Home | Data Protection
 
 

Contact Person

windream GmbH

Phone: +49 234 9734-0
info@windream.com

 

windream GmbH – Data Protection Policy According to the EU GDPR

 I.    Name and Address of the Controller

The controller according to the General Data Protection Regulation and to other national data protection regulations of the member states and other data protection regulations is:

windream GmbH
Wasserstraße 219
44799 Bochum
Germany
Phone: +49 (0) 234 97 34 0
E-Mail: datenschutz@windream.com
Website: www.windream.com

II.    Name and Address of the Data Protection Officer

The data protection officer of the controller is:Dr. Michael Duhme windream GmbHWasserstraße 21944799 BochumGermanyPhone: +49 (0) 234 97 34 568E-Mail: m.duhme@windream.comWebsite: www.windream.com

III.    General Information about Data Processing

1.    Scope of the Processing of Personal Data

We generally only process the personal data of our users if this is necessary for guaranteeing the functionality of our website and of our contents and services. The processing of personal data will only be executed under the consent of the respective user. An exception is only made in cases where a previous consent is not possible for factual grounds and the processing of the data is permitted by legal provisions.

2.    Legal Basis for Processing Personal Data

If we ask for the consent of the affected person, article  6 section 1 lit. a of the EU General Data Protection Regulation (GDPR) is the legal basis for doing so.
The legal basis for processing personal data which are necessary for executing a contract which includes the affected person as contracting party is article  6 section 1 lit. b GDPR. That is also valid for processing steps which are required for the execution of pre-contractual measures.
As soon as a processing of personal data is required to comply with a legal obligation of our company, article  6 section  1 lit. c GDPR is the legal basis.
For the case that crucial interests of the affected person or other natural persons require the processing of personal data, article  6 section  1 lit. d GDPR is the legal basis.
If the processing is necessary to fulfil a justified interest of a company or a third party and the interests, fundamental rights and fundamental freedoms of the affected person do not contradict the previously named interest, article 6 section  1 lit. f GDPR is the legal basis for processing.

3.    Data Erasure and Logging Period

The personal data of the affected person are erased or locked as soon as the reason for storage expires. Storage can also be executed if requested by the European or national legislator in union law regulations, laws or other provisions which the responsible person underlies. A locking or erasure of the data will also be executed if a retention period defined by the regulations mentioned above expires, unless the data is required to be further stored for the conclusion or performance of a contract.

IV.    Provision of the Website and Creation of Log Files

1.    Description and Scope of the Data Processing

At every access to our website, our system automatically captures data and information from the systems of the accessing computer.
The following data are captured:

(1)    information about the browser type and the version used,
(2)    the user’s operating system,
(3)    the user’s internet service provider,
(4)    the user‘s IP address,
(5)    date and time of the access,
(6)    websites from which the user’s system accesses our website,
(7)    websites which are accessed via our website by the user’s system.
The data are also saved in the log files of our system. A storage of these data together with other personal data of the user is not executed.

2.    Legal Basis for Data Processing

Article 6 section 1 lit. f GDPR is the legal basis for the temporary storage of the data and log files.

3.    Purpose of Data Processing

The temporary logging of the IP address by the system is required to guarantee the transfer of the website to the user’s computer. To do so, the user’s IP address needs to be logged for the duration of the session.
The logging in log files is executed to guarantee the functionality of the website. Additionally, the data will serve the purpose of optimizing our website and guaranteeing the security of our information technology systems. An evaluation of the data for marketing purposes is not executed in this context.

For these reasons, we have a legitimate interest in data processing according to article 6 section  1 lit. f GDPR.

4.    Duration of Logging

The data are erased as soon as they are no longer required for fulfilling the purpose that they were collected for. In the case of data collection for the purpose of providing the website, this is the case if the session is closed.

In the case of logging the data in log files, this is the case after seven days at the latest. Logging periods exceeding this duration are also possible. In this case, the IP addresses of the users will be deleted or distorted making allocation impossible.

5.    Right to Object and Right to Erasure

The gathering of data for providing the website and logging of data are absolutely necessary for running the website. Therefore, there is no possibility to object to these measures for the user.

V.    Use of Cookies

a) Description and Scope of the Data Processing

Our website uses cookies. Cookies are text files which are logged on the user’s computer system. If a user accesses a website, a cookie can be logged to the operating system of the user. This cookie contains a characteristic string which enables clear identification of the browser when accessing the website again.
We use cookies to make our website more convenient for users. Some elements of our website require that the accessing browser can be identified even after switching to another website.
In the cookies, the following data are logged and transmitted:
(1)    Language settings
(2)    Log-in information
Furthermore, we use cookies on this website which allow us to analyze the surfing habits of the user.

This way, the following data can be transmitted:
(1)    Entered search terms
(2)    Frequency of page views
(3)    Use of website functions
The user data collected this way are pseudonymized by technical measures. Therefore, assigning the data to the respective user is not possible anymore. The data are not logged together with other personal data.

b) Legal Basis for Data Processing

The legal basis for processing personal data by using cookies is article 6 section 1 lit. f GDPR.

c) Purpose of Data Processing

The purpose of using technologically necessary cookies is to make using websites more convenient for users. Some functions of our website cannot be provided without using cookies. For these functions, it is necessary that the browser is recognized after changing the website.
Cookies are required for the following purposes:
(1)    Application of language settings
(2)    Remembering search terms
The user data collected by cookies will not be used to create user profiles.
Analyzing cookies are used to improve the quality of our website and its contents. The analyzing cookies allow us to analyze how the website is used and to improve our offer constantly.
The reason for our interest in processing personal data according to article 6 section 1 lit. f lies in these purposes.

d) Duration of Logging, Right to Object and Right to Erasure

Cookies are logged on the user’s computer and transmitted to our website. Therefore, the user has complete control over the use of cookies. Changing the settings of your internet browser allows us to deactivate or restrict the transmission of cookies. Already saved cookies can be erased at any time. This can also be executed automatically. If cookies are deactivated for our website, it is no longer possible to use all functions of our website.

VI.    Newsletter

1.    Description and Scope of the Data Processing
Our homepage allows users to subscribe to a free newsletter. In this context, the data entered via the input mask are transmitted to us. You will be asked for your form of address, name, first-name and e-mail address.

Additionally the following data are collected during the registration:
(1)    IP address of the accessing computer
(2)    Date and time of the registration
You will be asked for your consent during the registration process and this data protection policy will be referred to.

Data will not be transferred to third parties within the scope of data processing for the newsletter. The data will be used for sending the newsletter only.

2.    Legal Basis for Data Processing

If the user consents, article 6 section 1 lit. a GDPR is the legal basis for processing the data after registering for the newsletter.

3.    Purpose of Data Processing

The e-mail address of the user is queried in order to guarantee distribution of the newsletter.
The gathering of other personal data within the scope of the registration process only serves the purpose of avoiding misuse of the services or of the e-mail address used.

4.    Duration of Logging

The data are erased as soon as they are no longer required for fulfilling the purpose that they were collected for. The e-mail address of the user is logged as long as the subscription to the newsletter is active.

The other personal data collected within the scope of the registration process will usually be erased after seven days.

5.    Right to Object and Right to Erasure

The subscription of the newsletter can be cancelled by the respective user at any. A link for this purpose can be found in every newsletter.

This also allows the user to revoke their consent to logging the data provided during the registration process.

VII.    Registration

1.    Description and Scope of the Data Processing

Our website allows users to register by providing personal data. The data are entered into an input field, transferred to us and logged. A transmission of the data to third parties is not executed. The following data will be collected during the registration process:
Form of address, name, first name, e-mail address, address and phone number.

Additionally, the following data are logged during the registration:
(1)    The user’s IP address
(2)    The date and time of the registration
During the registration process, the user needs to consent to the processing of these data.

2.    Legal Basis for Data Processing

If the user consents, article 6 section 1 lit. a GDPR is the legal basis for processing the data.

If the registration serves to fulfill a contract which includes the user as one of the affected parties or to fulfill precontractual measures, this is an additional legal basis for processing the data according to article 6 section 1 lit. b GDPR.

3.    Purpose of Data Processing

A registration by the user is required to provide certain contents and services on our website. These are: registrations for training modules, receiving the newsletter, registration for events hosted by windream GmbH or for trade shows. For these measures, the identification of the user is required.

4.    Duration of Logging

The data are erased once they are no longer required for fulfilling the purpose that they were collected for.

For the data collected during the registration process, this is the case once registration to the website is revoked or changed.

5.    Right to Object and Right to Erasure

Users are able to revoke their registration at any time. The logged data concerning your person can be changed at any time. The data will be changed or erased once our company is instructed accordingly. The erasure is monitored by the data protection officer in cooperation with the involved departments. The affected person will receive a written confirmation once the data has been changed / erased.

VIII.    Contact Form and Contact via E-Mail

1.    Description and Scope of the Data Processing

On our website, a contact form can be found which can be used for contacting us electronically. If this contact form is used, the data entered into the form will be transmitted to us and logged. These data are: name and first name, address (of the company), phone number, e-mail address and, if required, the position of the user in his / her company.

At the moment of the sending of the message, the following data are logged in addition:
(1)    The user’s IP address
(2)    date and time of the registration.
You will be asked for your consent for the processing of the data during the sending process and you will be referred to this data protection policy.

It is also possible to contact us via the respective e-mail address provided on our website. In this case, the personal data of the user transmitted with this e-mail are logged.

In this context, no data will be transmitted to third parties. The data will exclusively be used for the processing of the conversation.

2.    Legal Basis for Data Processing

If the user consents, article 6 section 1 lit. a GDPR is the legal basis for processing the data.

The legal basis for processing the data which are transmitted via sending an e-mail is article 6 section 1 lit. f GDPR. If the e-mail correspondence should have the aim to conclude a contract, an additional legal basis for the processing is article 6 section 1 lit. b GDPR.

3.    Purpose of Data Processing

The processing of personal data from the input mask is exclusively used for processing the contact request. In case of a contact via e-mail, this is the required interest in the processing of the data.
The other personal data processed during the sending process are used to avoid misuse of the contact form and to guarantee the security of our information technology systems.

4.    Duration of Logging

The data are erased once they are no longer required for fulfilling the purpose that they were collected for. For the personalized data from the input mask and the ones sent via e-mail, this is the case if the conversation with the user is finished. The conversation is finished if it can be concluded from the circumstances that the respective situation is conclusively clarified.

The personal data collected in addition during the sending process are erased after seven days at the latest.

5.    Right to Object and Right to Erasure

The user has the right to revoke his or her consent to the processing of the personalized data at any time. If the user contacts us via e-mail, he or she is able to object to the logging of his or her personal data at any time. In this case, the conversation cannot be continued. A revocation of the consent and objection to logging can be submitted in verbal or written form. An e-mail is also considered as written form.

All personalized data logged within the scope of the contacting process are erased in this case.

IX.    Rights of the Affected Person

If your personal data are processed, you are an affected person according to the GDPR and have the following rights vis à vis the controller:

1.    Right of Access (by the data subject)

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:
(1)    the purposes of the processing;
(2)    the categories of personal data concerned;
(3)    the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
(4)    where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5)    the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(6)    the right to lodge a complaint with a supervisory authority;
(7)    where the personal data are not collected from the data subject, any available information as to their source.
Where personal data are transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards pursuant to article 46 GDPR relating to the transfer.

2.    Right to Rectification

You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3.    Right to Restriction of Processing

You have the right to obtain from the controller restriction of processing where one of the following applies:
(1)    the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
(2)    the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3)    the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims
(4)    you have objected to processing pursuant to article  21 section  1 GDPR pending the verification whether the legitimate grounds of the controller override yours.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction has been executed according to the above mentioned requirements, you will be informed by the controller before the restrictions are lifted.

4.    Right to Erasure

a)    Obligation to erase
It is your right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(1)    the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2)    You withdraw consent on which the processing is based according to article  6 section 1 lit. a or article  9 section 2 lit. a GDPR and where there is no other legal ground for the processing.
(3)    You object to the processing pursuant to article  21 section  1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to article  21 section  2 GDPR;
(4)    the personal data have been unlawfully processed.
(5)    the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6)    the personal data have been collected in relation to the offer of information society services referred to in article 8 section 1 GDPR.

b)    Information of third parties
Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c)    Exceptions
The right to erasure does not apply to the extent that processing is necessary:
(1)    for exercising the right of freedom of expression and information;
(2)    for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3)    for reasons of public interest in the area of public health in accordance with points (h) and of article 9 section 2 lit 9(2) as well as article  9 section  2 lit. H and article  9 section  3 GDPR;
(4)    for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article  89 section 1 GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5)    for the establishment, exercise or defense of legal claims.

5.    Right to Information

If you have asserted the right to rectification, the right to erasure, or the right to restriction of processes to the controller, the controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to receive complete information about these recipients from the controller.

6.    Right to Data Portability

You have the right receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(1)    the processing is based on consent pursuant to article 6 section  1 lit. a GDPR or article  9 section  2 lit. a GDPR a contract pursuant to article  6 section 1 lit. b GDPR and
(2)    the processing is carried out by automated means.
In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The right shall not adversely affect the rights and freedoms of others.
The exercise of the right shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7.    Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on article 6 section 1 lit. e or (f) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8.    Right to Object the Data Protection Declaration

You have the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest. The objection does not affect the procession which took place until the objection.

9.    Automated Individual Decision Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. That does not apply if the decision:
(1)    is necessary for entering into, or performance of, a contract between the data subject and a data controller,
(2)    is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
(3)    is based on the data subject’s explicit consent.
Decisions referred to above shall not be based on special categories of personal data referred to in Article  9 section 1, unless point (a) or (g) of Article 9 section 2 applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10.    Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to article 78 GDPR.

Download

 

Contact Person

windream GmbH

Phone: +49 234 9734-0
info@windream.com