DATA PRIVACY STATEMENT

„WINTERHALTER ONLINE SERVICES“

1. Protecting your data is important to us

Winterhalter Ltd, Winterhalter House, Roebuck Way, Knowlhill, Milton Keynes MK5 8WH (“Winterhalter” or “we”) takes your privacy seriously. Data protection therefore is top priority for us. To operate our website and provide the services and additional functions on our website (“Winterhalter Website”), as well as to provide our apps and the services offered via the apps (“Winterhalter Apps”, together with the Winterhalter Website the “Winterhalter Online Services”), we need certain information, some of which may contain personal data. In this data privacy statement, we wish to inform you of the specific personal data we collect, process and use in connection with operating the Winterhalter Online Services. We promise you that we will only use your data to offer you an optimal service, in compliance with all data protection provisions in effect.

Terms defined in our terms and conditions of use have the same meaning in this data privacy statement unless otherwise expressly provided for in this data privacy statement. As a general principle, where we use technical terms for data protection such as “personal data”, “processing”, and “pseudonymisation” in the meaning specified in the European General Data Protection Regulation 2016/679 (“GDPR”).

2. Who is responsible for your data?

Winterhalter bears responsibility for lawfully processing your data.

3. What data do we collect and for what purposes?

3.1 Usage data

When the Winterhalter Online Services are used, our servers automatically save certain details regarding

  • the terminal device you use ((Phone/iPad, Smartphone, Tablet Computer, Desktop PC). This includes information on the type of device, device identification (e.g. IMEI, Android Device ID, Open-UUID), the internet browser used, the operating system used and certain settings,
    • domain names or IP address,
  • subpages visited and functions of the Winterhalter Online Services that have been used,
  • date and time of use.

We need this usage data to facilitate your access to our services (e.g. to adjust our services to the terminal device you are using), to trace and resolve any technical problems that may arise, and to recognize and stop any misuse of our services. For the purposes of advertising, market research or needs-based structuring of the  Winterhalter Online Services, we create pseudonymised user profiles based on the usage data we store. These user profiles are not combined with other data we may have saved with regard to the respective use (e.g. registration data). Where the aforementioned usage data are personal data, the legal basis for their processing is Article 6(1)(f) GDPR. We also use usage data in anonymized form, i.e. without the possibility of identifying you as a user, for statistical purposes and to improve our service.

If you use Winterhalter Website functions through the Winterhalter Apps, certain information regarding the device you are using will be sent to an external service provider in the event that the Winterhalter App crashes. This information takes the form of log data from the app affected, error reports, language, storage profile, activations, hierarchy, IP address, device identification (e.g. IMEI, Android Device ID, Open-UUID) and the status of the Winterhalter Apps. The external service provider assists us in pinpointing the source of the crash and resolving technical problems. Where the aforementioned usage data are personal data, the legal basis for their processing is Article 6(1)(f) GDPR.

In addition, Winterhalter will only personalize your usage data and combine it with other information as necessary if you have granted us your express consent. The legal basis for processing in this case is Article 6(1)(a) or (f) GDPR.

3.2 Registration data

To be able to use certain functions offered through the Winterhalter Online Services (e.g. Winterhalter Connected Wash), you must register. Depending on the function desired, certain information is needed for registration (e.g. name of undertaking, e-mail address, Winterhalter product used etc.) We need this information to set up and administer your user account, to identify authorized users, and to be able to offer you the function desired. Please refer to our terms and conditions of use for further details on registration and using the functions offered on Winterhalter Online Services. The legal basis for processing the data referred to in this section is Article 6(1)(b) or (f) GDPR.

3.3 Contact information

Using the contact forms on the Winterhalter Online Services, you have the opportunity to contact us to ask us questions, for example. Via the contact form, we ask you for your contact information (e.g. first and surname, address, e-mail address and department). In addition, you can provide information on your undertaking, telephone and fax. We use this data solely in connection with answering the queries we receive. The legal basis for processing the data referred to in this section is Article 6(1)(b) or (f) GDPR.

3.4 Data in connection with using additional functions and services

Should you wish to make use of the functions offered through the Winterhalter Online Services (e.g. Winterhalter Connected Wash), we may collect further data required for providing and using the respective function. Depending on the function used, this information may, for example, be

  • the Winterhalter device you use (e.g. designation of type, serial number, Mac address etc.),
  • the location of the Winterhalter device you use,
  • usage of your Winterhalter device (e.g. number of washes, times, loading, temperatures, telemetry data) and possible malfunctions of the Winterhalter devices you use.

For some of the functions offered in the Winterhalter Online Services, you may have the opportunity to feed in or upload data yourself.

If the personal data of third parties (such as the user’s employees) are collected by Winterhalter or transmitted to Winterhalter when using the functions offered by the Winterhalter Online Services, responsibility for this data transfer to Winterhalter lies with the user according to the GDPR.

Winterhalter is entitled to process and use the data collected when using the functions offered by the Winterhalter Online Services in anonymized form for its own business purposes (e.g. for statistical evaluations and to improve function, quality and products).

B) Information about other data processing procedures

Specific information about the processing of product registration data

Affected data are all information that you have provided us for product registration (Art. 6 (1) (b)); If applicable, we collect any additional data for processing on the basis of your express consent (Article 6 (1) a DS-GVO). The data will be used, i.e. for the granting of the warranty conditions of the respective country indicated in the registration process as well as for the assurance of the spare part supply. Further receivers are the responsible Winterhalter subsidiary (national company), who use the data, among other things, for product processing, warranty processing, shipping, transport and logistics. If the product is registered by the retailer, he will also receive a copy of the data collected and the current warranty conditions of the respective country. Other external agencies may also be recipients if a transmission of predominant interest is permissible (Art. 6 (1) (f) DS-GVO), inter alia for the electronic dispatch of information for quality assurance purposes. In case of priority legislation also public bodies, i.a. Tax Office and Customs (Article 6 (1) (c) of the GDPR). In the framework of contract implementation, processors outside the European Union may also be employed. The duration of data storage is governed by the statutory retention requirements and is usually 10 years.

 

Winterhalter is entitled

3.5 Winterhalter’s use of your data

Winterhalter uses the data collected under sections 3.1 to 3.4 for the purposes respectively stated there. We will only use your data to send you information regarding selected products and offers by email if you have given your express consent to this. The legal basis for processing in this case is Article 6(1)(a) GDPR.

You can withdraw your consent with effect for the future at any time, e.g. by e-mailing [email protected]

4.0 When do we pass your data on to third parties?

We receive assistance from outside service providers for certain technical data analysis, processing or storage processes (e.g. to obtain aggregated, non-personal statistics from our databases for the storage of backup copies or resolve technical problems). These service providers are carefully selected and meet high data protection and data security standards. They are obligated to maintain strict confidentiality and process data only when commissioned to do so by us and according to our instructions. The legal basis for cooperation with these service providers is  Article 28 GDPR.

Except in the cases set forth in the data privacy statement, we only pass your data onto third parties without your express consent if we are obliged to do so by statutory law or an instruction by a public authority or court.

5.0 Cookies and Google Analytics

Our Winterhalter Online Services use Cookies. “Cookies” are small text files stored on your data carrier and which exchange certain settings and data with our system via your browser. As a rule, a Cookie contains the name of the domain from which the Cookie data was sent as well as information on the age of the Cookie and an alphanumerical identification code. Cookies enable us to design the Winterhalter Online Services attractively and facilitate your use by storing certain information you enter, for example, such that you do not need to enter it more than once. We use two forms of Cookies:

Session cookies: Session cookies are deleted once you close your browser.

Long-term cookies: Long-term cookies remain on your computer’s hard drive for a certain time. When you visit our website again, the website then automatically recognizes that you have visited us before and what information and settings you prefer.

The information stored in the Cookies is not used to identify you and is not combined with other personal data of yours that we have stored.

The Winterhalter Online Services uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics likewise uses Cookies. The information generated by the Google Analytics Cookie about your use of the Winterhalter Online Services is as a rule transmitted to a Google server in the USA where it is stored.

The Winterhalter Online Services use Google Analytics with the additional component “anonymize IP”. This means that your IP address, collected by Google Analytics, will be shortened by Google within Member States of the European Union or in other signatory states of  the Treaty on  the  European Economic Area  before  it  is transmitted to   the

 

USA. Only in exceptional cases will your full IP address be transmitted to a Google server in the USA and shortened only once it has arrived there.

Google uses the information generated by Google Analytics Cookies on our behalf to evaluate your use of the website, to compile reports on website activity, and to render us further services connected with website and internet use. The IP address transmitted by your browser as part of Google Analytics will not be combined with other Google data. Depending on the browser version you use, you can prevent Google from collecting the data generated by the cookie and pertaining to your use of the Winterhalter Online Services (including your IP address) or from processing this data by downloading and installing the browser plugin available through the following link: (http://tools.google.com/dlpage/gaoptout?hl=de).

 

More detailed information on the terms and conditions of use and data protection can be found at http://www.google.com/analytics/terms/de.html or at http://www.google.com/intl/de/analytics/privacyoverview.html. We draw your attention to the fact that the code “gat._anonymizeIp();” has been added to Google Analytics on this website in order for IP addresses to be anonymized (termed IP masking).

Should you not wish Cookies (including Google Analytics Cookies) to be used, you can set your browser such that it does not accept storage of Cookies. Please note that in this case your use of the Winterhalter Online Services may be restricted or even impossible. If you only wish to accept our Cookies but not the Cookies of our service providers and partners, you can select the settings in your browser under “block cookies by external providers”.

The legal basis for processing personal data by using cookies is Article 6(1)(f) GDPR.

6.0 Piwik (Matomo)

The Winterhalter Online Services also use Piwik, an open source software for statistical evaluation of user hits. Piwik likewise uses Cookies that are stored on your data carriers and which facilitate analysis of users’ usage of the Winterhalter Online Services. The information on use of the Winterhalter Online Services generated by the Cookie is stored on Winterhalter Gastronom GmbH’s server in Germany. The IP address is anonymized immediately after processing and before being stored. Users can prevent cookies from being installed on their computer by selecting the appropriate setting in their browser software; however, in such a case it may not be possible to use all the features of this Winterhalter Online Services to the full extent. The legal basis for processing personal data by using cookies is Article 6(1)(f) GDPR.

 

For the purposes of marketing and optimizing our range of services, we use products and services from 711media websolutions GmbH (https://www.711media.de/impressum.html) on our website. We collect data that we transmit to 711media websolutions GmbH ("711media") and that 711media processes on our behalf. We use so-called session cookies. Cookies are small text files that are stored in the visitor's internet browser and are used to analyze surfing behavior on our website. Session cookie means that the cookie is deleted when the browser session is ended. Personal data are processed exclusively in the form of IP addresses, which are checked for belonging to a certain address space and then deleted immediately. The IP addresses are not assigned to natural persons. Processing is to protect our legitimate interests in accordance with Art. 6 Para. 1 lit. f GDPR, which consist in being able to target our range of services to our customers and potential customers.

7.0 Where can I get information on my data and how can I change or delete the data? What further rights do I have?

Upon request, you can receive information on your data stored by Winterhalter at any time.  Please email us at [email protected]. Where the relevant statutory requirements are met, you also have a claim for rectification or erasure of your personal data or restriction of processing.

You can change your registration data at any time using the Winterhalter Online Services. Please note that if you delete your registration data you will no longer be able to use the parts of the Winterhalter Online Services that are secured by login details.

If you wish to delete your access permanently, please notify us by email at [email protected]. We will delete or anonymize all stored information relating to you within 14 days of receiving your application for deletion unless we are obliged under statutory law to retain the data.

You can also obtain the data you provided to Winterhalter in a structured, common and machine-readable format or require Winterhalter to transmit said data to a third party.

Where personal data are processed for the above purposes on the basis of Article 6(1)(f) GDPR you may object to their processing at any time if the statutory requirements are met. To do so please contact [email protected].

 

In addition, you have the right to lodge a complaint with the competent data protection authority.

8.0 Where is my data stored?

Winterhalter stores your data on its own servers located at a secure data centre in Germany.

For security reasons, we store back-up copies of our data with external service providers in Germany. These back-up copies are encrypted and the data cannot be accessed by service provider company staff. These service providers are carefully selected by us. They are only permitted to use the data within the framework of our instructions and have entered into obligations with us to comply with a high data protection level. The legal basis for cooperation with these service providers is Article 28 GDPR.

9.0 How long is my data stored?

Usage data described under section 3.1 is stored permanently. Apart from that, your data will be deleted if they are no longer necessary in relation to the purposes described above and as long as mandatory legal provisions do not require longer storage.

10. Contact person

If you have questions in relation to this data privacy statement, please contact us at [email protected] or contact our external data protection officer:

Ralf Zlamal - Regional partner Baden-Württemberg (Schubertstraße 2, 73660Urbach) IITR Datenschutz GmbH – https://www.iitr.de

Tel. +49 (0)89 18917360

Fax +49 (0)7181 884717

Marienplatz 2

80331 München