Data privacy policy
1. General
Private entrepreneur “Gitelman Denis Aleksandrovich”(hereinafter: WINDIGO), Ryabinovaya Street 20, 454087 Chelyabinsk, Russian Federation is the operator of the website www.windigo-oil.com and would therefore like to inform you in the following Privacy Policy to what extent data are collected when you use our website and what purpose these data are used for.
WINDIGO also wishes to point out the rights you are entitled to in this context. Please note: this Privacy Policy applies exclusively to the page www.windigo-oil.com, including any subpages and subdomains. You have the option of switching to other websites at www.windigo-oil.com. For these pages, Data protection regulations, for the content of which the respective operators of these websites are responsible.
The careful handling of your personal data has top priority at WINDIGO. When processing data, we comply with the statutory provisions of the General Data Protection Regulation (GDPR) and the associated national provisions.
When you visit our website, the web servers save the connection data of the requesting computer, the subpages you visit on our site, the date and duration of your visit, the identification data of the browser and operating system type used as well as the website from which you are visiting us as standard and temporarily for system security purposes.
This data batch consists of
These data are stored anonymously. Personal user profiles are thus not created. These data are erased or made anonymous after the end of the connection.
In addition, we collect personal data from you in other cases, specifically
Personal data are processed exclusively for a specific purpose (purpose limitation principle). In addition, we regularly review our data processing practices to ensure that we process as little personal data as possible (data minimization principle).
2. Details of the controller
Below you will find the details of the controller as defined by Art. 4 No. 17 GDPR:
Company name & legal form: |
Private entrepreneur “Gitelman Denis Aleksandrovich” |
Representative: |
Gitelman Denis Aleksandrovich |
Address of the head office as defined by Art. 4 No. 16 GDPR: |
Ryabinovaya Street 20, 454087 Chelyabinsk, Russian Federation. |
Contact details: |
Ryabinovaya Street 20, 454087 Chelyabinsk, Russian Federation. Email: info@windigo-oil.com |
Please note that all personal data are stored on hosting web-servers in Germany.
3. What are personal data?
Personal data are all information relating to an identified or identifiable natural person. An identifiable person is a natural person who can be identified directly or indirectly, in particular by assignment to an identifier such as a name. Personal data include information such as your name, address, telephone number and date of birth (if provided). Statistical information that cannot be directly or indirectly associated with you – such as the popularity of individual websites operated by us or the number of users of a site – is not personal data.
4. Protection of minors
Our website is not directed at minors and we do not knowingly collect personal data from minors.
If persons under the age of 16 transfer personal data to us, this is only permitted if the parent or legal guardian themselves has consented or has agreed to the consent of the young person. Pursuant to Art. 8 (2) GDPR, the contact details of the parent or legal guardian must be communicated to us in order to convince us of the consent or the agreement of the parent or legal guardian. These data and the data of the minor will then be processed in accordance with this Privacy Policy.
If we determine that a minor under the age of 16 has sent us personal data without the parent or guardian consenting themselves or agreeing to the consent of the minor, we will erase the data immediately.
5. Purposes of data processing and legal basis
Your personal data will be processed for the following purposes on the following legal bases:
6. Storage duration
We save personal data until the purposes for which they were collected expire (e.g. upon the termination of a contractual relationship or with the last activity, if no continuing obligation exists, or in the case of a withdrawal of your consent for specific data processing). Storage beyond this only occurs if
• Legal storage obligations (e.g. pursuant to AO (German Tax Code) and HGB (German Commercial Code)) exist;
• The data is still required for the enforcement and exertion of legal claims or for defending against legal claims, e.g. due to technological and forensic requirements for the defense of attacks on our webservers and their prosecution;
• Preventing the deletion of the interests of affected persons worth protecting; Or
• or there is another exception as per art. 17 section 3 GDPR. • Furthermore, you always have the right to withdraw the use of your data for the purpose of direct advertising with future effect, as per art. 21 section 2 GDPR. c) and f).
7. Rights of data subjects
7.1. Right to information and data portability
You have a right to information about the personal data processed by us pursuant to Art. 15 GDPR at any time.
If the data processing is based on your consent or on a contract pursuant to Art. 6 (1) b) GDPR, you may, pursuant to Art. 20(1) GDPR, request that you receive the personal data stored about you in a structured, established and machine-readable format, or to have these data transferred to a system of a third party. You are thus entitled to direct forwarding of your data.
7.2. Right to rectification, restriction and erasure
Furthermore, pursuant to Art. 16 to 18 GDPR, you may request that we rectify, restrict (block) or erase your personal data if we have processed the data incorrectly, if there are grounds for restricting further data processing or if the data processing has become illegal for various reasons, or if its storage is inadmissible for other legal reasons. We would like to point out that your right to erasure may be restricted by legal retention periods.
7.3. Rights to object
If our data processing is based exclusively on our legitimate interest pursuant to Art. 6(1) f) GDPR, you may object to this processing pursuant to Art. 21(1) GDPR. We will then stop processing your data unless we can prove grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend a legal claim.
7.4. Right of withdrawal
If you have allowed us to process your personal data by giving your consent, you have a right of withdrawal with effect for the future pursuant to Art. 7(3) GDPR.
7.5. Right of complaint to the supervisory authority
You are free to lodge a complaint with a supervisory authority if you believe that our processing of your personal data is in breach of the European General Data Protection Regulation or other national and international data protection laws, Art 77 GDPR.
7.6. Contact details
To exercise your rights, you can send us an informal message to the contact details below. Please also address the withdrawal of your consent to the contact details below, indicating which declaration of consent you wish to withdraw:
Company name & legal form: |
Private entrepreneur “Gitelman Denis Aleksandrovich ” |
Address: |
Ryabinovaya Street 20, 454087 Chelyabinsk, Russian Federation. |
E-Mail adress: |
|
Webform: |
http://windigo-oil.com/contact |
8. Data transfer by means of contact
8.1. Contact form http://windigo-oil.com/contact-us
Via the web form at http://windigo-oil.com/contact-us we request the following data:
Data that you send us via the contact form will be processed for the purpose of communication and data exchange pursuant to Art. 6(1) a), b), c), f) GDPR. These data are only stored as long as their processing is required for these purposes or until the expiry of any subsequent retention periods.
8.2. Contact form via http://windigo-oil.com/order
Via the web form at http://windigo-oil.com/order we request the following data:
Data that you send us via the contact form will be processed for the purpose of communication and data exchange pursuant to Art. 6(1) a), b), c), f) GDPR. These data are only stored as long as their processing is required for these purposes or until the expiry of any subsequent retention periods.
8.3. Contact via e-mail
Data that you send us by e-mail for the purpose of making contact with us will be processed for the purpose of communication and data exchange pursuant to Art. 6(1) a), b), c), f) GDPR. These data are stored as long as their processing is required for these purposes or until the expiry of any subsequent retention periods.
9. Dealer search
On our website you can search for suitable dealers in your area under http://windigo-oil.com/dealers using your IP address. No other data about you will be collected or stored. Your postcode will not be stored beyond the search.
10. Handling of personal data within the scope of the customer account
10.1. Private customer account
We offer you the option of setting up a personal customer account. Before you use this for the first time, you have to register once. For this, we need the following information from you:
For the processing of orders in the online shop we require the following additional information from you:
A customer number will also be automatically assigned to your customer account.
In addition, you can voluntarily add the following information to your customer account:
We will use data that you transfer to us during registration and when placing orders in the online shop for the following purposes on the following legal bases:
10.2. WINDIGO account
We offer you the opportunity to set up a personal WINDIGO account. Before you use this for the first time, you have to register once. For this, we need the following information from you:
11. Use of our online shop
Within the scope of the use of our online shop, further personal and transaction-based data, such as data on shopping basket compilations ordered and any delivery of these, the shopping lists created and data on orders, are collected and stored. WINDIGO will process these personal and transaction-based data on its own behalf in technical and logistical terms, Art. 6(1) b) and f) GDPR, if this is necessary for the performance of the desired services.
12. Use of PayPal (only concerns the use of the online shop)
In our online shop we enable you to pay by means of the payment service provider PayPal. The processing of the payment takes place either via your PayPal or via your credit card or bank account using PayPal. Furthermore, PayPal offers buyer protection and trust services.
When you select the payment service provider PayPal in the online shop, data is automatically transferred to PayPal. You hereby expressly consent to this transfer of personal data (first and last name, address, e-mail address, IP address, phone number(s), order data, delivery data) for the purpose of processing the payment as well as fraud prevention if you decide upon the PayPal payment type.
The exchange of data does not only take place for the purpose of processing the payment, but also for identification, fraud prevention and the reduction of a default risk, in this respect, data on economic situation and on past purchase and payment behavior may also be exchanged. In this context, data is also exchanged with credit agencies by Klarna, if there is a legitimate interest for this and it does not run counter to the interests of affected persons worth protecting.
Forwarding of the data to associated companies can occur; this also applies to downstream service providers (processors, mutually responsible and third parties, if required for contract implementation). You can withdraw existing consent from PayPal at any time with future effect. A withdrawal has no effect on the transfers carried out in the past. PayPal’s current data protection regulations can be found at www.paypal.com/de/webapps/mpp/ua/privacy-full.
Data recipient: PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg
13. Data processing and use for public image and advertising purposes
We also use your data as described in more detail below for the purposes of public image and advertising pursuant to Art. 6(1) a) and f) GDPR.
13.1. Profiling (cookies and web tracking procedures)
Profiling is based on Art. 6(1) a) or f) GDPR.
13.1.1. Cookies
Here we collect the following technical connection data: The called up page of our web offer, your IP address shortened by the last three digits, date and time of the call-up, end device used, browser configuration data. This takes place in order to check the authorization of actions and authentication of the requesting user of our services. The legal bases are art. 6 section 1 lit. c) in conjunction with art. 32 and art. 6 section 1 lit. f) GDPR. Our legitimate interest is the safeguarding of our webserver, in order to defend itself against attacks, for example, and ensuring the functionality of our services.
Cookies that are not technically required are only used after your express consent, which you can, of course, withdraw at any time.
As part of our cookie information on our website, you have agreed to the following declaration concerning this matter:
This website uses tracking cookies or tracking software, among other things, in order to provide you with the full functionality of our website and therefore be able to offer you a better online experience. Further information on the cookies used and webtracking process can be found in our data protection declaration. However, all cookies or our tracking software are only activated after you have given us your consent.
If you completely exclude the use of cookies, you will not be able to use individual functions of our website – including the possibility of a cookie-based opt-out of tracking. If applicable, please allow the opt-out cookies of the services for which you would like to prevent the tracking.
Please also consider that deleting all cookies leads to the opt-out cookies also being deleted.
You will therefore have to reset these. Furthermore, cookies are associated to the browser, this means that they have to be specially set in each browser used by you on each device used by you. The links required for this can be found in the following in the description of the respective service.
We use the following cookies – if you allow this and have not set one or more opt-out cookies – for the purpose described below in more detail:
Name of the cookie |
Purpose of use |
Storage duration |
Technically required |
Option to withdraw consent (if cookie not technically required) |
PrestaShop-UID |
Web-shop basket |
3months |
Yes |
|
_ym_d |
Yandex Metrics отслеживание |
24 hours |
Yes |
|
_ym_isad |
Yandex Metrics отслеживание |
48 hours |
Yes |
|
_ym_uid |
Yandex Metrics отслеживание |
24 hours |
Yes |
|
amplitude_idwindigo-oil.com |
Usage and navigation events sent to Amplitude, Inc. (analytics provider and Data Processor for wndigo-oil-com Prestashop CMS) |
10 years |
Yes |
|
jv_visits_count_samWSbl5YQ |
JivoSite (Online consltant) |
1 year |
Yes |
13.1.2. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called cookies, text files which are stored on your computer and which allow an analysis of your use of the website. The information generated by the cookie concerning your use of this website is generally passed on to a Google server in the USA and saved there. Your IP address on this website is anonymized. Your IP address is abbreviated by Google within member states of the European Union or in other signatories to the agreement regarding the European Economic Area. In the event that anonymous use of IP should be activated on this website, your IP address is first abbreviated by Google within member states of the European Union or in other signatories to the agreement regarding the European Economic Area. Only in exceptional circumstances is the full IP address transferred to a Google server in the USA and abbreviated there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to the use of the website and of the Internet to the website operator. The IP address transferred from your browser as part of Google Analytics is not added to other Google data. One way to object to web analysis by Google Analytics is to set an opt-out cookie that instructs Google not to store or use your data for web analysis purposes. Please note that in this solution the web analysis will not take place only for as long as the browser stores the opt-out cookie. If you wish to set the opt-out cookie now, please click here
You can avoid the saving of cookies by adjusting your browser software appropriately; however, we would like to make you aware of the fact that in this case it is possible that you will not be able to use all the functions of this website. Furthermore, you can prevent the recording of the data created by the cookie and related to your use of the website (incl. your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link.
The current link is: http://tools.google.com/dlpage/gaoptout?hl=en
Data recipient: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
The information generated by the cookie concerning your use of this website will be stored by us for the duration based on the specific purpose and subsequently deleted. Session cookies are deleted directly after the session. Other cookies remain for longer and expire after two years at the latest.
13.1.3. YouTube video embedded via iFrame
We use YouTube, a Google service, to show you video content. To protect your privacy, we have activated the extended data protection mode.
YouTube also uses cookies to collect information about visitors to its website. YouTube uses these, among other things, to collect video statistics, to prevent fraud and to improve user-friendliness. Calling up a video usually also leads to a connection with the Google DoubleClick network. Starting the video could trigger further data processing operations, especially if you are already logged in to YouTube. We have no influence on this. You can find more information about data protection at YouTube in its privacy policy (http://www.youtube.com/t/privacy_at_youtube)
Data recipient: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy-Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
13.1.4. Social media plug-ins
We use social media buttons (YouTube, Twitter, Facebook, Instagram) of Facebook Inc., Twitter Inc., Google Inc. etc. (“providers”) on our website.
These social media buttons are not integrated as plug-ins via a so-called iFrame, but as links. By clicking on the social media buttons you will be redirected to the page of the respective provider directly. The respective provider is then responsible for compliance with data protection requirements and for the accuracy, currentness and completeness of the information provided here for data processing pursuant to Art. 4 No. 17 GDPR.
14. Data recipient
Access to your personal data stored by us is limited to our employees and the service providers commissioned by us, who have to work with this personal data to fulfill their assignments. If third parties gain access to your data, we have obtained your permission or there is a legal basis for this.
We use service providers to provide services and process your data (including hosting your data in a secure computer center, delivering ordered goods, sending letters or e-mails and maintaining and analyzing databases, destroying documents and files, so-called order processing pursuant to Art. 28 GDPR). These service providers process the data exclusively on our instructions and are obliged to comply with the applicable data protection regulations.
All processors have been carefully selected and will only have access to your data to the extent and for the time required to provide the services, or to the extent to which you have consented to the processing and use of your data.
The following recipients are also included in the web tracking procedure: Google Inc. regarding Google Analytics, YouTube videos via iFrame.
Data exchange within the group of companies to which we belong takes place exclusively within the EU/EEA and is only for internal administrative purposes. By group of companies we mean affiliated companies as defined by Art. 4 No. 19 GDPR.
15. Data processing for the purpose of direct advertising
Direct mail advertising
To the extent permitted by law, we may also use your name and the postal address known to us for the sending of advertising for our own offers. The legal basis is art. 6 section 1 lit. f) in conjunction with recital 47 GDPR. Our legitimate interest is the promotion of sales or demand among our existing customers. Of course, you can object to the processing of your data for advertising purposes at any time for the future. A notification in text form to the contact details above is sufficient. We will then delete your data from our distribution list. The data that accounts for your objection is then kept for a further 6 years as per art. 17 section 3 lit. e) GDPR. However, during this time your personal data is blocked from further processing.
Telephone advertising
To the extent permitted by law, for business customers, we may also use your name, company affiliation and your stated telephone number, in order to inform you of our own offers that we presume you will be interested in. The legal basis is art. 6 section 1 lit. f) in conjunction with recital 47 GDPR, § 7 section 2 no. 2 UWG. Our legitimate interest is the promotion of sales or demand among our existing business customers. Of course, you can object to the processing of your data for advertising purposes at any time for the future. A notification in text form to the contact details above is sufficient. We will then delete your data from our distribution list. The data that accounts for your objection is then kept for a further 6 years as per art. 17 section 3 lit. e) GDPR. However, during this time your personal data is blocked from further processing.
16. Transfer to third countries and legal basis
A transfer of personal data to third countries only takes place
The servers of some of the service providers we use are located in the USA and other countries outside the European Union. Companies in these countries are subject to data protection laws that do not generally protect personal data to the same extent as is the case in the member states of the European Union. If your data are processed in a country which does not have a recognized high level of data protection like the European Union, this will be on the basis of the EU Commission’s adequacy decision regarding the EU-U.S. Privacy Shield pursuant to Art. 45 GDPR or the EU Standard Treaty 2010 pursuant to Art. 46(2) c) GDPR in conjunction with the EU Commission’s decision of 05/02/2010 (2010/87/EU) or pursuant to Art. 49(1) a) GDPR.
17. Transfer to law enforcement and criminal investigation authorities
In exceptional cases, we transfer personal data to law enforcement and criminal investigation authorities. This is done on the basis of corresponding legal obligations, e.g. from the German Code of Criminal Procedure (Strafprozessordnung), the German Tax Code (Abgabenordnung), the Money Laundering Act (Geldwäschegesetz) or state police laws.
18. Data security
We maintain a wide variety of security measures pursuant to Art. 32 GDPR (technical and organizational measures) for the protection of your personal data.
For a secure transfer of the data you send to us, we offer SSL/TLS encryption with the current TLS v1.1. and TLS v1.2 encryption protocols on our website. We would like to point out that the comprehensive encryption of the transmission path also depends on your Internet browser. We therefore recommend that you keep your Internet browser up to date so that TLS v1.1. or TLS v1.2 encryption is automatically established when you visit our website.
If you contact us by e-mail, we would like to point out that the confidentiality of the information transferred is not guaranteed. The content of e-mails may be viewed by third parties. We therefore recommend that you send us confidential information by post or, for applications, via our online portal.