Privacy | Windeln

Privacy Notice

as per December 8, 2021

Privacy policy windeln.de

We, windeln.de SE, Stefan-George-Ring 23, 81929 Munich Germany, take data protection very seriously and pay attention to appropriate security. In order for you to know which personal data we collect from you and for which purposes we use them, please take note of the following information.

Contact details of the person responsible within the meaning of the DSGVO

windeln.de SE
Stefan-George-Ring 23, 81929 Munich
investor.relations@windeln.de

Contact details of the data protection officer:

PROLIANCE GmbH / data protection expert.com
Data protection officer
Leopoldstr. 21
80802 Munich

e-mail: datenschutzbeauftragter@datenschutzexperte.de

DATA PROCESSING BY VISITING OUR WEBSITE

When you call up our website, it is technically necessary for data to be transmitted to our web server via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

Date and time of the request
Name of the requested file
Page from which the file was requested
Access status
Web browser and operating system used
(Complete) IP address of the requesting computer
Amount of data transmitted

We collect the listed data to ensure a smooth connection of the website and to enable a comfortable use of our website by the users. In addition, the log file serves to evaluate system security and stability as well as for administrative purposes. The legal basis for the temporary storage of the data or log files is Art. 6 para. 1 lit. f DSGVO.

For reasons of technical security, in particular to ward off attempts to attack our web server, this data is stored by us for a short period. It is not possible for us to draw conclusions about individual persons on the basis of this data. After 30 days
at the latest, the data is deleted so that it is no longer possible to establish a link to the individual user.

COOKIES

Our website uses so-called “cookies”. Cookies are small text files that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you yourself delete them or an automatic solution is made by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies serve to display the user behaviour or for advertising purposes.

Technically necessary cookies are stored on the basis of Art. 6 Paragraph 1 lit. f DSGVO. We have a legitimate interest in the storage of cookies for the technically error-free and optimised provision of our services. Other cookies will only be stored with your consent on the basis of Art. 6 Para. 1 lit. a DSGVO. This consent may be revoked at any time in the future. The legal basis may also be derived from Art. 6 para. 1 lit. b DSGVO if the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures which are carried out at the request of the data subject.

Insofar as cookies are used for analysis purposes, we will inform you separately about this within the framework of this data protection declaration and obtain your consent.

You can set your browser so that you

be informed about the setting of cookies,
Only allow cookies in individual cases,
exclude the acceptance of cookies for specific cases or generally,
activate the automatic deletion of cookies when the browser is closed.

The cookie settings can be managed for the respective browsers using the following links:

You can also manage cookies from many companies and functions used for advertising individually. To do this, use the appropriate user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.

Most browsers also offer a so-called   “do-not-track function”.  With this feature enabled, the browser will notify advertising networks, websites and applications that you do not wish to be “tracked” for the purposes of behavioural advertising and the like.

Information and instructions on how to edit this function can be found, depending on the provider of your browser, at the following links:

In addition, you can prevent the loading of so-called scripts by default. “NoScript” allows JavaScripts, Java and other plug-ins to be executed only on trusted domains of your choice. Information and instructions on how to edit this function can be obtained from your browser provider (e.g.  B. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/).

Please note that if you disable cookies, the functionality of our website may be limited.

GOOGLE reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our website. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

The purpose of reCAPTCHA is to check whether the data input on our website (e.g. in a contact form) is done by a human being or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis reCAPTCHA evaluates various information, e.g.

IP address
Length of stay of the website visitor on the website
mouse movements made by the user
The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place. Data processing is based on Art. 6 Para. 1 lit. f DSGVO.

We have a legitimate interest in protecting our website from improper automated spying and from unwanted, automated transmissions (spam).

The transmission of your data (e.g. IP address) resulting from the use of Google reCaptcha to Google LLC based in the USA is based on your consent. We do not store any personal data from the use of reCAPTCHA. In general, personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply.

Further information about Google reCAPTCHA and Google’s privacy policy can be found at the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/v3beta.html

CONTACT VIA E-MAIL

If you send us enquiries by e-mail, your details from your e-mail, including the contact details you provide there, will be stored by us to process the enquiry and in the event of follow-up questions. Under no circumstances will we pass on this data without your consent. The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 letter f DSGVO and, if applicable, Art. 6 para. 1 letter b DSGVO, if your request is aimed at the conclusion of a contract. Your data will be deleted after the final processing of your enquiry, provided that this does not conflict with any statutory storage obligations.

In the case of article 6 paragraph 1 letter f DSGVO, you can object to the processing of your personal data at any time with effect for the future by sending an e-mail to investor.relations@windeln.de.

NEWSLETTER

If you would like to receive the newsletter offered on the website with regular information about our offers and products, we need your e-mail as mandatory information.

Additional data may be provided to address you personally in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.

We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you our newsletter by e-mail if you have expressly confirmed to us that you agree to receive newsletters. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, wish to receive newsletters in future. With the confirmation you give us your consent in accordance with Art. 6 Para. 1 letter a DSGVO that we may use your personal data for the purpose of the desired newsletter dispatch.

When you register for the newsletter, we save, in addition to the e-mail address required for sending the newsletter, the IP address you used to register for the newsletter as well as the date and time of registration and confirmation, in order to be able to trace possible misuse at a later date.

Of course, you can unsubscribe from the newsletter at any time. To do so, please use the unsubscribe mechanism which is included in all corresponding e-mails sent by windeln.de or send a corresponding e-mail to investor.relations@windeln.de. Once you have cancelled your subscription, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly agreed to the continued use of the collected data or unless the continued processing is otherwise legally permissible.

Our e-mail newsletters are sent via technical service providers to whom we pass on the data you provide when you register for the newsletter. We have concluded an order processing contract with our e-mail service providers in which we oblige them to protect the data of our customers and not to pass them on to third parties.

Service provider: EQS Group Ltd

Address: Karlstraße 47, 80333 Munich, Germany

Privacy policy: https://www.eqs.com/en-gb/about-eqs/data-protection/

The service provider uses the information from the newsletter registration to send and statistically evaluate the newsletter on our behalf. For evaluation purposes, the e-mails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. In this way it can be determined whether a newsletter message has been opened and which links have been clicked on, if applicable. Conversion tracking can also be used to analyse whether a previously defined action (e.g. purchase of a product on our website) was carried out after clicking on the link in the newsletter. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). The data is only collected pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. These data are used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe to the newsletter.

SENDING OF APPLICATIONS

If you apply to us by e-mail or via the application form, we collect personal data. This includes, in particular, your contact details (such as first and last name, telephone number and e-mail address of the user) as well as other data provided by you about your background (e.g. curriculum vitae, qualifications, degrees and professional experience) and your person (e.g. cover letter, personal interests, salary expectations). This may also include special categories of personal data (e.g. information on a severe disability). In addition, you can add voluntary information to your profile. As a rule, your personal data is collected directly from you during the application process and is encrypted during electronic transmission. The primary legal basis for this is Art. 6 para. 1 b DSGVO in conjunction with Art. 26 para. 1 BDSG. In addition, consents pursuant to Art. 6 (1) lit. a, 7 DSGVO in conjunction with Art. 26 (2) BDSG can be used as a data protection permission requirement. If the processing of your data is based on consent, you have the right to revoke your consent at any time with effect for the future.

Within our company, only those persons and positions (e.g. human resources) have access to your personal data which they absolutely need to carry out the application procedure or to fulfil our legal obligations. If necessary, your application will be forwarded to the responsible person for examination. In addition, the Rexx administrators have access to the data in order to maintain the system and ensure data security. For efficient applicant management we use the Rexx platform of the provider

rexx systems GmbH (“Rexx”)

Süderstrasse 75-79

D-20097 Hamburg

When you upload your documents to this platform, Rexx processes them on our behalf. You can access the Rexx data protection declaration here: https://www.rexxsystems.com/datenschutz.php.

Your data for an application for a specific job advertisement will be stored and processed by us during the ongoing application process. Once the application process has been completed (e.g. in the form of an acceptance or rejection), the data you submitted will be deleted automatically 6 months after the rejection has been announced. For statistical purposes, reduced data (body data) is stored for 24 months. Reduced data are: Salutation, first name, date of birth, date of receipt of the application and information on how you found us and the position for which you applied. The reduced data is completely deleted from the system after 24 months. This only does not apply if we are obliged to store data for a longer period of time due to legal requirements or if you have expressly consented to longer storage.

You have the opportunity to agree to an extended storage period for the purpose of further applications (inclusion in the applicant pool). In this case, your data will automatically be completely deleted from the system 6 months after admission to the applicant pool. The core data are excluded from this. The right to demand their deletion at any time remains unaffected.

You can revoke your consent at any time with effect for the future. An informal e-mail to karriere@windeln.de is sufficient for this purpose. In the event of consent, your application documents will be transferred to the personnel file.

You can object to the storage of your data at any time and we will then delete your data accordingly. In case of an objection, please contact karriere@windeln.de.

PASSING ON TO THIRD PARTIES

Your personal data will not be transferred to third parties, except for

if we have explicitly pointed this out in the description of the respective data processing.
if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO,
the disclosure pursuant to Art. 6 para. 1 sentence 1 letter f DSGVO is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
in the event that there is a legal obligation to pass on the data pursuant to Art. 6 para. 1 sentence 1 lit. c DSGVO, and
insofar as this is necessary for the processing of contractual relationships with you in accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO.
In addition, we use external service providers for the execution of our services, who we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly checked by us. With whom we have, if necessary, concluded contract processing agreements in accordance with Art. 28 DSGVO. These are service providers for web hosting, the sending of e-mails and the maintenance and servicing of our IT systems etc. The service providers will not pass on this data to third parties.

DATA SECURITY

In accordance with Art. 32 DSGVO, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying degrees of probability and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.
MEMORY DURATION

The duration of the storage of personal data is determined by the relevant legal retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data is required for the fulfilment or initiation of a contract, or if we have a legitimate interest in its further storage, the data will be deleted if it is no longer required for these purposes or if you exercise your right of revocation or objection.

YOUR RIGHTS

Below is a list of the rights of the data subjects to which the data subject is entitled vis-à-vis the controller with regard to the processing of their personal data:

The right to request information about your personal data processed by us in accordance with art. 15 of the Italian Data Protection Act. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, cancellation, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, and the existence of automated decision making including profiling and, where applicable, meaningful information on the details of such data.
The right, in accordance with Art. 16 DSGVO, to demand the immediate correction of incorrect or incomplete personal data stored by us.
The right to demand the deletion of your personal data stored with us in accordance with Art. 17 DSGVO, unless processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
The right to demand, in accordance with Art. 18 DSGVO, the restriction of the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or if you have lodged an objection to the processing in accordance with Art. 21 DSGVO
The right, in accordance with Art. 20 of the DSGVO, to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another responsible party.
The right to complain to a supervisory authority pursuant to Art. 77 DSGVO. As a rule, you may address such complaints to the supervisory authority of the federal state in which our registered office is located or, if applicable, that of your usual place of residence or place of work.
Right to revoke consents granted under Art. 7 para. 3 DSGVO. You have the right to revoke at any time, with effect for the future, any consent to the processing of data that you have once given. In the event of revocation, we will immediately delete the data concerned, unless further processing cannot be based on a legal basis for processing without consent. Revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

Right of objection

If your personal data is processed by us on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 letter f DSGVO, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO, insofar as this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct advertising, you have a general right of objection without the need to indicate a special situation.

If you wish to exercise your right of revocation or objection, simply send an e-mail to investor.relations@windeln.de.

You have the right to complain to a supervisory authority, for example at their habitual place of residence in the EU.

LEGAL OBLIGATIONS

The provision of personal data for the purpose of deciding on the conclusion of a contract, the performance of a contract or the implementation of pre-contractual measures is voluntary. However, we can only make the decision within the framework of contractual measures if you provide such personal data as are necessary for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.

AUTOMATED DECISION MAKING

No automated decision making or profiling pursuant to Art. 22 DSGVO takes place.

SUBJECT TO CHANGE

We reserve the right to update this data protection declaration if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to current legal requirements and take into account changes in our services, e.g. when introducing new services. The most recent version applies to your visit.