Website

Information about our company and the services we offer can be found at www.wmf-coffeemachines.com , including the associated sub-domains and sub-pages. When you visit our website, your personal data may be processed.

We would like to point out that it is entirely up to you whether you wish to share your data with us. However, if and to the extent that you do not provide us with the data required for a particular service, you will not be able to use the respective service, or at least not to its full extent. We use the data exclusively to provide you with the service you have requested.

When using the website for informational purposes, we may collect, store and process the following categories of personal data:

A. Data processed for the provision of the website and the creation of log files

a. What data is processed and for what purpose?

Every time the website content is accessed, data that may possibly allow identification is temporarily stored. The following data is collected in this process:

• Date and time of access

• IP address

• Host name of the accessing computer

• Website from which the website was accessed
  Websites accessed via the website

• Page visited on our website

• Protocols and status code

• Amount of data transferred

• Information about the browser type and version used

• Operating system

• User agent

• Log data (directory protection user, referrer, host name accessed)

The IP addresses are anonymized and stored. The temporary storage of data is necessary for the process of a website visit to enable delivery of the website. Further storage in log files is done to ensure the functionality of the website and the security of the information technology systems.

During anonymization, all data relating to the sender/recipient, etc. is removed. Only the data regarding the time of sending and information on how the e-mail was processed (queue ID or not sent) is retained.

These purposes also include our legitimate interest in data processing.

b. On what legal basis is this data processed?

The data is processed on the basis of Article 6(1)(f) of the GDPR.

c. Are there other recipients of personal data in addition to the controller?

We are using Amazon Web Services (AWS) - as the hosting provider for our websites. AWS is acting as processor and located at Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxemburg

Cloudflare - Cloudflare’s global cloud platform delivers a range of network services to businesses of all sizes around the world—making them more secure while enhancing the performance and reliability of their critical Internet properties. Cloudflare is acting as processor and located at Cloudflare Inc., 101 Townsend St San Francisco, CA, 94107, USA. https://www.cloudflare.com/privacypolicy/ https://www.cloudflare.com/cookie-policy/ Website: https://aws.amazon.com/

Privacy Policy: https://aws.amazon.com/privacy/

GDPR compliance information: https://aws.amazon.com/compliance/gdpr-center/

DPA: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

Storyblok - Storyblok and its Affiliates offer a SaaS-based headless content management system (including the Storyblok APIs and Documentation) and a digital experience platform (DXP) with a visual editor, that allows customers to upload, manage and publish Customer Content by using Storyblok APIs (the “Storyblok Services”). Storyblok is acting as processor and located at Storyblok Solutions GmbH is registered in Austria, FN 608512x, ATU79663909, Loquaiplatz 12/1, 1060 Vienna, Austria. (https://www.storyblok.com/terms)

d. How long is the data stored?

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected, but no later than one day after collection. The cookies for the purpose of providing evidence of consent and the cookie for the watch list are stored for at least one month. The anonymized IP addresses are stored for 60 days. Information on the directory protection user employed is anonymized after one day. The mail logs for sending e-mails from the web environment are anonymized after one day and then stored for 60 days. Error logs, which log incorrect page views, are deleted after seven days. Access via FTP is logged with anonymized information about the user name and IP address and stored for 60 days. Mail logs for sending via our mail servers are deleted after four weeks. The retention period is necessary to ensure the functionality of the mail services and to combat spam.

B. Contact form

a. What data is processed for what purpose?

When you use the contact form, the data categories transmitted thereby are: “contact form data”:

• personal and contact data

• address data

• possibly order and product data

• and the time of transmission

• as well as possibly voluntarily given data on the location and telephone data.

The purpose of the processing is to contact you if you have questions about our products and services and to provide assistance if necessary.

b. On what legal basis is this data processed?

We process this data on the basis of Art. 6 (1) (b) for the purpose of contract initiation or fulfillment.

c. Are there other recipients of personal data in addition to the controller?

Sendgrid

d. How long is the data stored?

The data is deleted as soon as it is no longer required for the purpose for which it was collected. In the case of the contact form, this is usually the case after it has been sent to us. However, it may be stored for up to ten years due to legal obligations. As a rule, the storage period is three years.

C. Newsletter

We offer you the opportunity to subscribe to our newsletter. If you register for our newsletter, we will process the following “newsletter data”:

• IP address (truncated – a personal reference can be created)

• Page from which the page was requested (so-called referrer URL)

• Date and time of access

• Information about the browser type and the version used

• E-mail address

• Date and time of registration and confirmation

The purpose of the processing is to send you the newsletter and to inform you about current products, product developments and promotions, as well as to fulfill our accountability obligations and, if necessary, to clarify any possible misuse of your personal data.

We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the sent e-mails contain so-called web beacons or tracking pixels, which represent one-pixel image files stored on our website. For the evaluations, we link the data mentioned in 2.A.a. and the web beacons with your e-mail address and an individual ID. Links contained in the newsletter also contain this ID. We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters and which links you click on in them, and from this we deduce your personal interests. We link this data to the actions you take on our website.

You can opt out of this tracking at any time by clicking on the separate link provided in each e-mail or by contacting us through another channel. The information is stored for as long as you are subscribed to the newsletter. After you unsubscribe, we store the data in a purely statistical and anonymous form. Furthermore, such tracking is not possible if you have disabled the display of images by default in your e-mail program. In this case, the newsletter will not be displayed in full and you may not be able to use all the functions. If you display the images manually, the tracking described above will take place.

a. On what legal basis is this data processed?

By registering for our newsletter, you consent to the processing of your personal data (legal basis is Art. 6 para. 1 lit. a DS-GVO). We use the so-called double opt-in procedure for registering for our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter.

b. Are there other recipients of the personal data besides the controller?

XQueue GmbH, Christian-Pless-Str. 11-13, 63069 Offenbach, is used to process the newsletter procedure. XQueue GmbH receives the above-mentioned data as a processor.

c. How long is the data stored?

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the newsletter, this is the case when you unsubscribe from the newsletter. Due to obligations to provide evidence, the data may be stored for up to three years after you unsubscribe.

A. Links to other websites

If we provide links to websites of other organizations, the data protection notices and declarations of those organizations apply.

You will receive a data protection notice when you leave our website. You can activate this permanently if you no longer wish to receive it.

B. Cookies

We use cookies on our websites. Cookies are data that are stored on your user device when you visit a website with it. Cookies contain information such as user settings, login information and other data that can be used to improve the user experience.

We distinguish between session cookies, which are deleted as soon as you close your browser, after one day at the latest, and persistent cookies, which means that these cookies are stored permanently beyond the individual session. With regard to their function, we distinguish between the following types of cookies:

• Technical (must) cookies: These are absolutely necessary to enable you to move around the website, use its basic functions and ensure its security; they do not collect information about you for marketing purposes nor do they store information about which websites you have visited;

• “Tracking” cookies: These are used to provide the website user with customized advertising on the website or offers from third parties and to measure the effectiveness of these offers.

C. Web beacons

Web beacons, also known as pixel tags or clear GIFs, are small, usually transparent graphics embedded in our web pages to track user behavior. They work by sending a request to the provider's server when the document in which they are embedded is opened.

This request can transmit various information, such as: the time of retrieval, the type of browser that loads the web beacon, unique IDs. This information is used for statistical evaluations, marketing analyses and the personalization of content. Web beacons enable us to track and analyze the online behavior of our website visitors, which may raise privacy concerns.

We set three web beacons:

1. cdn.cookielaw.org: This web beacon is essential for consent management. It is used in conjunction with cookies to obtain unambiguous consent from the website visitor.
2. The following two web beacons are only set after consent has been given to the tracking cookies and, like the tracking cookies, are processed for analysis and marketing purposes. These would be optimization of our marketing activities, user behavior, reach analyses.
a. www.googletagmanager.com/gtag, which contains a unique ID

b. google-analytics.com/g/collect, which contains IDs as well as information on screen resolution, browser and operating system

D. Embedding videos with YouTube

Nowadays, it is commonplace to supplement product offers on the internet with media from third-party platforms. Therefore, we are embedding our YouTube videos in our offer and ask you every time you access external contents if you would like to load them.

For the implementation of data protection friendly presets, contents are inactive by default. Initially, only an empty window is shown. The YouTube video will not play until you intentionally click on the provided button and give your consent to the data transmission and thereby the processing of your data by YouTube.

On the basis of this so-called two-click solution, you decide for yourself whether your data will flow to YouTube. This implementation is necessary because we have no influence on how YouTube processes your data. YouTube bears the responsibility for data protection in compliance with the law.

This is why we cannot obtain an effective data protection consent. This would have to primarily be done in an informed manner. However, since we do not have any knowledge of the purposes for which YouTube processes your data, we cannot provide you with any information on that.

In addition to the IP address, YouTube may also process technical data (screen resolution, browser used, operating system, etc.). It is also possible that so-called cookies are used, for example, to analyse your surfing behaviour. We do not receive information on how you use YouTube and what contents you are sharing or commenting on.

Therefore, we are advising you that you should obtain information from YouTube in advance as to how YouTube processes your data.

E. Embedding Chatbot (Chatbase)

At Chatbase, we prioritize your privacy and are committed to safeguarding your personal information. When you use Chatbase on our website, we collect minimal data necessary to enhance your experience and improve our services. This may include usage data, device information, and interaction logs. We ensure that all data is anonymized and encrypted to protect your identity. By using Chatbase, you agree to our data practices outlined in this policy.

F. On what legal basis is this data processed?

The legal basis for cookies and web beacons that are absolutely necessary to provide you with the expressly requested service is Section 25 (2) no. 2 TDDDG. The usage of Chatbase is based on an API communication which is necessary to enable the service. Any use of cookies and web beacons that is not technically necessary for this purpose constitutes data processing that is only permitted with your express and active consent in accordance with Section 25 (1) TDDDG in conjunction with Art. 6 para. 1 sentence 1 lit. a DS-GVO is permitted. This applies in particular to the use of functional, advertising and tracking cookies. In addition, we only pass on your personal data processed by cookies to third parties if you have given your express consent to do so in accordance with Art. 6 para. 1 sentence 1 lit. a DS-GVO. Are there other recipients of personal data besides the data controller?

If you have given your consent,

• Google Ads - Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. https://ads.google.com/intl/de_at/home/ Privacy Policy: https://policies.google.com/privacy?hl=de

• Google Analytics - Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. https://analytics.google.com/ Privacy Policy: https://policies.google.com/privacy?hl=en-US

• LinkedIn - LinkedIn Inc., 605 W Maude Ave, Sunnyvale, CA 94085, USA, https://www.linkedin.com/ Privacy Policy: https://de.linkedin.com/legal/privacy-policy?

• Microsoft Ads - Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin, Irland 18, D18 P521) https://www.microsoft.com/en-us/privacy/privacystatement

will be used as an analysis partner.

G. How long is the data stored?

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of mandatory cookies, this is the case when you close the visited website or your browser, but after no more than a day. Due to the obligation to provide evidence, the data may be stored for up to three years after deregistration. Further information on the storage period can be found in our cookie information. (see under (D)). [Link to the cookie information].

Further information on which cookies we are using and how you can manage your cookie settings and deactivate certain types of tracking is provided in our Cookie Policy.