Data Protection policy

Wendt & Kühn KG

Wendt & Kühn KG (hereafter referred to as “Wendt & Kühn”) thank you for visiting our website. We are grateful for your interest in our company and our products.

We respect your privacy.
The protection of your privacy during the processing of your personal data and the security of this data is very important to us. We process and use the personal data collected during your visit to our website in accordance with the content of this Data Protection Policy, with GDPR and with the relevant German General Data Protection Regulation, including, but not limited to, the BDSG (Federal Data Protection Act) and the German Telemedia Act (TMG).
This Data Protection Policy governs which of your personal data we collect, process and use. We therefore ask you to read the following explanations carefully.

1. General Information
Personal data is any data relating to an identified or identifiable natural person. Processing means any operation or set of operations which is performed on personal data, above all the collection, organisation, storage and destruction of data. Further details can be found in Article 4, No. 1 and 2 GDPR.

When you visit our website your data is collected by our IT system. This is principally technical data (IP address, date, time). The collection of this data occurs automatically as soon as you visit our website, in order to ensure that the website functions correctly.

You will find more detailed information about data protection in the individual explanations in the text below. This Data Protection Policy fulfils our obligation to you under Article 12 - Article 14 GDPR. The full text of the GDPR can be found at this address: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:32016R0679

2. Website encryption and security on the internet
For security reasons and to safeguard the transmission of confidential content, such as orders or requests that you send to us as the website operator, this website uses SSL or TLS encryption. Please note, however, that data transmission over the internet (e.g. communication via e-mail) may still be subject to security breaches. Total protection against access by third parties is not possible.

3. Controller
Many data protection obligations are the responsibility of so-called “controllers”. This means the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data. As the operator of the website www.wendt-kuehn.de and the processor of data, Wendt & Kühn is the controller of the personal data of the user (hereafter referred to as “you”) as defined in the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
You can reach us using the following contact details:

Wendt & Kühn KG
Chemnitzer Strasse 40, 09579 Grünhainichen, Germany
Telephone: 0049 37294 86 0
E-mail: info@wendt-kuehn.de

4. Company Data Protection Officer

MOOG & Partner Steuerberatungsgesellschaft mbH
Johannes Heinlein
Holzhofallee 15 A, 64295 Darmstadt, Deutschland
E-Mail:  datenschutz@wendt-kuehn.de

5. Web hosting
Our website is hosted by Alphahosting GmbH (registered office in Germany). All data collected when visiting our website and stored by us, is therefore held on the servers of Alphahosting GmbH. The servers of Alphahosting GmbH are located in Germany. Alphahosting GmbH handles all user data stored there strictly in accordance with our instructions as controller. We specify the purpose and means of processing in the processing contract as defined in Article 28 GDPR.

6. Cookies
In some instances, our website and its pages use so-called “cookies”. Cookies do not cause any damage to your computer and do not contain viruses. The purpose of cookies is to make our website more user friendly, more effective and more secure. Cookies are small text files that are placed on your computer and stored by your browser.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted when you leave our website. Other cookies will remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit our website.

You can adjust the settings of your browser to make sure that you are notified every time cookies are placed and to enable you to accept cookies only in specific cases, or to exclude the acceptance of cookies for specific situations or generally and to activate the automatic deletion of cookies when you close your browser. However, disabling cookies may limit the functionality of this website.
Cookies that are required to complete electronic communications are stored as defined in Article 6 paragraph 1 point (f) GDPR (balance of interests). The website operator has a legitimate interest in storing cookies to ensure the technically error free and optimized provision of the operator’s services. If other cookies (e.g. cookies for the analysis of your browsing habits) are stored, they are addressed separately in this Data Protection Policy.

7. Collection of data in the system and the creation of log files

7.1. Collection of data in the system and the creation of log files
Access log files and error log files are stored in our web space on the servers of Alphahosting GmbH. These log files contain the IP addresses of visitors to the site and therefore their personal data. The following data is captured there:

•    Website visited
•    Time of the visit
•    Quantity of data sent in bytes
•    Source/link that led you to the site
•    Browser used
•    Operating system used
•    IP address used
•    Guest ID and customer ID for visits to the online shop

This data together with other personal data relating to the user is not stored.

7.2. Legal basis for processing
The legal basis for the temporary storage of data and log files is Article 6 paragraph 1 point (f) GDPR (balance of interests).

7.3. Purpose of processing
We have the following objectives in processing user data:
The temporary storage of the above information by the system is necessary to enable information to be transferred from the website to the user’s computer. For this the IP address of the user must be stored for the duration of the session. The IP address is also stored to detect and ward off attacks.

Storage of log files takes place in order to secure the functionality of the website. In addition, the data serves to optimize the website and to ensure the security of our information technology systems. There is no evaluation of the data for marketing purposes in this context.

For these purposes our legitimate interest in data processing also lies within the meaning of Article 6 paragraph 1 point (f) GDPR (balance of interests).

7.4. Retention period of data in the system and log files
Data is deleted as soon as it is no longer required for the purpose for which it has been collected.

Where data is collected for accessing the website, this takes place when each session is over.

Where data is stored in log files, this is done after a maximum of 30 days. The IP address of the user is anonymized after 24 hours by setting the last octet to zeros. The IP address is then deleted after a maximum of 7 days. Data in the data bank of the online shop is also deleted after 15 days.

Data can be temporarily stored without anonymization as long as it is needed to protect or defend against legal claims.

7.5. Options for opting out and removal
The capture of data in order to access the website and the storage of data in log files is essential for the operation of the website. There is therefore no option for the user to object.

8. Getting in contact by e-mail
You can contact us using the e-mail addresses provided or the contact form.

8.1. Scope of data collection
In this case the personal data of the user transferred with the e-mail, the IP address, user agent, date and time are all stored. In this context, also, none of this data is passed on to a third party. The data is used exclusively for processing the conversation.

8.2. Legal basis for data processing
The legal basis for processing the data transferred as a result of sending an email is Article 6 paragraph 1 point (f) GDPR (balance of interests). If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing it is Article 6 paragraph 1 point (b) GDPR.

8.3. Purpose of data processing
The processing by us of personal data contained in the e-mail serves solely to deal with the contact made. This also constitutes the required legitimate interest for processing the data that you have transferred via e-mail.

8.4. Retention period
The data transferred by you via e-mail is deleted as soon as we have taken note of your correspondence or have completely answered your enquiry and the conversation is over. The conversation is over when it can be inferred from the circumstances that the relevant facts have been finally clarified. The data can however be temporarily stored as long as it is required for the enforcement, exercise and defense of legal claims or if there is a legal obligation to retain the data. This can be done if a contract has been entered into via e-mail. Your data in particular can then be stored as long as is necessary for the execution of the contact and afterwards, for example, for the enforcement or defense of warranty claims.

8.5. Options for opting out and removal
If you contact us via e-mail, you can opt out of having your personal data stored at any time. In this case, however, the conversation cannot be continued. Please get in contact with us via e-mail to opt out. All personal data stored in the course of this contact will be deleted in this case. The data can however be temporarily stored as long as it is required for the enforcement, exercise and defense of legal claims or if there is a legal obligation to retain the data.

9. Newsletter
We process your personal data (last name, first name, e-mail address) for the purpose of sending you our regular newsletter and for our own marketing purposes. The legal basis for this is your consent in accordance with Article 6 paragraph 1 (a) and Article 7 GDPR as well as § 7 II No. 3 UWG (Federal Act Against Unfair Competition). When you subscribe to the newsletter you are confirming that you wish from then onwards to have it sent to the e-mail address given by you. As verification you receive a special e-mail in which you have to confirm your subscription to the newsletter. You will not receive the newsletter without this renewed confirmation. This data is not passed on to a third party. Your data is stored for as long as you wish to receive the newsletter. If you cancel your subscription, you will no longer receive the newsletter. Once we have received this cancellation you will get an immediate response. You can also unsubscribe to the newsletter via a link in each newsletter.

10. Delivery of the customer magazine eleven dot post
In order to be able to send you our customer magazine eleven dot post we store the following personal data: English or German Edition of the eleven dot post, last name, first name, address, country. It is not possible for us to send you the eleven dot post without your consent. We store this for the sole purpose of sending you the magazine. You can withdraw your consent at any time by sending the appropriate notification. The legal basis for this is your consent in accordance with Article 6 paragraph 1 (a) and Article 7 GDPR.

11. Processing orders for the Book of Figurines
On its website Wendt & Kühn offers its users the opportunity to purchase the current Book of Figurines. In order to be able to send you our Book of Figurines we store the following personal data: method of shipment, last name, first name, address, country. We store this for the sole purpose of sending you the Book of Figurines and do not pass it on to any third party. You can withdraw your consent at any time by sending the appropriate notification or through the standard cancellation form on the website. We capture your e-mail address for the sole purpose of sending you an order and shipment confirmation. The legal basis for processing this data is the execution of a contact as defined in Article 6 paragraph 1 point (b) GDPR.

12. Processing order for vouchers
On its website Wendt & Kühn offer its users the opportunity to purchase a voucher for use in its own stores in Grünhainichen and Seiffen. In order to be able to send you this voucher we store the following personal data: value of voucher in Euros, last name, first name, address, e-mail address. We store this for the sole purpose of sending you the voucher and do not pass it on to any third party. You can withdraw your consent at any time by sending the appropriate notification or through the standard cancellation form on the website. We capture your e-mail address for the sole purpose of sending you an order and shipment confirmation. The legal basis for processing this data is the execution of a contact as defined in Article 6 paragraph 1 point (b) GDPR.

13. Booking request for an Experience
On our website www.wendt-kuehn.com we offer users the opportunity of booking various Experiences. In order to be able to process your booking request we store the following personal data for this occasion only: name, date requested, time requested, number of persons, e-mail address. This data is not passed on to any third party and serves only to process your request. The legal basis for processing this data is the execution of a contact as defined in Article 6 paragraph 1 point (b) GDPR.

14. Sending e-cards
On our website www.wendt-kuehn.com we offer users the opportunity of sending a range of e-cards to a third party. In order to send the e-card selected by you, we store the following personal data for this occasion only: sender’s last name, sender’s e-mail address, recipient’s last name, recipient’s e-mail address, text, time of dispatch and sender’s IP address. This data is not passed on to any third party and serves only to send an e-card to the specified recipient. After the e-card is sent, the data related to it is deleted. The legal basis for processing this data is the execution of a contact as defined in Article 6 paragraph 1 point (b) GDPR.

15. The use of YouTube Plugins
To embed videos we use the provider YouTube, among others. YouTube is operated by YouTube LLC with its headquarters in 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. based in 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

On some of our website pages we use YouTube plugins. If you visit one of the pages on our website with an embedded YouTube plugin (for example: our media library), a connection to the YouTube servers is established and the plugin is displayed. Information about which of our pages you have visited will then be transmitted to the YouTube server. If you are logged in to your YouTube account, YouTube assigns this information to your personal account. Using plugins, by clicking the start button on a video for example, also sends this information to your personal account. You can prevent this by logging out of your YouTube account and other user accounts belonging to YouTube LLC and Google Inc. and deleting all cookies generated by these companies before you use our website.
The purpose and scope of data collection and the further processing and use of data by YouTube, as well as your rights in this respect and the settings options for the protection of your privacy can be found in the Privacy Policy of YouTube: https://policies.google.com/privacy

16. The use of Vimeo Plugins
To embed videos we use the provider Vimeo, among others. Vimeo is operated by Vimeo, LLC with its headquarters in 555 West 18th Street, New York, New York 10011.

On some of our website pages we use Vimeo plugins. If you visit one of the pages on our website with an embedded Vimeo plugin (for example: our media library), a connection to the Vimeo servers is established and the plugin is displayed. Information about which of our pages you have visited will then be transmitted to the Vimeo server. If you are logged in to your Vimeo account, Vimeo assigns this information to your personal account. Using plugins, by clicking the start button on a video for example, also sends this information to your personal account. You can prevent this by logging out of your Vimeo account and deleting all cookies generated by Vimeo before you use our website.

The purpose and scope of data collection and the further processing and use of data by Vimeo, as well as your rights in this respect and the settings options for the protection of your privacy can be found in the Privacy Policy of Vimeo: https://vimeo.com/privacy

17. Google Maps
This site uses the mapping service Google Maps via an API. To use the features of Google Maps, it is necessary to store your IP address. This information is usually transmitted to and stored on a Google server in the USA. As the provider of this website we have no influence on this data transfer. We use Google Maps to present our online content in an attractive format and to make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Article 6 paragraph 1 point (f) GDPR. You will find more information on the handling of user data in Google’s Privacy Policy: https://policies.google.com/privacy.

18. Adobe Fonts Typekit
This site uses external fonts from Adobe (Typekit). Typekit is a service of Adobe Systems Software Ireland Limited. The integration of these web fonts takes place through a server call, usually a server of Adobe in the USA. This transmits to the server which of our Internet pages you have visited. The IP address of the browser of the end device of the visitor to these Internet pages is also stored by Adobe. You can find more information in Adobe's privacy policy, which you can access here:
https://www.adobe.com/de/privacy.html
https://fonts.adobe.com/home

The processing of your data takes place on the basis that it is in our legitimate interest (in other words, in the interest of the optimisation and economic operation of our website as defined in Article 6 paragraph 1 point (f) GDPR).

19. etracker
In order to analyse usage data on this website, we use services provided by etracker GmbH (www.etracker.com), a company based in Hamburg, Germany. We do not use cookies for web analysis by default. Insofar as we use analysis and optimisation cookies, we ensure that we have obtained your explicit consent in advance. Where this is the case and you have given your consent, cookies will be used to facilitate statistical analysis of the reach of this website, to gauge the success of our online marketing and to conduct test procedures, for example assessing and optimising different versions of our online offer or its components. Cookies are small text files that are stored by a user’s web browser on his or her terminal device. etracker cookies do not contain any information that allows a user to be identified.

The data generated by etracker on behalf of the operator of this website is processed and stored by etracker exclusively in Germany and is therefore subject to the strict data protection laws and standards that apply in Germany and throughout the EU. etracker has been independently audited, certified and awarded the ePrivacyseal data protection seal of approval.

Data processing is carried out on the basis of the legal provisions of Article 6.1f (‘Legitimate Interest’) of the German Data Protection Regulation (DSGVO). Our concern in terms of this section of the DSGVO is the optimisation of our online offer and of our web presence. Because the privacy of our visitors is of paramount importance to us, any data that may allow a connection to be made to an individual person, (e.g. IP address, login or device identifiers) is anonymised or pseudonymised at the earliest possible stage. No other use is made of the data, nor is it merged with other data or passed on to third parties.

You can object to the aforementioned data processing at any time. Refusing or withdrawing consent has no adverse consequences for you as a site user.

Opt-out

Further information on data protection at etracker can be found here.

20. Data processing and storage in the trade customer area
We store and process your personal data for the purpose of fulfilling our contractual obligations and for the duration of the business relationship. This data includes: name of the company, last and first name of the contact person, address, telephone number, fax number and e-mail address.

21. What rights do you have in relation to your data?
You have the right at any time to obtain information about the origin, recipient and purpose of your stored personal data, free of charge. In particular, you also have the right to request the correction, blocking, deletion or restriction of this data. For this and other questions about data protection you can contact us at any time using the address in the Disclaimer. Furthermore, you have a right to lodge a complaint with the relevant supervisory authority. You specifically have the following rights:

21.1. Right of access
You can request the controller to confirm whether personal data related to you is processed by us. If this is the case, you can request the following information from the controller:

(1)    the purposes for processing your data;
(2)    the categories of personal data that are processed;
(3)    the recipients or categories of recipients to whom your personal data has been or will be 
        disclosed;
(4)    the planned period of time that your personal data will be saved for, or if this information is not
        available, then the criteria used to determine this time period;
(5)    the existence of a right to correct or delete your personal data, the right to restrict processing by
        the controller and the right to opt out of this processing;
(6)    the existence of the right to lodge a complaint with a supervisory authority;
(7)    all available information about the origin of the personal data, if the data was not obtained from
         the person in question;
(8)    the existence of an automated decision-making process, including profiling, in accordance with
        Article 22 paragraphs 1 and 4 GDPR and – at least in these cases – conclusive information about
        the logic involved plus the scope and intended impact of this kind of processing for the person
        affected.

You have the right to request information about whether your personal data is passed on to a third country or an international organisation. In this case you can ask to be informed about appropriate guarantees in accordance with Article 46 GDPR regarding the sharing of this data.

21.2. Right to rectification
You have the right to have inaccurate personal data held about you rectified by the controller. You also have the right to have incomplete personal data completed. The controller must undertake this rectification without undue delay.

21.3. Right to restriction of processing
GDPR also provides for a right to request restriction of personal data. If the processing of personal data concerning you has been restricted, this data may only be processed, with the exception of storage, with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If you have obtained restriction of processing in line with the conditions above, you will be informed by the controller before the restriction is lifted. You have the right to obtain from us restriction of processing where one of the following applies:

(1)    where you contest the accuracy of your personal data, for a period that enables us as the
         controller to verify the accuracy of the personal data;
(2)    where the processing is unlawful and you oppose the erasure of your personal data and request
         from us the restriction of its use instead;
(3)    where we as the controller no longer need your personal data for the purposes of the
         processing, but you require it for the establishment, exercise or defense of legal claims, or
(4)    where you have lodged an objection to the processing in accordance with Article 21 paragraph 1
         GDPR but it has not yet been determined whether the legitimate grounds of the controller
         outweigh yours.

21.4. Right to erasure
Obligation to erase
You can require us as the controller to erase personal data relating to you without undue delay and we are obliged to erase this data without undue delay where one of the following grounds applies:

(1)    your personal data is no longer required for the purposes for which they were collected or
        otherwise processed;
(2)    you withdraw your consent on which the processing is based in accordance with Article 6
         paragraph 1 point (a) or Article 9 paragraph 2 point (a) GDPR and there is no other legal basis for
         the processing;
(3)    you lodge an objection in accordance with Article 21 paragraph 1 GDPR against the processing
         and there are no overriding legitimate grounds for the processing, or you lodge a complaint in
         accordance with Article 21 paragraph 2 GDPR against the processing;
(4)    your personal data has been unlawfully processed;
(5)    the erasure of your personal data is required to fulfil a legal obligation in Union or Member State
         law to which the controller is subject;
(6)    your personal data has been collected in relation to services offered by the information society
         in accordance with Article 8 paragraph 1 GDPR.

Information to third parties
If the controller has made public your personal data and if in accordance with Article 17 paragraph 1 GDPR is obliged to erase it, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, this personal data.

Exceptions
There is no right to erasure where processing is necessary

(1)    for exercising the right of freedom of expression and information;
(2)    for compliance with a legal obligation which requires processing by Union or Member State law to
         which the controller is subject or for the performance of a task carried out in the public interest or
         in the exercise of official authority vested in the controller;
(3)    for reasons of public interest in the area of public health in accordance with Article 9 paragraph 2
         point (h) and (i) and Article 9 paragraph 3 GDPR;
(4)    for archiving purposes in the public interest, scientific or historical research purposes or statistical
         purposes in accordance with Article 89 paragraph 1 GDPR, in so far as the right referred to in
         section (a) is likely to render impossible or seriously impair the achievement of the objectives of
         that processing, or
(5)    for the establishment, exercise or defense of legal claims.


21.5. Right to be informed
If you have claimed the right to rectification, erasure or restriction of processing by the controller, the controller is obliged to communicate this rectification, erasure of data or restriction of processing to all recipients to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort. The controller has a duty to inform you of the identity of these recipients.

21.6. Right to data portability
You have the right to receive your personal data that you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where:

(1)    the processing is based on consent in accordance with Article 6 paragraph 1 point (a) GDPR or 9
        paragraph 2 point (a) GDPR or on a contract in accordance with Article 6 paragraph 1 point (b)
        GDPR and
(2)    the processing is carried out by automated means.

In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others.

The right of data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

21.7. Right to object
You have the right to lodge an objection, on grounds relating to your particular situation, at any time to processing of your personal data based on Article 6 paragraph 1 point (e) or (f) GDPR, including profiling based on those provisions. The controller shall no longer process your personal data unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

Where your personal data is processed for direct marketing purposes, you have the right to lodge an objection at any time to the processing of your personal data for such marketing purposes; this also includes profiling insofar that it is associated with such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You have the option, in relation to the use of information society services – and notwithstanding Directive 2002/58/EC – to object by automated means using technical specifications.

21.8. Right to withdraw consent to the data protection declaration
You have the right to withdraw your consent to the data protection declaration at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before such withdrawal.

21.9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

(1)    is necessary for the conclusion or fulfilment of a contract between you and the controller;
(2)    is authorized by Union or Member State law to which the controller is subject and which also lays
        down suitable measures to safeguard your rights, freedoms and legitimate interests; or
(3)    is based on your explicit consent.

However these decisions may not be based on special categories of personal data referred to in Article 9 paragraph 1 GDPR, unless Article 9 paragraph 2 point (a) or (g) applies and suitable measures are in place to safeguard your rights, freedoms and legitimate interests.

In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights, freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

21.10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

The supervisory authority responsible for data protection issues is the state data protection officer of the Federal State in which the controller is located, in this case, the Data Protection Officer of Saxony: https://www.saechsdsb.de