PRIVACY POLICY

and information for data subjects pursuant to Art. 13 and 14 of the EU General Data Protection Regulation

A) “WINTERHALTER ONLINE SERVICE”

1. Protection of your data is important to us.
Winterhalter Gastronom GmbH, Winterhalterstraße 2 – 12, 88074 Meckenbeuren (hereinafter referred to as “Winterhalter” or “we”) takes your privacy seriously. Data protection is therefore the highest priority for us. In order to operate our website and provide the services and additional functions provided for our products on the website (“Winterhalter website”) and to provide our apps and the services offered through our apps (“Winterhalter apps” together with the Winterhalter website referred to as the “Winterhalter online service”), we require certain information which may include some personal data. In this Privacy Policy, we wish to inform you specifically about which personal data we collect, process and use in relation to the operation of the Winterhalter online service, and the purposes for which they are used. We guarantee that we use your data in accordance with all the applicable data protection regulations only to offer you the optimal service.

The terms defined in our Terms of Use have the same meaning in this Privacy Policy, unless expressly stated otherwise in the Privacy Policy. We use specialist terms relating to data protection, such as “personal data”, “processing” and “pseudonymization”, always within the meaning specified by the European General Data Protection Regulation 2016/679 (“GDPR”).

2. Who is responsible for your data?
Winterhalter is responsible for lawful processing of your data.

3. Which data do we collect and for what purposes?

3.1 Usage data
When you use the Winterhalter online service, our servers automatically save certain information about
•   the end device you are using (iPhone/iPad, smartphone, tablet, desktop PC). This includes information about the device type, the device ID (e.g. IMEI, Android Device ID, Open UUID), the web browser used, the operating system and certain settings,
•   the domain name or IP address,
•   the sub-pages visited and functions of the Winterhalter online service used,
•   the date and time of use.
We require these usage data to make our services available to you (e.g. to adapt our service to the end device you are using), to detect and rectify any technical problems that arise and to recognise and prevent any misuse of our services. We create pseudonymised user profiles on the basis of the usage data saved by us for the purposes of advertising, market research and design of the Winterhalter online service to meet your needs. These user profiles are not associated by us with any other data that we may have saved about the users in question (e.g. registration data). If the above usage data are personal data, the legal basis for their processing is Art. 6 (1) sub-paragraph 1 (f) GDPR. We also make use of usage data in anonymised form, i.e. without any possibility of identifying you as the user, for statistical purposes and to improve our service.

If you make use of the Winterhalter website through one of the Winterhalter apps and the app crashes, certain information about the end device you are using is sent to an external service provider, in the form of log data about the app in question, an error report, language, storage profile, call hierarchy, IP address, device ID (e.g. MEI, Android Device ID, Open UUID) and the status of the Winterhalter apps. The service provider helps us to determine the cause of the crash and to rectify any technical problems. If the above usage data are personal data, the legal basis for their processing is Art. 6 (1) sub-paragraph 1 (f) GDPR.

Apart from this, Winterhalter will only use your usage data in combination with your identity and possibly associate them with other information about you if you have first given us your express consent to do so. The legal basis for processing in this case is Art. 6 (1) sub-paragraph 1 (a) and (f) GDPR.

3.2 Registration data
You have to register to be able to use certain functions offered through the Winterhalter online service (e.g. Winterhalter CONNECTED WASH). Certain information is required for registration, depending on the function required (e.g. name of the company, email address, Winterhalter product used, etc.). We require this information to set up and manage your user account, to identify authorised users and to offer you the function you require. Please see our Terms of Use for further details about registration and use of the functions offered via the Winterhalter online service. The legal basis for processing the data described in this section is Art. 6 (1) sub-paragraph 1 (b) and (f) GDPR.

3.3 Contact details
You have the option to contact us, to ask us questions for example, through the Winterhalter online service by means of the contact form. We request your contact details through the contact form (e.g. first name and surname, address, email address and department). You may also provide information about your company, your telephone and fax number. We use this data exclusively to respond to the questions you send to us.
The legal basis for processing the data described in this section is Art. 6 (1) sub-paragraph 1 (b) and (f) GDPR.

3.4 Data in relation to the use of additional functions and services
If you make use of the functions offered via the Winterhalter online service (e.g. Winterhalter CONNECTED WASH), we may collect additional data that are required to provide and use the function in question. Depending on the function in question, this may include, for example, information about
•   the Winterhalter devices you use (e.g. type designations, serial numbers, Mac address, etc.)
•   the location of the Winterhalter devices you use
•   how you use your Winterhalter devices (e.g. number of wash cycles, running times, loading, temperatures, telemetry data)
•   any malfunctions in the Winterhalter devices you use.
With some of the functions offered via the Winterhalter online service, you may have the option to enter or upload data yourself.

If, in the context of the use of the functions offered via the Winterhalter online service, personal data of third parties (e.g. of the user’s employees) are collected or transmitted to Winterhalter, the responsibility for passing this data on to Winterhalter lies with the user under the GDPR. In relation to the use of some functions (e.g. Winterhalter CONNECTED WASH), Winterhalter offers you the opportunity to conclude an agreement for commissioned data processing pursuant to Art. 28 GDPR. You can obtain a copy of the corresponding agreement form on request from privacy@winterhalter.de.

Winterhalter has the right to process and use the data collected in the context of the use of the functions provided via the Winterhalter online service in anonymised form for its own commercial purposes (e.g. for statistical evaluations and to improve the functions, quality and products).

3.5 Use of your data by Winterhalter
Winterhalter uses the data collected in accordance with sections 3.1 to 3.4 for the purposes explained therein.
Only if you have given us your express consent to do so will we also use your data to send you information about selected products and offers by email. In this case, the legal basis for processing is Art. 6 (1) sub-paragraph 1 (a) GDPR. You may revoke your consent at any time, with effect from that point forward, by sending an email to privacy@winterhalter.de.

4. Cookies
Our Winterhalter online service uses cookies. “Cookies” are small text files that are saved on your data carrier and exchange certain settings and data with our system via your browser. A cookie usually contains the name of the domain from which the cookie data were sent, information about the age of the cookie and an alphanumerical identification code. Cookies make it possible for us to present the Winterhalter online service in an appealing way for you and make your use of it easier by, for example, storing certain inputs made by you so that you do not have to re-enter them repeatedly. We use two types of cookies:

Session cookies: Session cookies are erased when you close your browser.

Permanent cookies: Permanent cookies remain on your computer’s hard drive for a certain period. When you visit our website again, the fact that you have previously visited us and the inputs and settings you prefer are recognised.

The information saved in the cookies is not used by us to identify you and is not associated with any other personal data that we have saved about you.

5. Applied technologies

Cloudflare

Description of Service

This is a service providing increased security and performance for websites. Cloudflare offers for example a content delivery network („CDN“) to improve the loading times of the website. The use of a CDN enables the user to make content available for retrieval more quickly with the help of regionally or internationally distributed servers.

Processing Company

Cloudflare Inc.

101 Townsend St., San Francisco, CA 94107, United States of America

Below you can find the email address of the data protection officer of the processing company.

privacyquestions@cloudflare.com, legal@cloudflare.com

Data Purposes

This list represents the purposes of the data collection and processing.

Optimization
Website security
Improvement of service
Reducing bandwidth usage

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

IP address
System configuration information
Name of website
Date and time of request
Name and URL of the accessed file
Amount of data transferred
Status Information
Device operating system
Referrer URL
Requesting provider
Device type
Time of the server request

Legal Basis

In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. f GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

United States of America,European Union

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

Data will be deleted as soon as they are no longer needed for the processing purposes.

Transfer to Third Countries

This service may forward the collected data to a different country. Please note that this service might transfer the data to a country without the required data protection standards. Below you can find a list of countries to which the data is being transferred. For more information regarding safeguards please refer to the provider's privacy policy or contact the provider directly.

United States of America
Singapore
Australia
United Arab Emirates

Data Recipients

In the following the recipients of the data collected are listed.

Cloudflare Group

Click here to read the privacy policy of the data processor

https://www.cloudflare.com/privacypolicy/

Click here to read the cookie policy of the data processor

https://www.cloudflare.com/cookie-policy/

Stored Information

Name: __cf_bm; This is used for the bot protection solution provided by Cloudflare.; Type: cookie; Duration: 30 minutes;
Name: cf_clearance; This cookie is used to store the proof of challenge passed. It is used to no longer issue a challenge if present. It is required to reach an origin server.; Type: cookie; Duration: 30 minutes;
Name: _cfuvid; This cookie is used for rate limiting rules.; Type: cookie; Duration: 7 days;
Name: cf_chl_cc_XXX, cf_chl_rc_i, cf_chl_rc_ni; The cookie is used by Cloudflare for the execution of challenges. It is not used for tracking or beyond the scope of the challenge.; Type: cookie; Duration: Session;
Name: __cflb; This is used to return an end user to the same customer origin for a specific period of time configured by the customer. ; Type: cookie; Duration: 1 day;

Mailgun Technologies Inc.

Description of Service

This is a transactional email API service. With this service, e-mails can be sent, received and tracked.

Processing Company

Mailgun Technologies Inc.

548 Market St., CA 94104 San Francisco, United States of America

Below you can find the email address of the data protection officer of the processing company.

privacy@mailgun.com

Data Purposes

This list represents the purposes of the data collection and processing.

Spam Prevention
analysis

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

web beacons

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

First name
surname, surname
E-mail address
announcements
address
Payment Information
Clicked links
opening emails
IP address

Legal Basis

In the following the required legal basis for the processing of data is listed.

Art. 6 paragraph 1 sentence 1 lit. f GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The data will be deleted as soon as they are no longer required for processing

Data Recipients

In the following the recipients of the data collected are listed.

Mailgun Technologies Inc.
third-party services

Click here to read the privacy policy of the data processor

https://www.mailgun.com/privacy-policy/

Usercentrics Consent Management Platform

Description of Service

This is a consent management service. Usercentrics GmbH is used on websites and apps as a processor for the purpose of consent management.

Processing Company

Usercentrics GmbH

Sendlinger Str. 7, 80331 Munich, Germany

Below you can find the email address of the data protection officer of the processing company.

datenschutz@usercentrics.com

Data Purposes

This list represents the purposes of the data collection and processing.

Compliance with legal obligations
Consent storage

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

Local storage
Pixel

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

Opt-in and opt-out data
Referrer URL
User agent
User settings
Consent ID
Time of consent
Consent type
Template version
Banner language
IP address
Geographic location

Legal Basis

In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. c GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The consent data (given consent and revocation of consent) are stored for one year. The data will then be deleted immediately.

Data Recipients

In the following the recipients of the data collected are listed.

Usercentrics GmbH

Click here to read the privacy policy of the data processor

https://usercentrics.com/privacy-policy/

Stored Information

Name: uc_settings and/or ucString; This holds the ControllerID and SettingsID, the language, settings version and services with their consent history.; Type: web; Domain: usercentrics.com;
Name: uc_user_interaction; This is used to signal whether a user has already given consent.; Type: web;
Name: ucData (optional); This holds information about the Google Consent Mode.; Type: web;
Name: uc_ui_version; This key states the UI version used by the clients; Type: web;
Name: uc_user_country; This is used to recognize the location of the user and show the correct version of the CMP.; Type: web;

Facebook Pixel

Description of Service

This is a Tracking technology offered by Facebook and used by other Facebook services. It is used to track interactions of visitors with websites ("Events") after they have clicked on an ad placed on Facebook or other services provided by Meta ("Conversion").

Processing Company

Meta Platforms Ireland Ltd.

4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland

Below you can find the email address of the data protection officer of the processing company.

https://www.facebook.com/help/contact/1650115808681298

Data Purposes

This list represents the purposes of the data collection and processing.

Analytics
Marketing
Retargeting
Advertisement
Conversion Tracking
Personalisation

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

Cookies
Pixel

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

Ads viewed
Content viewed
Device information
Geographic location
HTTP-header
Interactions with advertisement, services, and products
IP address
Items clicked
Marketing information
Pages visited
Pixel ID
Referrer URL
Usage data
User behaviour
Facebook cookie information
Facebook user ID
Usage/click behaviour
Browser information
Device operating system
Device ID
User agent
Browser type

Legal Basis

In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

User’s interactions tracked on websites will not be stored longer than for two years. However, the data will be deleted as soon as they are no longer needed for the processing purposes.

Transfer to Third Countries

Singapore
United States of America
United Kingdom

Data Recipients

In the following the recipients of the data collected are listed.

Meta Platforms Ireland Ltd., Meta Platforms Inc.

Click here to read the privacy policy of the data processor

https://www.facebook.com/privacy/explanation

Click here to read the cookie policy of the data processor

https://www.facebook.com/policies/cookies

Storage Information

Maximum age of cookie storage: 1 year

Stored Information

Name: messaging_plugin_#; Type: cookie; Duration: - ;
Name: fr; Type: cookie; Duration: - ;
Name: _fbp; Type: cookie; Duration: - ;
Name: pxcelBcnLcy; Type: cookie; Duration: - ;
Name: _fbp; Type: web;

Google Ads

Description of Service

This is an advertising service. This service can be used to show personalised or non-personalised advertisement to users.

Processing Company

Google Ireland Limited

Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland

Below you can find the email address of the data protection officer of the processing company.

https://support.google.com/policies/contact/general_privacy_form

Data Purposes

This list represents the purposes of the data collection and processing.

Advertisement
Analytics
Providing Service
Statistics

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

Cookies
Tracking Pixel

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

Ads viewed
Cookie ID
Date and time of visit
Device information
Geographic location
IP address
Search terms
Ads shown
Client ID
Impressions
Online identifiers
Browser information
Referrer URL
Interaction data

Legal Basis

In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The data will be deleted as soon as they are no longer needed for the processing purposes. Log data is anonymized after 9 months and cookie information is anonymized after 18 months.

Transfer to Third Countries

Chile
Singapore
Taiwan
United States of America

Data Recipients

In the following the recipients of the data collected are listed.

Alphabet Inc., Google LLC, Google Ireland Limited

Click here to read the privacy policy of the data processor

https://business.safety.google/privacy/?hl=en

Click here to read the cookie policy of the data processor

https://policies.google.com/technologies/cookies?hl=en

Click here to opt out from this processor across all domains

https://safety.google/privacy/privacy-controls/

Storage Information

Maximum age of cookie storage: 1 year

Stored Information

Name: NID; This is used to provide advertisements or retargeting.; Type: cookie; Duration: 6 months;
Name: __gads; This is used to provide advertisements or retargeting.; Type: cookie; Duration: 1 year, 1 month;
Name: pm_sess; This is used to make sure that requests come from a user.; Type: cookie; Duration: 30 minutes;
Name: ANID; This is used to show advertisements on websites outside of Google.; Type: cookie; Duration: 1 year, 1 month;
Name: _gcl_au; This is used to store and track conversions.; Type: cookie; Duration: 2 months, 29 days;
Name: FPGCLAW; This cookie is used to track campaign related information on the user.; Type: cookie; Duration: 2 months, 29 days;
Name: FPGCLGB; This cookie is used to track campaign related information on the user.; Type: cookie; Duration: 2 months, 29 days;
Name: _gcl_gb; This cookie is used to track campaign related information on the user.; Type: cookie; Duration: 2 months, 29 days;
Name: _gac_gb_; This cookie is used to track campaign related information on the user.; Type: cookie; Duration: 2 months, 29 days;
Name: _gcl_aw; This cookie is set when a user arrives at the website via a click on a Google ad.; Type: cookie; Duration: 2 months, 29 days;
Name: YSC; This is used to store and track interaction.; Type: cookie; Duration: Session;
Name: 1P_JAR; This is used to collect information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website.; Type: cookie; Duration: 30 days;
Name: AID; This is used to link activities on other devices the user has previously logged into with a Google account. ; Type: cookie; Duration: 1 year, 1 month;
Name: FPAU; This is used to collect information about the users and their activity on the website through embedded elements with the purpose of analytics and reporting.; Type: cookie; Duration: 2 months, 29 days;

Google Ads Remarketing

Description of Service

This is a remarketing service. With Remarketing, the user can display ads to users of the website based on their interests on other websites within the Google Displaying Network (e.g. in Google Search or on YouTube). For this purpose, the users' interactions are analyzed, e.g. regarding the products and services a user is interested in. This enables the user to display targeted advertising to the user on other websites even after the visit to the website.

Processing Company

Google Ireland Limited

Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Below you can find the email address of the data protection officer of the processing company.

https://support.google.com/policies/contact/general_privacy_form

Data Purposes

This list represents the purposes of the data collection and processing.

Remarketing
Advertisement
Tracking users' actions

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

Cookies
Tracking Pixel

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

Duration of visit
IP address
Pages visited
Content user is interested in
Website use
Referrer URL
Advertising identifier
Date and time of visit
Device information
Browser information

Legal Basis

In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The data will be deleted as soon as they are no longer needed for the processing purposes.

Transfer to Third Countries

Singapore
Taiwan
Chile
United States of America

Data Recipients

In the following the recipients of the data collected are listed.

Google Ireland Limited
Google LLC
Alphabet Inc.

Click here to read the privacy policy of the data processor

https://business.safety.google/privacy/?hl=en

Click here to read the cookie policy of the data processor

https://policies.google.com/technologies/cookies?hl=en

Storage Information

Maximum age of cookie storage: 1 year

Stored Information

Name: IDE; Contains a randomly generated user ID. Using this ID, Google can recognize the user across different websites across domains and display personalized advertising.; Type: cookie; Duration: 1 year; Domain: doubleclick.net;
Name: test_cookie; Set as a test to check whether the browser allows cookies to be set. Does not contain any identification features.; Type: cookie; Duration: 15 minutes; Domain: doubleclick.net;
Name: NID; This is used to provide advertisements or retargeting.; Type: cookie; Duration: 6 months;
Name: __gads; This is used to provide advertisements or retargeting.; Type: cookie; Duration: 1 year, 1 month;
Name: pm_sess; This is used to make sure that requests come from a user.; Type: cookie; Duration: 30 minutes;
Name: ANID; This is used to show advertisements on websites outside of Google.; Type: cookie; Duration: 1 year, 1 month;
Name: _gcl_au; This is used to store and track conversions.; Type: cookie; Duration: 2 months, 29 days;
Name: _gcl_gb; This is used to register a unique ID and identify a user. ; Type: cookie; Duration: 3 months;
Name: _gcl_aw; This is used to provide ad delivery or retargeting. ; Type: cookie; Duration: 3 months;

Google Analytics

Description of Service

This is a web analytics service. With this, the user can measure the advertising return on investment "ROI" as well as track user behavior with flash, video, websites and applications.

Processing Company

Google Ireland Limited

Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Below you can find the email address of the data protection officer of the processing company.

https://support.google.com/policies/contact/general_privacy_form

Data Purposes

This list represents the purposes of the data collection and processing.

Marketing
Analytics

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

Cookies
Pixel
JavaScript

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

Click path
Date and time of visit
Device information
Location information
IP address
Pages visited
Referrer URL
Browser information
Hostname
Browser language
Browser type
Screen resolution
Device operating system
Interaction data
User behaviour
Visited URL
Cookie ID

Legal Basis

In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The Retention Period depends on the type of the saved data. Each user can choose how long Google Analytics retains data before automatically deleting it.

Transfer to Third Countries

United States of America
Singapore
Chile
Taiwan

Data Recipients

In the following the recipients of the data collected are listed.

Google Ireland Limited, Alphabet Inc., Google LLC

Click here to read the privacy policy of the data processor

https://business.safety.google/privacy/?hl=en

Click here to read the cookie policy of the data processor

https://policies.google.com/technologies/cookies?hl=en

Click here to opt out from this processor across all domains

https://tools.google.com/dlpage/gaoptout?hl=de

Storage Information

Maximum age of cookie storage: 2 years

Stored Information

Name: __utmb; This cookie is used to track the time of the visit.; Type: cookie; Duration: Session;
Name: _ga; This cookie is used to distinguish between users.; Type: cookie; Duration: 2 years;
Name: _gid; This cookie is used to identify the user.; Type: cookie; Duration: 1 day;
Name: __utma; This cookie is used to record the time and date of the first visit, the total number of visits and the start time of the current visit. ; Type: cookie; Duration: Session;
Name: __utmz; This cookie is used to record where the visitor came from. ; Type: cookie; Duration: Session;
Name: IDE; This is used to show personalised ads. ; Type: cookie; Duration: 1 year, 1 month;
Name: CONSENT; This is used to store the consent choices of the user. ; Type: cookie; Duration: 2 years;
Name: __utmt; This is used to throttle the request rate. ; Type: cookie; Duration: 10 minutes;
Name: _gat; This is used to read and filter requests from bots.; Type: cookie; Duration: 1 minute;
Name: __utmc; This is used to store the time of the visit.; Type: cookie; Duration: 30 minutes;
Name: FPID; This is used to store a value used for setting the Client ID in the request to Google's servers.; Type: cookie; Duration: 2 years;
Name: FPLC; This is used to register a unique ID that is used to generate statistical data about how the visitor uses the website.; Type: cookie; Duration: 20 hours;

Subservices

Below you can find all the services that are subordinate to this service. The current consent status of this service applies to all subservices.

DoubleClick Ad

Description of Service

This is an advertising service. With this service it is possible to provide relevant ads to users and get campaign reports.

Processing Company

Google Ireland Limited

Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Below you can find the email address of the data protection officer of the processing company.

https://support.google.com/policies/troubleshooter/7575787?hl=en

Data Purposes

This list represents the purposes of the data collection and processing.

Advertisement
Analytics
Optimization

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

Browser information
Click path
Cookie information
Date and time of visit
Demographic data
Device identifiers
Location information
Hardware/software type
Internet service provider
IP address
Number of times ads are seen
Serving domains
Interaction data
Page views
Search history

Legal Basis

In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The data will be deleted as soon as they are no longer needed for the processing purposes.

Transfer to Third Countries

United States of America

Data Recipients

In the following the recipients of the data collected are listed.

Google Ireland Limited
Google LLC
Alphabet Inc.

Click here to read the privacy policy of the data processor

https://policies.google.com/privacy?hl=en

Click here to read the cookie policy of the data processor

https://policies.google.com/technologies/cookies?hl=en

Storage Information

Maximum age of cookie storage: 1 year

Stored Information

Name: test_cookie; Test for cookie setting permissions in user's browser; Type: cookie; Duration: 1 day; Domain: doubleclick.net;
Name: IDE; Contains a randomly generated user ID. Using this ID, Google can recognize the user across different websites across domains and display personalized advertising.; Type: cookie; Duration: 1 year; Domain: doubleclick.net;

Google Maps

Description of Service

This is an integrated map service.

Processing Company

Google LLC

1600 Amphitheatre Parkway Mountain View, CA 94043, United States of America

Below you can find the email address of the data protection officer of the processing company.

https://support.google.com/policies/contact/general_privacy_form

Data Purposes

This list represents the purposes of the data collection and processing.

Displaying Maps

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

APIs

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

Date and time of visit
Location information
IP address
URL
Usage data
Search terms
Geographic location

Legal Basis

In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The data will be deleted as soon as they are no longer needed for the processing purposes.

Transfer to Third Countries

United States of America
Singapore
Taiwan
Chile

Data Recipients

In the following the recipients of the data collected are listed.

Google Ireland Limited, Google LLC, Alphabet Inc

Click here to read the privacy policy of the data processor

http://www.google.com/intl/de/policies/privacy/

Click here to read the cookie policy of the data processor

https://policies.google.com/technologies/cookies?hl=en

Stored Information

Name: NID; This cookie is used to store the users preferences.; Type: cookie; Duration: 6 months;

Subservices

Below you can find all the services that are subordinate to this service. The current consent status of this service applies to all subservices.

Google Fonts

Description of Service

This is a collection of fonts for commercial and personal use.

Processing Company

Google Ireland Limited

Gordon House, 4 Barrow St, Dublin 4, Ireland

Below you can find the email address of the data protection officer of the processing company.

https://support.google.com/policies/contact/general_privacy_form

Data Purposes

This list represents the purposes of the data collection and processing.

Providing fonts
Improvement of service

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

APIs

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

IP address
Aggregated usage numbers
Font file requests
Referrer URL
CSS requests
User agent
Browser information

Legal Basis

In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The data will be deleted as soon as they are no longer needed for the processing purposes.

Transfer to Third Countries

United States of America
Singapore
Taiwan
Chile

Data Recipients

In the following the recipients of the data collected are listed.

Alphabet Inc., Google LLC, Google Ireland Limited

Click here to read the privacy policy of the data processor

https://business.safety.google/privacy/?hl=en

Click here to read the cookie policy of the data processor

https://policies.google.com/technologies/cookies?hl=en

Google Optimize

Description of Service

This is a service for website optimization and analysis. It helps online marketers and webmasters increase visitor conversion rates and overall visitor satisfaction by testing different combinations of website content. With this the user can perform A/B Tests on their website. A/B tests allow to pit different design options of elements of a website against each other.

Processing Company

Google Ireland Limited

Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Below you can find the email address of the data protection officer of the processing company.

https://support.google.com/policies/troubleshooter/7575787?hl=en

Data Purposes

This list represents the purposes of the data collection and processing.

Optimization
Improvement of service
Testing

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

Anonymised IP address
User behaviour
Browser type
Browser version
Device operating system
Device type
URL
Visitors path on website
Referrer URL
Geographic location

Legal Basis

In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The data will be deleted as soon as they are no longer needed for the processing purposes.

Transfer to Third Countries

United States of America
Chile
Singapore
Taiwan

Data Recipients

In the following the recipients of the data collected are listed.

Google LLC
Google Ireland Limited
Alphabet Inc

Click here to read the privacy policy of the data processor

https://business.safety.google/privacy/?hl=en

Click here to read the cookie policy of the data processor

https://policies.google.com/technologies/cookies?hl=en

Click here to opt out from this processor across all domains

https://tools.google.com/dlpage/gaoptout

Storage Information

Maximum age of cookie storage: 2 months, 29 days

Stored Information

Name: _gaexp; This cookie is set to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in.
; Type: cookie; Duration: 2 months, 29 days;
Name: _opt_utmc; This cookie stores information about which marketing campaign a user last came to the website.; Type: cookie; Duration: 1 day;
Name: _opt_awcid; Contains a randomly generated user ID. Based on this ID, Google can recognize the user across different websites and display personalized advertising.; Type: cookie; Duration: 1 day;
Name: _opt_awmid; This cookie is set when a user reaches the website via a click on a Google ad. It contains information about whose customer account the clicked ad was placed from.; Type: cookie; Duration: 1 day;
Name: _opt_awgid; This cookie is set when a user reaches the website via a click on a Google ad. It contains information about which advertising campaign the clicked ad belongs to.; Type: cookie; Duration: 1 day;
Name: _opt_awkid; This cookie is set when a user reaches the website via a click on a Google ad. It contains information about the selection criteria used to place the ad, for example, which keyword was entered into Google.; Type: cookie; Duration: 1 day;
Name: _opt_expid; This cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that's being redirected.; Type: cookie; Duration: 10 seconds;

Google Tag Manager

Description of Service

This is a tag management system. Via Google Tag Manager, tags can be integrated centrally via a user interface. Tags are small sections of code that can track activities. Script codes of other tools are integrated via the Google Tag Manager. The Tag Manager allows to control when a particular tag is triggered.

Processing Company

Google Ireland Limited

Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Below you can find the email address of the data protection officer of the processing company.

https://support.google.com/policies/contact/general_privacy_form

Data Purposes

This list represents the purposes of the data collection and processing.

Tag Management

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

Website tags

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

Aggregated data about tag firing

Legal Basis

In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The data will be deleted as soon as they are no longer needed for the processing purposes.

Transfer to Third Countries

Singapore
Taiwan
Chile
United States of America

Data Recipients

In the following the recipients of the data collected are listed.

Alphabet Inc., Google LLC, Google Ireland Limited

Click here to read the privacy policy of the data processor

https://business.safety.google/privacy/?hl=en

Click here to read the cookie policy of the data processor

https://policies.google.com/technologies/cookies?hl=en

LinkedIn Insight Tag

Description of Service

This is a conversion tracking and retargeting service.

Processing Company

LinkedIn Ireland Unlimited Company

Wilton Place, Dublin 2, Ireland

Below you can find the email address of the data protection officer of the processing company.

https://www.linkedin.com/help/linkedin/ask/TSO-DPO

Data Purposes

This list represents the purposes of the data collection and processing.

Marketing
Retargeting
Analytics

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

Cookies
Pixel

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

Device information
IP address
Referrer URL
Timestamp
Browser information

Legal Basis

In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

Singapore,European Union,United States of America

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The data will be deleted after 90 days.

Transfer to Third Countries

Singapore
United States of America

Data Recipients

In the following the recipients of the data collected are listed.

LinkedIn Ireland Unlimited Company

Click here to read the privacy policy of the data processor

https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com

Click here to read the cookie policy of the data processor

https://www.linkedin.com/legal/cookie_policy?src=li-other&veh=www.linkedin.com

Click here to opt out from this processor across all domains

https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com

Storage Information

Maximum age of cookie storage: 6 months

Stored Information

Name: BizographicsOptOut; This cookie is used to determine whether a user has rejected targeted advertising.; Type: cookie; Duration: 10 years;
Name: UserMatchHistory; Used by the LinkedIn Insight tag to provide detailed campaign reporting and discover new business demographics by layering LinkedIn data with website visitor data.; Type: cookie; Duration: 30 days;
Name: U; This is a browser Identifier for users outside EU/EEA.; Type: cookie; Duration: 2 months, 29 days;
Name: li_sugr; Used to make a probabilistic match of a user's identity outside the EU/EEA.; Type: cookie; Duration: 2 months, 29 days;
Name: bscookie; This is used for remembering that a logged in user is verified by two factor authentication.; Type: cookie; Duration: 2 years;
Name: bcookie; Browser Identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse.; Type: cookie; Duration: 2 years;

walls.io

Description of Service

This is a social wall. With this service the user can collect and showcase posts, photos or videos from various social media channels.

Processing Company

Walls.io GmbH

Schönbrunner Straße 213/215, 3rd Floor, 1120 Vienna, Austria

Below you can find the email address of the data protection officer of the processing company.

privacy@walls.io

Data Purposes

This list represents the purposes of the data collection and processing.

Embedding Posts
Providing a social media feed

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

IP address
Cookie information

Legal Basis

In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The data will be deleted the latest after 60 days.

Data Recipients

In the following the recipients of the data collected are listed.

Walls.io GmbH

Click here to read the privacy policy of the data processor

https://walls.io/privacy

Stored Information

Name: _ga; This is used to distinguish users.; Type: cookie; Duration: 2 years; Domain: walls.io;
Name: _gat; This is used to distinguish users.; Type: cookie; Duration: Session; Domain: walls.io;
Name: _gid; This is used to distinguish users.; Type: cookie; Duration: 1 day; Domain: walls.io;
Name: wallsio; This is used to provide the service.; Type: cookie; Duration: 30 days; Domain: walls.io;

Wistia

Description of Service

This is a video hosting service.

Processing Company

Wistia, Inc.

120 Brookline Street, Cambridge, Massachusetts, 02139 United States of America

Below you can find the email address of the data protection officer of the processing company.

privacy@wistia.com

Data Purposes

This list represents the purposes of the data collection and processing.

Optimization
Video hosting

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

Browser information
Content interaction information
IP address
Usage data
Videos viewed
Device information
Device operating system

Legal Basis

In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

United States of America

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The data will be deleted as soon as they are no longer needed for the processing purposes.

Transfer to Third Countries

United States of America

Data Recipients

In the following the recipients of the data collected are listed.

Wistia, Inc.

Click here to read the privacy policy of the data processor

https://wistia.com/privacy

Storage Information

Maximum age of cookie storage: 1 year

Stored Information

Name: _distillery, personalization_id, _sp_id.2b40, muxData; This cookie is used to track video views across multiple sessions and/or page loads.; Type: cookie; Duration: 1 year;
Name: wistia-http2-push-disabled; This cookie supports performance tracking by Wistia for their Analytics, so it can be seen how often videos were watched and how users interacted with video functionality.
; Type: cookie; Duration: 14 days;
Name: _simplex; This cookie is set by Wistia for storing user’s referrer and landing paged details.; Type: cookie; Duration: 1 year;

Subservices

Below you can find all the services that are subordinate to this service. The current consent status of this service applies to all subservices.

Akamai

Description of Service

This is a content delivery and cloud infrastructure service provider that distributes, accelerates and protects online applications.

Processing Company

Akamai Technologies GmbH

Parkring 20–22, 85748 Garching, Germany

Below you can find the email address of the data protection officer of the processing company.

privacy@akamai.com

Data Purposes

This list represents the purposes of the data collection and processing.

Analytics
Cloud computing
Monitoring

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

Browser information
Date and time of visit
Device information
Device operating system
Geographic location
IP address
Mouse movements
Pages visited
Visited URL

Legal Basis

In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The data will be deleted as soon as they are no longer needed for the processing purposes.

Transfer to Third Countries

Worldwide

Data Recipients

In the following the recipients of the data collected are listed.

Akamai Technologies, Inc., Akamai Technologies GmbH

Click here to read the privacy policy of the data processor

https://www.akamai.com/us/en/multimedia/documents/akamai/akamai-privacy-statement.pdf

Storage Information

Maximum age of cookie storage: 1 hour

Stored Information

Name: AKA_A2; This is used to speed up content delivery on websites using the adaptive acceleration feature.; Type: cookie; Duration: 1 hour; Domain: akamai.com;

YouTube Video

Description of Service

This is a video player service. It can be used by user to watch, like, share, comment and upload videos.

Processing Company

Google Ireland Limited

Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Below you can find the email address of the data protection officer of the processing company.

https://support.google.com/policies/contact/general_privacy_form

Data Purposes

This list represents the purposes of the data collection and processing.

Displaying Videos

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

Cookies (if Privacy-Enhanced Mode is not activated)

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

Device information
IP address
Referrer URL
Videos viewed

Legal Basis

In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The data will be deleted as soon as they are no longer needed for the processing purposes.

Transfer to Third Countries

Chile
United States of America
Taiwan
Singapore

Data Recipients

In the following the recipients of the data collected are listed.

Alphabet Inc.
Google LLC
Google Ireland Limited

Click here to read the privacy policy of the data processor

https://business.safety.google/privacy/?hl=en

Click here to read the cookie policy of the data processor

https://policies.google.com/technologies/cookies?hl=en

Click here to opt out from this processor across all domains

https://safety.google/privacy/privacy-controls/

Storage Information

Maximum age of cookie storage: 8 months

Stored Information

Name: __sak; This is used to store information about the visitor's video preferences.; Type: web;
Name: LAST_RESULT_ENTRY_KEY; This is used to save the user settings when retrieving a Youtube video integrated on other web pages.; Type: web;
Name: yt-player-bandaid-host, yt-player-bandwidth, yt-player-headers-readable; This is used to determine the optimal video quality based on the visitor's device and network settings.; Type: web;
Name: yt-remote-cast-installed, yt-remote-connected-devices, yt-remote-device-id, yt-remote-fast-check-period, yt-remote-session-app, yt-remote-session-name; This is used to store the user's video player preferences using embedded YouTube video.; Type: web;
Name: YEC; This is used to store the user's video player preferences using embedded YouTube video.; Type: cookie; Duration: 1 year, 1 month;
Name: CONSENT; This is used to detect if the visitor has accepted the marketing category in the cookie banner. ; Type: cookie; Duration: 2 years;
Name: DEVICE_INFO; This is used to track user’s interaction with embedded content.; Type: cookie; Duration: 5 months, 26 days;
Name: remote_sid; This is used for the implementation and functionality of YouTube video content on the website.; Type: cookie; Duration: Session;
Name: test_cookie; This is a test for cookie setting permissions in user's browser.; Type: cookie; Duration: 1 day;
Name: VISITOR_INFO1_LIVE; This is used to measure the users bandwidth to determine whether they get the new or old player interface.; Type: cookie; Duration: 6 months;
Name: YSC; This is set by the YouTube video service on pages with embedded YouTube videos.; Type: cookie; Duration: Session;
Name: PREF; This is used to store information such as your preferred page configuration and playback settings such as explicit autoplay options, random mix, and player size.; Type: cookie; Duration: 8 months;
Name: pm_sess; This is used to maintain your browsing session.; Type: cookie; Duration: 30 minutes;
Name: CGIC; This is used to provide search results by auto-completing search queries based on a user's initial input.; Type: cookie; Duration: 6 months;
Name: UULE; This is used to determine the users geographic location. ; Type: cookie; Duration: 6 hours;
Name: _Secure-YEC; This is used to store the user's video player preferences using embedded YouTube videos.; Type: cookie; Duration: 1 year, 1 month;

6. Piwik
The Winterhalter online service also uses “Piwik”, an open-source software package for statistical analysis of user access. Piwik also uses cookies that are saved on your data carriers and allow analysis of your use of the Winterhalter online service. The information generated by the cookies about your use of the Winterhalter online service is saved on the server of Winterhalter Gastronom GmbH in Germany. Your IP address is anonymised immediately after processing and before storage. Users can prevent the installation of cookies by selecting the appropriate settings in their browser software; please note, however, that if you do so, you may not be able to use all of the functions of the Winterhalter online service to their full extent. The legal basis for processing personal data using cookies is Art. 6 (1) sub-paragraph 1 (f) GDPR.

8. Crazy Egg
This site uses the tracking tool CrazyEgg.com to record individual visits chosen at random (only with an anonymised IP address). This tracking tool makes it possible to analyse how you use the website by means of cookies (e.g. which content you have clicked on). A user profile is displayed visually for this purpose. No personal data about you is collected, processed or used when the tool is applied. User profiles are only created on the basis of pseudonyms.
You can object to the collection, processing and recording of the data generated by CrazyEgg.com at any time by following the instructions at www.crazyegg.com/opt-out. You will find further information about data protection at CrazyEgg.com at www.crazyegg.com/privacy.

9. Where are my data stored?
Winterhalter stores your data on its own servers, which are located in a secure computer centre in Germany.

For security reasons, we store back-up copies of our databases with external service providers in Germany. These back-up copies are encrypted and the data are not accessible to the employees of the service company. Such service providers are carefully selected by us. They are permitted to use the data only within the context of our instructions and have undertaken to maintain a high level of data protection for us. The legal basis for collaboration with these service providers is Art. 28 GDPR.

10. For how long is my data stored?
We save the usage data described under 3.1 permanently for you. Otherwise, your data is erased when knowledge of it is no longer required for the purposes described, unless statutory provisions specify a longer storage period.

B) INFORMATION ABOUT OTHER DATA PROCESSING PROCEDURES

1. Specific information about the application procedure
The data concerned are all information that you have provided to us for the purpose of processing your application (Art. 6 (1) (b) GDPR and Art. 88 GDPR).
Your application data are processed by us for the purposes of the application procedure by the relevant offices at Winterhalter Gastronom GmbH. In addition, we pass these data on to the relevant offices of Winterhalter Deutschland GmbH as required. We use external service providers for processing and hosting in accordance with Art. 28 GDPR; we do not transfer data to third countries in this connection.
Application data are usually erased within four months of notification of the decision, unless consent to a longer period of data storage is given in the context of inclusion in the applicant pool.

2. Specific information about processing of customer/potential customer data
The data concerned are all information that you have provided to us to execute contracts (Art. 6 (1) (b)); we collect any additional data for processing only on the basis of your express consent (Art. 6 (1) (a) GDPR).
The data are used, among other things, to draw up quotations, for orders, sales and invoicing, and for the purposes of quality assurance.
Other recipients may include external service providers or other contractors who require the data, among other things, for data processing relating to shipping, transport and logistics.
Other external bodies may also be recipients if the data subject has given his/her consent (Art. 6 (1) (a) GDPR) or transmission is permitted on the basis of an overriding interest (Art. 6 (1) (f) GDPR), including for information about creditworthiness in the case of purchase on account, electronic transmission of information and quality assurance purposes. If statutory regulations take precedence, the data may also be passed on to public bodies including the tax office and customs agency (Art. 6 (1) (c) GDPR).
In the context of execution of contracts, commissioned data processors from outside the European Union may also be used.
The duration of data storage is determined by the statutory storage obligations and is usually 10 years.

3. Specific information about processing of employee data
We process data in the context of employment in order to execute contracts (Art. 88 GDPR); any additional data is processed only on the basis of your express consent (Art. 6 (1) (a) GDPR).
Possible recipients of the data include public bodies if there are overriding legal regulations, among them the tax office, social insurance agencies and professional associations.
If the data subject has given his/her consent or transmission is permitted on the basis of an overriding interest, other external bodies may be recipients, including for order acquisition and insurance services. Transmission to a third country does not take place.
The duration of data storage is determined by the statutory storage obligations and is usually 10 years.

4. Specific information about processing of supplier data
The data concerned are all information that you have provided to us for execution of contracts (Art. 6 (1) (b) GDPR); any additional data is processed only on the basis of your express consent (Art. 6 (1) (a) GDPR).
The data are used, among other things, for enquiries, purchasing and quality assurance.
Other recipients may include external service providers or other contractors who require the data for data processing, bookkeeping and processing of payments, among other things.
Other external bodies may also be recipients provided that the data subject has given his/her consent (Art. 6 (1) (a) GDPR) or if transmission is permitted on the basis of an overriding interest, including for information about creditworthiness in the case of purchase on account, for electronic transmission of information and for quality assurance purposes. If legal regulations take precedence, public bodies such as the tax office and customs agency may also be recipients.
In the context of execution of contracts, commissioned data processors from outside the European Union may also be used.
The duration of data storage is determined by the statutory storage obligations and is usually 10 years.

C) WHERE CAN I OBTAIN INFORMATION ABOUT MY DATA AND HOW CAN I CHANGE OR ERASE DATA?
On request, you can obtain information about the data that Winterhalter has stored about you at any time. Please send an email to privacy@winterhalter.de. If the relevant statutory requirements apply, you also have the right to rectification, erasure or restriction of processing.

You can alter your registration data at any time via the Winterhalter online service. Please note that you will not be able to use areas of the Winterhalter online service that are protected by a log-in if you erase your registration data.

If you wish to delete your log-in details permanently, please notify us by email at privacy@winterhalter.de. We shall erase or anonymise all of the information held about you within 14 days of receipt of your application for erasure, unless we are obliged to retain the data by law.
You may also obtain the data that you have provided to Winterhalter in a structured, standard and machine-readable format or demand that Winterhalter transmit these data to a third party.
If processing of personal data for the purposes specified above is on the basis of Art. 6 (1) sub-paragraph 1 (f) GDPR, you may object to it at any time if the legal requirements are met. Informing privacy@winterhalter.de of this is sufficient.
You also have the right to consult the Regional Data Protection Officer about any complaint.

D) CONTACT
If you have any questions about this Privacy Policy, please contact us at privacy@winterhalter.de or by post or fax. You will find the information required to make contact with us by post or fax in the Legal Notice.