Privacy Policy
Generally, the use of our website is possible without the user disclosing their personal data. Processing operations of personal data can become necessary in cases where the data subject wants to make use of certain offers available on our website. When the processing of personal data is considered necessary, and without there being a legal obligation for this, we shall in general seek the agreement of the data subject.
In as far as processing operations of personal data are carried out, these will be done on the basis of the General Data Protection Regulation (GDPR) and in compliance with the relevant local data protection provisions, for example the German Federal Data Protection Act (BDSG).
This privacy statement informs you about the nature, scope and purpose of personal data collected, used and processed by us. Furthermore, data subjects are informed of the rights granted to them. Our privacy statement is based upon the terms of the General Data Protection Regulation (GDPR).
We, the controller, have taken all necessary technical and organisational measures to ensure a complete, uninterrupted protection of the processed personal data collected through this website. It is however our obligation to make reference to the fact that, principally, data transmission via the internet may involve gaps in security and absolute protection cannot be guaranteed.
Name and address of the controller:
Responsible within the meaning of the General Data Protection Regulation (GDPR), other privacy laws applicable in member states of the European community and other provisions under data protection law is
Weinunikate
Frank Feldkamp and Charlynne Boucher GbR
Osterwaldstreet 141
80805 Munich
Germany
Telephone:089-32 20 95 6
Email: info(at)weinunikate.com
Collection of general data and information
With every call of the website by the data subject, various general data and information are transmitted and information is stored in the log-files of the server. Included in these could be following:
- the internet browser used and the version of the browser,
- the operating system of the terminal device from which the access was made,
- the internet address of the website from which the data subject came to our website („Referrer”),
- the underlying pages of our website which have been called up,
- the date and time of access,
- the IP address,
- the internet service provider used, and
- data and information of a similar nature to avert dangers of attacks on our information systems.
We do not draw any conclusions of the data subject from the use of these data.
The data collected are needed to:
- ensure the content of our website is correctly served,
- optimise the content of our website and its advertising,
- ensure the continued operability of our information systems and the technology of our website, and
- provide law enforcement authorities with the necessary information to prosecute offences in the event of a cyber-attack.
Data shall be collected anonymously. An evaluation of the data is carried out for statistical purposes and to strengthen security and privacy in our company. The anonymous data of the server log files are saved separately from all personal data collected from the data subject.
Cookies
Our website uses cookies.
Cookies are small text files that are saved in small databases or in a special file directory on a computer and are used for the exchange of information between computer programs or for the archiving of information for a limited period of time.
Cookies are used to increase the functionality of the services offered on the internet and to enhance the convenience of the website for users. Cookies can be enabled or blocked via the browser security settings (e.g. Internet Explorer, Mozilla Firefox, Opera or Safari). Blocking cookies may limit the scope of functions of this internet offer such as not accessing certain features or not displaying content correctly.
Registration
Data subjects can register themselves on our website by stating personal data. The particular set of personal data which is transmitted to the controller results from the respective input masks and includes the following: Email Address, Password, Title, First name, Surname, Street, Postal Zip Code, City, Federal State, Country, Company, VAT ID Number.
Personal data entered by the data subject are used and saved by the controller solely for internal purposes. Personal data can be passed on by the controller, who remains accountable, to one or more processors for exclusive, internal use.
Registering is aimed at enabling the controller to deliver contents and services to the data subject, which would not have been available to them without the transmitting of their personal data. Please note that the data subject is able to amend or completely delete personal data submitted through the registration process from the database of the controller at any time.
On request, the controller shall provide the data subject information on what personal data is held about them at any time. Furthermore, the controller shall rectify or delete personal data upon request or notification by the data subject if this is not in conflict with the legal obligation to retain data.
The controller or their staff shall be available to the data subject to contact at any time.
Opportunity to contact us via our website
Our website includes data required on the bases of statuary regulations (such as the obligation to publish contact data as part of an imprint) which enables you to electronically contact our company rapidly and to communicate with us in a direct manner. In addition to general address information, this also includes stating an email address. If a data subject chooses to contact the controller by means of this email address, or if the data subject contacts the controller by means of the contact form accessible on our website, this voluntarily transmitted personal data automatically get saved for the purposes of processing the data or for communicating with the data subject. A disclosure of this data to a third party does not occur.
Privacy policy for using Klarna as means of payment
The controller of this website integrated some Klarna components. Klarna is an online provider of payment services which enables invoicing and payment by instalments. Besides this, Klarna offers additional services such as buyer protection, verification of identity and the evaluation of creditworthiness. The operating company of Klarna is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden.
If a data subject selects invoicing or payment by instalments as a method of payment during the ordering process on our online shop, data of the data subject automatically get transmitted to Klarna. By selecting one of these methods of payment, the data subject agrees to the transmission of personal data needed to process invoicing or payment by instalment transactions, or for the verification of identity or evaluation of creditworthiness.
As a rule, personal data transmitted include: first name, surname, address, date of birth, gender, email address, IP address, telephone number, mobile phone, as well as other data needed to process invoicing or payment by instalment. Additionally, personal data relevant to the respective order are needed for processing the contract of sale. In particular it may happen that an exchange of payment information such as bank details, card number, date of validity, CVC Code, number of articles, item number, data concerning goods and services, prices and taxation, information regarding former buying behaviour or other data regarding the financial situation of the data subject takes place.
The transmitting of data is aimed at identity verification, management of payments and fraud prevention. The controller will transmit personal data to Klarna in particular when there is a justified interest in their transmitting. Personal data exchanged between the controller and Klarna also get transmitted to credit agencies. The transmitting is aimed at verification of identity and evaluation of creditworthiness.
Klarna also transmits personal data to associated companies (Klarna Group), service providers or subcontractors where necessary to fulfil their contractual obligations, or if data must be processed on behalf of Klarna. Klarna collects and uses data and information about the previous payment behaviour of the data subject as well as probability values regarding their future conduct (scoring) to decide on whether to establish, conduct or terminate a contractual relationship. The calculation of the scoring is performed by using mathematical statistical tools on the basis of methods which are recognised scientifically.
The data subject may withdraw the consent to handling their personal data by notifying Klarna at any time. The revocation shall not affect personal data which must be used, transmitted or processed for the settlement of payment in accordance with the contract.
The applicable data protection rules of Klarna can be accessed at https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf
Use of Mollie
On our website, we offer payment via Mollie and related payment methods. The provider of these payment services is
Mollie B.V.
Keizersgracht 126
1015CW Amsterdam
Netherlands
If you select payment via Mollie, the payment data you entered will be transmitted to Mollie.
The transmission of your data to Mollie is based on Art. 6(1)(a) DSGVO (consent) and Art. 6(1)(b) DSGVO (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations. All data required for payment processing are used exclusively for the execution of payments and are transmitted via the "SSL" procedure. Mollie is certified according to PCI DSS. Mollie transfers, processes and stores personal data outside the EU, if necessary. In doing so, Mollie is subject to the Safe Harbour Agreement. Information on Mollie's data protection is available here: https://www.mollie.com/de/privacy.
Data protection provisions about the application and use of Google Analytics (with anonymization function)
On this website, the controller has integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
For the web analytics through Google Analytics the controller uses the application "_gat. _anonymizeIp". By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.
Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
In addition, the data subject has the possibility of objecting to a collection of data that are generated by Google Analytics, which is related to the use of this website, as well as the processing of this data by Google and the chance to preclude any such. For this purpose, the data subject must download a browser add-on under the link https://tools.google.com/dlpage/gaoptout and install it. This browser add-on tells Google Analytics through a JavaScript, that any data and information about the visits of Internet pages may not be transmitted to Google Analytics. The installation of the browser add-ons is considered an objection by Google. If the information technology system of the data subject is later deleted, formatted, or newly installed, then the data subject must reinstall the browser add-ons to disable Google Analytics. If the browser add-on was uninstalled by the data subject or any other person who is attributable to their sphere of competence, or is disabled, it is possible to execute the reinstallation or reactivation of the browser add-ons.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.
Privacy policy for PayPal as payment method
We have integrated components of PayPal on this website. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and provides buyer protection services.
PayPal's European operating company is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If you choose "PayPal" as your payment method during the order process, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transfer of personal data required for payment processing.
The personal data transmitted to PayPal is usually first name, last name, address, e-mail address, IP address, telephone number, mobile phone number or other data required for payment processing. Personal data in connection with the respective order are also necessary for the processing of the purchase contract.
The purpose of data transmission is to process payments and prevent fraud.
The controller will provide PayPal with personal data, especially if there is a legitimate interest in the transfer. The personal data exchanged between PayPal and us may be transferred by PayPal to credit agencies. The purpose of this transmission is to verify identity and creditworthiness.
PayPal may pass on personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of PayPal.
You have the option to revoke your consent to the handling of personal data by PayPal at any time. A revocation does not affect personal data which must be processed, used or transmitted for (contractual) payment processing.
PayPal's current privacy policy can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Routine erasure and blocking of personal data
The controller saves personal data only for the duration needed to achieve the storage purpose, or if this is governed by the European body issuing directives and regulations or any other body responsible for legislature and law or regulations to which the controller is subject. If the storage purpose ceases to be relevant, or after the compulsory retention period governed by the European body issuing directives and regulations or any other relevant legislature lapses, personal data routinely get erased or blocked in accordance with the legal regulations.
Rights of the data subject
The following rights are available to the data subject in accordance with the General Data Protection Regulation (GDPR), and in particular the provisions of Chapter 3, Article 12-23 of the General Data Protection Regulation (GDPR).
To call on the respective rights, the data subject may refer to us at any time in this regard.
- Right to obtain confirmation
Every data subject has the right to request the confirmation from the controller whether personal data concerning them are being processed.
- Right of access by the data subject
Every data subject has the right to request information from the controller on the data saved in respect of their person and to receive a copy of this information. This must be supplied free of charge by the controller.Furthermore, the data subject can request information about following:
- purposes of the processing operation;
- categories of personal data to be processed;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular third country recipients or for international organisations;
- if possible, the planned duration of storing personal data or, if this is not possible, the criteria to set the duration of storing;
- the right of rectification or erasure of personal data relating to them or limitation of processing by the controller or the right to object to this processing;
- existence of a right to complain to a supervisory authority;
- when the personal data have not been obtained from the data subject: all information available as to their source; and
- the existence of automated decision-making including profiling as per Article 22(1) and (4) and, at least in these instances, meaningful information about the logic involved as well as the scope and the envisaged consequences of such processing for the data subject.
Furthermore, the data subject has the legal right to know if personal data have been transmitted to third country recipients or international organisations. Moreover, should this be the case, the data subject has the right to receive information about the appropriate safeguards concerning the transmission.
- Right to rectification
Every data subject shall have the right to obtain the correction of inaccurate personal data concerning them. Moreover, taking account of the purpose of the processing, the data subject shall have the right to demand the rectification of incomplete personal data, also by supplementary declaration.
- Right to erasure ("right to be forgotten")
Every data subject shall have the right to obtain from the controller to immediately delete personal data concerning them if one of the following grounds applies and if there is no need for processing.
- the personal data were collected or processed for purposes for which they are no longer necessary;
- the data subject withdraws their consent on which the processing is based as per point (a) of Article 6(1) or point (a) of Article 9(2), and there is no other legal basis for processing;
- the data subject objects to processing as per Article 21(1), and there are no overriding legitimate reasons for processing, or the data subject objects to the processing as per Article 21(2);
- the personal data have been unlawfully processed;
- the deletion of personal data complies with a legal obligation in accordance with Union law or under the laws of the Member States to which the controller is subject; and
- the personal data have been collected in respect of the provision of information society services as per Article 8(1).
If a data subject effects deletion of personal data stored by us, and if the reason for this falls into one of the above listed cases, they may feel free to contact us at any time. We shall carry out the request for deletion without delay.
If there is no need for processing, our company, as data controller under Article 17(1), shall take appropriate measures to delete personal data which have been made public by us. These measures are taken under consideration of available technology, reasonable measures based on their implementation costs, including those of a technical nature, and to inform other data controllers processing personal data which have been published that the data subject wishes the deletion of all links to their personal data as well as copies or replications of their personal data. We shall take the necessary steps in individual cases.
- Right to restriction of processing
Every data subject shall have the right to obtain from the controller, the restriction of processing if one of the following criteria is met:
- their accuracy is contested by the data subject, for a period enabling the controller to verify the accuracy;
- the processing is unlawful and the data subject opposes their erasure and demands restrictions on their use;
- the controller no longer needs the personal data for processing purposes, but the data subject still needs them for the establishment, exercise or defence of legal claims; and
- the data subject has objected to processing as per Article 21(1) and it is not yet clear if the proper reasons of the controller are overridden by the fundamental rights of the data subject.
If a data subject effects the restriction of personal data stored by us, and if one of the above listed conditions is present, they may feel free to contact us at any time. We shall carry out the restriction of processing.
- Right to data portability
Every data subject who provided personal data concerning them to a controller shall have the right to receive their data in a structured, commonly used and machine-readable format. Furthermore they shall have the right to transmit their data to another controller without being hindered by the controller they supplied their personal data to, if all following criteria are met:
- the processing of their data is based on their agreement pursuant to point (a) of Article 6(1), or point (a) of Article 9(2), or based on a contract pursuant to point (b) of Article 6(1);
- the data processing is done by means of automated procedures; and
- processing is not necessary for the performance of a task carried out in the public interest or not in the legitimate exercise of official authority vested in the controller.
Furthermore, for the exercise of their right to data portability, the data subject shall have the right to have their personal data transmitted directly from one controller to another as per Article 20(1), unless this is technically not feasible and the transmitting does not prejudice respect for the rights and freedoms of others.
For the assertion of the right to data portability, the data subject may feel free to contact us at any time.
- Right to object
Every data subject who provided personal data concerning them to a controller, shall have the right to object to processing their personal data based on compelling legitimate grounds relating to their particular situation as per points (e) and (f) of Article 6(1). Concerning the application of that provision, this also applies to direct marketing (profiling).
In the event of an objection, we shall no longer process the personal data, unless we can show compelling legitimate grounds for such processing which override the interests, rights and freedoms of the data subject, or if the processing serves the establishment, exercise or defence of legal claims.
The data subject shall have the right to object at any time to processing of personal data concerning them if their personal data is processed by us for direct marketing purposes. This also includes profiling as far as this is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Furthermore, the data subject shall have the right to object to further processing by us of personal data concerning them for historical, statistical or scientific purposes pursuant to Article 89(1), unless the processing is necessary for fulfilling a task in the general public interest.
To exercise their right to object, the data subject may contact us directly. In association with the use of information society services, and notwithstanding Directive 2002/58/EG, the data subject is free to exercise their right to object by means of automated procedure using technical specifications.
Automated individual decisions and profiling
A decision which produces an adverse legal effect for a data subject who provided personal data concerning them to a controller, or which significantly affects them and which is based solely on automated processing, including profiling, shall be permitted only if following criteria are met:
- the decision is necessary for the conclusion or performance of a contract entered into between the data subject and the controller,
- the decision is authorised by Union or Member State law to which the controller is subject and which also lays down measures to safeguard the legitimate interests of the data subject, and
- the decision is based on the explicit consent given by the data subject.
If the decision is necessary for the conclusion or performance of a contract entered into between the data subject and the controller, or if the decision results from the explicit consent given by the data subject, we shall take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, which at least include the right to obtain intervention on the part of the controller in order for them to express their views and to contest the decision.
If the data subject wished to invoke their right with regard to automated decisions, they may feel free to contact us at any time.
- Right to object to consent under data protection laws
Every data subject who provided personal data concerning them to a controller shall have the right to withdraw their consent to processing their personal data at any time.
Legal basis of the processing operation and legitimate interests in processing pursued by the controller or a third party
Processing operations which require the consent of the data subject to process the personal data concerned for one or more given purposes are on the basis of point (a) of Article 6(1) of the General Data Protection Regulation (GDPR).
Processing operations, which have the conclusion or performance of a contract or the implementation of pre-contractual measures as their object (e.g. inquiries regarding our services and products) and to which the data subject is party, are on the basis of point (b) of Article 6(1) of the General Data Protection Regulation (GDPR).
If we are under the legal obligation to process personal data, the basis for this is point (c) of Article 6(1) of the General Data Protection Regulation (GDPR).
If processing is needed to protect the vital interest of the data subject or natural person, the basis for this is point (d) of Article 6(1) of the General Data Protection Regulation (GDPR).
If the processing of personal data is based on point (f) of Article 6(1) of the General Data Protection Regulation (GDPR), there is a justified interest in doing so to conduct our business activities.
Retention period of personal data
The retention period of personal data follows the respective legal obligations and the retention period they demand. At the end of the prescribed period, relevant data are erased routinely if they are no longer needed for the settlement or the initiation of a contract.
Statuary or contractual regulations regarding the provision of personal data; need for conclusion of a contract; obligation of the data subject to provide the personal data; consequences of non-provision of the personal data
In some cases the provision of personal data is legally prescribed. The provision may also arise from the contractual regulations. To that extent it could be necessary to conclude or execute a contract only if the data subject provided the necessary data to be processed. Without such a provision this would not be possible. The data subject shall contact us before providing personal data. In individual cases we shall inform the data subject whether or not the provision of personal data is required by law or contractually required or necessary for the conclusion of the contract, or if an obligation to provide personal data exists and which consequences the failure of providing the personal data would have.
Effective date and last date of modification of this privacy statement
This privacy policy was last modified and is effective as of November 2021.
It may become necessary to modify or change our privacy statement due to further development of our website or offers we make via it, or due to changes in legal requirements or official instructions. You can access and print the current privacy policy at any time via our website at www.weinunikateshop/en/privacy
.