Thank you for your interest in Windeit Software GmbH (hereinafter referred to as “Windeit”, we and/or us). Our executive team considers data protection to be very important, which means that the protection of your private sphere during the processing of personal data and the use of our web pages are of particular importance to us.
You can generally use our website without providing any personal data. However, if make use of particular services offered by our company via our website or wish to contact us, the processing of personal data may be necessary. If it is necessary to process personal data and if there is no legal basis for such processing, we will generally obtain the consent of the data subject.
The processing of personal data, for example the name, address, email address or telephone number of a data subject, always takes place in accordance with the requirements of the EU General Data Protection Regulation (EU GDPR) and in compliance with the country-specific data protection provisions applicable in Germany.
1. Contact details of the Data Controller
According to the EU GDPR and the national data protection regulations, the Data Controller is:
Managing Director: Michael Frautz
Local Court of Lübeck HRB 13937 HL
2. Contact details of the Data Protection Officer
The Data Protection Officer of Windeit is:
Oscar Nissen (NNW Consulting GmbH)
Lübecker Straße 89
D-23843 Bad Oldesloe
If you have any queries and suggestions concerning data protection, you may consult our Data Protection Officer directly.
3. Use of website/collection of general data and information
The website of Windeit collects a range of general data and information with every access to the website by you or an automated system. This general data and information are stored in the log files of our server.
They comprise the name of the visited web page, the file, the date and time of access, the transferred volume of data, the notification of successful access, the browser type including the version, the user’s operating system, the referrer URL (the previously visited web page), the IP address and the internet service provider as well as other similar data and information that serve risk prevention in the event of attacks on our information technology systems.
When using this general data and information, Windeit does not draw any conclusions on the identity of the data subject. This information is rather required to correctly display the contents of our website, to optimise the contents of our website, to guarantee the permanent functionality of our information technology systems and the technology of our website, and to provide law enforcement authorities with the information necessary for prosecution in case of a cyber attack. This data and information, which is collected on an anonymous basis, will therefore be evaluated by us for statistical purposes on the one hand, and furthermore, to improve data protection and data security in our company with the final aim of providing an ideal level of protection for the personal data processed by us. The data from the server log files will be stored separately from all of the personal data provided by a data subject.
By means of cookies, the information and offers on our website can be optimised for the benefit of the user. Cookies allow us to recognise the users of our website on a pseudonymised basis. The purpose of this recognition is to make the use of our website easier and to save the technical settings of the user. The data subject can prevent the placement of cookies by our website at any time by correspondingly setting the internet browser used and thus permanently object to the placement of cookies. Furthermore, cookies which have already been placed can be erased at any time via an internet browser or other software programmes. This is possible in all conventional browsers. If the data subject disables the placement of cookies in the web browser used, it may not be possible to use all features of our website to their full extent in some circumstances.
Other cookies used by Windeit serve the purpose of user-friendly experience and are deleted at the end of the browser session (session cookies).
3.2 Use of Google Analytics
On our website we use Google Analytics, a web analysis service of Google LLC (“Google”). The use is based on point (f) of Article 6(1) GDPR and/or Article 15(3) TMG [German Telemedia Act]. Google Analytics uses “cookies”, text files stored on your computer which help to analyse how you use our website. The information regarding your use of the website which is generated by the cookie, including
- the browser type/version,
- the operating system used,
- the referrer URL (previously visited web page),
- the host name of the accessing computer (IP address),
- the time of the server query,
will usually be transferred to a Google server in the USA and stored there. The IP address transmitted by your browser in the context of Google Analytics will not be associated with any other data from Google. Additionally, we have extended Google Analytics with the code “anonymizeIP” on this website. This means that your IP address is abbreviated by Google within European Union member states or other states which are part of the European Economic Area before it is transmitted. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On our behalf, Google will use this information to analyse your use of the website, to compile reports about the website activities and to provide further services which are connected to the use of both this website and the internet towards us. By changing your browser settings accordingly, you can prevent cookies from being stored; please note, however, that you may not have full access to all website functions in this case.
Data sent by us and data linked to cookies, user IDs or advertising IDs are automatically erased after 14 months. Data that have reached their retention period are automatically erased once a month. For more information on the terms of service and data protection, please visit https://www.google.com/analytics/terms/de.html and/or https://policies.google.com/?hl=de.
You can also prevent the data generated by the cookie and relating to the use of the website on your part (including your IP address) from being gathered and processed by Google by downloading and installing the browser plug-in which is available at the link below: tools.google.com/dlpage/gaoptout. As an alternative to this browser add-on, especially with browsers on mobile end devices, you can also prevent the collection of data by Google Analytics by clicking on this link Disallow Google Analytics to track me. An opt-out cookie will be placed which prevents the future collection of your data when visiting this website. The opt-out cookie applies to this browser and to our website only, and will be placed on your device. If you delete the cookies in this browser, it will be necessary for you to place the opt-out cookie again.
3.3 Use of Matomo (previously: PIWIK)
With the use of the software of the web analysis service Matomo (www.matomo.org), a service which is provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, (“Mataomo”), we collect and store data on the basis of our legitimate interest in the statistical analysis of user behaviour for the purposes of optimisation and marketing according to point (f) of Article 6(1) EU GDPR. For the same purpose, this data may be used for the creation and evaluation of pseudonymised user profiles. Cookies may also be used for this purpose. Cookies are small text files which are stored locally in the buffer of the internet browser of the website visitor. The cookies enable, among other things, the recognition of the internet browser. The data that are collected with the Matomo technology (including your pseudonymised IP address) will be processed on our servers.
The information generated by the cookie in the pseudonymised user profile will not be used for the personal identification of visitors to this website and will not be combined with personal data regarding the bearer of the pseudonym.
If you do not agree to the storage and evaluation of your visit information for user analysis purposes, you can object to the storage and use at any time by clicking below. In this case, an opt-out cookie will be placed in your browser, meaning Matomo will not collect any session data. Please note that the complete erasure of your cookies will mean that the opt-out cookie is also deleted and may have to be activated by you once again.
3.4 Use of third-party services and content
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation of our online offering in terms of point (f) of Article 6(1) EU GDPR), within our online offering, we use content or services which are provided by third parties for the purpose of embedding their content and services, such as videos, navigation services or fonts (hereinafter uniformly referred to as “content”).
This consistently requires the third-party providers of such content (e.g. Google LLC.) to know the user’s IP address, as they would not otherwise be able to send the content to the user’s browser. The IP address is therefore required to display the content. We will attempt to only make use of content whose provider uses the IP address exclusively for the delivery of the content. In addition, third parties may use what are known as pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Using the “pixel tags”, information such as visitor traffic on the pages of this website can be analysed. The pseudonymised information can also be saved as cookies on the user’s device; among other data, this may contain technical information on the browser and operating system, the referring web pages, the time of access and other information on the use of our online services, and it can be linked with information from other sources.
4. Data protection in applications and in the application process
Windeit will only collect and process the personal data of applicants for the purpose of the implementation of the application process. The processing can also take place electronically. In particular, this is the case when an applicant transfers the corresponding application documents to us electronically; by email, for instance. If an employment contract is entered into with the applicant, the data transferred will be stored and processed for the purpose of the implementation of the employment relationship in compliance with the applicable statutory provisions.
The processing takes place on the basis point (b) of Article 6(1) EU GDPR in connection with Article 26 BDSG [German Data Protection Act].
If no employment contract arises, the application documents will be erased six months after the notification of the decision of rejection, if there are no other legitimate interests of Windeit to the contrary. Other legitimate interests in this context include, for example, burden of proof in a process under the General Equal Treatment Act (AGG).
The processing takes place on the basis of point (f) of Article 6(1) EU GDPR.
5. Contractual relationships/rule regarding the forwarding of data
Within Windeit, your data (e.g. name, address, invoicing address, telephone number, email address, etc.) will be accessed by the positions, departments and employees that require such data for the fulfilment of our contractual and statutory obligations. Processors who are appointed by us (Article 28 EU GDPR) can also receive data for such purposes. In particular, this includes companies in the following categories: IT services, technical services, logistics, printing services, telecommunications, debt collection, consulting and advice as well as sales and marketing. In addition to this, data can also be forwarded to external persons (such as solicitors) if this is necessary for the enforcement of legal interests.
The forwarding of data to further recipients external to Windeit will only take place if required by the statutory provisions or you have provided your consent. On this basis, in the event of the existence of a statutory or official obligation, the recipients of personal data can, in particular, be public bodies and institutions (supervisory authorities, financial authorities, social insurance providers), or the recipients indicated by us in the scope of the provision of your consent for the transfer of data.
A transfer of data to third countries or international organisations on the part of Windeit is intended in the scope of the framework described above (e.g. Google), or if ordering parties/customers are based in third countries and this is necessary for the implementation of the contracts; the legal basis is point (b) of Article 6(1) in connection with Articles 44 and 49 EU GDPR.
6. Categories of data and legal bases
The categories of personal data that are collected include the following data in particular:
- a) Personal data and contact data:
We define master data and contractual data as all the data of a customer that we collect for the establishment, content-related configuration, amendment or termination of a contractual relationship regarding the contractual services and for the necessary communication on our part. This includes, for example, the name, address, invoicing address, telephone and fax numbers, possible start of the contract, possible banking details for direct debit settlements, the email address, mandates, contract details of authorised representatives, etc. The processing takes place on the basis of point (b) of Article 6(1) EU GDPR.
- b) Other obligations for processing and storage:
n the scope of the statutory storage obligations regarding tax and business law, it is furthermore necessary for the data processing to be restricted and for data to be archived. The processing takes place on the basis of point (c) of Article 6(1) EU GDPR.
- c) If necessary, we process your data beyond the actual fulfilment of the contract to safeguard our and third parties’ legitimate interests.
Examples: The verification and optimisation of processes for needs analyses and directly approaching customers; advertising or market and opinion research, insofar as you have not objected to the use of your data; the assertion of legal claims and defence in the event of legal disputes, ensuring IT security and IT operations; measures for business management and the further development of services and products.
The processing takes place on the basis of Article 6(1) point (f) EU GDPR.
7. Contacting us
If you contact Windeit (using the contact form or by email, for example), we will store your data from the enquiry form including the contact data provided by you (required obligatory information and voluntary information are highlighted accordingly on the appropriate form) for the processing of the enquiry and in case follow-up questions arise. Following the conclusion of the enquiry, your data will be routinely erased unless you are one of our customers or this is prevented due to the statutory retention periods.
The further processing of the data, its use for other processes or the forwarding of this data will not occur without your consent.
8. The routine erasure and restriction of processing of personal data
Windeit will only processes and store the personal data of the data subject for the period which is necessary for achieving the purpose of its storage or insofar as this has been provided for by European or national legislation to which Windeit is subject.
Where necessary, we will process and store your personal data for the duration of our business relationship, including the initiation and execution of a contract, for example.
In addition to this, we are also subject to various retention and documentation obligations which, among others, are stipulated by the German Commercial Code (HGB) and the German Fiscal Code (AO). The stipulated periods for the retention and/or documentation may total up to 10 years.
The retention period is also determined in accordance with the statutory limitation period which, for example, is generally three years in accordance with Article 195 et seq. of the German Civil Code (BGB) but may also be up to thirty years in some cases.
If the purpose of the storage ceases to apply or if a retention period stipulated by the European or national regulations elapses, the processing of the personal data will be routinely restricted or the data will be erased according to the statutory regulations.
9. Rights of the Data Subject
You can exercise the following rights at any time:
- Right of access according to Article 15 EU GDPR
- Right to rectification according to Article 16 EU GDPR
- Right to erasure/right to be forgotten according to Article 17 EU GDPR
- Right to the restriction of processing according to Article 18 EU GDPR
- Right to data portability according to Article 20 EU GDPR
- Right to object according to Article 21 EU GDPR
Right to object: If we carry out the processing of data in order to safeguard our legitimate interests, on the basis of the reasons that arise due to your specific situation, you have the right to object to this processing at any time. In particular, this also includes the right to lodge an objection to processing for advertising purposes. The objection applies with future effect.
For the right of access and right to erasure, the restrictions according to Articles 34 and 35 BDSG (revised version) [German Data Protection Act] apply. The right to lodge a complaint with a supervisory authority for data protection also exists (Article 77 EU GDPR in connection with Article 19 BDSG [revised version]).
To exercise your rights, you can also contact our Data Protection Officer or Windeit using the aforementioned data.
10. Security of processing
Windeit applies technical and organisational security measures according to Article 32 EU GDPR in order to protect your personal data against destruction, loss or change, whether unintentional or unlawful, or the unauthorised disclosure and/or unauthorised access to personal data which has been transferred, stored or processed in any other way. In particular, this includes an encryption of the access to websites with the use of current and appropriately state of the art processes.
Windeit has furthermore implemented a procedure for the regular verification, assessment and evaluation of the technical and organisational measures that have been taken in the interests of continuously improving our security measures in accordance with the technological developments.