Name and contact details of the responsible person(s)
Our responsible person (hereinafter referred to as “responsible person”) within the meaning of Art. 4 No. 7 GDPR is:
Weingalerie - Weine aus PORTugal, Karsten Kubin & R. Lindenblatt GbR
10627, Berlin, Germany
Fax: +49 30 32703568
Email address: firstname.lastname@example.org
Types of data, purposes of processing and categories of data subjects
Below we inform you about the nature, scope and purpose of the collection, processing and use of personal data.
- Types of data we process
Usage data (access times, websites visited, etc.), inventory data (name, address, etc.), contact details (telephone number, e-mail, fax, etc.), payment data (bank details, account data, payment history, etc.), contract data (subject of the contract, term etc.), communication data (IP address etc.),
- Purposes of processing according to Art. 13 para. 1 c) GDPR
Implementation of contracts, technical and economic optimisation of the website, allow easy access to the website, fulfilment of contractual obligations, fulfilment of legal retention requirements, optimisation and statistical evaluation of our services, support commercial use of the website, design website user-friendly, marketing / sales / advertising, production of statistics, customer service and customer care, security measures, uninterrupted, secure operation of our website,
- Categories of data subjects according to Art. 13, para. 1 e) GDPR
Visitors / users of the website, customers, interested parties,
The data subjects are collectively referred to as “users”.
Legal basis for the processing of personal data
We inform you below about the legal bases of the processing of personal data:
- If we have obtained your consent to the processing of personal data, Art. 6 para. 1 sentence 1 lit. a) GDPR is the legal basis.
- If the processing is necessary to fulfil a contract or to carry out pre-contractual measures, which are carried out at your request, then Art. 6 para. 1 sentence 1 lit. b) GDPR is the legal basis.
- If the processing is required to fulfil a legal obligation that we are subject to (e.g. statutory retention obligations), then Art. 6 (1) sentence 1 lit. c) GDPR is the legal basis.
- If processing is necessary to protect the vital interests of the data subject or of another natural person, Art. 6 (1) sentence 1 lit. d) GDPR is the legal basis.
- If the processing is necessary for the protection of our or the legitimate interests of a third party and your interests or fundamental rights and freedoms do not predominate in this regard, then Art. 6 para. 1 sentence 1 lit. f) GDPR is the legal basis.
Disclosure of personal data to third parties and processors
Without your consent, we generally do not pass on data to third parties. If this is indeed the case, then the disclosure on the basis of the aforementioned legal basis, for example, in the transfer of data to online payment providers for fulfilment of the contract or by court order or a legal obligation to disclose the data for the purpose of prosecution, danger prevention or on the enforcement of intellectual property rights.
We also use processors (external service providers, for example, to host our websites and databases) to process your data. If data are passed on to the processor by order processing, this is always done in accordance with Art. 28 of the GDPR. We select our processors carefully, monitor them regularly and have granted us the right to give instructions regarding the data. In addition, the processors must have taken appropriate technical and organisational measures and adhere to the data protection rules under the Federal Data Protection Act as amended and the GDPR.
Data transfer to third countries
The adoption of the European General Data Protection Regulation (GDPR) has created a uniform basis for data protection in Europe. Your data will therefore be processed primarily by companies for which the GDPR applies. If processing by third parties takes place outside the European Union or the European Economic Area, they must meet the special requirements of Article 44 et seq. of the GDPR. This means that the processing takes place on the basis of special guarantees, such as the official recognition by the EU Commission of a data protection level corresponding to the EU, or the adherence to officially recognised special contractual obligations, the so-called standard contractual clauses. The submission to the so-called Privacy Shield, the data protection agreement between the EU and the US, fulfils these requirements for US companies.
Deletion of data and storage duration
Existence of automated decision making
We do not use automatic decision making or profiling.
Provision of our website and creation of log files
- If you only use our website for informational purposes (i.e. no registration and no other transmission of information), we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data: ·IP address;
- Internet service provider of the user;
- Date and time of retrieval;
- Browser type;
- Language and browser version;
- Content of the retrieval;
- Time zone;
- Access Status / HTTP status code;
- Amount of data;
- Websites from which the request comes;
- Operating system.
Storage of this data together with other personal data of you does not take place.
- This data is for the purpose of the user-friendly, functional and secure delivery of our website to you with functions and content as well as their optimisation and statistical evaluation.
- The legal basis for this is our justifiable interest in the processing of data according to Art. 6 para. 1 sentence 1 lit. f) GDPR.
- For security reasons, we store this data in server log files for the retention period of 60 days. After this period, they will be automatically deleted, unless we need their storage for evidence in attacks on the server infrastructure or other violations.
• Session-Cookies:We use so-called cookies to recognise multiple uses of an offer by the same user (for example, if you have logged in to determine your login status). When you visit our website again, these cookies provide information to automatically recognise you. The information obtained in this way serves to optimise our offers and to give you easier access to our website. If you close the browser or log out, the session cookies will be deleted.
• Persistent Cookies: These are automatically deleted after a specified period, which may differ depending on the cookie. In the security settings of your browser, you can delete the cookies at any time.
• Third-Party-Cookies: According to your wishes, you can configure your browser setting and, for example, reject the acceptance of third-party cookies or all cookies. However, we would like to point out that you may not be able to use all features of this website. Read more about these cookies in the respective third-party privacy policies.
- The legal basis for this processing is Art. 6 para. 1 sentence lit. b) GDPR, if the cookies are used to initiate a contract, for example, when ordering, and otherwise we have a legitimate interest in the effective functionality of the website, so that in the case of Art. 6 para. 1 sentence 1 lit. f) GDPR is the legal basis.
- Objection and “opt-out”:You can generally prevent the storage of cookies on your hard disk by selecting “Do not accept cookies” in your browser settings. However, this can result in a functional restriction of our offers. You may object to the use of third-party cookies for advertising purposes via a so-called opt-out via this American website (https://optout.aboutads.info)or this European website (http://www.youronlinechoices.com/de/praferenzmanagement/).
Settlement of contracts
- We process inventory data (for example, company, title/academic degree, name and addresses and contact information of users, email), contract data (for example, of services used, names of contact persons) and payment data (for example, bank details, payment history) for fulfilment of our contractual obligations (knowledge of who is the contractor, justification, content design and execution of the contract, verification of the plausibility of the data) and services (e.g. contacting the customer service) according to Art. 6 para. 1 sentence 1 lit. c) GDPR. The entries marked as obligatory in online forms are required for the conclusion of the contract.
- Disclosure of such data to third parties shall not be made unless it is necessary for the prosecution of our claims (for example transfer to lawyer for collection) or execution of the contract (e.g. transfer of data to payment providers) or there is a legal obligation to do so according to Art. 6 para. 1 sentence 1 lit. c) GDPR.
- We may also process the information you provide to inform you of other interesting products from our portfolio or to send you e-mail with technical information.
- The data will be deleted as soon as it is no longer necessary to achieve the purpose of their collection. This is the case for the inventory and contract data when the data for the execution of the contract are no longer required and no claims can be made under the contract, because these are statute-barred (warranty: two years / statutory limitation: three years). Due to commercial and tax regulations, we are obliged to store your address, payment and order data for a period of ten years.
However, after three years from the end of the contract, we limit the processing, i.e. your data will only be used to comply with legal obligations. Information in the user account remains until its deletion.
Online payment providers
- The settlement takes place with payment by “Paypal” via PayPal (Europe) S.ar.l. et Cie, S.C.A., 2224 Boulevard Royal, L-2449 Luxembourg, Web:paypal.de,https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Hereinafter called “Online Payment Provider”. Online Payment Providers collect, store and process the usage and billing information from you to determine and bill for the service you use. The data entered at the Online Payment Providers are only processed and stored by them. If the Online Payment Providers can not or only partially collect the user fees or the Online Payment Providers fail to do so due to a complaint from you, the usage data will be forwarded by the Online Payment Providers to the person responsible and, if necessary, the person responsible will block you. The same applies if e.g. a credit card company reverses a transaction of you at the expense of the person responsible.
- The legal basis is Art. 6 para. 1 lit. b) GDPR, as processing is required to fulfil a contract by the controller. In addition, external Online Payment Providers are used on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR for the legitimate interests of the person responsible in order to be able to offer you the most secure, simple and varied payment options possible.
- With regard to the storage period, rights of revocation, information and data protection, we refer to the above-mentioned data protection statements of the Online Payment Providers.
Contact via contact form / E-Mail / Fax / Post
- When contacting us via contact form, fax, mail or e-mail your details will be processed for the purpose of processing the contact request.
- The legal basis for the processing of the data is in the presence of your consent Art. 6 para. 1 S. 1 lit. a) GDPR. The legal basis for the processing of data transmitted in the course of a contact request or e-mail, letter or fax is Article 6 (1) sentence 1 lit. f) GDPR. The person in charge has a legitimate interest in the processing and storage of the data in order to be able to answer user enquiries, to safeguard evidence for reasons of liability and, if necessary, to comply with his statutory retention requirements for business letters. If the contact is aimed at the conclusion of a contract, additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR.
- We can store your details and contact requests in our Customer Relationship Management System (“CRM System”) or a comparable system.
- The data will be deleted as soon as it is no longer necessary to achieve the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the conversation with you has ended. The conversation ends when it can be inferred from the circumstances that the matter in question has been finally clarified. We save requests from users who have an account or contract with us until the expiration of two years after the contract termination. In the case of legal archiving obligations, the deletion takes place after their expiration: End of commercial law (6 years) and tax law (10 years) retention periods.
- You have the possibility of revoking consent for the processing of personal data in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR at any time. If you contact us by e-mail, you can object to the storage of personal data at any time.
Contact by phone
- When contacting us by phone, your telephone number will be processed to process the contact request and its execution and temporarily stored or displayed in the RAM / cache of the telephone / display. The storage is made for reasons of liability and security in order to prove the call as well as for economic reasons to enable a recall. In case of unauthorised advertising calls, we block the phone numbers.
- The legal basis for the processing of the telephone number is Art. 6 para. 1 sentence 1 lit. f) GDPR. If the contact is aimed at the conclusion of a contract, additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.
- The device cache stores the calls for 30 days and overwrites or deletes old data successively; when the device is disposed of, all data is deleted and the memory is destroyed if necessary. Blocked phone numbers are checked annually for the need for blocking.
- You can prevent the phone number from being displayed by calling with the phone number suppressed.
- You can subscribe to our newsletter with your voluntary consent by entering your e-mail address. Only this is mandatory. The insertion of further data is voluntary and serves only for the purpose of addressing you personally. For registration we use the so-called Double- Opt-in-Procedure. After your registration with your e-mail, you will receive an e-mail from us confirming your registration with a confirmation link. If you click on this confirmation link, your e-mail will be included in the newsletter mailing list and saved for the purpose of sending e-mails. If you do not click on the confirmation link within 24 hours, your login details will be blocked and automatically deleted after 30 days.
- In addition, we log your IP address used during login as well as the date and time of the double opt-in (login and confirmation). The purpose of this storage is the fulfilment of legal requirements regarding the proof of your registration as well as the prevention of misuse regarding your e-mail.
- As part of your declaration of consent, the content (for example advertised products / services, offers, advertising and topics) of the newsletter will be described concretely.
- We use the following delivery service provider for e-mail delivery:
We have concluded an order processing agreement with the delivery service provider pursuant to Art. 28 GDPR.
- When sending the newsletter, we evaluate your user behaviour. The newsletters contain so-called web beacons or tracking pixels, which are called up when the newsletter is opened. For the evaluations, we link the web beacons with your e-mail address and an individual ID. Also in the newsletter received links contain this ID. The data are collected exclusively pseudonymised, so the IDs are not linked with your other personal data, a direct personal reference is excluded. With this data we can determine if and when you have opened the newsletter and which links in the newsletter have been clicked. This serves the purpose of optimisation and statistical evaluation of our newsletter.
- The legal basis for sending out the newsletter, measuring success and saving the e-mail is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR in conjunction with § 7 (2) No. 3 German Law on Unfair Competition (UWG) and for the recording of consent Art. 6 (1) sentence 1 lit. f) GDPR, as this serves our legitimate interest of legal proof.
- You can object to the tracking at any time by clicking the unsubscribe link at the end of the newsletter. In this case, however, the newsletter reception would also be terminated. If you disable the display of images in your e-mail software, tracking is also not possible. However, this may have limitations in terms of the functions of the newsletter, and included images will not be displayed.
- You can revoke your consent to the sending of the newsletter at any time. You can exercise the revocation by clicking on the unsubscribe link at the end of the newsletter, by e-mail or by sending a message to our above contact details. We save your data as long as you have subscribed to the newsletter. After unsubscription, your data will only be stored anonymously for statistical purposes.
Google AdWords with Conversion-Tracking
- We use the “AdWords with Conversion Tracking” service (Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA) to promote our website by displaying advertisements on third party websites. If you click on a Google ad from us, a cookie will be stored in your browser, which is valid for about 30 days. If you then visit our website, we and Google can use the cookie to evaluate whether you have visited our website and which of our pages you have visited. Google creates a statistic of this. The full extent of the data processing is unknown to us. The data is also transmitted to the USA and analysed there. If you're logged in with a Google Account, AdWords will allow the data to be associated with your account. If you do not want this, you must log out before visiting our website. This conversion tracking serves the purpose of analysing, optimising and economically operating our advertising and website.
- The legal basis for the processing of your data is our legitimate interest in the analysis, optimisation and economic operation of our advertising and website in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR. Google is certified under the EU-US Privacy Shield:
- You may object to or prevent Google from installing cookies
in various ways:
- You can prevent the cookies in your browser by the setting “do not accept cookies”, which also includes third-party cookies;
- You can deactivate conversion tracking directly from Google via thehttps://adssettings.google.comlink, but this setting will only be valid until you delete your cookies.
- You may disable the third-party adsthat participate in the “About Ads” advertising self-regulation initiative via the https://optout.aboutads.infolink for US pages or for EU pages on http://www.youronlinechoices.com/de/praferenzmanagement/, but this setting will only be valid until you delete all your cookies;
- You can permanently disable cookies through a browser plug-infor Chrome, Firefox or Internet Explorer at thehttps://support.google.com/ads/answer/7395996link. Disabling this may mean that you can not fully use all features of our website.
Presence in social media
- We process your information that you send to us through these networks in order to communicate with you and to respond to your messages there.
- The legal basis for the processing of personal data is our legitimate interest in communicating with users and our external presentation for the purpose of advertising pursuant to Art. 6 (1) sentence 1 lit. f) GDPR. Insofar as you have given consent to the person responsible for the social network in the processing of your personal data, the legal basis is Art. 6 (1) sentence 1 lit. a) and Art. 7 GDPR.
Rights of the data subject
- Objection or revocation against the processing of your data
Insofar as the processing is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a), Art. 7 GDPR, you have the right to revoke your consent at any time. The lawfulness of the processing, on the basis of the consent until the revocation, will not be affected.
As long as we base the processing of your personal data on the balancing of interests in accordance with Art. 6 para. 1 p. 1 lit. f) GDPR, you can object to the processing. This is the case if, in particular, the processing is not required to fulfil a contract with you, which we present in each case in the following description of the functions. In the event of any such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or point out to you our compelling legitimate reasons on which we continue the processing.
You may object to the processing of your personal data for advertising and data analysis purposes at any time. The right to object can be exercised free of charge. You can inform us about your objection to advertisement under the following contact details:
Weingalerie - Weine aus PORTugal, Karsten Kubin & R. Lindenblatt GbR
10627, Berlin, Germany
Fax: +49 30 32703568
- Right to information
You have a right to information about your personal data stored by us according to Art. 15 GDPR. This includes, in particular, information about the processing purposes, the category of personal data, the categories of recipients to whom your data was or is being disclosed, the planned storage period, the source of their data, if these were not collected directly from you.
- Right to rectification
You have the right to correct inaccurate or complete correct data according to Art. 16 GDPR.
- Right to deletion
You have a right to deletion of your stored data according to Art. 17 GDPR, unless statutory or contractual retention periods or other legal obligations or rights to further storage are contrary to this.
- Right to restriction
You have the right to demand a restriction on the processing of your personal data if one of the conditions set out in Art. 18 (1) lit. a) to d) GDPR is fulfilled:
- If you deny the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
- the processing is unlawful and you refuse the deletion of personal data
and instead request the restriction of the use of the personal data;
- the controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims; or
- if you objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet certain whether the legitimate reasons of the person responsible prevail over your reasons.
- Right to data portability
You have the right of data portability according to Art. 20 GDPR, which means that you can receive your personal data stored with us in a structured, common and machine-readable format or you can request transfer to another responsible person.
- Right to complain
You have a right to complain to a supervisory authority. As a rule, you can contact the supervisory authority for this purpose, in particular in the Member State of your place of residence, your workplace or the location of the alleged infringement.
In order to protect all personally identifiable information transmitted to us and to ensure compliance with our privacy practices, as well as our external service providers, we have taken appropriate technical and organisational security measures. Therefore, among other things, all data between your browser and our server encrypted over a secure SSL connection.