• Bild

Data privacy policy

This data privacy policy informs you of the type, scope and purpose of the processing of personal data (hereinafter referred to as “Data") within our online offer and the associated websites, functions and contents as well as external online sites, e.g. our social media profiles (hereinafter jointly referred to as “Online Offer"). With regard to the terms used, such as for example “Processing” or “Controller”, please refer to the definitions provided in Art. 4 of the General Data Protection Regulation (GDPR).

Controller

Wink Stanzwerkzeuge GmbH & Co. KG
Lerchenstraße 12-18
49828 Neuenhaus, Germany 
Tel.: +49(0)5941/9270-0
Fax: +49(0)5941/9270-9900
e-Mail: info@wink.de

If you have any questions about data protection, please contact our data protection officer:
datenschutzbeauftragter@wink.de

Types of data processed:

- Customer data (e.g. names, addresses)
- Contact data (e.g. e-mail, telephone numbers)
- Content data (e.g. text entries, photographs and videos)
- Usage data (e.g. websites visited, interest in content and access times)
- Meta/communication data (e.g. information on devices, IP addresses)

Purpose of processing

- Provision of the online offer, its functions and its contents
- Response to contact enquiries and communication with users
- Security measures
- Reach measurement/marketing

Terms used

“Personal Data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (such as a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is wide-ranging and means practically any handling of data. 

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of personal data processing. 

Applicable legal basis

In accordance with Art. 13 GDPR, we hereby inform you of the legal basis of our data processing. If the legal basis is not stated in the data privacy policy, the following applies: The legal basis for obtaining consents is Art. 6(1)(a) and Art. 7 GDPR, the legal basis for processing in order for us to fulfil our services and carry out contractual measures and answer enquiries is Art. 6(1)(b) GDPR, the legal basis for processing in order for us to fulfil our legal obligations is Art. 6(1)(c) GDPR, and the legal basis for processing in order for us to protect our legitimate interests is Art. 6(1)(f) GDPR. If processing is necessary in order to protect the vital interests of the data subject or of another natural person, Art. 6(1)(d) shall serve as the legal basis.

Security measures

We would request you to regularly update yourself about the contents of our data privacy policy. We adapt our data privacy policy as soon as changes in the data processing we perform make this necessary. We will inform you whenever the changes require your cooperation (e.g. consent) or other individual notification.

Cooperation with order processors and third parties

If, during our processing, we disclose data to other persons and companies (order processors or third parties), transmit such data to them or otherwise grant them access to the data, this will only take place on the basis of a legal authorisation (e.g. where transmission of the data to third parties such as payment service providers is necessary for the performance of a contract, as laid down in Art. 6(1)(b) GDPR), or if you have given your consent, or for compliance with a legal obligation or on the basis of our legitimate interests (e.g. when we use representatives, web hosters, etc.). 

Where we commission third parties with the processing of data on the basis of a "processing contract", this is carried out on the basis of Art. 28 GDPR. 

Transfers to third countries

Where we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or do so in connection with the use of services from third parties or the disclosure or transfer of data to third parties, then this only takes place if it is necessary to comply with our (pre)contractual obligations, on the basis of your consent or a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual authorisation, we will only process or have the data processed in a third country if the special requirements of Art. 44 ff. GDPR are fulfilled. This means, for example, that processing is carried out on the basis of special guarantees such as the officially recognised setting of a data protection level which matches that of the EU (e.g. " Privacy Shield " for the USA) or based on compliance with officially recognised special contractual obligations ("standard contractual clauses").

Rights of the data subjects

You have the right to obtain confirmation as to whether the personal data is being processed and to request information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.

Pursuant to Art. 16 GDPR, you have the right to request completion of data concerning you or rectification of inaccurate data concerning you.

You have the right to demand that relevant data be erased immediately in accordance with Art. 17 GDPR or, alternatively, to demand a restriction of the processing of the data in accordance with Art. 18 GDPR.

In accordance with Art. 20 GDPR, you have the right to receive the data concerning you which you provided to us and to demand its transmission to other controllers. 

Furthermore, pursuant to Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority. 

Right of withdrawal

You have the right, pursuant to Art. 7(3) GDPR, to withdraw any consent you have given, with effect for the future.

Right to object

Pursuant to Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you. Objection may be raised in particular against data being processed for direct marketing purposes.

Cookies and the right to object in the event of direct marketing

"Cookies" are small files that are cached on the user's computer. Processing is carried out on the basis of the controller’s legitimate interests pursuant to Art. 6(1)(f) GDPR. The use of cookies is necessary in order to pursue these interests. Various data can be stored inside the cookies. A cookie serves primarily to store information about a user (or the device on which the cookie is stored) during or after his visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. The contents of a shopping basket in an online shop or a login status, for example, can be stored in such a cookie. Cookies that remain stored even after the browser is closed are referred to as "permanent" or "persistent" cookies. Thus, for example, the login status of the user can be remembered when he returns to this online offer after several days. Similarly, such cookies may store the interests of users for reach measurement or marketing purposes. “Third-Party Cookies" are cookies set by providers other than the controller operating the online offer (those set by the controller are referred to as “First-Party Cookies").

We may use temporary and permanent cookies and provide you with an explanation about this in our data privacy policy.

If users do not want cookies to be stored on their computer, they are asked to deactivate the relevant option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Non-acceptance of cookies may lead to restrictions in the functions of this online offer.

A general objection to the use of cookies for online marketing purposes can be lodged with many of the services, especially in the case of tracking, via the US website www.aboutads.info/choices/or the EU website www.youronlinechoices.com. Furthermore, stored cookies can be deactivated in your browser settings. Please note that in this case it may not be possible to use all the functions of this online offer. 

Deletion of data

The data processed by us is erased or its processing is restricted pursuant to Articles 17 and 18 GDPR. Unless expressly stated otherwise in this data privacy policy, the data stored by us will be erased as soon as it is no longer required for its intended purpose and if its deletion is not prevented by any statutory retention obligations. If the data is not deleted because it is needed for other lawful purposes, its processing will be restricted. This means that the data will be blocked and not processed for any other purposes. This applies, for example, to data that must be retained for commercial or tax reasons. 

Under German law, data is stored for 10 years in accordance with Articles 147 para. 1 of the German tax code, the AO, 257 (1) nos. 1 and 4, para. 4 of the German commercial code, the HGB (books, records, management reports, accounting documents, trading books, documents relevant for taxation, etc.) and 6 years in accordance with Art. 257 (1) no. 2 and 3, para. 4 HGB (commercial papers).

Hosting

The hosting services we employ provide the following: infrastructure and platform services, computing capacity, memory and database services, security services and technical maintenance services, which we employ for the purpose of operating this online offer.  

In so doing, we or our hosting provider process customer data, contact data, content data, contract data, usage data, metadata and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in the efficient and secure provision of this online offer pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of processing contract). 

Collection of access data and log files

We, or our hosting provider, collect the following data on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR regarding each access to the server on which this service is located (server log files). The name of the accessed website, the file, the date and time of access, transferred data volume, notification of successful access, browser type and version, the user's operating system, the referrer URL (previously visited page), the IP address and the requesting provider are all examples of access data.

Log file information is stored for up to 7 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data which must be kept longer for evidentiary purposes is excluded from deletion until the respective incident has been definitively clarified.

Administration, financial accounting, office organisation, contact management

We process data in connection with administrative tasks and the organisation of our company, financial accounting and compliance with legal obligations, such as archiving. In so doing, we process the same data that we process while performing our contractual services. The processing is based on Art. 6(1)(c) GDPR, Art. 6(1)(f) GDPR. Data subjects of the processing are customers, prospective customers, business partners and website visitors. The purpose of and our interest in the processing lies in administration, financial accounting, office organisation, archiving of data, i.e. tasks that serve the upkeep of our business activities, the fulfilment of our tasks and the provision of our services. The deletion of the data in terms of contractual services and contractual communication is in accordance with the information provided for these processing activities.

We disclose or transmit data to tax authorities, consultants such as tax consultants or auditors, and other fee collectors and payment service providers.

Furthermore, we store data concerning suppliers, organisers and other business partners on the basis of our business interests, e.g. for the purpose of entering into contact at a later date. We store this data, most of which is company-related, long-term.

Privacy policy as regards the application process

We process the data of applicants only for the purpose and in the context of the application process in accordance with the legal requirements. The applicant’s data is processed to fulfil our (pre)contractual obligations during the application procedure pursuant to Art. 6(1)(b) GDPR Art. 6(1)(f) GDPR, where data processing is necessary for us, e.g. during legal proceedings (in Germany, Art. 26 of the data protection act BDSG applies in addition).

A prerequisite of the application procedure is that applicants provide us with their data. The required applicants’ data is marked as such if we offer an online form. Otherwise it can be derived from the job descriptions, and in principle it includes personal data, postal and contact addresses and the documents accompanying the application, such as cover letter, curriculum vitae and certificates. Moreover, applicants may voluntarily provide us with additional information.

By submitting the application to us, applicants agree to their data being processed for the purposes of the application procedure in line with the manner and scope set out in this data privacy policy.

Insofar as special categories of personal data as defined in Art. 9(1) GDPR are voluntarily communicated during the application procedure, they are also processed in accordance with Art. 9(2)(b) GDPR (e.g. health data, such as degree of disability or ethnic origin). Insofar as special categories of personal data as defined in Art. 9(1) GDPR are voluntarily communicated during the application procedure, they are also processed in accordance with Art. 9(2)(b) GDPR (e.g. health data, such as degree of disability or ethnic origin).

If provided by us, applicants can send us their applications via an online form on our website. The data will be encrypted and transmitted to us in accordance with state-of-the art technology.

Applicants may also send us their applications by e-mail. Please note, however, that e-mails are not generally sent in an encrypted form and that the applicants themselves must ensure that they are encrypted. We cannot therefore accept any responsibility for the transfer of the application from sender to our server and would recommend that you use an online form or send the application by post, because applicants can still send us their application by post instead of using the online application form or e-mail.

If the application is successful, the data provided by the applicant can be further processed by us for the purpose of employment. Otherwise, if an application for a job offer is not successful, the applicant's data will be deleted. The data of an applicant will also be deleted if the application is withdrawn, which the applicant is entitled to do at any time.

The deletion will take place, if the applicant has a justified right of withdrawal, after a period of six months, so that we can answer any follow-up questions to the application and meet our obligations to provide supporting evidence under the Equal Treatment Act. Bills for the reimbursement of any travel expenses will be archived in accordance with the tax regulations.

Contacting us

When contacting us (e.g. by contact form, e-mail, telephone or through social media), the user's data is processed pursuant to Art. 6(1)(b) GDPR in order for us to handle the contact enquiry and its execution. The user's data may be stored in a customer relationship management system ("CRM system") or comparable enquiry system.

We delete the enquiries if they are no longer needed. We review the necessity every two years; the statutory archiving obligations also apply.

Online presences in social media

We maintain online sites on social networks and platforms in order to communicate with customers, interested parties and users who are active there and to inform them about our services. When the relevant networks and platforms are accessed, the terms and conditions and data processing guidelines of the corresponding operators apply.

Unless otherwise stated in our privacy policy, we process the data of users who communicate with us on social networks and platforms, e.g. by posting articles on our websites or sending us messages.

Integration of third-party services and content

Within our online offer, we use content or service offers of third-party providers on the basis of our legitimate interests, i.e. interest in the analysis, optimisation and economic operation of our online offer pursuant to Art. 6(1)(f) GDPR to integrate their content and services such as e.g. videos or fonts (referred to collectively hereinafter as “Content").

This always presupposes that the third-party providers of this content are aware of the IP address of the users, as they would not be able to send the content to their browsers without the IP address. The IP address is hence required for this content to be displayed. We endeavour to use only such content whose respective providers use the IP address for the delivery of the content only. Third-party providers may also use pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. By means of the "pixel tags" information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the user's device and include technical information about the browser and operating system, linked websites, visit time and other information about the use of our online offer, and may also be linked to such information from other sources.

Youtube

We incorporate videos from the platform “YouTube” offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

Google Maps

We incorporate maps from the service “Google Maps” offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed may include, in particular, the IP addresses and location data of users, which may not, however, be collected without their consent (usually in connection with the settings of their mobile devices). The data may be processed in the USA. Privacy policy: https://www.google.com/policies/privacy/opt-outhttps://adssettings.google.com/authenticated.

Twitter

Our online offer may incorporate functions and content of the Twitter service, provided by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This may include, e.g., content such as images, videos or texts and buttons with which users can express their appreciation of the content, or subscribe to the authors of the content or our contributions. If the users are members of the Twitter platform, Twitter can map access to the above content and functions to the users' profiles on the platform. Twitter is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law  (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy policy: https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization.

Xing

Our online offer may incorporate functions and content of the Xing service, provided by XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. This may include, e.g., content such as images, videos or texts and buttons with which users can express their appreciation of the content, or subscribe to the authors of the content or our contributions. If the users are members of the Xing platform, Xing can map access to the above content and functions to the users' profiles on the platform. Xing’s privacy policy: https://www.xing.com/app/share?op=data_protection..

LinkedIn

Our online offer may incorporate functions and content of the LinkedIn service, provided by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. This may include, e.g., content such as images, videos or texts and buttons with which users can express their appreciation of the content, or subscribe to the authors of the content or our contributions. If the users are members of the LinkedIn platform, LinkedIn can map access to the above content and functions to the users' profiles on the platform. LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.. LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy policy: https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.