Data protection notice

Privacy policy and information on data protection

The protection of your personal data that you make available to us for processing is important to us. us a particular concern. In the following, we provide information about the processing of personal data when using our online services.

In the context of our responsibility under data protection law, the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: "GDPR"), we have additional obligations have been imposed on us in order to ensure the protection of personal data of the data data subject (hereinafter we also refer to you as the data subject as "customer" "user", "you", "you" or "data subject").

In so far as we decide either alone or jointly with others on the purposes and means of data data processing, this includes above all the obligation to inform you transparently about the type, scope scope, purpose, duration and legal basis of the processing (see Art. 13 and 14 GDPR). With this data protection notice, we inform you about how your personal data is processed by us. data is processed by us.

The protection of your personal data that you provide to us for processing is important to us. for us a particular concern. Below we inform you in detail about the handling of data when you use our online services.

Within the scope of our responsibility under data protection law, we are subject to additional obligations due to the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: "GDPR"), we have been imposed additional obligations have been imposed on us in order to ensure the protection of the personal data of the data data subject (we refer to you as the data subject hereinafter also as the "user" "you", "your" or "data subject").

In so far as we alone or jointly with others decide on the purposes and means of data processing, this includes in particular the obligation to inform you transparently about the type and scope purpose, duration and legal basis of the processing (see Art. 13 and 14 GDPR). With this privacy policy, we inform you about how your personal data is processed by us. data is processed by us.

Our data protection notices have a modular structure. They consist of a general section for any processing of personal data and processing situations that occur each time a website is accessed website (A. General) and a special section, the content of which relates only to the processing situation only to the processing situation specified there with the designation of the respective offer. offer or product, in particular the visit to websites as described in more detail here (B. Visit of websites).

A. General

(1) Definitions

In accordance with the model of Art. 4 GDPR, this data protection notice is based on the following definitions on which it is based:

  • "Personal data" (Art. 4 No. 1 GDPR) means any information relating to an identified or identifiable natural person ("data subject").
  • "Processing" (Art. 4 No. 2 GDPR) means any operation which is performed on personal data, whether or not whether with or without the aid of automated (i.e. technology-based) processes. procedures.
  • "Controller" (Art. 4 No. 7 GDPR) is the natural or legal person, public authority, institution or other body which alone or jointly with others determines the purposes and means the purposes and means of the processing of personal data.
  • "Third party" (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency or body other than the data subject, body other than the data subject, the controller, the processor and the persons who processor and persons who, under the direct authority of the controller or processor, are authorized to controller or processor are authorized to process the personal data; this also includes other processing; this also includes other legal entities belonging to the group.
  • "Processor" (Art. 4 No. 8 GDPR) means a natural or legal person, authority, institution or other body which processes personal data on behalf of the controller, in particular in accordance with the controller's instructions (e.g. IT service provider). In the data protection law, a processor is in particular not a third party.
  • "Consent" (Art. 4 No. 11 GDPR) of the data subject means any freely given specific the specific case, given in an informed and unambiguous manner in the form of a declaration or other unambiguous the form of a statement or other unequivocal affirmative act by which the data data subject indicates that he or she consents to the processing of personal data relating to him or her.

(2) Name and address of the controller

The controller responsible for the processing of your personal data within the meaning of Art. 4 no. 7 GDPR is us:

WMF GmbH

WMF Platz 1, 73312 Geislingen/Steige

Phone +49 (0) 7221 25-1; Fax: + 49 (0) 7331 453 87

E-mail address: customer center[at]wmf.de

For further information about our company, please refer to the imprint information on https://www.wmf-coffeemachines.com/

(3) Contact details of the data protection officer

For all questions and as a contact person on the subject of data protection at our company, our data protection officer is available at any time. His contact details are:

WMF GmbH

Data protection

WMF Platz 1, 73312 Geislingen/Steige

dataprivacy(at)wmf.de

(4) Legal bases for data processing

In principle, any processing of personal data is prohibited by law and is only permitted then permitted if the data processing falls under one of the following justifications:

  • Art. 6 para. 1 sentence 1 lit. a GDPR ("consent"): If the data subject voluntarily, in an informed and unambiguous manner by means of a statement or any other unambiguous clear affirmative action that he or she consents to the processing of his or her personal data concerning him or her for one or more specific purposes is;
  • Art. 6 para. 1 sentence 1 lit. b GDPR: If the processing is necessary for the performance of a contract to which the contract to which the data subject is party or for the performance of pre-contractual measures necessary which are carried out at the request of the data subject;
  • Art. 6 para. 1 sentence 1 lit. c GDPR: Where processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to retain data);
  • Art. 6 para. 1 sentence 1 lit. f GDPR ("Legitimate interests"): If the processing is necessary to safeguarding legitimate (in particular legal or economic) interests of the data controller controller or a third party, unless the conflicting interests or rights of the data subject of the of the data subject prevail (in particular if the data subject is a minor). is involved).

For the processing operations we carry out, we indicate below the applicable legal basis in each case. legal basis. Processing may also be based on several legal bases.

(5) Data erasure and storage duration

For the processing operations carried out by us, we indicate below how long each the data is stored by us and when it is deleted or blocked. Insofar as no storage period is specified below, your personal data will be erased or blocked as soon as the blocked as soon as the purpose or legal basis for storage no longer applies. A storage Your data will only be stored on servers in the area of application of the GDPR, subject to any disclosure in accordance with the provisions in A.(7) and A.(8).

However, the data may be stored beyond the specified period in the event of an (impending) legal dispute with you or other legal proceedings or if the storage is required by legal storage is required by statutory provisions to which we are subject as the controller (e.g. Section 257 HGB, § 147 AO). If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or erased, unless the storage period prescribed by law expires. unless further storage by us is necessary and there is a legal basis for this.

(6) Data security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional against accidental or intentional manipulation, partial or complete loss, destruction or destruction or against unauthorized access by third parties (e.g. TLS encryption for our website). website) taking into account the state of the art, the costs of implementation and the nature, scope, context and the scope, context and purposes of processing as well as the risks of a data data breach (including its likelihood and impact) for the data subject. Our security measures are continuously improved in line with technological developments.

We will be happy to provide you with more detailed information on request. For this purpose, please contact our data protection officer (see under A.(3)).

(7) Cooperation with processors

As is customary for any large company, we also use a data center to process our business transactions external domestic and foreign service providers (e.g. for IT, logistics and telecommunications), telecommunications). They only act in accordance with our instructions and have been contractually obliged within the meaning of Art. 28 GDPR contractually obliged to comply with the provisions of data protection law.

(8) Requirements for the transfer of personal data to third countries

In the context of our business relationships, your personal data may be transferred to third party companies be passed on or disclosed. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively for the fulfillment of contractual and business obligations and for the maintenance of your your business relationship with us (legal basis is Art. 6 para. 1 lit. b or lit. f in each case in conjunction with. Art. 44 ff. GDPR). We will inform you about the respective details of the disclosure below at the relevant points.

Some third countries are certified by the European Commission through so-called adequacy decisions data protection that is comparable to the EEA standard (a list of these countries and a copy of the and a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. However, in other third countries to which personal data may be transferred, there may be may not have a consistently high level of data protection due to a lack of legal provisions. Where this is the case, we ensure that data protection is adequately guaranteed. Please contact our data protection officer (see under A.(3)) if you would like more information on this. would like to receive more information.

(9) No obligation to provide personal data

We do not make the conclusion of contracts with us dependent on you providing us with personal data beforehand. provide us with personal data. For you as a customer, there is also no legal or contractual obligation to provide us with your personal data; there may be may However, we may only be able to provide certain services to a limited extent or not at all if you not provide the necessary data. Insofar as this is necessary in the context of the products offered by us as presented below, you will be informed separately. separately pointed out separately.

(10) Legal obligation to transmit certain data

We may be subject to a particular statutory or legal obligation under certain circumstances. to do so, to make the lawfully processed personal data available to third parties, in particular public bodies, (Art. 6 para. 1 sentence 1 lit. c GDPR).

(11) Your rights

You can assert your rights as a data subject with regard to your processed personal data at any time by to us at any time using the contact details given at the beginning under A.(2).

  • You have the right to request information about your data processed by us. Insofar as in the your identity cannot be clarified beyond doubt as part of your request for information, you must with you should expect follow-up questions, as we must ensure that you are the person you claim to be. you claim to be.
  • Furthermore, to the extent that you are legally entitled to do so, you have a right to rectification or erasure or to restriction of processing.
  • You also have the right to data portability. The following applies here granted within the framework of the legal requirements.
  • Furthermore, you have the right to object to the processing within the scope of the legal requirements (Art. 21 GDPR).
  • Finally, you have the right to complain to a data protection supervisory authority about the processing of your personal data in our company, for example with the the data protection supervisory authority responsible for us: The State Commissioner for for Data Protection and Freedom of Information Baden-Württemberg, Lautenschlagerstraße 20 70173 Stuttgart.

B. Visiting websites

(1) Explanation of the function

You can obtain information about our company and the services we offer in particular at www.wmf-coffeemachines.com together with the associated sub-domains and subpages. When you When you visit our websites, your personal data may be processed.

We would like to point out that you are free to decide whether you wish to provide us with your data. communicate would like to. If and to the extent that you do not provide us with the data required for a specific service required you will not be able to use the service in question, or not in full. We use the data exclusively to provide you with the service you have requested.

(2) Processing activities

When using the websites for information purposes, the following categories of personal data may be personal data data are collected, stored and processed by us:

a) Logging

"Log data": When you visit our website, our web server temporarily and anonymously anonymized, a so-called log data record (so-called server log files) is stored on our web server. This consists of consists of:

  • Browser type/version
  • Operating system used by the requesting computer
  • File request of the computer
  • the http response code
  • the previously visited page (referrer URL)
  • IP address of the requesting computer
  • Time of the server request

The purpose of the processing is the provision of the online services, the security of the online services and to ensure the functionality of the online services. The processing takes place on basis of § 25 para. 2 TTDSG. The data is processed for the duration of the use of the online services. online services.

b) Contact form

"Contact form data": When the contact form is used, the data transmitted through it is stored: Title, surname and first name, address, e-mail address, order data or product data if applicable and the time of transmission, are processed. Furthermore, if you provide the data voluntarily give: Company, country, contact telephone number(s), are processed. The purpose of the processing is for questions about our products and services and to be able to contact you and provide assistance if necessary. be able to provide assistance. The data may be stored for up to ten years due to legal obligations. be stored. As a rule, the storage period is three years. We process this data on the basis of Art. 6 para. 1 lit. b for contract initiation or contract fulfillment.

c) Call-back button

"Call-back button data": When the call-back button is used, the data transmitted through it is data: First name, last name, telephone number, processed for a call back to you. Purpose of the processing is to contact you by telephone if you have any questions about our products and services. contact you and to be able to provide assistance if necessary. The data will be stored for five days and then then deleted. We process this data on the basis of Art. 6 para. 1 lit. b to initiate or fulfill a contract. fulfillment of the contract.

d) Newsletter

In addition to the purely informational use of our website, we offer a subscription to our newsletter, which we use to inform you about current products, product developments and promotions. When you subscribe to our newsletter, the following "newsletter data" will be collected by us stored and further processed:

  • the page from which the page was requested (so-called referrer URL)
  • the date and time of the request
  • the description of the type of web browser used
  • the IP address of the requesting computer, which is shortened so that a personal reference is no longer possible. more can no longer be established
  • the email address
  • the date and time of registration and confirmation

We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files that are stored on our website. For the evaluations we link the data mentioned in B.(2) and the web beacons with your e-mail address and a an individual ID. Links received in the newsletter also contain this ID. With the data obtained in this way data we create a user profile in order to tailor the newsletter to your individual interests. tailored to your individual interests. In doing so, we record when you read our newsletters, which links you click on in them and deduce your personal interests from this. We link this data with you actions you have taken on our website.

You can object to this tracking at any time by clicking on the separate link provided in every email or by informing us via another contact channel. The information will be stored for as long as you are subscribed to the newsletter. After you unsubscribe, we store the data purely statistically and anonymously. Such tracking is also not possible if you have deactivated the display of images in your e-mail program by default. by default. In this case, the newsletter will not be displayed in full and you may not be able to not use all the functions. If you display the images manually, the above-mentioned tracking will take place. tracking.

The newsletter data is processed for the purpose of sending the newsletter. Within the scope of registration for our newsletter, you consent to the processing of your personal data. consent (legal basis is Art. 6 para. 1 lit. a GDPR). To register for our newsletter use we use the so-called double opt-in procedure. This means that after you have registered, we will send you an e-mail to e-mail address in which we ask you to confirm that you wish to receive the newsletter. dispatch wish to receive the newsletter. The purpose of this procedure is to be able to prove your registration and, if necessary possible misuse of your personal data. Your consent to the You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. The revocation by clicking on the link provided in every newsletter e-mail, by e-mail to kundencenter[at]wmf.de or by sending a message to the contact details given in the imprint

(3) Transfer of personal data to third parties

The following categories of recipients, which are usually processors (see A.(7)), may receive access to your personal data:

  • Service providers for the operation of our website and the processing of data stored or transmitted by the systems stored or transmitted data (e.g. for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR, insofar as it does not concern processors;
  • State bodies/authorities, insofar as this is necessary to fulfill a legal obligation is required. The legal basis for the transfer is then Art. 6 para. 1 sentence 1 lit. c GDPR;
  • Persons engaged for the performance of our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the disclosure is then Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR.

For the guarantees of an adequate level of data protection when transferring data to third countries, see third countries, see A.(8).

In addition, we will only pass on your personal data to third parties if you have given your consent in accordance with Art. 6 Para. 1 sentence 1 lit. a GDPR have given your express consent to this.

(4) Use of cookies, third-party providers and other technologies on our website

a) Cookie

We use cookies on our websites. Cookies are small text files that are stored on hard disk to the browser you are using by means of a characteristic string of characters and are stored and stored on your hard disk and through which the site that sets the cookie receives certain information. They are used to make the website as a whole more user-friendly and more effective, i.e. more pleasant for you.

Cookies can contain data that makes it possible to recognize the device used. In some cases, however, cookies only contain information about certain settings that are not are not personally identifiable. However, cookies cannot directly identify a user.

A distinction is made between session cookies, which are deleted as soon as you close your browser and permanent cookies, which are stored beyond the individual session. In terms of their function, a distinction is made between cookies:

  • Technical (mandatory) cookies: These are absolutely necessary to move around the website use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they store which websites you have visited;
  • Functional cookies: These collect information about how you use our website, which pages you visit and, for example, whether errors occur when you use the website; they do not collect any information that could identify you - all information collected is anonymous and used only to improve our website and to find out what interests our users;
  • Advertising and tracking cookies: These are used to provide the website user with customized advertising on website or offers from third parties and to measure the effectiveness of these offers;
  • Sharing cookies: These are used to facilitate the interactivity of our website with other services (e.g. social networks);

Legal basis for cookies that are absolutely necessary to provide you with the expressly requested service is Section 25 (2) No. 2 TTDSG. Any use of cookies that for this is not absolutely technically necessary, constitutes data processing that can only be carried out with your explicit and active consent on your part pursuant to Section 25 (1) TTDSG in conjunction with Art. 6 para. 1 S. 1 lit. a GDPR is permitted. This applies in particular to the use of Performance, advertising, targeting or sharing cookies. In addition, we only pass on your personal data processed by cookies personal data processed by cookies to third parties only if you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. an have given your express consent to this.

b) Cookie policy

For more information about which cookies we use and how you can manage your cookie settings and settings and how you can disable certain types of tracking, please refer to our Cookie Policy (see under (F.)).

Cookie-Settings


c) Embedding videos on YouTube

Nowadays, it is common to supplement product offers on the Internet with media from third-party platforms. supplement. We therefore integrate our YouTube videos into our offer and ask you each time you call up the external content whether you want to load it. external content, we ask you whether you would like to load it. default settings content is inactive by default. Initially, only an empty window is displayed. This is the case with YouTube video will not be played until you click on the button button offered, you have consciously consented to the transfer of data and thus to the processing of your data by YouTube. consented On the basis of this so-called two-click solution, you decide for yourself whether your data flows to YouTube. flow. This implementation is necessary because we have no influence on how YouTube processes your data. processes your data. YouTube is responsible for data protection law, which is why us Therefore, we cannot obtain effective data protection consent for this. This would have to be be carried out in an informed manner. However, as we have no knowledge of the purposes for purposes for which YouTube processes your data, we cannot inform you about this. the In addition to the IP address, YouTube may also process technical data (screen resolution, browser browser used, operating system etc.). So-called cookies may also be used, e.g. to analyze your surfing behavior. analyze your surfing behavior. We ourselves do not receive any information about how you use YouTube and what content you share or comment on, so we would like to point out that you must first at YouTube in advance about how YouTube processes your data.

C. Marketing Analytics

We use marketing analytics techniques on our websites, which are described below.

(1) Google Analytics 4

If you have given your consent, this website uses Google Analytics 4 a web analytics service provided by Google LLC. Responsible body for users in the EU/the EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

a) Nature and purpose of the processing

Google Analytics uses cookies that enable an analysis of your use of our website. make possible. The information collected by the cookies about your use of this website is generally is usually transferred to a Google server in the USA and stored there.

We use the User ID function. With the help of the user, we can assign one or more sessions (and activities within these sessions) a unique, permanent ID and analyze user behavior across devices. analyze user behavior across devices.

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to the IP anonymization, your IP address will be transmitted by Google within member states of the European Union or other parties to the Agreement on the European Economic Area. shortened. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics is according to Google will not be merged with other Google data.

During your website visit, your user behavior is recorded in the form of "events". Events can be:

  • Page views
  • Contact via contact form
  • First visit to the website
  • Start of the session
  • Web pages visited
  • Your "click path", interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • Clicks on external links
  • Internal search queries
  • Interaction with videos
  • File downloads
  • Viewed / clicked ads
  • Language setting


In addition, the following is recorded:

  • Your approximate location (region)
  • Date and time of the visit
  • Your IP address (in abbreviated form)
  • technical information about your browser and the devices you use (e.g. language settings, screen resolution) language setting, screen resolution)
  • Your internet provider
  • the referrer URL (via which website/advertising medium you came to this website) came have come to this website)

b) Purposes of the processing

On behalf of the operator of this website, Google will use this information to analyze your use use of the website and to compile reports on website activity. The reports provided by The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

c) Receiver

Recipients of the data are/may be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

d) Third country transfer

For the USA, the European Commission adopted its adequacy decision on July 10, 2023. adopted. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) is not completely excluded cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.

e) Storage duration

The data sent by us and linked to cookies are automatically deleted after 14 months. deleted. The maximum lifespan of Google Analytics cookies is 2 years. The deletion of data, whose retention period is reached is automatically deleted once a month.

f) Legal basis

The legal basis for this data processing is your consent pursuant to Art.6 para.1 sentence 1 lit.a GDPR and § 25 para. 1 p.1 TTDSG.

g) Revocation

You can revoke your consent at any time with effect for the future by changing the Cookie settings

Cookie-Settings

and change your selection there. The legality of the processing carried out on the basis of the consent until revocation remains unaffected by this.

You can also prevent the storage of cookies from the outset by setting your browser accordingly. of your browser software. If you configure your browser so that all cookies are rejected however, this may limit the functionality of this and other websites. come. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) to Google and the processing of this data by Google. by Google by clicking

  1. do not give your consent to the setting of cookies or
  2. download and install the browser add-on to deactivate Google Analytics HERE. install it.

For more information on the terms of use of Google Analytics and data protection at Google can be found at https://marketingplatform.google.com/about/analytics/terms/en/ and at https://policies.google.com/privacy?hl=en.

(2) DoubleClick Floodlight

We use DoubleClick Floodlight on our websites. DoubleClick Floodlight is a service of offered by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). is offered. When you visit our websites, Google places a cookie on your computer to generate a unique user unique user ID. The content you consume is assigned to this user ID. assigned to it. This can, for example, prevent you from being shown an advertisement that you have already seen. Conversions can also be measured using cookies. This means that it is determined whether you have performed certain actions after you have seen or called up a corresponding ad, have carried out certain actions.

If you do not wish to receive interest-based advertising, you can opt out of the use of cookies by Google for these purposes by visiting the page https://www.google.de/settings/ads.
Alternatively, users can disable the use of third-party cookies by visiting the opt-out page of the Network Advertising Initiative.

The purpose and scope of the data collection and the further processing and use of the data by Google as well as the relevant rights and setting options for protecting the privacy of users users can be found in Google's privacy policy: https://policies.google.com/privacy?hl=en


D. Cookie policy

The WMF cookie policy is directly linked to the setting options for cookies. Here you will find the necessary details on the cookies used and the options for these accept or reject them.


Cookie-Settings