Databeskyttelse

Status: 05/2018

We are processing individual related data (as follows “data”) of users as far as this is required to provide a full functional and comfortable website which includes our content and services.

„Processing“ is meant to be the rising, use, transmission and/or filling. “Individual related data” is meant to be basically all data as per DGSVO (General Data Protection Regulation), which identifies an individual person. The exact definition of the abstract concept is stipulated in Art. 4 DSGVO (Datenschutzgrundverordnung).

The following statement will inform you about the kind, the scope, the purpose, the term and the legislative basis of the processing of individual related data and the purpose and appliance of processing we determine alone or with third parties as well as components for optimization and quality utilization of third parties when applicable who process data in their own responsibility:
_________________________________________

A) Information about responsible party
B) Privilege of Users
C) Information about data processing
_________________________________________

A) Information about responsible party

The responsible party (as follows „provider”) as per DSGVO and additional data privacy acts/policies of EU-member states as well as miscellaneous provisions is:

Vinexus Deutschland GmbH
Otto-Hahn-Str. 21
35510 Butzbach
Germany

Phone Germany: 0800 5707 0081 60*
Calls from EU-Countries: +49 180 5707 0081 60**
Fax: +49 180 5707 0088 89***
E-Mail: info@vinexus.de

*(free of charge from German fixed line network)
**(calls from EU-Countries, 0.14 €/Minute, if applicable different costs for mobile radio communication) ***(0.14 €/Minute from German fixed line network, if applicable different costs for mobile radio communication.)

The external data security officer is:

Killian Hedrich
c/o DatCQ GbR
Alexander F. Bräuer, Killian Hedrich
and Frank Weiß
Katharinenstraße 16
73728 Esslingen

Phone.    +49 (0)711/ 93277955
Fax:     +49 (0)711/ 93277956
E-Mail:     dsb@datcq.de

B) Privilege of Users

With regard to the following reflected processing described by the provider the user will have the privilege,

1. to request a confirmation, if the respective data about him/her in question will be processed and accurate details about the information as well as other information and copies of the data referring to Art. 15. DSGVO;

2.  to request the immediate adjustment of data for any incorrect data referring to him/her or request completing any incomplete data as per Art. 16 DSGVO;   

3. to request that data referring to him/her will be immediately deleted as per Art. 17 DSGVO, alternatively when another processing of the relevant individual related data as per Art. 17 para 3 lit. DSGVO is required, to request limitation of the processing as per  Art. 18 DSGVO;

4.  that he/she obtains individual related data provided by the user as per stipulation of Art. 20 DSGVO and request the forwarding of the same to any other party in charge;

5.  to submit a complaint to the supervisory body as per Art. 77 DSGVO, if the user believes that the processing of his/her individual related data by the provider is in breach of DSGVO rules.
_________________________

6. As a matter of principle, the user is entitled to object to the processing of his personal data, which is processed by a person responsible on the base of Art. 6 para. 1 lit. f DSGVO, at any time in accordance with Art. 21 DSGVO. This objection may in particular be made against data processing for the purpose of direct marketing.
_________________________

7. In addition, the provider is obliged to notify all recipients to whom it has disclosed the data, about any correction or erasure of the personal data or a restriction of data processing carried out pursuant to Article 16 DSGVO, Article 17 para. 1 DSGVO and Article 18 DSGVO.
This obligation is not in effect in the event that this communication proves to be impossible or involves a disproportionate effort. The customer is entitled to receive information regarding these recipients.

C) Information on data processing

Insofar as no detailed information is given below regarding the individual data processing, the user's data processed by the provider will be deleted or blocked as soon as the purpose of the storage ceases to exist and the deletion does not conflict with any statutory storage obligation.

Server data

For technical reasons concerning communication and security, during a visit on the website the following data amongst others is collected, which the internet browser of the user transmits to the provider or to his web space provider, respectively (so-called server log files):

- Browser type and browser version;
- operating system in use;
- Web site, from where the user came to the provider's web site (Referrer URL);
- Web site the user is;
- Date and time of web site access;
- Internet protocol (IP) address of the user.

The data will also be temporarily stored. A storage of this data together with other personal data of the user does not take place. The legal basis for the temporary storage is Art. 6 para. 1 lit. f DSGVO based on the legitimate interest in improving the stability, functionality and security of the website.

After seven days at the latest the data will be deleted. Data where further retention thereof is required for evidential purposes shall be exempted from the deletion until final clarification of the incident.

Cookies

a) „Session“ cookies/ „Persistent“ cookies

On its website, the provider uses so-called cookies. Cookies are small text files or other storage technologies that the internet browser used by the user stores and saves on the user's device. These cookies individually process certain user information, such as browser and location data and IP address values.  

The processing allows the provider to make its website more user-friendly, effective and secure. For example, the processing of the "session" cookies enables the content to be displayed in different languages or, if necessary, the use of a shopping cart function.

"Persistent" cookies allow the web site to recognize the user by his browser during regular visits on the web site.

If personal data is processed by these cookies for the purposes of initiating a contract or processing a contract, the legal basis of the processing is Art. 6 para. 1 lit. b DSGVO.

If the processing is not intended to initiate a contract or to execute the contract, the processing serves the legitimate interest of the provider in improving the functionality of the web site and is based on the legal basis of Art. 6 para. 1 lit. f DSGVO.

"Session" cookies are deleted as soon as the user closes their browser. "Persistent" cookies are automatically deleted after a deadline set by the provider. This deadline may vary vary for different cookies but does not exceed the period one year.

b) Third party cookies

If necessary, the web site of the provider also uses third party cookies. These third party suppliers are partner companies with whom the provider cooperates for the purposes of advertising, analysis or website functionalities. Should this be the case, the purposes and legal bases of the corresponding processing are given in the following statements.  

c) Cookie deletion

The user can prevent or restrict the installation of cookies by setting the browser accordingly. Already saved cookies can also be deleted at any time. The relevant browser settings may vary for different browser types. For Flash cookies, the processing cannot be disabled by browser settings but by the appropriate setting of the Flash player. Should the user prevent or restrict the installation of cookies, this may result in the fact that not all functions of the web site can be used to the full extent.

Contract management

a) Processing

The personal data provided by the user for the purpose of a purchase of goods or services are processed by the provider for the purpose of contract execution. The details of the data are required for the conclusion of the contract; without providing the data, it is not possible to conclude the contract. The legal basis for processing is Art. 6 para. 1 lit. b DSGVO. After completion of the contract, the data of the user are deleted in consideration of tax and commercial retention periods.

b) Disclosure to third parties

In the context of contract management, the personal data of the user is passed on to the transport company commissioned with shipping or to the financial service provider, as far as this is necessary for the delivery or payment of the goods. The legal basis for the transfer of data is Art. 6 para. 1 lit. b DSGVO.

Establishing contact

If the user uses the contact form or e-mail in order to contact the provider, the user's personal data entered on this occasion will be used to process the request. The user's information is required to answer the request, without providing the data a response is not or only partially possible.

If the contact request serves to fulfill a contract or to initiate a contract, the legal basis is Art. 6 para. 1 lit. b DSGVO.

The data of the user will be deleted, provided that the user's request has been finally answered and there are no conflicting legal storage obligations like e.g. in a subsequent contract.  

Legal basis may also be a consent of the user in accordance with Art. 6 para. 1 lit. a DSGVO. If need be in the context of the contact form, the user's consent to the impending processing may be obtained and reference may be made to this privacy policy.

Any consent granted regarding the customer account may be revoked by the user at any time pursuant to Art. 7 para. 3 DSGVO by notifying the provider. The related data is deleted as soon as its processing is no longer required.

Customer account

Should the user register for a customer account with the provider, the data entered in the course of this registration (e.g. name, address, e-mail address) will be collected and saved exclusively for the fulfillment of a contract or the implementation of pre-contractual measures as well as for the general administration of customer relations ( e.g. retrieval of previous orders, loyalty program "Happy Grapes" or memo/ wishlist function). The registration will also save the IP address and date and time of registration. A passing on to third parties does not take place.

If the user has given his consent, legal basis is Art. 6 para. 1 lit. a DSGVO. As part of the registration process, the user's consent to the impending processing is obtained and reference is made to this privacy policy. The data collected in this way are used exclusively for the aforementioned purpose. A passing on to third parties does not take place.

If the registration of the customer account serves the fulfillment of a contract or the implementation of pre-contractual measures, then the additional legal basis is Art. 6 para. 1 lit. b DSGVO.

Any consent given regarding the customer account may be revoked by the user at any time pursuant to Art. 7 para. 3 DSGVO by notifying the provider. The data processed in this context is deleted as soon as its processing is no longer required. If the data is required to fulfill a contract or to carry out pre-contractual measures, the data of the user will be deleted upon expiry of the tax and commercial retention periods.

Checking the creditworthiness / scoring

If the user is offered payment by invoice by the provider in the case of goods or service offer, the provider reserves the right to forward the contractual data (in particular, first and last name, street, house number, zip code, city) to an information data file office for the purpose of a credit assessment on basis of mathematical-statistical procedures (for example Bürgel, Schufa, Creditreform, infoscore etc.). The resulting information about the statistical probability of a default is used by  the provider to decide whether the invoice payment is offered for the execution of the contract.
The credit report may contain probability values (score values) which are calculated on the basis of scientifically recognized mathematical-statistical methods.
The legal basis for this processing is the legitimate interest of the provider in the safeguarding against failure of the receivables acc. Art. 6 para. 1 lit. f DSGVO.

Newsletter

a) Registration

If the user signs up for the provider's free newsletter, the data requested in the input mask (e-mail address and, optionally, name and address) will be processed by a service provider - see Shipping below. In addition, the IP address and the date and time of login are stored. As part of the registration process, the consent of the user will be obtained and the contents concretely rewritten. At the same time reference is made to this privacy policy.

b) Sending
The provider uses CleverReach to send newsletters. "CleverReach" is a service of the company CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany.

https://www.cleverreach.com/de/datenschutz/

c) Analysis

The newsletter sent by the provider via CleverReach contain so-called "counting pixels" (web-beacon), by means of which the provider can recognize if and when an e-mail was opened as well as which links in the newsletter were followed by the user.

This analysis data is stored by the provider in addition to the technical data (system data and IP address), so that the newsletter can be optimally aligned to the wishes and interests of the user. Accordingly, the data collected is used to constantly improve the quality of the newsletter.

d) Legal basis

The legal basis for sending the newsletter and the analysis is Art. 6 para. 1 lit. .DSGVO.

e) Cancellation

According to Art. 7 para. 3 DSGVO, the user can revoke this consent at any time by sending a message to the provider or by means of the unsubscribe link contained in the newsletter for the future.

ZENDESK-CHAT

This website uses the ZENDESK component to analyze the web and to operate the live chat system. ZENDESK is a product of Zendesk, Inc, 1019 Market Street, 6th Floor San Francisco, California 94103, United States.

Zendesk, Inc. is certified under the EU-US Privacy Shield, thereby ensuring compliance with EU data protection regulations when processing data in the United States.

https://www.privacyshield.gov/participant?id=a2zt0000000TOjeAAG&status=Active

The legal basis is Art. 6 para. 1 lit. b DSGVO. The function serves the contract initiation.

ZENDESK uses cookies for the web analysis and the live chat system, which process anonymised data and enable the creation of pseudonymous user profiles.

The data collected by ZENDESK will not be used to personally identify the user of the website.

If the user does not agree with this processing, it is possible to prevent the installation of the cookies by a corresponding setting of the browser, more details on this under the item "cookies".

For further information, please contact ZENDESK at the following link:

https://www.zendesk.de/company/customers-partners/privacy-policy/?_ga=2.66512558.1806071664.1526727507-1114388717.1526727507



Google-Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereafter "Google."

Google is certified under the EU-US Privacy Shield, thereby ensuring compliance with EU data protection regulations when processing data in the US.

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Google Analytics is used by the provider to analyze the use of the website. The legal basis in this context is Art. 6 para. 1 lit. f DSGVO. The legitimate interest of the provider is in the analysis, optimization and economic operation of the website.

Information such as time, location, and frequency of the user's website visit, including its IP address, is transmitted to and stored by Google on a Google server in the United States.

The provider uses Google Analytics with an anonymization function. In this case, Google will already shorten its IP address within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

Google will use the data collected to evaluate the visit of the website by the user and to compile reports on the website activity for the provider. Furthermore, the data will be used to provide other services related to website activity and internet usage. Google may also transfer this information to third parties if required by law or as far as third parties process this data on behalf of Google.

Google will, according to their own information, under no circumstances link the IP address of the user with other data from Google and bring this in context. Further information, in particular on the possibilities of preventing the use of data, offers Google at the following link:

https://www.google.com/intl/de/policies/privacy/partners

Google also offers a deactivation add-on for the most popular browsers, which gives the user more control over what data Google collects about the user-accessed site. The add-on informs the JavaScript (ga.js) of Google Analytics that no website visit information should be transmitted to Google Analytics. However, the Google Analytics Disable Browser Add-On does not prevent information from being transmitted to the provider or to other web analytics services that may be used by the provider and listed in this privacy policy. Further information on installing the browser add-on is available at the following link:

Browser-Add-On to deactivate Google Analytics

Alternatively, the future analysis of the page visit by Google Analytics can be deactivated by clicking on the following link. By clicking on the link a so-called "opt-out cookie" is set, as a result of which the analysis of the page visit on the website of the provider will be prevented in the future:

Activate „Opt-Out-Cookie"  for Google-Analytics

Please note: If the user deletes the cookies in his browser settings, the opt-out cookie will be deleted as a rule and may need to be reactivated by the user.

Google AdWords with Conversion-Tracking

The provider also uses the Google advertising component "Google AdWords" and in this context the so-called conversion tracking. Google Conversion Tracking is a service of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereinafter "Google."

Google is certified under the EU-US Privacy Shield, thereby ensuring compliance with EU data protection regulations when processing data in the US.

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

The use of conversion tracking serves the provider for the targeted application of his services. The legal basis here is Art. 6 para. 1 lit. f DSGVO. The legitimate interest of the provider is in the analysis, optimization and economic operation of the website.

If the user clicks on an ad served by Google, a cookie will be saved on the user's device due to the inclusion of conversion tracking. These so-called "conversion cookies" lose their validity after 30 days and are not used for the personal identification of the user.

If the user visits certain pages of the provider's website and the cookie has not yet expired, both Google and the provider can recognize that the user has clicked on one of the ads placed by Google with the provider and has been redirected to the provider's website.

The information obtained through the "Conversion Cookies" is used by Google to create visitor statistics for the provider. The provider receives information about the total number of users who have clicked on their ad and also which pages of their website were called up by the respective user. However, the provider or other "Google AdWords" advertisers receive no information that personally identifies users.

The user can prevent or restrict the installation of cookies by setting the browser accordingly. Already saved cookies can also be deleted at any time. The settings depend on the browser.

Further information, in particular on the possibilities of preventing the use of data, Google offers the following links:

https://services.google.com/sitestats/de.html
http://www.google.com/policies/technologies/ads/  
http://www.google.de/policies/privacy/

Google Fonts

To display the font on the Website, the Provider uses external fonts in the form of "Google Fonts", a service of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereinafter "Google".

Google is certified under the EU-US Privacy Shield, thereby ensuring compliance with EU data protection regulations when processing data in the US.

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

When the provider's website is called, it will connect to the Google server in the United States to enable or update the font.

The legal basis in this context is art. 6 para. 1lit. f DSGVO. The legitimate interest of the provider is in the optimization and economic operation of the website.

Through the connection, Google can tell from which website a request is sent and to which IP address the presentation of the font is transmitted.

Further information, in particular on the possibilities of preventing the use of data, Google offers the following links:

https://policies.google.com/privacy
https://adssettings.google.com/authenticated