- Fully automatic coffee machines
- Portafilter machines
- Filter coffee machines
Data protection overview
WMF CoffeeConnect
1. General information
The following data protection notice applies to the use of the digital solution WMF CoffeeConnect (“online portal”) and the services offered via this solution.
2. Processing of personal data
As with any online service, our server automatically collects temporary information in the server log files, unless you have deactivated this function. If you want to view our web portal, we will collect the following data that we require technically to display our web portal for you and ensure stability and security:
IP address of the requesting computer
file request of the client
http response code
the website from which you are visiting us (referrer URL),
date and time of the server request
browser type and version
operating system of the requesting computer
No person-related analysis of the server log files takes place. At no time is the provider ever able to assign this data to specific persons. This data is not merged with data from other data sources.
If you provide personal data via our web portal (surname, first name, e-mail address, address), this generally occurs on a voluntary basis. This data is used by us for performance of our contract with you, to process your inquiries and orders and for the purposes of market research and opinion polling.
If you register at our web portal, we will process your data (surname, first name, e-mail address, address) to process the contract relationship. If you integrate a coffee machine in your profile, the technical data transmitted by the coffee machine will be linked with your profile (see under (3)).
If you conclude a service agreement with us, we will also process your data in order to perform repairs and maintenance, in order to improve our service and for the purpose of product improvement and development.
If you want to order products via the web portal, you are required to enter your personal data (contact, delivery, invoice and payment data) we require to process your order to conclude the contract. Mandatory information is labelled as such; all other information is voluntary. We will use the data you provide in order to process your order. In this context, we are entitled to pass on your payment information to our bank or an online payment service.
3. Processing of personal telemetry data
As a fundamental rule, the telemetry module allows a bidirectional data exchange which permits continuous remote retrieval of data for efficient monitoring, control and optimisation of economic and service-relevant processes.
On start-up of a coffee machine with WMF CoffeeConnect INSIDE, operating and status details of the coffee machine (“technical data“) are transmitted to WMF. In particular, this technical data includes:
the type and number of devices connected to the coffee machine with WMF CoffeeConnect INSIDE, e.g. cooler with compatible sensor system
counter readings and statistics on brewing processes, beverage and maintenance counters, milk temperature (in the case of add-on equipment or a countertop cooler), boiler temperature etc.
commands and functions executed via the portal, including time of operation
status of the coffee machine (on, off and time of change in status)
data on radio transmission, including signal strength, selected provider and the radio cell within which the coffee machine with WMF CoffeeConnect INSIDE is located
diagnostic and error messages of the coffee machine with WMF CoffeeConnect INSIDE and connected devices
cleaning operation types and times at which cleaning was carried out
software versions and times at which software and software log files were updated
beverage and machine settings
The technical data above has no personal relation for WMF unless the user uses WMF CoffeeConnect. The technical data is not linked to the user profile until the user integrates the coffee machine with WMF CoffeeConnect INSIDE. Where the technical data thus allows identification of a specific user as defined by section 4(1) GDPR, we process the data for the purpose of performance of the contractual services arising from the use of the web portal by the user.
Where further users are enabled as secondary users for a networked coffee machine in addition to the primary users, we also process the data listed above on use of the coffee machine by one or more secondary users within the same context in order to allow operation of the networked coffee machine by the further secondary users in accordance with the service to be provided.
As part of customer service, we will receive access to the technical data. The use is hereby pseudonymised. Any use related to a person occurs exclusively to provide the services from the contract that was concluded with the customer for the use of the WMF CoffeeConnect web portal or an existing service contract. We reserve the right to use the services of third parties to carry out maintenance work and to grant such third parties access to the user’s data within the context of commissioned data processing.
We reserve the right to use technical data and anonymised or pseudonymised usage data, particularly for statistical purposes or for the further development of products. This also applies if the user terminates the use of WMF CoffeeConnect. This data is exclusively technical, device-specific data. No person-related analysis is performed.
4. Legal bases of data processing
The legal basis for the processing of personal data in connection with contact initiation using the contact form is section 6(1)(a) GDPR.
The legal basis for the processing of personal data in connection with purchase, service and maintenance agreements as well as for registration processes is section 6(1)(b) GDPR.
The legal basis for processing personal data in connection with the improvement and further development of our products and for advertising, market and opinion research is section 6(1)(1)(b) GDPR.
5. Data erasure and storage period
We are required under commercial and tax law to store your address, payment and order data for a period of ten years. However, we will restrict processing after seven years, which means that your data will only be used for compliance with the statutory requirements.
6. Data security
We are using suitable technical and organisational security measures to protect your data from incidental or intentional manipulations, partial or complete loss, destruction or unauthorised access by third parties (e.g. TLS encryption for our website) under consideration of the state of the art, implementation costs and the nature of the scope, context and purpose of processing as well as the existing risks of a data breach (including its probability and effects for the affected person. We are continuously improving our security measures according to the technological development.
We will be happy to provide you with further information upon request. Please contact our Data Protection Officer (see under General Information (3)).