evaluate and permanently store your data located on the servers of US service providers for surveillance purposes. Microsoft has therefore taken additional technical and organizational measures to protect personal data. In particular, personal data is only transmitted in encrypted form via Forms. In addition, Microsoft has contractually undertaken to fend off requests for disclosure from US authorities in court as far as possible. It can therefore generally be assumed that Microsoft provides an appropriate level of protection when processing personal data.

Please note that we have no influence on Microsoft's data processing. For Microsoft's privacy policy, please visit: https://privacy.microsoft.com/en-US/.

Visual Assistance

Visual Assistance

We use "Visual Assistance" so that we can support you quickly and reliably from a distance if necessary. This is a so-called "Smart Service", which is carried out with the help of digital "as-a-Service" models. Visual assistance can be provided using special data glasses or other mobile devices, such as smartphones or tablets.
Further details on the use and processing of data are described below.

Registration

To use "Visual Assistance", you must first download the "Visual Assistance" app from your app store and install it on your device. After starting the app, a registration page will open. The registration itself is carried out via Windmöller & Hölscher. We will receive your contact details (surname, first name, e-mail) either directly from you or from a contact person in your company. You will then be registered as a user by Windmöller & Hölscher and will receive an e-mail to confirm your registration. After receiving and confirming the e-mail, you will be able to log in to the "Visual Assistance" app. We process your personal data in accordance with Art. 6 para. 1 lit. b GDPR so that we can fulfill our contractual obligations for support. To enable us to provide you with fast and convenient support, we process your personal data in accordance with Art. 6 para. 1 lit. f GDPR, insofar as we have a legitimate interest in doing so, unless your interests or fundamental rights that require the protection of your personal data prevail. The processing is necessary to ensure the functionalities when using the "Visual Assistance" app and to register you as a user.

Using Visual Assistance

If you need support, you can connect with one of our employees. To do this, log in to the app and start a support session. The employee now has an insight and can communicate with you directly. Communication in your native language is possible at any time if you actively wish, as translation services are integrated into the app. We offer you various options that you can use with "Visual Assistance".

These include the following functionalities:

  • Sharing live video and audio
  • Taking photos and sharing them within the app
  • Chat or voice chat communication
  • Uploading files
Before using the respective above-mentioned functionalities, you must consent to the respective processing. Accordingly, we process your data in accordance with Art. 6 para. 1 lit. a GDPR on the basis of your consent. Please note that you should not make any recordings if there are other people in your immediate vicinity and they have not consented to this processing.

Your personal data will only be passed on within Windmöller & Hölscher KG to specialist departments, subsidiaries that require it and outside Windmöller & Hölscher KG to supporting service providers if this is necessary for the above-mentioned purposes. The translation services are Google and DeepL. Appropriate contractual arrangements have been made with the service providers.
Google is also subject to the Data Privacy Framework.
You can find more information on this at: https://www.dataprivacyframework.gov/s/.




Duration of data storage
We process the data for as long as this is required for the respective purpose, e.g. provision of our online services and the associated services. To the extent that your data is subject to tax, commercial law or other legal retention obligations, the data shall be stored until the expiry of the aforementioned deadlines. If we have saved your data for advertising purposes, we shall delete this data at the time at which you revoke your consent to further advertising contact. This does not apply as long as this data is subject to a statutory retention obligation.
Data Security
Windmöller & Hölscher KG takes all technical and organizational precaotions in order to ensure that your personal data is protected against unintentional or unlawful deletion, alteration, or loss and against unauthorized disclosure or access.
In order to protect your data, some offers on our website are processed via a secure server using state-of-the-art encryption methods (SSL/TLS) using HTTPS. You can tell that your browser uses this secure transmission by the fact that the Internet address starts with "https" and a small lock symbol that is (normally) displayed in the address line of your browser window. If the lock is closed, it is a secure transmission. In this case, some browsers show the address bar or part of it in green.
Assertion of your rights
You have the right to free information about your stored data and, under certain conditions, a right to limitation of data processing, correction, deletion or transfer of this data. Should you submit an information request, we ask for your understanding if we request proof of your identity. If you have granted us your consent to data processing, this can be revoked at any time with effect for the future. Furthermore, you also have the right to file a complaint with a supervisory authority if you are of the opinion that the processing of the corresponding personal data takes place in violation of the GDPR.

The supervisory authority responsible for Windmöller & Hölscher KG is:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2-4
Germany, 40213 Düsseldorf

Right of objection
In accordance with article 21 paragraphs 1 and 2 of the GDPR, you have the right to object to the processing of your personal data for direct marketing purposes without indication of reasons. If we process your data in order to safeguard legitimate interests, you may object to this processing for reasons related to your particular situation. We shall no longer process your personal data unless we can prove compelling legitimate grounds for our processing which outweigh your interests, rights and freedoms or the processing serves the exercise or defense of legal claims.
Links to other websites
Our website also contains links to other websites. If you are redirected to another website by clicking on one of the links, the data protection declaration of Windmöller & Hölscher KG no longer applies, but that of the respective website operator.
Changes to the data protection declaration
Changes to the data protection declaration We reserve the right to change this privacy policy to adapt it to new functions on the website or a changed legal situation. Your visit to our website is subject to the current version at the time.

07/2022