Processing of (personal) data by the entity in charge of the online application process
WINDOTEC: Data Protection
WINDOTEC GmbH
Romain-Rolland-Straße 62
13089 Berlin
Managing Director
Ivo Vorrath
Contact
Email: info@windotec.de
Website: www.windotec.de
Registered with the District Court of Charlottenburg (Berlin)
Commercial Register Number: HRB 251163 B
Responsible for own content pursuant to § 55 RStV: Ivo Vorrath
VAT ID: DE360478580
For all links to other websites on the Internet, Windotec GmbH expressly declares that it has no influence whatsoever on the design and content of the linked pages. Therefore, we hereby expressly distance ourselves from all content on third-party pages linked on www.windotec.de, do not adopt such content as our own, and assume no liability or guarantee for such external content. This declaration applies to all links displayed on our website and to all content of pages to which such links lead.
Privacy Policy
Last updated: September 2024
1. General Information on the Processing of Personal Data
(1) Protecting your personal data is of particular importance to us. The following information provides a detailed overview of what personal data is processed when you use our websites and services.
(2) The controller within the meaning of Article 4 (7) of the General Data Protection Regulation (“GDPR”) is:
Windotec GmbH
Romain-Rolland-Straße 62
13089 Berlin
Email: info@windotec.de
Further information can be found in our legal notice (Impressum).
(3) Our Data Protection Officer can be contacted at datenschutz@windotec.de or by post at our above address, adding the note “Data Protection Officer”.
(4) We process personal data only in compliance with the applicable data protection laws. This means that data will only be processed if there is a legal basis. In particular, data processing is lawful if it is:
necessary for the performance of our contractual obligations or online services,
required by law,
based on your consent, or
justified by our legitimate interests (i.e. our interest in analysing, optimising, and ensuring the economic operation and security of our online offering within the meaning of Article 6 (1)(f) GDPR, especially with regard to reach measurement, profiling for advertising and marketing purposes, as well as the collection of access data and the use of services of third-party providers).
(5) The legal bases are as follows:
Consent: Article 6 (1)(a) and Article 7 GDPR
Performance of a contract / pre-contractual measures: Article 6 (1)(b) GDPR
Legal obligation: Article 6 (1)(c) GDPR
Legitimate interests: Article 6 (1)(f) GDPR
2. Data Processing When Visiting Our Websites
(1) When you use our websites purely for informational purposes – that is, when you do not register, contact us, or otherwise transmit personal data – we process only the data your browser transmits to our server that are technically necessary to display our website and ensure stability and security. These include:
IP address
Date and time of the request
Duration of website visit
Time-zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status / HTTP status code
Transferred data volume
Website from which the request originates
Pages visited within our website
Internet service provider
Browser type
Server log files
Operating system and interface
Language and version of browser software
(2) The legal basis is Article 6 (1)(f) GDPR, our legitimate interest in properly displaying the requested web pages.
(3) We use individual visit data to create anonymous user profiles that allow us to continuously improve our online offering.
3. Data Processing Through the Use of Cookies
(1) In addition to the aforementioned data, cookies are stored on your device when you use our website. Cookies are small text files that are stored on your hard drive, assigned to your browser, and provide certain information to us. They serve to make our website more user-friendly and efficient. The legal basis is Article 6 (1)(f) GDPR – our legitimate interest in improving user-friendliness and evaluating online marketing activities.
(2) You can configure your browser settings according to your preferences, for example, to refuse cookies. Please note that in this case, you may not be able to use all features of our website.
(3) Our website generates temporary and persistent cookies, the function and scope of which are explained below:
(a) Temporary cookies are automatically deleted when you close your browser. These include session cookies, which store a so-called session ID allowing your browser’s requests to be assigned to the same session. This enables your device to be recognised when you return to our website.
(b) Persistent cookies are automatically deleted after a set period, which varies depending on the cookie. You can delete these cookies at any time in your browser’s security settings.
3.1 Google Analytics
(1) We use Google Analytics, a web analytics service provided by Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).** Google Analytics also uses cookies. The information generated by the cookie about your use of our website is usually transmitted to a Google server in the USA and stored there.
(2) If IP anonymisation is activated, your IP address will first be truncated by Google within the Member States of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and truncated there. IP anonymisation is activated on our web service. Acting on our behalf, Google uses this information to evaluate your use of the website, to compile reports on website activities, and to provide us with other services related to website and internet usage.
(3) According to Google, the IP address transmitted by your browser will not be merged with other Google data. For further information, please refer to Google’s privacy policy. You can prevent the collection and processing of data generated by the cookie (including your IP address) by Google by downloading and installing the browser plugin available from Google.
3.2 Google AdWords Conversion Tracking
(1) We use the online advertising programme Google AdWords and, within its framework, Conversion Tracking, an analysis service provided by Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).** When you click on a Google advertisement, a cookie for conversion tracking is placed on your device.
(2) If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognise that you clicked the advertisement and were redirected to that page. Each AdWords customer receives a unique cookie, meaning cookies cannot be tracked across AdWords clients’ websites. The information collected using the conversion cookie helps to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. Advertisers learn the total number of users who clicked their ad and were redirected to a page with a conversion-tracking tag, but not any information that personally identifies users.
(3) Further information and Google’s privacy policy can be found at
http://www.google.com/policies/technologies/ads/ and
http://www.google.de/policies/privacy/.
3.3 Google Dynamic Remarketing
(1) We use the Remarketing or “Similar Audiences” function of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”)** on our website. This feature enables us to target website visitors with advertising by showing personalised, interest-based ads when they visit other websites within the Google Display Network.
(2) To perform the analysis forming the basis for interest-based advertising, Google uses cookies. A small file containing a numeric sequence is stored in your browser, which records your visits to our site and anonymised data on usage. No personal data of website visitors are stored. When you subsequently visit another website in the Google Display Network, ads are shown that are likely to include previously viewed product or information categories.
(3) You can permanently disable Google’s use of cookies by downloading and installing a browser plugin. Further information about Google Remarketing can be found in Google’s privacy policy.
3.4 DoubleClick
(1) DoubleClick by Google is a service of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).** DoubleClick uses cookies to show you ads that are relevant to you. Your browser is assigned a pseudonymous identification number (ID) to check which ads have been displayed and clicked. These cookies contain no personal data. The use of DoubleClick cookies allows Google and its partner websites to serve ads based on previous visits to our site or other sites on the internet.
(2) The information generated by these cookies is transferred to and stored by Google on servers in the USA. Google only discloses this data to third parties in accordance with legal requirements or within the scope of data processing agreements. Under no circumstances will Google merge your data with other data it collects. By using our website, you consent to the processing of data about you by Google in the manner and for the purposes described above.
(3) You can prevent data collection through cookies and the processing of this data by Google by downloading and installing the DoubleClick deactivation browser plugin provided by Google.
3.5 Facebook Marketing Services
(1) Within our online offering, we use the Facebook Pixel of the social network Facebook, operated by Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are located within the EU, by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).**
This is done based on our legitimate interests in analysing, optimising, and operating our online services economically.
(2) The Facebook Pixel enables Facebook to determine visitors of our website as a target group for displaying advertisements (“Facebook Ads”). Accordingly, we use the Facebook Pixel to show our Facebook Ads only to Facebook users who have shown an interest in our online offering or who share certain characteristics (e.g. interests in specific topics or products determined by the websites they visit) that we communicate to Facebook (“Custom Audiences”). With the help of the Facebook Pixel, we aim to ensure that our Facebook Ads correspond to users’ potential interests and are not perceived as intrusive. We can also measure the effectiveness of Facebook Ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking a Facebook ad (“conversion”).
(3) The Facebook Pixel is directly integrated by Facebook when our web pages are accessed and can store a small file (cookie) on your device. When you subsequently log in to Facebook or visit Facebook while logged in, your visit to our website is recorded in your profile. The data collected is anonymous to us and does not reveal users’ identities. However, Facebook stores and processes the data so that a link to the respective user profile is possible and Facebook may use the data for its own marketing and research purposes. If we transmit data to Facebook for matching purposes, it is encrypted locally in your browser and then sent to Facebook via a secure HTTPS connection, solely for matching with similarly encrypted data.
(4) Data processing by Facebook is governed by Facebook’s Data Usage Policy. Specific information about the Facebook Pixel and its functionality can be found in Facebook’s Help section.
(5) You can object to data collection through the Facebook Pixel and the use of your data for displaying Facebook Ads. To configure which types of ads you see on Facebook, you can visit Facebook’s ad settings page and follow the instructions there on usage-based advertising preferences.
4. Inspectlet
(1) We use the web analytics service Inspectlet, provided by Inspectlet, Inc., Santa Clara, CA, USA. Inspectlet enables an analysis of user behaviour on our websites (e.g. mouse clicks, movements, scrolling, interactions with form fields, session recordings, visit duration, total number of pages visited) and of the devices used. We use this information to further develop our services and improve user-friendliness. Further information on data processing can be found in the Inspectlet Privacy Policy.
(2) The legal basis is Article 6 (1) (f) GDPR — our legitimate interest in improving our services.
5. Data Processing When You Contact Us
When you contact us by e-mail, telephone, or via a contact form, we process the data you provide (e.g. e-mail address, name, phone number, and the content of your inquiry) to answer your questions and/or handle your request.
The legal basis for this processing is Article 6 (1) (b) GDPR.
6. Data Processing for Contract Execution
(1) If you enter into a membership or other contractual relationship with us, we process your contact and payment data as well as communication and contractual data to fulfil, administer, and settle the agreed services. All of the above data — except communication data — are necessary for concluding the contract. Without this data, a contract cannot be concluded.
Your data may be passed on for this purpose to carefully selected service providers (e.g. communication-platform operators, etc.) who support us and are bound by our instructions.
(2) If you merely send us an inquiry without entering into a contract, we process your contact data solely to get in touch with you regarding your request.
(3) The legal basis for processing is the existing contractual relationship or pre-contractual measures under Article 6 (1) (b) GDPR.
7. Newsletter
(1) We send e-mails and other electronic notifications containing promotional information (hereinafter referred to as “newsletter”) only with your consent or legal authorisation. The newsletters include information about our products, offers, promotions, and our company. By subscribing to our newsletter, you agree to receive it.
(2) The use of a mailing service provider, the performance of statistical analyses, and the logging of the subscription process are based on our legitimate interests pursuant to Article 6 (1) (f) GDPR. Our interest lies in operating a user-friendly and secure newsletter system that serves both our business purposes and your expectations.
(3) You may revoke your consent to receive the newsletter at any time. A link for unsubscribing is included at the end of every newsletter.
8. Disclosure of Data to Third Parties and Third-Party Providers
(1) We only share your data with third parties if this is necessary for contractual purposes pursuant to Article 6 (1) (b) GDPR or can be justified on the basis of legitimate interests under Article 6 (1) (f) GDPR.
(2) If we engage subcontractors to provide our services, we take appropriate legal as well as technical and organisational measures to ensure the protection of personal data in accordance with legal requirements.
(3) If, within this Privacy Policy, third-party providers are mentioned whose registered offices are located in a third country, it can be assumed that data is transferred to the countries where these providers are based.
We process your data in a third country only if this is required:
to fulfil our (pre-)contractual obligations (Article 6 (1) (b) GDPR),
based on your consent (Article 6 (1) (a) GDPR),
due to a legal obligation (Article 6 (1) (c) GDPR), or
on the basis of our legitimate interests (Article 6 (1) (f) GDPR).
The same applies to processing by third parties acting on our behalf, to the disclosure of your personal data to third parties, and to its transfer to third countries.
9. Data Deletion
(1) The data we store will be deleted as soon as it is no longer required for its intended purpose and no legal retention obligations prevent its deletion. If data cannot be deleted because it is required for other lawful purposes, its processing will be restricted.
This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
(2) According to statutory provisions, retention takes place for:
six years under § 257 (1) HGB (German Commercial Code) (e.g. commercial books, inventories, business letters, accounting records), and
ten years under § 147 (1) AO (German Fiscal Code) (e.g. books, reports, accounting documents, and tax-relevant records).
10. Final Provisions
(1) We use technical and organisational security measures to protect your data, in particular against accidental or deliberate manipulation, loss, destruction, or unauthorised access. Our security measures are continuously improved in line with technological developments.
(2) We will update this Privacy Policy from time to time to reflect technical progress in our services.
If the changes do not affect the use of existing data, the new Privacy Policy applies from the date of its publication on our website.
If the change affects the use of data already collected, we will only make such changes if they are reasonable for you. In such cases, we will inform you in advance via e-mail, on our website, in our application, or in another suitable way.
You have the right to object to the new Privacy Policy within four weeks after receiving the notification. In case of objection, we reserve the right to terminate the contractual relationship.
If no objection is made within the mentioned period, the amended Privacy Policy shall be deemed accepted.
We will explicitly draw your attention to your right of objection and the significance of the objection period in the notification.
11. Your Rights
(1) You have the following rights regarding your personal data:
Right of access (Article 15 GDPR),
Right to rectification and erasure (Articles 16 and 17 GDPR),
Right to restriction of processing (Article 18 GDPR),
Right to object to processing (Article 21 GDPR),
Right to data portability (Article 20 GDPR).
(2) You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.
(3) You may revoke any consent you have given for data protection purposes at any time with effect for the future. The same applies to consent for marketing communications.
To do so, simply contact us informally via e-mail at datenschutz@windotec.de.
Please note that revocation may mean that certain services can no longer be provided or can only be provided to a limited extent.
(4) If we base the processing of your personal data on a balancing of interests (Article 6 (1) (f) GDPR), you have the right to object to the processing. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done.
In the event of a justified objection, we will examine the situation and either cease or adapt the data processing, or provide you with compelling legitimate grounds for continuing the processing.