Data Privacy Policy of the Winterberg Group
Introduction
We take the protection of your personal data very seriously during its collection, processing and use in line with legal provisions. Personal data is only collected on this website to the extent that is technically necessary.
This policy provides an overview of how we ensure this protection and what type of data is used for what purpose.
Personal data
Personal data is all data that can be associated with an individual or could be used to identify that individual, e.g. name, address, email address, user behavior. Winterberg places great importance on lawful processing of your data that will protect it in accordance with the provisions set forth in the legal regulations.
Collection of personal data
Our website may be used for informational reasons only, i.e. if you do not register or transmit information to us otherwise, without entering personal data. We will only collect the personal data that your browser transmits to our server and that we require from a technical perspective to display our website and ensure its stability and security (the legal basis for this is point (f) first sentence of Article 6(1) EU General Data Protection Regulation (GDPR)).
This anonymous data is stored separately from any personal data you may provide and can therefore not be used to draw conclusions about any specific person. It is evaluated for statistical purposes and to enable us to optimize our website and our offerings. We collect your IP address, the data and time of the query, the website requested, the browser type, access status/HTTP status code, the website from which you visit our website (referrer URL) and your operating system.
In addition to the aforementioned data, cookies are also stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk by the browser you use, and they transmit specific information to the site that has placed the cookie on your computer (in this case us). Cookies cannot execute programs or transmit viruses to your computer. Their purpose is to enable us to make our internet offerings more user-friendly and effective. You can read more about cookies later in this Privacy Policy.
Purpose of processing and legal basis
We process personal data in accordance with the provisions set forth in the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, “BDSG”) in order to fulfill contractual obligations, based on your consent, within the scope of the balancing of interests and on the basis of legal provisions or in the public interest.
When you contact us by email or using a contact form, we store the data you provide (your email address, possibly your name and your telephone number) in order to respond to your queries. We delete any data provided in this context as soon as its storage is no longer necessary, or limit its processing if there is a statutory obligation to retain it.
It may be necessary to register in order to avail of specific services provided via our website. This also applies if you would like to receive up-to-date information from us in the future, e.g. about events, current studies, services, etc. The provision of this information is also subject to your consent. After you have given your consent, your personal data will be processed in accordance with point (a) Article 6(1) GDPR. You may withdraw your consent at any time by email to info@winterberg.group.
If you register on our website for a service that requires registration, or to receive information in the future, we will store personal data in our Customer Relationship Management (CRM) system once the consent process is complete. Applicant details will be stored in our HR system. You may withdraw your consent at any time, whereupon the data will be deleted for all purposes or for specific purposes depending on the content of your withdrawal of consent.
Your data will not be used for automated decision-making processes including profiling (Article 22 GDPR).
You can access the option to register in order to receive information and the option to withdraw your consent by email to info@winterberg.group.
Recipient categories
Data recipients include
a) Winterberg internal sites concerned in the execution of the respective business processes, e.g.
accounting, human resources, marketing.
b) Public bodies that receive data on the basis of legal provisions (in the case of overriding legal
provisions), e.g. social insurance agencies, financial authorities.
c) External contractors in accordance with Section 11 BDSG and Section 28 GDPR, e.g. payment service
providers, shipping service providers.
d) External bodies for the fulfillment of the aforementioned purposes.
Email newsletter
By giving your consent, you can subscribe to our newsletter, through which we will keep you informed about the latest topics, studies, training opportunities, etc. (www.winterberg.group/e-news).
We use the double opt-in process when you register for our newsletter. This means that after you have registered, we send an email to the email address you provide, in which we ask you to confirm that you would like to receive our newsletter. If you do not confirm your registration within 48 hours, your information will be blocked and deleted automatically after one week. We also store your IP address and the time of registration and confirmation. The purpose of this process is to verify your registration and clarify any possible misuse of your personal data where applicable. The legal basis for this process is point (a) first sentence of Article 6(1) GDPR.
You may withdraw your consent to receive our newsletter at any time and unsubscribe from the newsletter. You can withdraw your consent by clicking the link provided in each newsletter email, on the website www.winterberg.group/e-news by sending an email to info@winterberg.group or by sending a message using the contact details specified in the Legal Notice.
Storage duration and deletion of data
We will process and store your personal data for as long as required for the fulfillment of our contractual and legal obligations and for as long as the purpose of the processing exists. If the data is no longer required for the fulfillment of contractual or legal obligations or if the purpose of the data storage ceases to exist, the data will be deleted on a regular basis unless its – limited – further processing is necessary for the following purposes:
a) fulfillment of data retention obligations under commercial or tax law which may arise from the
German Commercial Code and the German Fiscal Code, for example. The periods for data storage or the
keeping of documentation specified therein are generally between 2 and 10 years.
b) Preservation of evidence within the scope of the statutory limitation periods. Pursuant to Sections 195ff.
of the German Civil Code, these limitation periods may be up to 30 years, where the usual limitation
period is 3 years.
External links
Our website contains links to external third-party websites, the content of which we have no control over. We can therefore assume no liability for these websites. The respective provider or operator of the website is always responsible for the content of the linked sites. The websites were checked for any legal infringements at the time of creation of the link and no unlawful content was detected at that time. However, constant monitoring of the content of linked sites is not reasonable without any specific indication of a legal infringement. As soon as we become aware of any legal infringement, we will remove such links immediately.
Your rights
You have the right at any time to request information about the personal data concerning you that we have stored, free of charge. Furthermore, you also have the right to obtain the rectification or erasure of your data unless this is prevented by legal regulations or statutory data retention periods. You may also obtain the restriction of processing of your data and object to the processing of your data. Furthermore, you have the right to data portability. You may contact us at any time in relation to this or should you have any other questions with regard to data protection using the address provided in the Legal Notice. In addition, you are entitled to lodge a complaint with the competent data protection supervisory authority with regard to our processing of your personal data.
Should you have any questions concerning the collection, processing or use of your personal data or with regard to rectification, erasure, restriction, objection or withdrawing your consent, you may contact us free of charge (info@winterberg.group).
Controller
Winterberg Group AG
Baarerstrasse 43,
6300 Zug
Switzerland
E-Mail: info@winterberg.group
Internet: https://winterberg.group
You can contact our data protection officer at info@winterberg.group or using our postal address, adding “Data Protection Officer”.
Please note that the transmission of data via the internet is subject to security loopholes and that the complete protection of such data against access by third parties is therefore impossible.
Analytical tools and third-party provider tools
Cookies
We use cookies on our website to recognize repeat use of our offerings by the same user. Cookies are small text files placed on your computer by your browser and stored there. We use them to optimize our website and our offerings. Most cookies are “session cookies”, which are deleted when your visit ends.
However, some cookies also provide information that enables us to recognize you automatically when you visit our website again. This recognition is based on the IP address stored in the cookies. We use the information we obtain in this manner to optimize our offerings and allow you to access our website more easily.
You can prevent the installation of cookies by selecting the appropriate settings in your browser; however, please be aware that if you do so, you may not be able to enjoy all of the functions of our website to their full extent.
- a) This website uses the following types of cookies, the extent and functioning of which is explained below:
– Transient cookies (see b)
– Persistent cookies (see c). - b) Transient cookies are automatically deleted when you close your browser window. These include session cookies in particular. These store what is known as a session ID, which can be used to associate various requests from your browser with the shared session. This means that your computer can be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
- c) Persistent cookies are automatically deleted after a defined period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your own browser.
- d) You can configure your browser settings as you prefer and, for example, prevent the acceptance of third-party cookies or all cookies. Please note that you may not be able to use all functions of this website if you do so.
- e) The Flash cookies we use are not collected by your browser, but instead by your Flash plugin.
Furthermore, we also use HTML5 storage objects, which are stored on your end device. These objects store the necessary data regardless of the browser you use and have no automatic expiry date. If you do not wish Flash cookies to be processed, you must install a corresponding add-on, e.g. “Better Privacy” for Mozilla Firefox or the Adobe Flash Killer cookie for Google Chrome. You may prevent the use of HTML5 storage objects by using private mode in your browser. We also recommend that you delete your cookies and clear your browser history on a regular basis.
Google Analytics with anonymization function
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies, which are text files stored on your computer that help us to analyze how you use the website. The information generated by the cookie about your use of the website is generally transmitted to a Google server in the United States and stored there. If IP anonymization is activated on this website, however, Google will truncate your IP address before transmitting it if you are located within the Member States of the European Union or in another Party to the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and truncated there in exceptional cases. Google will use this information on behalf of the operator of this website to evaluate your use of the website, compile reports on website activity and provide other services to the website operator in relation to use of the website and internet usage.
The IP address transmitted by your browser in connection with Google Analytics will not be associated with any other data held by Google.
(You can prevent the storage of cookies by selecting the appropriate settings in your browser software; however, please be aware that if you do so, you may not be able to enjoy all of the functions of this website to their full extent.) You may also prevent the collection of the data created by the cookie in connection with your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=us.
This website uses Google Analytics with the “anonymizeIp()”extension. This means that IP addresses are truncated before further processing in order to rule out the possibility of direct association with individuals. Insofar as a connection to a person can be established from the data collected about you, this will be eliminated immediately and the personal data deleted without delay.
We use Google Analytics to analyze the use of our website and to improve our website on a regular basis. The statistics gleaned as a result enable us to improve our offerings and make them more interesting for you, the user. With regard to the exceptional cases in which personal data is transferred to the USA, Google has undertaken to comply with the EN-U.S. Privacy Shield Framework, https://www.privacyshield.gov/EU-US-Framework.
The legal basis for the use of Google Analytics is point (f) first sentence of Article 6(1) GDPR.
Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Service: http://www.google.com/analytics/terms/us.html, Privacy overview: https://support.google.com/analytics/answer/6004245?hl=en, and Privacy Policy: https://policies.google.com/privacy.
Hotjar
We use Hotjar (3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe) software to offer an improved user experience on our websites. Hotjar enables us to measure and evaluate user behavior (mouse movements, clicks, scrolling height, etc.) on our website. In order to do this, Hotjar places cookies on user end devices and may store user data such as browser information, operating system, amount of time spent on the website, etc. in anonymized format. You can prevent this data processing by Hotjar by disabling cookies in the settings of your browser and deleting existing active cookies. You can read more about data processing using Hotjar here.
Use of social media plug-ins
We currently use the following social media plug-ins: Facebook, Twitter, XING, and LinkedIn. With these, we use the “two-click” solution. This means that when you visit our site, no personal data is passed on to the provider of the plug-ins in the first instance. You can identify the plug-in provider by the branding on the box above its initial letters, or the logo. We enable you to use the button to communicate directly with the provider of the plug-in. The plug-in provider only receives the information that you have access the corresponding website within our online offering if you click the marked field and activate it. In addition, the data stated in the next but one paragraph of this statement – “The plug-in provider” – are transferred. With Facebook and XING, the respective providers state that the IP address is immediately anonymized in Germany after it is gathered. By activating the plug-in, personal data concerning you is transferred to the respective plug-in provider and stored there (with US American providers in the USA). As the plug-in provider in particular captures data through the use of cookies, we recommend that you delete all cookies using your browser’s security settings before clicking on the grayed-out box.
We do not have any influence on the captured data or the data processing procedures, and we are not aware of the full scope of data capture, the purposes of processing, and the storage periods. We also do not have any information regarding the erasure of the collected data by the plug-in provider.
The plug-in provider stores the data captured that concerns you in the form of usage profiles, and uses these for the purposes of advertising, market research, and/or needs-appropriate design of its website. An evaluation of this type is performed in particular (including for users who are not logged in) to display needs-appropriate advertising and in order to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles; to do so you must contact the respective plug-in provider. Through plug-ins, we also offer you the opportunity to interact with social networks and other users to enable us to improve our offering and make it more interesting for you as a user. The legal basis for using the plug-ins is point (f) of the first sentence of Article 6(1) GDPR.
The data is transferred regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, the data concerning you that is captured from our website is allocated directly to the account you have with the plug-in provider. If you press the activated button and for example link the page, the plug-in provider also stores this information in your user account and publicly shares it with your contacts. We recommend regularly logging out after using the social network, however in particular before activating this button as this will enable you to avoid an allocation to your profile with the plug-in provider.
Additional information on the purpose and scope of data capture and their processing by the plug-in provider is available in these providers’ data privacy statements as communicated in the following. This also includes additional information on your rights in this respect and settings options for the protection of your privacy.
Addresses for the respective plug-in providers and URL with their data protection information:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; additional information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applicationsand http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has committed to the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has committed to the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
XING AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; www.linkedin.com/legal/privacy-policy. LinkedIn has committed to the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Social media buttons with “Shariff”
We use the “Shariff” c’t project on our website. Shariff replaces the usual social network share buttons, thereby protecting browsing behavior.
Shariff only displays these social network share buttons on our website as a graphic that contains a link to the corresponding social network. By clicking the corresponding graphic, you are directed to the services of the respective network. The Shariff button creates direct contact between social networks and our visitors only if the visitor actively clicks the share button. Only then are the data transferred to the respective social network. However, if the Shariff button is not clicked, no exchange of any type takes place between you and the social networks. Additional information about the Shariff c’t project is available here (German only): http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.
We integrate the following social networks onto our website using Shariff:
Facebook, Twitter, XING and LinkedIn
Integration of YouTube videos
We have integrated YouTube videos into our online offering, which are stored at http://www.YouTube.com and can be played directly from our website. All of these are integrated in “Expanded data protection mode”, i.e. no data concerning you as a user are transferred to YouTube if you do not play the videos. Only when you play the videos are the data stated in Paragraph 2 transferred. We do not have any influence on this data transfer.
When you visit the website, YouTube receives the information that you have accessed the corresponding sub-page on our website. In addition, the data stated in the next paragraph of this declaration – “Additional information” – are transferred This occurs regardless of whether YouTube provides a user account through which you are logged in, and regardless of whether a user account exists. If you are logged into Google, your data are allocated directly to your account. If you would not like these data to be allocated to your profile with YouTube, you must log out before activating the button. YouTube stores your data in form of usage profiles and uses these for the purposes of advertising, market research, and/or needs-appropriate design of its website. An evaluation of this type is performed in particular (even for users who are not logged in) to provide needs-appropriate advertising and in order to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles; to do so you must contact YouTube.
Additional information on the purpose and scope of data capture and their processing by YouTube is available in the data privacy statement. This also includes additional information on your rights and settings options for the protection of your privacy: https://policies.google.com/privacy. Google also processes your personal data in the USA, and has committed to the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Integration of Google Maps
We use the Google Maps service on this website. This enables us to show you interactive maps directly in the website and enable you to use the map function easily.
When you visit the website, Google receives the information that you have accessed the corresponding sub-page on our website. In addition, the data stated in the next paragraph of this declaration under “Additional information”, are transferred. This occurs regardless of whether Google provides a user account through which you are logged in, and regardless of whether a user account exists. If you are logged into Google, your data are allocated directly to your account. If you would not like these data to be allocated to your profile with Google, you must log out before activating the button. Google stores your data in the form of usage profiles and uses these for the purposes of advertising, market research, and/or needs-appropriate design of its website. An evaluation of this type is performed in particular (even for users who are not logged in) to provide needs-appropriate advertising and in order to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles; to do so you must contact Google.
Additional information on the purpose and scope of data capture and their processing by the plug-in provider is available in the provider’s data privacy statements. This also includes additional information on your rights in this respect and settings options for the protection of your privacy: https://policies.google.com/privacy Google also processes your personal data in the USA, and has committed to the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Use of Google AdWords Conversion
We use the Google AdWords service in order to use advertising media (referred to as Google AdWords) on external websites to draw attention to our attractive products and services. By relating the data in the advertising campaigns, we can determine how successful the individual adverts are. In doing this we are pursuing the interest in showing you advertising that is of interest to you, in order to make our website more interesting for you, and achieve a fair calculation of advertising costs.
These means of advertising are delivered by Google via “Ad Servers”. To this end, we use Ad Server cookies through which certain parameters for analyzing success – such as advert integration or clicks by users – can be measured. If you reach our website via a Google ad, Google AdWords stores a cookie on your PC. These cookies generally cease to be valid after 30 days, and their purpose is not to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (a designation to indicate that the user would no longer like to be addressed) are generally stored as analytical values.
These cookies enable Google to recognize your web browser the next time you visit. If a user visits certain pages on an AdWords customer’s website and the cookie stored on the user’s computer is not yet expired, Google and the customer can identify that the user has clicked the advert and been directed to this page. Every AdWords customer is allocated a different cookie. Cookies can therefore not be tracked via the websites operated by AdWords customers. We ourselves do not capture or process any personal data in the mentioned adverts. We are only provided with statistical evaluations by Google. Using these evaluations, we can identify which of the adverts used are particularly effective. We do not receive further data arising from the use of these means of advertising, in particular we are not able to identify users based on this information.
Due to the marketing tools used, your browser automatically creates a direct connection to the Google server. We do not have any influence on the scope and further use of the data that are captured by Google through the use of this tool, and therefore inform you in accordance with our level of knowledge: By integrating AdWords Conversion, Google receives the information that you have accessed the corresponding part of our web presence or have clicked an advert placed by us. If you are registered with a Google service, Google can allocate the visit to your account. Even if you have not registered with Google or have not logged in, there is a possibility that the provider will ascertain and store your IP address.
You may prevent participation in this tracking procedure in various ways: a) by applying a corresponding setting in your browser software – in particular, the suppression of third-party cookies causes you to stop seeing adverts from third-party suppliers; b) by deactivating cookies for Conversion tracking by changing the settings in your browser in such a way that cookies from the www.googleadservices.com domain blocked, https://support.google.com/ads/answer/2662856?hl=en-GB, whereby the settings can be deleted if you delete your cookies; c) by deactivating interest-related adverts from providers that are part of the About Ads self-regulation campaign, via this link: http://www.aboutads.info/choices, whereby the setting is deleted when you delete your cookies; d) through permanent deactivation in your Firefox, Internet Explorer, or Google Chrome web browser using the following link: http://www.google.com/settings/ads/plugin. Please note that in this case you may not to be able to use all functions of this website to the full extent.
The legal basis for the processing of your data is point (f) of the first sentence of Article 6(1) GDPR. Additional information on data protection at Google is available here https://policies.google.com/privacy and https://services.google.com/sitestats/en.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. Google has committed to the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Remarketing
In addition to AdWords Conversion, we use the Google Remarketing application. This is a procedure with which we would like to approach you again. This application enables our adverts to be displayed to you while you continue to use the internet after visiting our website. This takes place using cookies stored in your browser through which your usage behavior when visiting various websites is recorded and evaluated by Google. This enables Google to trace your previous visit to our website. According to Google’s own statements, Google does not associate the data collected in the context of remarketing with your personal data that may be stored by Google. In particular, Google states that it uses pseudonymization in remarketing.
Facebook Custom Audiences
In addition, this website uses the “Custom Audiences” remarketing function offered by Facebook Inc. (“Facebook”). This enables users of the website to be shown interest-related adverts (“Facebook ads”) in the framework of their visit to the Facebook social network or other websites that also use this procedure. In doing this we are pursuing the interest in showing you advertising that is of interest to you, in order to make our website more interesting for you.
Due to the marketing tools used, your browser automatically creates a direct connection to the Facebook server. We do not have any influence on the scope and further use of the data that are captured by Facebook through the use of this tool, and therefore inform you in accordance with our level of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding webpage within our web presence or have clicked an advert placed by us. If you are registered with a Facebook service, Facebook can allocate the visit to your account. Even if you have not registered with Facebook or have not logged in, there is a possibility that the provider will ascertain and store your IP address and additional identifying features.
You can deactivate the “Facebook Custom Audiences” function for logged-in users at https://www.facebook.com/settings/?tab=ads#.
The legal basis for the processing of your data is point (f) of the first sentence of Article 6(1) GDPR. Additional information on data processing by Facebook is available at https://www.facebook.com/about/privacy.
Additional information
Your trust is important to us. For this reason we are available at any time to provide you with information about the processing of your personal data. If you have any questions that this data protection statement does not answer, or if you would like more in-depth information regarding any aspect, please contact us at the following email address at any time: info@winterberg.group.
Security information
We strive to use all technical and organizational measures necessary to store your personal data in such a way that it is not accessible to third parties. However, we cannot fully guarantee complete data security during email communications, and so recommend sending confidential information by post.
Zurich, May 2018