Privacy policy
General Principles
We operate our website in accordance with the principles set out below. We are committed to complying with the statutory provisions on data protection and strive to observe the principles of data avoidance and data minimisation at all times.
1. Name and Address of the Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States of the European Union, as well as other data protection regulations, is:
Weingut Leininger
Owner: Florian Engelmann
Theilheimer Weg 3–5
97246 Eibelstadt, Germany
Phone: +49 9303 2209
Email: info@weingut-leininger.de
Website: www.weingut-leininger.de
2. Definitions
This privacy policy has been drafted in accordance with the principles of clarity and transparency. If any uncertainties remain regarding the meaning of individual terms used herein, the corresponding definitions can be found in Article 4 GDPR, available at: https://dsgvo-gesetz.de/art-4-dsgvo/
3. Legal Basis for the Processing of Personal Data
We process personal data (e.g. first and last name, email address, IP address) only where a legal basis exists. In particular, the following legal bases under the GDPR apply: a) Consent pursuant to Art. 6(1)(a) GDPR, where you have given us your consent to process your personal data for one or more specific purposes. You will be informed in detail about the purpose(s) of processing and your consent will be documented. b) Performance of a contract or pre-contractual measures pursuant to Art. 6(1)(b) GDPR, where processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract. c) Legitimate interests pursuant to Art. 6(1)(f) GDPR, where processing is necessary to safeguard our legitimate interests, provided that your interests or fundamental rights and freedoms do not override those interests. At the relevant points, we will explicitly inform you of the applicable legal basis for the processing of your personal data.
4. Disclosure of Personal Data Your personal data will not be transferred to third parties for purposes other than those listed below. We only disclose your personal data if: a) you have given your explicit consent pursuant to Art. 6(1)(a) GDPR; b) disclosure is necessary pursuant to Art. 6(1)(f) GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data; c) disclosure is required by law pursuant to Art. 6(1)(c) GDPR; or d) disclosure is legally permissible and necessary pursuant to Art. 6(1)(b) GDPR for the performance of contractual relationships with you.
5. Storage Duration and Deletion We store personal data transmitted to us only for as long as necessary to fulfil the purposes for which the data was transmitted or as required by law. Once the purpose has been fulfilled and/or statutory retention periods have expired, the data will be deleted or blocked.
6. SSL Encryption For security reasons and to protect the transmission of confidential content, this website uses SSL encryption. You can recognise an encrypted connection by the change from “http://” to “https://” in your browser’s address bar and by the lock symbol. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
7. Collection and Storage of Personal Data and the Nature and Purpose of Their Use
a) Visiting the Website When you access our website, information is automatically transmitted to our server by your browser and temporarily stored in log files. This includes: IP address date and time of access name and URL of the retrieved file referrer URL browser type and operating system name of the access provider The data is processed for the purposes of ensuring a smooth connection, ensuring convenient use of the website, evaluating system security and stability, and for administrative purposes. Personal data allowing identification (e.g. IP address) is deleted no later than 7 days after collection or anonymised. Legal basis: Art. 6(1)(f) GDPR.
b) Contractual Relationship
aa) Conclusion of Contract Only data necessary for contract performance is processed pursuant to Art. 6(1)(b) GDPR. Voluntary information is processed exclusively on the basis of consent pursuant to Art. 6(1)(a) GDPR.
bb) Customer Account You may create a customer account. In addition to contractual data, voluntary information and previous purchases are stored. Legal basis: Art. 6(1)(a) GDPR. The customer account can be modified or deleted at any time.
cc) Disclosure for Shipping Purposes Necessary data is transferred to shipping providers for delivery coordination. Legal basis: Art. 6(1)(b) GDPR. Service providers include DHL, DPD and UPS (see respective privacy policies). dd) Online Payment Service Providers When using online payment services, relevant personal data is transmitted to the provider. Legal basis: Art. 6(1)(b) and Art. 6(1)(f) GDPR. Providers may carry out identity and credit checks. Details are available in the providers’ privacy policies (e.g. PayPal).
c) Blog Comments When commenting on blog posts, name, email address and IP address are stored. Legal basis: Art. 6(1)(f) GDPR.
d) Contact Forms / Email Contact Data submitted via contact forms or email is processed to handle enquiries. Legal basis: Art. 6(1)(b) and (f) GDPR. Data is deleted no later than 3 months after receipt unless required for further contractual relations.
e) Google Fonts Google Fonts are used to improve readability and visual presentation. Legal basis: Art. 6(1)(f) GDPR. Data may be transferred to Google servers in the USA. f) Google Maps Google Maps is used to display our location. Legal basis: Art. 6(1)(f) GDPR. You may disable Google Maps by disabling JavaScript in your browser.
8. Cookies
We use cookies on our website. Cookies are small data packets that your browser automatically creates and stores on your device when you visit our website. These cookies serve to store information related to the device used in each case. Personal identification of the user is not possible through the use of cookies. The data processed by cookies is required for the purposes stated above in order to safeguard our legitimate interests as well as those of third parties pursuant to Art. 6(1)(f) GDPR. Most browsers automatically accept cookies due to default browser settings. However, you may configure your browser so that no cookies are stored on your device or so that a notice is displayed before a new cookie is stored. Please note that if you completely disable cookies in your browser, you may not be able to use all functions of this website. Below, we explain the different types of cookies used on our website:
a) Session Cookies In order to make the use of our website more convenient, we use so-called session cookies. These cookies enable us to recognise that you have already visited individual pages of our website. Session cookies are automatically deleted once you leave our website.
b) Temporary Cookies We also use cookies that allow us to recognise you when you revisit our website and use our services again. This means that you do not need to re-enter inputs and settings you made during your previous visit. These temporary cookies are stored on your device for a defined period of time.
c) Cookies for Optimisation Purposes Finally, we use cookies for optimisation purposes. These cookies statistically record the use of our website and are evaluated for the purpose of optimising our services for you. These cookies enable recognition of your browser when you revisit our website and are automatically deleted after a defined period.
9. Analytics and Tracking Tools
We use the analytics and tracking tools listed below on our website. These tools serve to ensure the continuous optimisation of our website and to design it in line with demand. These purposes constitute legitimate interests within the meaning of Art. 6(1)(f) GDPR. The respective data processing purposes and data categories can be found in the descriptions of the individual tools.
a) Google Ads We use Google Ads, an online advertising program of Google Inc., on our website. Conversion tracking is also used as part of this service. Google Ads places a cookie on your device if you have reached our website via a Google advertisement. This cookie expires after 30 days and does not serve personal identification. If you visit our website and the cookie is still active, it can be recognised by Google and us that you clicked on the respective advertisement and were redirected to our website. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked across the websites of Google Ads customers. The information collected via conversion cookies is used to create conversion statistics for Google Ads customers. As a Google Ads customer, we learn the total number of users who responded to our advertisement and were redirected to a website tagged with a conversion tracking tag. However, we do not receive information that allows us to personally identify users. If you do not wish to participate in tracking, you can disable Google conversion tracking cookies via your browser settings. Please consult your browser’s help function for further information. Further information on Google’s data protection policies can be found at: http://www.google.de/policies/privacy/
b) Use of Wordfence for Malware Protection To protect our website against cybercrime, in particular against viruses and malware, we use the service “Wordfence Security” provided by Defiant Inc., 800 5th Ave., Suite 4100, Seattle, WA 98104, USA. Data processing is carried out on the basis of Art. 6(1)(a) GDPR (consent) as well as Art. 6(1)(f) GDPR (legitimate interest). The service also enables differentiation between human visitors and automated programs or bots. For this purpose, Wordfence uses cookies. To protect against brute-force and DDoS attacks, IP addresses are stored on Wordfence servers. IP addresses deemed harmless are placed on a so-called whitelist. By protecting our website, Wordfence Security simultaneously protects visitors against viruses and malware. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The “Live Traffic View” (real-time traffic) function of the plugin is disabled. Further information on data collection and processing by Wordfence can be found in Defiant’s privacy policy: https://www.wordfence.com/privacy-policy/
10. Social Media Plugins
Social media plugins listed below are used on our website to increase its visibility. The legal basis for the use of social media plugins is Art. 6(1)(f) GDPR. The advertising purpose pursued constitutes a legitimate interest within the meaning of the GDPR. Responsibility for data protection-compliant operation lies with the respective provider. We use the Shariff solution to ensure the best possible protection of visitors to our website.
a) Facebook “Like” Plugin This website integrates the Facebook “Like” plugin, operated by Facebook Ireland Limited, Hanover Reach, 5–7 Hanover Quay, Dublin 2, Ireland. The plugin is recognisable by the Facebook logo and the “Like” button. Once activated, the plugin establishes a direct connection between your browser and Facebook’s servers. We do not receive any data from Facebook in this process. By activating the plugin, Facebook receives information that you have visited this website. If you are logged into Facebook at the time, Facebook may associate this visit with your user account. If you interact with the plugin, for example by clicking “Like,” this information is also transmitted to Facebook. Facebook may process the data in third countries in accordance with its privacy policy. Further information can be found at: http://www.facebook.com/policy.php General information on plugin data protection: http://www.facebook.com/help.php?page=1068
b) Use of Google +1 Our website uses Google +1 functions provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using the Google +1 button, information may be published worldwide. Google stores information about your visit to this website and your +1 activity. +1 information may be displayed together with your profile name and photo in Google services. Use of the +1 button requires a public Google profile. Data is processed in accordance with Google’s privacy policies: http://www.google.com/intl/de/+/policy/+1button.html
c) Use of Twitter Functions of the Twitter service are integrated on our website, provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Re-Tweet” function, visited websites are linked to your Twitter account and made known to other users. Data is transmitted to Twitter in the process. We have no knowledge of the content of the transmitted data or its use by Twitter. Further information is available at: http://twitter.com/privacy Account settings: http://twitter.com/account/settings
d) Instagram Our website uses functions of Instagram, operated by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you click the Instagram button while logged into your Instagram account, content from our website may be linked to your Instagram profile. We have no knowledge of the content of transmitted data or its use by Instagram. Further information can be found at: http://instagram.com/about/legal/privacy/
11. Rights of the Data Subject
You are entitled to the following rights:
a) Right of Access Pursuant to Art. 15 GDPR, you have the right to request information about your personal data processed by us. This right of access includes information regarding: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the planned duration of storage or, if this is not possible, the criteria used to determine that duration, the existence of the right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint with a supervisory authority, the origin of your personal data, insofar as these were not collected from you, the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for you.
b) Right to Rectification Pursuant to Art. 16 GDPR, you have the right to obtain without undue delay the rectification of inaccurate personal data concerning you or the completion of incomplete personal data stored by us.
c) Right to Erasure Pursuant to Art. 17 GDPR, you have the right to request the immediate erasure of your personal data stored by us, insofar as further processing is not required for one of the following reasons: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) as well as Art. 9(3) GDPR; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to under section (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; for the establishment, exercise or defence of legal claims.
d) Right to Restriction of Processing Pursuant to Art. 18 GDPR, you have the right to request restriction of processing of your personal data for one of the following reasons: you contest the accuracy of the personal data; the processing is unlawful and you oppose the erasure of the personal data; we no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; you have objected to processing pursuant to Art. 21(1) GDPR.
e) Right to Notification If you have exercised your right to rectification, erasure or restriction of processing pursuant to Art. 16, Art. 17(1) and Art. 18 GDPR, we shall notify all recipients to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients. f) Right to Data Portability You have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to request the transmission of those data to another controller, where the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out by automated means.
g) Right to Withdraw Consent Pursuant to Art. 7(3) GDPR, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Following withdrawal, we may no longer continue data processing based on the withdrawn consent.
h) Right to Lodge a Complaint Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes the GDPR.
i) Right to Object Where your personal data are processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data on grounds relating to your particular situation or where the objection relates to direct marketing. In the latter case, you have a general right to object, which will be implemented by us without the need to state reasons related to your particular situation. To exercise your right of withdrawal or objection, it is sufficient to send an email to: info@weingut-leininger.de
j) Automated Individual Decision-Making, Including Profiling You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision: i. is necessary for entering into, or performance of, a contract between you and us; ii. is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or iii. is based on your explicit consent. Such decisions must not be based on special categories of personal data pursuant to Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. In the cases referred to in points (i) and (iii), we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.
12. Amendments to This Privacy Policy
We reserve the right to amend this privacy policy. Changes will be published on the website and registered users will be informed by email.
Status: 18 January 2023
