> Privacy Policy

Data privacy policy

 

1. General
Private entrepreneur “Gitelman Denis Aleksandrovich”(hereinafter: WINDIGO), Ryabinovaya Street 20, 454087 Chelyabinsk, Russian Federation is the operator of the website www.windigo-oil.com and would therefore like to inform you in the following Privacy Policy to what extent data are collected when you use our website and what purpose these data are used for.

 

WINDIGO also wishes to point out the rights you are entitled to in this context. Please note: this Privacy Policy applies exclusively to the page www.windigo-oil.com, including any subpages and subdomains. You have the option of switching to other websites at www.windigo-oil.com. For these pages, Data protection regulations, for the content of which the respective operators of these websites are responsible.

 

The careful handling of your personal data has top priority at WINDIGO. When processing data, we comply with the statutory provisions of the General Data Protection Regulation (GDPR) and the associated national provisions.

When you visit our website, the web servers save the connection data of the requesting computer, the subpages you visit on our site, the date and duration of your visit, the identification data of the browser and operating system type used as well as the website from which you are visiting us as standard and temporarily for system security purposes.

 

This data batch consists of

  •        the page from which the file was requested,
  •        the name of the file,
  •        the date and time of the request,
  •        the amount of data transferred,
  •        the access status (file transferred, file not found),
  •        a description of the type of web browser used,
  •        the IP address of the requesting computer, shortened by the last three digits.

These data are stored anonymously. Personal user profiles are thus not created. These data are erased or made anonymous after the end of the connection.

 

In addition, we collect personal data from you in other cases, specifically

  •        when you contact us via e-mail or the contact form
  •        when you use the protected “My user account” areas in the online shop
  •        when you subscribe to the newsletter/press releases/digital communication
  •        when you register in one of the forums and make a contribution
  •        to secure our web server and to ensure the functionality of our online services
  •        for processing orders placed via our online shop
  •        for the online application process.

Personal data are processed exclusively for a specific purpose (purpose limitation principle). In addition, we regularly review our data processing practices to ensure that we process as little personal data as possible (data minimization principle).

 

2. Details of the controller

Below you will find the details of the controller as defined by Art. 4 No. 17 GDPR:

 

Company name & legal form:

Private entrepreneur “Gitelman Denis Aleksandrovich”

Representative:

Gitelman Denis Aleksandrovich

Address of the head office as defined by Art. 4 No. 16 GDPR:

Ryabinovaya Street 20, 454087 Chelyabinsk, Russian Federation.

Contact details:

Ryabinovaya Street 20, 454087 Chelyabinsk, Russian Federation. Email: info@windigo-oil.com

 

Please note that all personal data are stored on hosting web-servers in Germany.

 

3. What are personal data?

Personal data are all information relating to an identified or identifiable natural person. An identifiable person is a natural person who can be identified directly or indirectly, in particular by assignment to an identifier such as a name. Personal data include information such as your name, address, telephone number and date of birth (if provided). Statistical information that cannot be directly or indirectly associated with you – such as the popularity of individual websites operated by us or the number of users of a site – is not personal data.

 

4. Protection of minors

Our website is not directed at minors and we do not knowingly collect personal data from minors.

 

If persons under the age of 16 transfer personal data to us, this is only permitted if the parent or legal guardian themselves has consented or has agreed to the consent of the young person. Pursuant to Art. 8 (2) GDPR, the contact details of the parent or legal guardian must be communicated to us in order to convince us of the consent or the agreement of the parent or legal guardian. These data and the data of the minor will then be processed in accordance with this Privacy Policy.

 

If we determine that a minor under the age of 16 has sent us personal data without the parent or guardian consenting themselves or agreeing to the consent of the minor, we will erase the data immediately.

 

5. Purposes of data processing and legal basis

Your personal data will be processed for the following purposes on the following legal bases:

  •        Contract initiation pursuant to Art. 6(1) a) and b) GDPR
  •        Contract execution pursuant to Art. 6(1) b) GDPR
  •        Customer management pursuant to Art. 6(1) b) and c) GDPR
  •        Communication and data exchange pursuant to Art. 6(1) a), b), c), f) GDPR
  •        Public image and advertising pursuant to Art. 6(1) f) GDPR
  •        Implementation of declarations of consent pursuant to Art. 6(1) a) GDPR
  •        Ensuring the proper operation of a data processing system pursuant to Art. 6(1) c) and f) GDPR.

 

6. Storage duration

We save personal data until the purposes for which they were collected expire (e.g. upon the termination of a contractual relationship or with the last activity, if no continuing obligation exists, or in the case of a withdrawal of your consent for specific data processing). Storage beyond this only occurs if

 

• Legal storage obligations (e.g. pursuant to AO (German Tax Code) and HGB (German Commercial Code)) exist;

• The data is still required for the enforcement and exertion of legal claims or for defending against legal claims, e.g. due to technological and forensic requirements for the defense of attacks on our webservers and their prosecution;

• Preventing the deletion of the interests of affected persons worth protecting; Or

• or there is another exception as per art. 17 section 3 GDPR. • Furthermore, you always have the right to withdraw the use of your data for the purpose of direct advertising with future effect, as per art. 21 section 2 GDPR. c) and f).

 

7. Rights of data subjects

7.1. Right to information and data portability

You have a right to information about the personal data processed by us pursuant to Art. 15 GDPR at any time.
If the data processing is based on your consent or on a contract pursuant to Art. 6 (1) b) GDPR, you may, pursuant to Art. 20(1) GDPR, request that you receive the personal data stored about you in a structured, established and machine-readable format, or to have these data transferred to a system of a third party. You are thus entitled to direct forwarding of your data.

 

7.2. Right to rectification, restriction and erasure

Furthermore, pursuant to Art. 16 to 18 GDPR, you may request that we rectify, restrict (block) or erase your personal data if we have processed the data incorrectly, if there are grounds for restricting further data processing or if the data processing has become illegal for various reasons, or if its storage is inadmissible for other legal reasons. We would like to point out that your right to erasure may be restricted by legal retention periods.

 

7.3. Rights to object

If our data processing is based exclusively on our legitimate interest pursuant to Art. 6(1) f) GDPR, you may object to this processing pursuant to Art. 21(1) GDPR. We will then stop processing your data unless we can prove grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend a legal claim.

 

7.4. Right of withdrawal

If you have allowed us to process your personal data by giving your consent, you have a right of withdrawal with effect for the future pursuant to Art. 7(3) GDPR.

 

7.5. Right of complaint to the supervisory authority

You are free to lodge a complaint with a supervisory authority if you believe that our processing of your personal data is in breach of the European General Data Protection Regulation or other national and international data protection laws, Art 77 GDPR.

7.6. Contact details

To exercise your rights, you can send us an informal message to the contact details below. Please also address the withdrawal of your consent to the contact details below, indicating which declaration of consent you wish to withdraw:

Company name & legal form:

Private entrepreneur “Gitelman Denis Aleksandrovich

Address:

Ryabinovaya Street 20, 454087 Chelyabinsk, Russian Federation.

E-Mail adress:

info@windigo-oil.com

Webform:

http://windigo-oil.com/contact

 

 8. Data transfer by means of contact

8.1. Contact form http://windigo-oil.com/contact-us

Via the web form at http://windigo-oil.com/contact-us we request the following data:

  •        Department (optional)
  •        Message text (optional)
  •        Title (freiwillige Angabe)
  •        E-mail address (required)
  •        First and last name (optional)
  •        Telephone number (optional)
  •        Street and house number (optional)
  •        Postcode (freiwillige Angabe)
  •        Country (required)
  •        Company (optional)

Data that you send us via the contact form will be processed for the purpose of communication and data exchange pursuant to Art. 6(1) a), b), c), f) GDPR. These data are only stored as long as their processing is required for these purposes or until the expiry of any subsequent retention periods.

 

8.2. Contact form via http://windigo-oil.com/order

Via the web form at http://windigo-oil.com/order  we request the following data:

  •        E-mail address (required)
  •        Name (optional)
  •        Subject (required)
  •        Message text (required)

Data that you send us via the contact form will be processed for the purpose of communication and data exchange pursuant to Art. 6(1) a), b), c), f) GDPR. These data are only stored as long as their processing is required for these purposes or until the expiry of any subsequent retention periods.

8.3. Contact via e-mail

Data that you send us by e-mail for the purpose of making contact with us will be processed for the purpose of communication and data exchange pursuant to Art. 6(1) a), b), c), f) GDPR. These data are stored as long as their processing is required for these purposes or until the expiry of any subsequent retention periods.

 

9. Dealer search

On our website you can search for suitable dealers in your area under http://windigo-oil.com/dealers using your IP address. No other data about you will be collected or stored. Your postcode will not be stored beyond the search.

 

10. Handling of personal data within the scope of the customer account

10.1. Private customer account

We offer you the option of setting up a personal customer account. Before you use this for the first time, you have to register once. For this, we need the following information from you:

  •        Title (required),
  •        First and last name (required),
  •        E-mail address (required),
  •        Password (required),
  •        Date of birth (optional).

 

For the processing of orders in the online shop we require the following additional information from you:

  •        Invoice address (title, first name, last name, e-mail address, company (if applicable), street, house number, postcode, town/city, country, date of birth (optional),
  •        Delivery address (title, first name, last name, company (if applicable), street, house number, postcode, town/city, country, federal state),
  •        Payment details (Sepa direct debit, PayPal details, instant bank transfer, credit card details).

 

A customer number will also be automatically assigned to your customer account.

In addition, you can voluntarily add the following information to your customer account:

  •        Mobile phone number.

 

We will use data that you transfer to us during registration and when placing orders in the online shop for the following purposes on the following legal bases:

  •        Contract initiation pursuant to Art. 6(1) a) and b) GDPR, communication and data exchange pursuant to Art. 6(1) a), b), c), f) GDPR, ensuring proper operation of a data processing system pursuant to Art. 6(1) c) and f) GDPR:
    - Provision of the customer account,
    - Making your customer profile available on our website,
    - Use of the online shop under windigo-oil.com., 
    - Authentication of registered users.
  •        Contract execution pursuant to Art. 6(1) b) GDPR, customer management pursuant to Art. 6(1) b), and f) GDPR, communication and data exchange pursuant to Art. 6(1) a), b), f) GDPR: 
    - Deliveries, 
    - Payment processing, 
    - Queries in connection with your customer account and/or orders placed, 
    - Information about changes to the Terms and Conditions or data protection information, 
    - Provision of a shopping list.
  •        Public image and advertising pursuant to Art. 6(1) a) and f) GDPR: 
    - Internal statistical market research, 
    - Sending of the newsletter, if expressly ordered, 
    - Sending of product recommendations for our own similar offers, unless expressly not desired, 
    - Sending of information, if expressly requested, 
    - Sending of postal advertising, unless expressly not desired.

 

10.2. WINDIGO account

We offer you the opportunity to set up a personal WINDIGO account. Before you use this for the first time, you have to register once. For this, we need the following information from you:

  •        Title (required),
  •        First and last name (required),
  •        Company (required),
  •        Role in the company (required), Street, postcode, town/city, country (required),
  •        Telephone number (required),
  •        Fax (optional),
  •        Business e-mail address (required),
  •        Website (optional),
  •        Source of WINDIGO products (optional),
  •        If applicable, WINDIGO customer number (optional),
  •        If applicable, information about the dealer from whom you purchase your products (optional).

 

11. Use of our online shop

Within the scope of the use of our online shop, further personal and transaction-based data, such as data on shopping basket compilations ordered and any delivery of these, the shopping lists created and data on orders, are collected and stored. WINDIGO will process these personal and transaction-based data on its own behalf in technical and logistical terms, Art. 6(1) b) and f) GDPR, if this is necessary for the performance of the desired services.

 

12. Use of PayPal (only concerns the use of the online shop)

In our online shop we enable you to pay by means of the payment service provider PayPal. The processing of the payment takes place either via your PayPal or via your credit card or bank account using PayPal. Furthermore, PayPal offers buyer protection and trust services.

 

When you select the payment service provider PayPal in the online shop, data is automatically transferred to PayPal. You hereby expressly consent to this transfer of personal data (first and last name, address, e-mail address, IP address, phone number(s), order data, delivery data) for the purpose of processing the payment as well as fraud prevention if you decide upon the PayPal payment type.

 

The exchange of data does not only take place for the purpose of processing the payment, but also for identification, fraud prevention and the reduction of a default risk, in this respect, data on economic situation and on past purchase and payment behavior may also be exchanged. In this context, data is also exchanged with credit agencies by Klarna, if there is a legitimate interest for this and it does not run counter to the interests of affected persons worth protecting.

 

Forwarding of the data to associated companies can occur; this also applies to downstream service providers (processors, mutually responsible and third parties, if required for contract implementation). You can withdraw existing consent from PayPal at any time with future effect. A withdrawal has no effect on the transfers carried out in the past. PayPal’s current data protection regulations can be found at www.paypal.com/de/webapps/mpp/ua/privacy-full.

 

Data recipient: PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg

 

 

13. Data processing and use for public image and advertising purposes

We also use your data as described in more detail below for the purposes of public image and advertising pursuant to Art. 6(1) a) and f) GDPR.

 

13.1. Profiling (cookies and web tracking procedures)

Profiling is based on Art. 6(1) a) or f) GDPR.

 

13.1.1. Cookies

Here we collect the following technical connection data: The called up page of our web offer, your IP address shortened by the last three digits, date and time of the call-up, end device used, browser configuration data. This takes place in order to check the authorization of actions and authentication of the requesting user of our services. The legal bases are art. 6 section 1 lit. c) in conjunction with art. 32 and art. 6 section 1 lit. f) GDPR. Our legitimate interest is the safeguarding of our webserver, in order to defend itself against attacks, for example, and ensuring the functionality of our services.

 

Cookies that are not technically required are only used after your express consent, which you can, of course, withdraw at any time.

As part of our cookie information on our website, you have agreed to the following declaration concerning this matter:

This website uses tracking cookies or tracking software, among other things, in order to provide you with the full functionality of our website and therefore be able to offer you a better online experience. Further information on the cookies used and webtracking process can be found in our data protection declaration. However, all cookies or our tracking software are only activated after you have given us your consent.

 

If you completely exclude the use of cookies, you will not be able to use individual functions of our website – including the possibility of a cookie-based opt-out of tracking. If applicable, please allow the opt-out cookies of the services for which you would like to prevent the tracking.

 

Please also consider that deleting all cookies leads to the opt-out cookies also being deleted.

 

You will therefore have to reset these. Furthermore, cookies are associated to the browser, this means that they have to be specially set in each browser used by you on each device used by you. The links required for this can be found in the following in the description of the respective service.

 

We use the following cookies – if you allow this and have not set one or more opt-out cookies – for the purpose described below in more detail:

Name of the cookie

Purpose of use 

Storage duration

Technically required

Option to withdraw consent (if cookie not technically required)

PrestaShop-UID

Web-shop basket

3months

Yes

_ym_d

Yandex Metrics отслеживание

24 hours

Yes

_ym_isad

Yandex Metrics отслеживание

48 hours

Yes

_ym_uid

Yandex Metrics отслеживание

24 hours

Yes

amplitude_idwindigo-oil.com

Usage and navigation events sent to Amplitude, Inc. (analytics provider and Data Processor for wndigo-oil-com Prestashop CMS)

10 years

Yes

jv_visits_count_samWSbl5YQ

JivoSite (Online consltant)

1 year

Yes

 

13.1.2. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called cookies, text files which are stored on your computer and which allow an analysis of your use of the website. The information generated by the cookie concerning your use of this website is generally passed on to a Google server in the USA and saved there. Your IP address on this website is anonymized. Your IP address is abbreviated by Google within member states of the European Union or in other signatories to the agreement regarding the European Economic Area. In the event that anonymous use of IP should be activated on this website, your IP address is first abbreviated by Google within member states of the European Union or in other signatories to the agreement regarding the European Economic Area. Only in exceptional circumstances is the full IP address transferred to a Google server in the USA and abbreviated there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to the use of the website and of the Internet to the website operator. The IP address transferred from your browser as part of Google Analytics is not added to other Google data. One way to object to web analysis by Google Analytics is to set an opt-out cookie that instructs Google not to store or use your data for web analysis purposes. Please note that in this solution the web analysis will not take place only for as long as the browser stores the opt-out cookie. If you wish to set the opt-out cookie now, please click here 

You can avoid the saving of cookies by adjusting your browser software appropriately; however, we would like to make you aware of the fact that in this case it is possible that you will not be able to use all the functions of this website. Furthermore, you can prevent the recording of the data created by the cookie and related to your use of the website (incl. your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link.

 

The current link is: http://tools.google.com/dlpage/gaoptout?hl=en

 

Data recipient: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

 

The information generated by the cookie concerning your use of this website will be stored by us for the duration based on the specific purpose and subsequently deleted. Session cookies are deleted directly after the session. Other cookies remain for longer and expire after two years at the latest.

 

13.1.3. YouTube video embedded via iFrame

We use YouTube, a Google service, to show you video content. To protect your privacy, we have activated the extended data protection mode.

 

YouTube also uses cookies to collect information about visitors to its website. YouTube uses these, among other things, to collect video statistics, to prevent fraud and to improve user-friendliness. Calling up a video usually also leads to a connection with the Google DoubleClick network. Starting the video could trigger further data processing operations, especially if you are already logged in to YouTube. We have no influence on this. You can find more information about data protection at YouTube in its privacy policy (http://www.youtube.com/t/privacy_at_youtube)

 

Data recipient: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA 

Privacy-Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

 

13.1.4. Social media plug-ins

We use social media buttons (YouTube, Twitter, Facebook, Instagram) of Facebook Inc., Twitter Inc., Google Inc. etc. (“providers”) on our website.

 

These social media buttons are not integrated as plug-ins via a so-called iFrame, but as links. By clicking on the social media buttons you will be redirected to the page of the respective provider directly. The respective provider is then responsible for compliance with data protection requirements and for the accuracy, currentness and completeness of the information provided here for data processing pursuant to Art. 4 No. 17 GDPR.

 

14. Data recipient

Access to your personal data stored by us is limited to our employees and the service providers commissioned by us, who have to work with this personal data to fulfill their assignments. If third parties gain access to your data, we have obtained your permission or there is a legal basis for this. 

We use service providers to provide services and process your data (including hosting your data in a secure computer center, delivering ordered goods, sending letters or e-mails and maintaining and analyzing databases, destroying documents and files, so-called order processing pursuant to Art. 28 GDPR). These service providers process the data exclusively on our instructions and are obliged to comply with the applicable data protection regulations.

 

All processors have been carefully selected and will only have access to your data to the extent and for the time required to provide the services, or to the extent to which you have consented to the processing and use of your data.

 

The following recipients are also included in the web tracking procedure: Google Inc. regarding Google Analytics, YouTube videos via iFrame.

 

Data exchange within the group of companies to which we belong takes place exclusively within the EU/EEA and is only for internal administrative purposes. By group of companies we mean affiliated companies as defined by Art. 4 No. 19 GDPR.

 

15. Data processing for the purpose of direct advertising

Direct mail advertising

To the extent permitted by law, we may also use your name and the postal address known to us for the sending of advertising for our own offers. The legal basis is art. 6 section 1 lit. f) in conjunction with recital 47 GDPR. Our legitimate interest is the promotion of sales or demand among our existing customers. Of course, you can object to the processing of your data for advertising purposes at any time for the future. A notification in text form to the contact details above is sufficient. We will then delete your data from our distribution list. The data that accounts for your objection is then kept for a further 6 years as per art. 17 section 3 lit. e) GDPR. However, during this time your personal data is blocked from further processing.

 

Telephone advertising

To the extent permitted by law, for business customers, we may also use your name, company affiliation and your stated telephone number, in order to inform you of our own offers that we presume you will be interested in. The legal basis is art. 6 section 1 lit. f) in conjunction with recital 47 GDPR, § 7 section 2 no. 2 UWG. Our legitimate interest is the promotion of sales or demand among our existing business customers. Of course, you can object to the processing of your data for advertising purposes at any time for the future. A notification in text form to the contact details above is sufficient. We will then delete your data from our distribution list. The data that accounts for your objection is then kept for a further 6 years as per art. 17 section 3 lit. e) GDPR. However, during this time your personal data is blocked from further processing.

 

16. Transfer to third countries and legal basis

A transfer of personal data to third countries only takes place

  •        within the scope of the use of Google Analytics on the basis of the EU Commission’s adequacy decision regarding the EU-U.S. Privacy Shield pursuant to Art. 45 GDPR.
  •        within the scope of the activation of YouTube videos, if you have given your consent pursuant to Art. 49(1) a) GDPR.

 

The servers of some of the service providers we use are located in the USA and other countries outside the European Union. Companies in these countries are subject to data protection laws that do not generally protect personal data to the same extent as is the case in the member states of the European Union. If your data are processed in a country which does not have a recognized high level of data protection like the European Union, this will be on the basis of the EU Commission’s adequacy decision regarding the EU-U.S. Privacy Shield pursuant to Art. 45 GDPR or the EU Standard Treaty 2010 pursuant to Art. 46(2) c) GDPR in conjunction with the EU Commission’s decision of 05/02/2010 (2010/87/EU) or pursuant to Art. 49(1) a) GDPR.

 

17. Transfer to law enforcement and criminal investigation authorities

In exceptional cases, we transfer personal data to law enforcement and criminal investigation authorities. This is done on the basis of corresponding legal obligations, e.g. from the German Code of Criminal Procedure (Strafprozessordnung), the German Tax Code (Abgabenordnung), the Money Laundering Act (Geldwäschegesetz) or state police laws.

 

18. Data security

We maintain a wide variety of security measures pursuant to Art. 32 GDPR (technical and organizational measures) for the protection of your personal data.

 

For a secure transfer of the data you send to us, we offer SSL/TLS encryption with the current TLS v1.1. and TLS v1.2 encryption protocols on our website. We would like to point out that the comprehensive encryption of the transmission path also depends on your Internet browser. We therefore recommend that you keep your Internet browser up to date so that TLS v1.1. or TLS v1.2 encryption is automatically established when you visit our website.

If you contact us by e-mail, we would like to point out that the confidentiality of the information transferred is not guaranteed. The content of e-mails may be viewed by third parties. We therefore recommend that you send us confidential information by post or, for applications, via our online portal.