Data collection takes place for the distribution, sale as well as procurement of products and services and all associated secondary transactions. Secondary purposes are accompanying or supporting functions such as the administration of personnel, suppliers and service providers. If we have received your consent, we will contact you for marketing purposes, for example by e-mail, letter or telephone, to inform you about products, offers or special events.
In this Data Protection Statement, we shall explain to you our handling of your personal data when you visit us at wiking.de. In addition, we will inform you of your rights under the General Data Protection Regulation (GDPR).
2. DATA CONTROLLER AND DATA PROTECTION OFFICER
The data controller within the meaning of the GDPR for the processing of your data on wiking.de is:
Schlittenbacher Straße 60
58511 Lüdenscheid, Germany
The contact data of our Data Protection Officer is:
Mr. Friedhelm Kolks
Schlittenbacher Straße 60
58511 Lüdenscheid, Germany
3. INDIVIDUAL FUNCTIONS OF THE WEB SITE
In the following, we will explain to you the handling of your data when you use individual functions of our Web site.
3.1. CONTACT FORM / FEEDBACK
We use the information you provide in the contact form (e.g. subject, message, contact data) for the processing of your respective request. Your name and form of address are for personal use only.
Our legitimate interests (facilitating customer contact) and, if you are a customer or want to become one, the fulfilment of the contract, e.g. the processing of an order, constitute the legal basis for the processing. The respective competent department (e.g. Customer Service) is the recipient of your message. We will delete your message upon completion; or else after the expiration of the statutory retention periods.
3.2. SUBSCRIPTION TO THE NEWSLETTER
For you to be able to subscribe to a newsletter, we need your e-mail address. Stating your name is voluntary and is used for personal address.
By ordering the newsletter, you grant us your data protectionconsent to send you information on products and services of Wiking-Modellbau GmbH & Co. KG relating to toys, in particular toy models, by e-mail. You can revoke this consent at any time with effect for the future by clicking on the unsubscribe link provided in the newsletter or by sending us a message.
After registration, you will receive an e-mail asking you to click on a confirmation link. Only after this confirmation will you receive the subscribed newsletter (double opt-in). We log the date/time and IP address of this confirmation.
Your consent constitutes the legal basis for the processing. We will delete your data when you unsubscribe from the newsletter.
Our newsletters contain special images (Web bugs) and similar techniques, on the basis of which we can recognise whether and when an e-mail has been opened. When a link is clicked on in a newsletter, we also record it. However, we use this data only statistically (i.e. without reference to individuals) in order to optimise our newsletters and offers and to understand better what interests our customers.
3.3. PRIZE GAME
Wiking-Modellbau GmbH & Co. KG collects and uses the data of the participants only for the purpose of implementing the prize game. Any further collection and use of the data takes place only to the extent that the participants agree to it.
The specification of personal data is required for the participation in the prize game. The participant expressly agrees that the data transmitted by him may be collected and processed for the purpose of implementing and executing the prize game. The participant also agrees to receiving news concerning the prize game from Wiking-Modellbau GmbH & Co. KG at the e-mail address filed by him. In the event of a revocation, the participant will be excluded from the prize game.
The personal data entered and transmitted by the participant is collected, stored, used and passed on to third parties, e.g. for the delivery of the prize (mail service, parcel service) by Wiking-Modellbau GmbH & Co. KG solely for the purpose of implementing and executing the prize game. After full implementation of the prize game, the data is immediately and permanently deleted.
The subscription to the newsletter is not mandatory for taking part in the prize game. When you subscribe to the newsletter, we use your e-mail address for sending the newsletter. In this case, the provisions in Item 3.2 apply.
3.4. GOOGLE MAPS
We can use on our Web site services by Google LLC (United States) for the display of maps (e.g. when searching for dealers). To display the map, it is necessary that Google processes your IP address.
In relation to the map service provided by Google, the data protection statement of Google applies. With the use of Google Maps, you enter into a direct user relationship with Google.
The execution of the contract (provision of the map service) and our legitimate interest in the involvement of a specialised map provider constitute the legal basis for this data processing.
Google has a so-called EU-U.S. Privacy Shield certification. The EU-U.S. Privacy Shield Agreement is a data protection agreement designed to ensure an adequate level of data protection for data transfers to certified U.S. companies. The EU Commission has established the adequacy of the assured data protection level according to the EU-U.S. Privacy Shield agreement with a decision on 12 July 2016 (file no. C(2016) 4176). (Retrieve the decision of the EU Commission.) You can view the current status of the certification of Google according to the EU-U.S. Privacy Shield agreement online.
4. ADDITIONAL INFORMATION
4.1. MANDATORY DATA
All mandatory information fields are marked with an asterisk (“*”) on our Web site. Without this information, the use of the respective function is not possible.
4.2. DATA RECIPIENT
Your data will be received by the competent departments of Wiking-Modellbau GmbH & Co. KG, e.g. the Shipping Service or Marketing department.
For the technical operation of the Web site, we may involve technical service providers, who are bound by instructions, for order processing. For the newsletter, we make use of services of the provider Episerver GmbH in Berlin; for the analysis of the Web site visits, etracker GmbH, Hamburg. Hosting is currently performed by:
BT Stemmer GmbH
82140 Olching, Germany
With respect to orders, we can pass on your data to shipping service providers or payment processors.
A transfer to countries outside the European Economic Area only takes place if expressly stated.
4.3. CRITERIA FOR THE STORAGE PERIOD
The legislator has enacted a variety of storage obligations and periods. After the expiration of these periods, the respective data is routinely deleted if it is no longer required for fulfilling the contract. We assess the storage period for your data on the basis of the specific purposes for which we use it. In addition, we are subject to statutory retention and documentation obligations that arise, in particular, from the German Commercial Code (HGB) and the Tax Code (AO) and in many cases amount to six to ten years. Finally, the storage period is also based on statutory limitation periods; pursuant to Sections 195 et seqq of the German Civil Code (BGB), they usually amount to three years (as of the end of the calendar year).
5. ADDITIONAL REMARKS
In the following, we explain some legal and technical terms used in this Data Protection Statement.
Personal data: Personal data is all information that relates to an identified or identifiable natural person, e.g. information in connection with your e-mail address or depot number.
Processing: Processing of personal data refers to any activity in connection with personal data, e.g. collection on an online form, storage on our servers or use for contacting you.
Cookie: A cookie is a small text file that is stored on your computer. The content of this file is transferred to our servers each time our Web site is accessed.
IP address: The IP address is a number that your Internet provider assigns to your device temporarily or permanently. With a full IP address, it is possible in individual cases – on the basis of additional information from your Internet operator – to identify the holder of the connection.
5.2. LEGAL BASES
The GDPR allows the processing of personal data only if there is a legal basis. We are legally obligated to provide the legal basis for the processing of your data.
In the following, we will explain the terminology used in this context.
|Section 6 (1) letter a) EU GDPR
|This legal basis allows processing if and to the extent that you have given us your consent.
|Section 6 (1), letter b) EU GDPR
|Fulfilment of contract
|This legal basis allows the processing insofar as it is required for the fulfilment of a contract concluded with you, including pre-contractual measures (e.g. preparation of contract conclusion).
|Section 6 (1) letter c) GDPR
|Fulfilment of legal obligations
|This legal basis allows us to process your data insofar as it is required for the fulfilment of a legal obligation to which we are subject.
|Section 6 (1), letter f) EU GDPR
|In accordance with this legal basis, processing is allowed to us, insofar as it is necessary to protect our legitimate interests (or those of third parties) and your conflicting interests do not prevail.
By law, we are obligated to inform you of your rights under the GDPR. In the following, we explain these rights. You are entitled to these rights in accordance with the requirements of the applicable data protection regulations. No further rights are granted to you by the following representation.
You have the right to request from us a confirmation as to whether we process the personal data concerning you; if this is the case, you have the right to information about your personal data in question and about the stipulations specified in Section 15 GDPR.
Under Section 16 GDPR, you have the right to the correction of inaccurate personal data concerning you and, if applicable, to the completion of incomplete personal data.
You have the right to demand from us that personal data concerning you be promptly deleted if one of the reasons specified in Section 17 GDPR applies, e.g. if the data is no longer needed for the purposes pursued.
6.4. RESTRICTION OF THE PROCESSING
You have the right to demand from us the restriction of the processing, if one of the prerequisites specified in Section 18 GDPR is given – e.g. if you have objected to the processing – for the duration of the examination by us.
6.5. DATA PORTABILITY
Under Section 20 GDPR, you have the right, under certain conditions, to receive, transfer and have transferred, if technically feasible, the data you have provided to us in a structured, common and machine-readable format.
Independently of other administrative or judicial remedies, you have the right to complaint with a supervisory authority if you are of the opinion that the processing of the personal data concerning you by us infringes on the GDPR; Section 77 GDPR. You can assert this right with a supervisory authority in the Member State of your residence, your work place or the place of the alleged infringement. For the contact details of the supervisory authorities in Germany, seehttps://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
6.7. REVOCATION (OF CONSENT)
If you provide us with a data protection consent, you have the right to revoke it at any time with effect for the future. This also applies to a data protection consent that you have given before the GDPR took effect.
You have the right to object to the processing of your personal data for reasons, which arise from your specific situation, inasmuch as we base the processing on Section 6 (1) letter e) or f) GDPR. We shall no longer process this data unless we can give proof of reasons worthy of protection for the processing that outweigh your interests, rights and liberties; or if the processing serves for the assertion, exercise or defence of legal claims (Section 21 GDPR).
If your personal data is used by us for direct marketing (e.g. by e-mail), you have the right to object to the use of your data for these purposes at any time. This also applies to profiling if it is associated with direct advertising. Profiling refers to the use of personal data in order to analyse or predict specific personal aspects (e.g. interests).
7. CONFIDENTIALITY AND DATA SECURITY
Employees are deployed for working with personal data who have been pledged to confidentiality in accordance with Section 28 (3) p. 2 GDPR and have made themselves familiar with the provisions on data protection. Every employee (person) who has access to personal data is only allowed to process and use this data in accordance with the instructions of the employer/client.
Appropriate technical and organisational measures have been taken to protect personal data (Sections 28 and 32 GDPR). The confidentiality, integrity, availability and reliability of the systems and services in connection with the processing is ensured. A firewall as well as malware protection software are installed, activated and regularly updated on all systems used.
With the registration of the employees, a user identification/authentication takes place at the workplaces. The used passwords must be changed at regular intervals. The access rights of the employees are matched to the activity profile of each employee.
Agreements on order processing and on confidentiality have been entered into with the software suppliers and order processors.
The technical and organisational measures to ensure processing security is periodically reviewed, assessed and evaluated.
Last update: November 2018