We are very pleased that you are interested in Windeit Software GmbH (hereinafter referred to as “Windeit”, we or us). Data protection is of great importance to our management; accordingly, the protection of your privacy during the processing of your personal data and the use of our Internet pages is of particular concern to us.
The use of our Internet pages is generally possible without the specification of any personal data. If you make use of special services of our enterprise via our website or if you want to contact us, processing of personal data could become necessary. If the processing of personal data is necessary and if there is no legal basis for such processing, we will always obtain the data subject’s consent.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall be in line with the requirements of the EU Data Protection Regulation (EU GDPR), and in accordance with the other applicable data protection regulations in Germany.
By means of this data protection declaration, we would like to inform the public about the nature, scope and purpose of the personal data we process. Furthermore, by means of this data protection declaration, data subjects are informed about the rights to which they are entitled and the information obligations pursuant to Art. 13, 14 EU-DSGVO are fulfilled.
Contact details of the responsible person
The responsible party within the meaning of the EU-DSGVO and national data protection regulations is:
Windeit Software GmbH
Lübecker Straße 89
23843 Bad Oldesloe
Telephone: +49 4531 89844-00
Managing Director: Michael Frautz
Local court Lübeck HRB 13937 HL
Contact details of the data protection officer
The data protection officer of Windeit is
Oscar Nissen (NNW Consulting GmbH)
Lübecker Straße 89
D-23843 Bad Oldesloe
You can contact our data protection officer directly at any time with all questions and suggestions regarding data protection.
1. Use of website/collection of general data and information
The website of Windeit collects a range of general data and information with every access to the website by you or an automated system. This general data and information are stored in our server’s log files.
They comprise the name of the visited web page, the file, the date and time of access, the transferred volume of data, the notification of successful access, the browser type including the version, the user’s operating system, the referrer URL (the previously visited web page), the IP address and the internet service provider as well as other similar data and information that serve risk prevention in the event of attacks on our information technology systems.
When using this general data and information, Windeit does not draw any conclusions on the data subject’s identity. This information is rather required to correctly display the contents of our website, to optimise the contents of our website, to guarantee the permanent functionality of our information technology systems and the technology of our website, and to provide law enforcement authorities with the information necessary for prosecution in case of a cyber attack. This data and information, which is collected on an anonymous basis, will therefore be evaluated by us for statistical purposes on the one hand, and furthermore, to improve data protection and data security in our company with the final aim of providing an ideal level of protection for the personal data processed by us. The data from the server log files will be stored separately from all of the personal data provided by a data subject.
By means of cookies, the information and offers on our website can be optimised for the benefit of the user. Cookies allow us to recognise our website users on a pseudonymised basis. The purpose of this recognition is to make the use of our website easier and to save the technical settings of the user. The data subject can prevent the placement of cookies by our website at any time by correspondingly setting the Internet browser used and thus permanently object to the placement of cookies. Furthermore, cookies that have already been placed can be erased anytime via an Internet browser or other software programs. This is possible in all conventional browsers. If the data subject disables the placement of cookies in the web browser used, it may not be possible to use all features of our website to their full extent in some circumstances.
Other cookies used by Windeit serve the purpose of a user-friendly experience and are deleted at the end of the browser session (session cookies).
2. Contractual relationships/rule regarding the forwarding of data
Within Windeit, your data (e.g. name, address, invoicing address, telephone number, email address, etc.) will be accessed by the positions, departments and employees that require such data to fulfil our contractual and statutory requirements obligations. Processors who are appointed by us (Article 28 EU GDPR) can also receive data for such purposes. In particular, this includes companies in the following categories: IT services, technical services, logistics, printing services, telecommunications, debt collection, consulting and advice as well as sales and marketing. In addition, data can also be forwarded to external persons (such as solicitors) if this is necessary to enforce legal interests.
The forwarding of data to further recipients external to Windeit will only take place if required by the statutory provisions or if you have provided your consent. On this basis, in the event of the existence of a statutory or official obligation, the recipients of personal data can, in particular, be public bodies and institutions (supervisory authorities, financial authorities, social insurance providers), or the recipients indicated by us in the scope of the provision of your consent for the transfer of data.
A transfer of data to third countries or international organizations on the part of Windeit is possible if ordering parties/customers are based in third countries and this is necessary for the implementation of the contracts; the legal basis is point (b) of Article 6(1) in connection with Articles 44 and 49 EU GDPR.
3. Categories of data and legal bases
The categories of personal data that are collected include the following data in particular:
- a) Personal data and contact data:
We define master data and contractual data as all the data of a customer that we collect for the establishment, content-related configuration, amendment or termination of a contractual relationship regarding the contractual services and for the necessary communication on our part. This includes, for example, the name, address, invoicing address, telephone and fax numbers, possible start of the contract, possible banking details for direct debit settlements, the email address, mandates, contract details of authorised representatives, etc. The processing takes place on the basis of point (b) of Article 6(1) EU GDPR.
- b) Other obligations for processing and storage:
In the scope of the statutory storage obligations regarding tax and business law, it is furthermore necessary for the data processing to be restricted and for data to be archived. The processing takes place on the basis of point (c) of Article 6(1) EU GDPR.
- c) If necessary, we process your data beyond the actual fulfilment of the contract to safeguard our and third parties’ legitimate interests.
Examples: The verification and optimisation of processes for needs analyses and directly approaching customers; advertising or market and opinion research, insofar as you have not objected to the use of your data; the assertion of legal claims and defence in the event of legal disputes, ensuring IT security and IT operations; measures for business management and the further development of services and products.
The processing takes place on the basis of Article 6(1) point (f) EU GDPR.
4. Contacting us
If you contact Windeit (using the contact form or by email, for example), we will store your data from the enquiry form including the contact data provided by you (required obligatory information and voluntary information are highlighted accordingly on the appropriate form) for the processing of the enquiry, and in case follow-up questions arise. Following the conclusion of the enquiry, your data will be routinely erased unless you are one of our customers or this is prevented due to the statutory retention periods.
The further processing of the data, its use for other processes or the forwarding of this data will not occur without your consent.
5. The routine erasure and restriction of processing of personal data
Windeit will only process and store the personal data of the data subject for the period which is necessary for achieving the purpose of its storage or insofar as this has been provided for by European or national legislation to which Windeit is subject.
Where necessary, we will process and store your personal data for the duration of our business relationship, including initiating and executing a contract, for example.
In addition to this, we are also subject to various retention and documentation obligations which, among others, are stipulated by the German Commercial Code (HGB) and the German Fiscal Code (AO). The stipulated periods for the retention and/or documentation may total up to 10 years.
The retention period is also determined in accordance with the statutory limitation period which, for example, is generally three years in accordance with Article 195 et seq. of the German Civil Code (BGB) but may also be up to thirty years in some cases.
If the purpose of the storage ceases to apply or if a retention period stipulated by the European or national regulations elapses, the processing of the personal data will be routinely restricted or the data will be erased according to the statutory regulations.
6. Rights of the Data Subject
You can exercise the following rights at any time:
- Right of access according to Article 15 EU GDPR
- Right to rectification according to Article 16 EU GDPR
- Right to erasure/right to be forgotten according to Article 17 EU GDPR
- Right to the restriction of processing according to Article 18 EU GDPR
- Right to data portability according to Article 20 EU GDPR
- Right to object according to Article 21 EU GDPR
Right to object: If we carry out the processing of data in order to safeguard our legitimate interests, on the basis of the reasons that arise due to your specific situation, you have the right to object to this processing at any time. In particular, this also includes the right to lodge an objection to processing for advertising purposes. The objection applies with future effect.
The restrictions according to Articles 34 and 35 BDSG (revised version) [German Data Protection Act] apply to the right of access and the right to erasure. The right to lodge a complaint with a supervisory authority for data protection also exists (Article 77 EU GDPR in connection with Article 19 BDSG [revised version]).
7. Security of processing
Windeit applies technical and organizational security measures according to Article 32 EU GDPR in order to protect your personal data against destruction, loss or change, whether unintentional or unlawful or the unauthorized disclosure and/or unauthorized access to personal data which has been transferred, stored or processed in any other way. In particular, this includes encryption of access to websites with the use of current and appropriately state-of-the-art processes.
Windeit has furthermore implemented a procedure for the regular verification, assessment and evaluation of the technical and organizational measures that have been taken to continuously improve our security measures in accordance with technological developments.