PRIVACY POLICY
and information for data subjects pursuant to Art. 13 and 14 of the EU General Data Protection Regulation
A) “WINTERHALTER ONLINE SERVICE”
1. Protection of your data is important to us.
Winterhalter Gastronom GmbH, Winterhalterstraße 2 – 12, 88074 Meckenbeuren (hereinafter referred to as “Winterhalter” or “we”) takes your privacy seriously. Data protection is therefore the highest priority for us. In order to operate our website and provide the services and additional functions provided for our products on the website (“Winterhalter website”) and to provide our apps and the services offered through our apps (“Winterhalter apps” together with the Winterhalter website referred to as the “Winterhalter online service”), we require certain information which may include some personal data. In this Privacy Policy, we wish to inform you specifically about which personal data we collect, process and use in relation to the operation of the Winterhalter online service, and the purposes for which they are used. We guarantee that we use your data in accordance with all the applicable data protection regulations only to offer you the optimal service.
The terms defined in our Terms of Use have the same meaning in this Privacy Policy, unless expressly stated otherwise in the Privacy Policy. We use specialist terms relating to data protection, such as “personal data”, “processing” and “pseudonymization”, always within the meaning specified by the European General Data Protection Regulation 2016/679 (“GDPR”).
2. Who is responsible for your data?
Winterhalter is responsible for lawful processing of your data.
3. Which data do we collect and for what purposes?
3.1 Usage data
When you use the Winterhalter online service, our servers automatically save certain information about
• the end device you are using (iPhone/iPad, smartphone, tablet, desktop PC). This includes information about the device type, the device ID (e.g. IMEI, Android Device ID, Open UUID), the web browser used, the operating system and certain settings,
• the domain name or IP address,
• the sub-pages visited and functions of the Winterhalter online service used,
• the date and time of use.
We require these usage data to make our services available to you (e.g. to adapt our service to the end device you are using), to detect and rectify any technical problems that arise and to recognise and prevent any misuse of our services. We create pseudonymised user profiles on the basis of the usage data saved by us for the purposes of advertising, market research and design of the Winterhalter online service to meet your needs. These user profiles are not associated by us with any other data that we may have saved about the users in question (e.g. registration data). If the above usage data are personal data, the legal basis for their processing is Art. 6 (1) sub-paragraph 1 (f) GDPR. We also make use of usage data in anonymised form, i.e. without any possibility of identifying you as the user, for statistical purposes and to improve our service.
If you make use of the Winterhalter website through one of the Winterhalter apps and the app crashes, certain information about the end device you are using is sent to an external service provider, in the form of log data about the app in question, an error report, language, storage profile, call hierarchy, IP address, device ID (e.g. MEI, Android Device ID, Open UUID) and the status of the Winterhalter apps. The service provider helps us to determine the cause of the crash and to rectify any technical problems. If the above usage data are personal data, the legal basis for their processing is Art. 6 (1) sub-paragraph 1 (f) GDPR.
Apart from this, Winterhalter will only use your usage data in combination with your identity and possibly associate them with other information about you if you have first given us your express consent to do so. The legal basis for processing in this case is Art. 6 (1) sub-paragraph 1 (a) and (f) GDPR.
3.2 Registration data
You have to register to be able to use certain functions offered through the Winterhalter online service (e.g. Winterhalter CONNECTED WASH). Certain information is required for registration, depending on the function required (e.g. name of the company, email address, Winterhalter product used, etc.). We require this information to set up and manage your user account, to identify authorised users and to offer you the function you require. Please see our for further details about registration and use of the functions offered via the Winterhalter online service. The legal basis for processing the data described in this section is Art. 6 (1) sub-paragraph 1 (b) and (f) GDPR.
3.3 Contact details
You have the option to contact us, to ask us questions for example, through the Winterhalter online service by means of the contact form. We request your contact details through the contact form (e.g. first name and surname, address, email address and department). You may also provide information about your company, your telephone and fax number. We use this data exclusively to respond to the questions you send to us.
The legal basis for processing the data described in this section is Art. 6 (1) sub-paragraph 1 (b) and (f) GDPR.
3.4 Data in relation to the use of additional functions and services
If you make use of the functions offered via the Winterhalter online service (e.g. Winterhalter CONNECTED WASH), we may collect additional data that are required to provide and use the function in question. Depending on the function in question, this may include, for example, information about
• the Winterhalter devices you use (e.g. type designations, serial numbers, Mac address, etc.)
• the location of the Winterhalter devices you use
• how you use your Winterhalter devices (e.g. number of wash cycles, running times, loading, temperatures, telemetry data)
• any malfunctions in the Winterhalter devices you use.
With some of the functions offered via the Winterhalter online service, you may have the option to enter or upload data yourself.
If, in the context of the use of the functions offered via the Winterhalter online service, personal data of third parties (e.g. of the user’s employees) are collected or transmitted to Winterhalter, the responsibility for passing this data on to Winterhalter lies with the user under the GDPR. In relation to the use of some functions (e.g. Winterhalter CONNECTED WASH), Winterhalter offers you the opportunity to conclude an agreement for commissioned data processing pursuant to Art. 28 GDPR. You can obtain a copy of the corresponding agreement form on request from [email protected].
Winterhalter has the right to process and use the data collected in the context of the use of the functions provided via the Winterhalter online service in anonymised form for its own commercial purposes (e.g. for statistical evaluations and to improve the functions, quality and products).
3.5 Use of your data by Winterhalter
Winterhalter uses the data collected in accordance with sections 3.1 to 3.4 for the purposes explained therein.
Only if you have given us your express consent to do so will we also use your data to send you information about selected products and offers by email. In this case, the legal basis for processing is Art. 6 (1) sub-paragraph 1 (a) GDPR. You may revoke your consent at any time, with effect from that point forward, by sending an email to .
4. Cookies
Our Winterhalter online service uses cookies. “Cookies” are small text files that are saved on your data carrier and exchange certain settings and data with our system via your browser. A cookie usually contains the name of the domain from which the cookie data were sent, information about the age of the cookie and an alphanumerical identification code. Cookies make it possible for us to present the Winterhalter online service in an appealing way for you and make your use of it easier by, for example, storing certain inputs made by you so that you do not have to re-enter them repeatedly. We use two types of cookies:
Session cookies: Session cookies are erased when you close your browser.
Permanent cookies: Permanent cookies remain on your computer’s hard drive for a certain period. When you visit our website again, the fact that you have previously visited us and the inputs and settings you prefer are recognised.
The information saved in the cookies is not used by us to identify you and is not associated with any other personal data that we have saved about you.
5. Applied technologies
6. Piwik
The Winterhalter online service also uses “Piwik”, an open-source software package for statistical analysis of user access. Piwik also uses cookies that are saved on your data carriers and allow analysis of your use of the Winterhalter online service. The information generated by the cookies about your use of the Winterhalter online service is saved on the server of Winterhalter Gastronom GmbH in Germany. Your IP address is anonymised immediately after processing and before storage. Users can prevent the installation of cookies by selecting the appropriate settings in their browser software; please note, however, that if you do so, you may not be able to use all of the functions of the Winterhalter online service to their full extent. The legal basis for processing personal data using cookies is Art. 6 (1) sub-paragraph 1 (f) GDPR.
8. Crazy Egg
This site uses the tracking tool CrazyEgg.com to record individual visits chosen at random (only with an anonymised IP address). This tracking tool makes it possible to analyse how you use the website by means of cookies (e.g. which content you have clicked on). A user profile is displayed visually for this purpose. No personal data about you is collected, processed or used when the tool is applied. User profiles are only created on the basis of pseudonyms.
You can object to the collection, processing and recording of the data generated by CrazyEgg.com at any time by following the instructions at . You will find further information about data protection at CrazyEgg.com at .
9. Where are my data stored?
Winterhalter stores your data on its own servers, which are located in a secure computer centre in Germany.
For security reasons, we store back-up copies of our databases with external service providers in Germany. These back-up copies are encrypted and the data are not accessible to the employees of the service company. Such service providers are carefully selected by us. They are permitted to use the data only within the context of our instructions and have undertaken to maintain a high level of data protection for us. The legal basis for collaboration with these service providers is Art. 28 GDPR.
10. For how long is my data stored?
We save the usage data described under 3.1 permanently for you. Otherwise, your data is erased when knowledge of it is no longer required for the purposes described, unless statutory provisions specify a longer storage period.
B) INFORMATION ABOUT OTHER DATA PROCESSING PROCEDURES
1. Specific information about the application procedure
The data concerned are all information that you have provided to us for the purpose of processing your application (Art. 6 (1) (b) GDPR and Art. 88 GDPR).
Your application data are processed by us for the purposes of the application procedure by the relevant offices at Winterhalter Gastronom GmbH. In addition, we pass these data on to the relevant offices of Winterhalter Deutschland GmbH as required. We use external service providers for processing and hosting in accordance with Art. 28 GDPR; we do not transfer data to third countries in this connection.
Application data are usually erased within four months of notification of the decision, unless consent to a longer period of data storage is given in the context of inclusion in the applicant pool.
2. Specific information about processing of customer/potential customer data
The data concerned are all information that you have provided to us to execute contracts (Art. 6 (1) (b)); we collect any additional data for processing only on the basis of your express consent (Art. 6 (1) (a) GDPR).
The data are used, among other things, to draw up quotations, for orders, sales and invoicing, and for the purposes of quality assurance.
Other recipients may include external service providers or other contractors who require the data, among other things, for data processing relating to shipping, transport and logistics.
Other external bodies may also be recipients if the data subject has given his/her consent (Art. 6 (1) (a) GDPR) or transmission is permitted on the basis of an overriding interest (Art. 6 (1) (f) GDPR), including for information about creditworthiness in the case of purchase on account, electronic transmission of information and quality assurance purposes. If statutory regulations take precedence, the data may also be passed on to public bodies including the tax office and customs agency (Art. 6 (1) (c) GDPR).
In the context of execution of contracts, commissioned data processors from outside the European Union may also be used.
The duration of data storage is determined by the statutory storage obligations and is usually 10 years.
3. Specific information about processing of employee data
We process data in the context of employment in order to execute contracts (Art. 88 GDPR); any additional data is processed only on the basis of your express consent (Art. 6 (1) (a) GDPR).
Possible recipients of the data include public bodies if there are overriding legal regulations, among them the tax office, social insurance agencies and professional associations.
If the data subject has given his/her consent or transmission is permitted on the basis of an overriding interest, other external bodies may be recipients, including for order acquisition and insurance services. Transmission to a third country does not take place.
The duration of data storage is determined by the statutory storage obligations and is usually 10 years.
4. Specific information about processing of supplier data
The data concerned are all information that you have provided to us for execution of contracts (Art. 6 (1) (b) GDPR); any additional data is processed only on the basis of your express consent (Art. 6 (1) (a) GDPR).
The data are used, among other things, for enquiries, purchasing and quality assurance.
Other recipients may include external service providers or other contractors who require the data for data processing, bookkeeping and processing of payments, among other things.
Other external bodies may also be recipients provided that the data subject has given his/her consent (Art. 6 (1) (a) GDPR) or if transmission is permitted on the basis of an overriding interest, including for information about creditworthiness in the case of purchase on account, for electronic transmission of information and for quality assurance purposes. If legal regulations take precedence, public bodies such as the tax office and customs agency may also be recipients.
In the context of execution of contracts, commissioned data processors from outside the European Union may also be used.
The duration of data storage is determined by the statutory storage obligations and is usually 10 years.
C) WHERE CAN I OBTAIN INFORMATION ABOUT MY DATA AND HOW CAN I CHANGE OR ERASE DATA?
On request, you can obtain information about the data that Winterhalter has stored about you at any time. Please send an email to . If the relevant statutory requirements apply, you also have the right to rectification, erasure or restriction of processing.
You can alter your registration data at any time via the Winterhalter online service. Please note that you will not be able to use areas of the Winterhalter online service that are protected by a log-in if you erase your registration data.
If you wish to delete your log-in details permanently, please notify us by email at . We shall erase or anonymise all of the information held about you within 14 days of receipt of your application for erasure, unless we are obliged to retain the data by law.
You may also obtain the data that you have provided to Winterhalter in a structured, standard and machine-readable format or demand that Winterhalter transmit these data to a third party.
If processing of personal data for the purposes specified above is on the basis of Art. 6 (1) sub-paragraph 1 (f) GDPR, you may object to it at any time if the legal requirements are met. Informing of this is sufficient.
You also have the right to consult the Regional Data Protection Officer about any complaint.
D) CONTACT
If you have any questions about this Privacy Policy, please contact us at or by post or fax. You will find the information required to make contact with us by post or fax in the .