privacy
Declaration on the obligation to provide information (data protection declaration)
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration. This data protection declaration informs you about the type, scope and purpose of the personal data collected and processed by us and states the legal basis for the respective data processing. In addition, we inform data subjects about their rights. Contents 1. General information a. Definitions b. Scope of processing of personal data c. Legal basis for the processing of personal data d. Transfer of data to third parties e. Duration of processing, deletion or blocking of personal data 2. Name and contact details of the person responsible for data processing 3. Data processing when visiting our website a. Server log files b. Cookies c. Contact forms and emails d. Registration on our website e. Registration via Facebook Connect f. Newsletter, offers, contacts g. Google Analytics h. Social media plugins i. Third party content 4. Disclosure of data to payment and / or shipping service providers 5. Rights of the data subject a. Right to information and confirmation b. Right to rectification c. Right to restriction of processing d. Right to cancellation e. Right to data portability f. Right to object g. Right to withdraw consent under data protection law h. Right to lodge a complaint with the responsible supervisory authority 6. Data security 7. Up-to-date status, status and changes 1. General information a. Definitions of terms This data protection declaration is based on the terms of the General Data Protection Regulation (GDPR). In order to ensure easy readability and comprehensibility, the terms used are explained in advance. For the purposes of the GDPR, the expression: • "Personal data" refers to all information that relates to an identified or identifiable natural person (hereinafter "data subject"); A natural person is regarded as identifiable who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical , physiological, genetic, psychological, economic, cultural or social identity of this natural person; • "Processing" any process carried out with or without the help of automated procedures or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or modification, reading, querying, the Use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction; • “Restriction of processing” the marking of stored personal data with the aim of restricting their future processing; • "Profiling" any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, analyze or predict personal preferences, interests, reliability, behavior, whereabouts or relocation of this natural person; • "Pseudonymization" the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal Data are not assigned to an identified or identifiable natural person; • "Responsible" the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data; If the purposes and means of this processing are specified by Union law or the law of the member states, the person responsible or the specific criteria for his appointment can be provided for in accordance with Union law or the law of the member states; • "Processor" means a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible; • “Recipient” a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. Authorities that may receive personal data as part of a specific investigation according to Union law or the law of the member states are not considered recipients; the processing of this data by the named authorities takes place in accordance with the applicable data protection regulations in accordance with the purposes of the processing; • "Third party" means a natural or legal person, authority, institution or other body, apart from the data subject, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the person responsible or the processor; • "Consent" of the person concerned any voluntary expression of will given in an informed manner and unambiguously in the form of a declaration or other unequivocal affirmative act with which the person concerned indicates that they are processing their personal data Data agrees. • "Violation of the protection of personal data" a breach of security that leads to destruction, loss or alteration, whether unintentional or unlawful, or to unauthorized disclosure of or unauthorized access to personal data that is transmitted, stored or otherwise have been processed; • “Company” a natural and legal person who carries out an economic activity, regardless of its legal form, including partnerships or associations that regularly conduct economic activity; • “supervisory authority” means an independent government body established by a Member State in accordance with Article 51; • “International Organization” an organization under international law and its subordinate bodies or any other body created by or on the basis of an agreement concluded between two or more countries. b. Scope of processing of personal data When you visit our website, we only process personal data of our users if the user has previously consented to the processing or if the processing of the data is permitted by legal regulations (e.g. if this is necessary to provide a functional website and our content and services is required). c. Legal basis for the processing of personal data Insofar as we process personal data after obtaining the consent of the data subject, Art. 6 Para. 1 lit. a GDPR is the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures that are carried out at the request of the data subject, Art. 6 Paragraph 1 lit. b GDPR as the legal basis. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c GDPR as the legal basis. If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Art. 6 Para. 1 lit. d GDPR is the legal basis. If the processing of personal data is necessary to safeguard the legitimate interests of our company or a third party and the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR as the legal basis. In the following, we will give you the specific legal basis for each individual data processing by us. d. Passing on of data to third parties We pass on your personal data to third parties only for the purposes stated in this data protection declaration and only if • you have expressly agreed to the transfer beforehand in accordance with Art. 6 Para. 1 lit. a GDPR, • this is legally permissible and according to Art. 6 Para. 1 lit. b DSGVO is required for the processing of contractual relationships with you, • for the transfer according to Art. 6 Para. 1 lit. c DSGVO there is a legal obligation to pass on, or • the transfer according to Art. 6 Para. 1 lit. f GDPR is required to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data. If processing of personal data takes place on our behalf by third parties (so-called contract processors), this is done on the basis of an order processing contract concluded with the respective order processor within the meaning of Art. 28 Para. 3 GDPR. If we transfer personal data for processing to a third country - i.e. a country that does not belong to the European Union or the European Economic Area - this will only be done if the transfer is permitted by law and in compliance with the provisions of Art. 44 ff. GDPR . e. Duration of processing, deletion or blocking of personal data We process and save personal data of the data subject only for the period of time that is necessary to achieve the respective storage purpose or if this is required by law. Personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies or a statutory storage period has expired. In this context, we refer in particular to the 6-year or 10-year retention period under commercial law in accordance with Section 257 of the German Commercial Code. 2. Name and contact details of the person responsible for data processing Weingut Heymann-Löwenstein GBR Bahnhofstr. 10 56333 Winningen Telephone 49 2606 1919 E-Mail: info@hlweb.de www.hlweb.de 3. Data processing when visiting our website a. Server log files Each time you visit our website, the browser used on the user's device automatically sends the following information to the server on our website, which is temporarily stored in a so-called server log file until it is automatically deleted: • Browser type and - version and operating system of your terminal device; • Name of your access provider; • the date and time of access; • Name and URL of the website from which access is made (so-called referrer URL); • Name and URL of the website that is accessed; • IP address of the requesting device. The aforementioned information is temporarily stored for the purpose of transmitting the content of our website to the user's terminal device and enabling it to be displayed correctly, to be able to optimize the content of our website and the advertising for it, as well as the permanent functionality of our information technology systems and the To ensure the technology of our website and, in the event of a cyber attack, to provide law enforcement authorities with the information necessary for law enforcement and to be able to enforce their own claims. Our legitimate interest in data processing lies in the aforementioned purposes. The legal basis for data processing is Art. 6 Para. 1 lit. f GDPR. A combination of this data with other personal data of the user does not take place. The collection and temporary storage of this data in server log files is essential for the operation of our website; The user therefore has no right of objection in this regard. The personal data temporarily stored in the server log files (especially the IP address) are automatically deleted or alienated after 7 days at the latest, so that it is no longer possible to assign the accessing client; If it is necessary to store this data for evidence purposes, it will only be deleted after the respective legal dispute has been resolved. b. Cookies Our website uses cookies that are stored by the user's browser on their device when they visit our website. Cookies are small text files that contain certain information about the exchange with our website via your browser, which enables the browser to be clearly identified when the website is accessed again. We use so-called "session cookies" to make our website more user-friendly. Some elements of our website require that the calling browser can also be identified after changing pages (e.g. language settings, shopping cart function, log-in information). “Session cookies” are used to simplify the use of our website for users. Some functions of our website cannot be offered without the use of cookies without the browser being recognized even after a page change. The data collected by these cookies are not used to create user profiles. In addition, we may use analysis cookies to statistically record the use of our website and to make our website and our offer more user-friendly, more effective and safer and to enable an analysis of the surfing behavior of the users. When you visit our website again, these cookies enable us to automatically recognize that a specific user has previously visited our website. If such cookies are used, we will point this out to you separately in this data protection declaration. The data processed by cookies are required for the aforementioned purposes to safeguard our legitimate interests and those of third parties. The legal basis for data processing is Art. 6 Para. 1 lit. f GDPR. The user data collected in this way is pseudonymised by technical precautions; It is no longer possible to assign the data to the calling user. The data is also not stored together with other personal data of the user. When you visit our website, you will be informed about the use of cookies for analysis purposes by a corresponding information banner and you will be referred to this data protection declaration. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. The transmission of Flash cookies cannot be prevented via the browser settings, but by changing the settings of the Flash Player accordingly. If cookies are deactivated, the functionality of this website may be restricted. In addition, it is possible to object to usage-based online advertising in general via the websites http://www.youronlinechoices.com, http://www.aboutads.info/choices and http://optout.networkadvertising.org. c. Contact forms and e-mails If you send us inquiries by e-mail or using our contact form, the personal data you have transmitted to us (title, surname, first name, e-mail address (m), address (es), Telephone number (s), fax number (s) stored by us exclusively for the purpose of processing the request and in the event of follow-up questions. The data will only be used to process the conversation. The processing of the data entered in the contact form takes place on the basis of your consent and thus on the legal basis of Art. 6 Para. 1 lit. a GDPR. You can withdraw your consent at any time. An informal e-mail to us is sufficient. The legality of the data processing operations carried out on the basis of the consent until the revocation remains unaffected by the revocation. If the email contact is aimed at concluding a contract, Art. 6 Para. 1 lit. b GDPR is the legal basis for processing. In addition to the date and time of transmission, we also record your IP address for technical reasons. Your IP address is stored for technical reasons and to prevent misuse and to ensure the security of our information technology systems. This represents our legitimate interest. The legal basis for storing your IP address is Art. 6 Para. 1 lit. f GDPR. We process and store this data only for the period necessary to achieve the respective storage purpose or if this is required by law. Personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies or a statutory storage period has expired. d. Registration via our website We offer users the option of registering on our website by providing personal data (title, surname, first name, email address (es), address (es), telephone number (es)) in order to receive additional Use functions on the site. The data entered by the user during registration, including the date and time of registration and the user's IP address, are transmitted to us and stored. The processing of the data entered during registration takes place on the basis of your consent given during the registration process and thus on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time. An informal e-mail to us is sufficient. The legality of the data processing operations carried out on the basis of the consent until the revocation remains unaffected by the revocation. Your IP address is saved to prevent misuse and to ensure the security of our information technology systems. This represents our legitimate interest. The legal basis for storing your IP address is Art. 6 Para. 1 lit. f GDPR. If the registration serves to fulfill a contract to which the user is a party or to carry out pre-contractual measures, Art. 6 Para. 1 lit. b GDPR as an additional legal basis for processing the data. The data recorded during registration will be stored by us as long as you are registered on our website and will then be deleted. Your IP address will be deleted or anonymized after 7 days at the latest, so that it is no longer possible to assign it. Mandatory legal provisions - in particular retention periods - remain unaffected. A transfer of data to third parties does not take place. f. Newsletter, offers, contacts We offer users the option of leaving their contact details on our website in order to receive regular newsletters and offers and to be contacted by us personally. The e-mail address entered by the user when registering for the newsletter is transmitted to us and saved. We only use the user's email address for the purposes mentioned above. The processing of the e-mail address entered when registering for the newsletter takes place on the basis of your consent given during the registration process and thus on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent to data processing that you gave when registering or you can unsubscribe from our contacts at any time. To do this, you can either click on the "Unsubscribe" link at the end of each newsletter or send us your unsubscribe request by email to info@hlweb.de. The legality of the data processing operations carried out on the basis of the consent until the revocation remains unaffected by the revocation. In addition, when registering for the newsletter, the date and time of registration and the user's IP address are transmitted to us and stored. Your IP address is stored to prevent misuse of the newsletter registration and to ensure the security of our information technology systems. This represents our legitimate interest. The legal basis for storing your IP address is Art. 6 Para. 1 lit. f GDPR. The data will not be passed on to third parties. The data recorded during registration will be saved by us as long as you are registered with us. If you unsubscribe, we will delete them. Mandatory legal provisions - in particular retention periods - remain unaffected. G. Google Analytics We may use the web analysis service Google Analytics, operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter "Google"), on our website to analyze the use of our website by analyzing user behavior to be statistically recorded and thus to be able to guarantee a needs-based design and continuous optimization of our website and our offers. The aforementioned purposes are necessary to safeguard our legitimate interests and those of third parties. The legal basis for the use of the analysis tools mentioned below is Article 6 Paragraph 1 lit. f GDPR. For the above-mentioned purposes, Google Analytics creates pseudonymous user profiles and uses cookies that collect the following information about your use of our website: • Browser type and version used; • the operating system of your terminal device; • Name and URL of the website from which access is made (so-called referrer URL); • IP address of the requesting end device; • Date and time of the server request. The information generated by cookies about your use of this website is usually transferred to a Google server in the USA and stored there. This is done for the purpose of creating reports on the activities on our website and to enable other services related to the use of our website for the purposes of market research and the needs-based design of our website. IP anonymization is activated on our website so that an assignment is not possible. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies on your device by setting your browser accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by clicking on the following link (http: // tools.google.com/dlpage/gaoptout?hl=de) download and install the available browser add-on. You can also prevent future collection by Google Analytics by setting an opt-out cookie. To do this, click on the following link: Deactivate Google Analytics. Please note that an opt-out cookie that is set only applies in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again. In addition, it is possible to object to usage-based online advertising in general via the websites http://www.youronlinechoices.com, http://www.aboutads.info/choices and http://optout.networkadvertising.org. We may have concluded an order processing contract with Google within the meaning of Art. 28 Paragraph 3 GDPR, in which we oblige Google to protect our customers' data and not to pass them on to third parties. Google has submitted to the data protection agreement between the European Union and the USA, the Privacy Shield Agreement, whereby Google undertakes to comply with the provisions and requirements of European data protection law. Further information can be found at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. You can find more information on the terms of use and data protection at http://www.google.com/analytics/terms/de.html or at https://www.google.de/intl/de/policies/. H. Social media plugins We use social media plugins on our website to make our company and our website better known and to make them and our offers more user-friendly and attractive. The respective provider is responsible for data processing in compliance with data protection regulations. We incorporate the following plugins using the so-called Shariff solution, a further development of the so-called 2-click solution. The plugins are only integrated into our website in the form of a link. This means that when you visit our website, no data is transmitted to the respective provider. By clicking on one of the buttons you will be redirected to the offer of the respective social network and can share, like or similar the content here. If you are logged into your account of the respective network at the time of using a plugin, the social network - after clicking the button - assign your visit to our website and the page you have accessed to your account. If you use the function of the plugin, the corresponding information is transmitted to the social network, stored and, if necessary, published on your side of the network, depending on the function. If you are not logged into your account, you can click the button to access the login mask of the social network so that you can share the content after successfully logging in. In this case, your browser will transmit data (including your IP address) to the social network, even if you are not logged in or logged in there. The information that is transferred and assigned to your browser could be assigned to your account at a later point in time when you register or log in. If you do not want this, you must log out of the respective network before clicking the button and delete the cookies from the terminal device used. We use the following social media plugins: i. Facebook Facebook is - if you are located outside the EU - by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, - if you are located in the EU - by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor , Dublin 2, Ireland (hereinafter “Facebook”). For more information on the purpose and scope of data collection and the further use of the data by Facebook on their website and your rights and setting options to protect your privacy, please refer to Facebook's privacy policy: https://www.facebook.com/policy.php Facebook has submitted to the data protection agreement concluded between the European Union and the USA, the Privacy Shield Agreement, whereby Facebook undertakes to comply with the provisions and requirements of European data protection law. Further information can be found at https://de-de.facebook.com/about/privacyshield and https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active. ii. Twitter Twitter is - if you are located outside the EU - by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, - if you are located within the EU - by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland (hereinafter “Twitter”). For more information on the purpose and scope of data collection and the further use of the data by Twitter on their website and your rights and setting options to protect your privacy, please refer to Twitter's data protection declaration: https://twitter.com/privacy. Twitter has submitted to the data protection agreement between the European Union and the USA, the Privacy Shield Agreement, whereby Twitter undertakes to comply with the provisions and requirements of European data protection law. Further information can be found at https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active. iii. Google Google is operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter “Google ”). For more information on the purpose and scope of data collection and the further use of the data by Google on their website and your rights and setting options to protect your privacy, please refer to Google's privacy policy: https://developers.google.com/ /web/buttons -policy. Google has submitted to the data protection agreement between the European Union and the USA, the Privacy Shield Agreement, whereby Google undertakes to comply with the provisions and requirements of European data protection law. Further information can be found at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. iv. Instagram Instagram is operated by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA (hereinafter: "Instagram"). For more information on the purpose and scope of the data collection and the further use of the data by Google on their website and your rights and setting options to protect your privacy, please refer to Instagram's privacy policy: http://instagram.com/about/legal/privacy. v. XING XING is operated by XING AG, Dammtorstrasse 29-32, 20354 Hamburg (hereinafter “XING”). For more information on the purpose and scope of data collection and the further use of the data by XING on its website and your rights and setting options to protect your privacy, please refer to XING's data protection declaration: https://www.xing.com/app/share?op = data_protection. i. Third-party content We may include third-party services on our website in order to analyze and optimize our website, to ensure a needs-based design, to increase user-friendliness and to make it easier to find the address given by. For these purposes, our legitimate interest lies in the integration of third-party services within the meaning of Art. 6 Para. 1 lit. f GDPR. In order for the content of the third-party provider to be displayed in the browser of the user's device, it is always necessary that the IP address of the user is transmitted to the respective provider. Otherwise this content cannot be sent to the user's browser. Below is an overview of the third-party providers we have integrated and their content as well as references to their data protection declarations, which contain further information on data processing: i. Google Fonts We may use the "Google Fonts" service, which is operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter "Google") for optimization purposes and for a uniform representation of fonts on our website. In order to display texts and fonts correctly on our website, your browser loads the required fonts from the Google servers into the browser cache when you visit our website. If your browser does not support this function, a standard font will be used by your computer to display our website. For technical reasons, it is necessary for the transmission of the required fonts that the IP address of the browser of the device you are using is transmitted to Google. In addition, it is transmitted to Google which of our websites you have visited. If you are logged into your Google user account when you visit such a website, Google can assign your surfing behavior to your user account. You can prevent this by logging out of your Google user account. If you do not want Google to collect and use your data, you can object to this: https://www.google.com/settings/ads. You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq. For more information on the purpose and scope of data collection and the further use of the data by Google on their website and your rights and setting options to protect your privacy, please refer to Google's privacy policy: https://www.google.com/policies/privacy. Google has submitted to the data protection agreement between the European Union and the USA, the Privacy Shield Agreement, whereby Google undertakes to comply with the provisions and requirements of European data protection law. Further information can be found at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Web fonts These pages use web fonts provided by Hoefler & Co. for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to the servers of Hoefler & Co. This gives Hoefler & Co. knowledge that our website has been accessed via your IP address. Hoefler & Co. web fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. If your browser does not support web fonts, a standard font will be used by your computer. Further information on Hoefler & Co. Web Fonts can be found at typgraphy.com and in the Hoefler & Co data protection declaration: www.typography.com/home/privacy-cloud-declaration.php. ii. Google Maps We may use the "Google Maps" map service on our website operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). If you call up one of our websites equipped with Google Maps, your browser connects to Google. In order to use the map functions of Google Maps, it is necessary for technical reasons that the IP address of the browser of the device you are using is transmitted to Google. In addition, it is transmitted to Google which of our websites you have visited. If you are logged into your Google user account when you visit such a website, Google can assign your surfing behavior to your user account. You can prevent this by logging out of your Google user account. If you do not want Google to collect and use your data, you can object to this: https://www.google.com/settings/ads. For more information on the purpose and scope of data collection and the further use of the data by Google on their website and your rights and setting options to protect your privacy, please refer to Google's privacy policy: https://www.google.com/policies/privacy. Google has submitted to the data protection agreement between the European Union and the USA, the Privacy Shield Agreement, whereby Google undertakes to comply with the provisions and requirements of European data protection law. Further information can be found at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. iii. YouTube We may use the "YouTube" video service on our website, which is operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). If you call up one of our websites on which YouTube or a video via YouTube is integrated, your browser connects to Google. To use this YouTube video function, it is technically necessary that the IP address of the browser of the device you are using is transmitted to Google. In addition, it is transmitted to Google which of our websites you have visited. If you are logged into your YouTube user account when you visit such a website, YouTube can assign your surfing behavior to your user account. You can prevent this by logging out of your YouTube user account. If you do not want Google to collect and use your data, you can object to this: https://www.google.com/settings/ads. For more information on the purpose and scope of data collection and the further use of the data by Google on their website and your rights and setting options to protect your privacy, please refer to Google's privacy policy: https://www.google.com/policies/privacy. Google has submitted to the data protection agreement between the European Union and the USA, the Privacy Shield Agreement, whereby Google undertakes to comply with the provisions and requirements of European data protection law. Further information can be found at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. iv. Vimeo We may use the “Vimeo” video service on our website, operated by Vimeo, Inc. 555 West 18th Street New York, New York 10011, USA Attention: Legal Department (hereinafter “Vimeo”). If you call up one of our Internet pages on which Vimeo or a video about Vimeo is integrated, your browser establishes a connection to Vimeo. To use this Vimeo video function, it is technically necessary that the IP address of the browser of the device you are using is transmitted to Vimeo. In addition, it is transmitted to Vimeo which of our websites you have visited. If you are logged into your Vimeo user account when you visit such a website, Vimeo can assign your surfing behavior to your user account. You can prevent this by logging out of your Vimeo user account. For more information on the purpose and scope of data collection and the further use of the data by Vimeo on its website and your rights and setting options to protect your privacy, please refer to Vimeo's data protection declaration: https://vimeo.com/privacy. v. Mapz On this website we may use the offer of mapz.com, a map service of Kober-Kümmerly Frey Media AG, Germany, to show you interactive maps of vineyards on the website. When you visit the website, Kober-Kümmerly Frey receives the information that the corresponding page on our website has been accessed from your IP address. In addition, the data mentioned in section 3 of this declaration will be transmitted. Your IP address is stored by Kober-Kümmerly Frey in an anonymized form that does not allow any conclusions to be drawn about your person. The data collected by Kober-Kümmerly Frey are used exclusively to ensure ongoing operations. Kober-Kümmerly Frey does not transmit any data to third parties and operates its server systems exclusively in member states of the European Union. 4. Passing on of data to payment and / or shipping service providers If we pass on your personal data to payment and / or shipping service providers, this is done exclusively on the basis of your previously given consent in accordance with Art. 6 Para. 1 lit. a GDPR or to fulfill a contract with you in accordance with Art. 6 Para. 1 lit. b GDPR or to safeguard our legitimate interest in the economic and effective operation of our company in accordance with Art. 6 Para. 1 lit. f GDPR. PayPal We may use the online payment service PayPal as a payment method on our website, which is operated by PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, 2449 Luxembourg (hereinafter "PayPal"). Payments using this service via our website are either made through PayPal accounts, i.e. virtual bank accounts, if you have your own PayPal account, or - if you do not have your own PayPal account - through a virtual payment using a Credit card processed. If you select “PayPal” as the payment method in our online shop during the ordering process, you will be automatically forwarded to PayPal. There you have to log in - if you have your own PayPal account - by entering your email address and password. If you do not have your own PayPal account, you must enter further data. PayPal usually collects the following data: • First name, last name • Address • E-mail address • IP address • Telephone or mobile phone number • Data required for payment processing (eg credit card details, payment amount) • Information about your geographical location . The data required to process the respective order are processed automatically by PayPal. The data is transmitted on the basis of Art. 6 Para. 1 lit. b GDPR and to the extent that this is necessary to fulfill a contract with you, namely for the purpose of processing payments. In addition, the above-mentioned purposes represent our legitimate interests, so that the data transfer also serves to safeguard our legitimate interest in the economic and effective operation of our company in accordance with Art. 6 Para. 1 lit. f GDPR is required. When using the payment methods credit card or direct debit via PayPal or - if offered - purchase on account or payment in installments via PayPal, PayPal reserves the right to carry out a credit check. If this should be carried out, your payment data will be used for the purpose of establishing your identity and determining your solvency and thus to safeguard the legitimate interests of PayPal within the meaning of Art. 6 Para. 1 lit. f GDPR transmitted to credit agencies. For more information on the purpose and scope of the data collection and the further use of the data by PayPal, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. 5. Rights of the data subject If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights: a. Right to information and confirmation According to Art. 15 GDPR, every person affected by the processing of personal data has the right to receive free information from the person responsible for the processing about the personal data stored about him and a copy of this information about the following information: • the purposes of the processing; • the categories of personal data that are processed; • the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations; • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration; • the existence of a right to correction or deletion of personal data concerning you or to restriction of processing by the person responsible or a right to object to this processing; • the right to lodge a complaint with a supervisory authority; • if the personal data are not collected from the data subject: all available information on the origin of the data; • the existence of automated decision-making including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject. Furthermore, the data subject has a right to information as to whether personal data has been transmitted to a third country or to an international organization. If this is the case, the data subject has the right to receive information about the appropriate guarantees in connection with the transmission. In addition, every person affected by the processing of personal data has the right to request confirmation from the person responsible for the processing as to whether personal data concerning them are being processed. b. Right to correction According to Art. 16 GDPR, every person affected by the processing of personal data has the right to demand that the person responsible for processing correct any incorrect personal data relating to them without delay. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data - including by means of a supplementary declaration. c. Right to restriction of processing According to Art. 18 GDPR, every person affected by the processing of personal data has the right to request that the person responsible for processing restrict processing if one of the following conditions is met: • The correctness of the personal data is met contested by the person concerned, for a period that enables the person responsible to check the accuracy of the personal data, • the processing is unlawful, the person concerned refuses to delete the personal data and instead requests that the use of the personal data, • the person responsible no longer needs the personal data for the purposes of processing, but the person concerned needs them to assert, exercise or defend legal claims, or • the person concerned has objected to the processing acc. Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh those of the person concerned. d. Right to deletion According to Art. 17, every person affected by the processing of personal data has the right to demand that the person responsible for the processing delete their personal data immediately, provided that one of the following reasons applies and insofar as the processing is not necessary is: • The personal data was collected or otherwise processed for purposes for which they are no longer necessary; • The data subject revokes their consent on which the processing was based in accordance with Art. 6 Paragraph 1 Letter a GDPR or Art. 9 Paragraph 2 Letter a GDPR, and there is no other legal basis for the processing. • The person concerned objects to the processing in accordance with Art. 21 Paragraph 1 GDPR and there are no overriding legitimate reasons for the processing, or the person concerned objects in accordance with Art. 21 Paragraph 2 GDPR processing a. • The personal data was processed unlawfully. • The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject. • The personal data was collected in relation to the information society services offered in accordance with Art. 8 Para. 1 GDPR. If the personal data has been made public by us and our company, as the person responsible, is obliged to delete the personal data in accordance with Art. 17 Paragraph 1 GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs to inform other data processors who process the published personal data that the data subject has requested these other data processors to delete all links to this personal data or copies or replications of this personal data. The right to erasure and our duty to inform other data controllers of the data subject's request for erasure does not exist if the processing is necessary for: • exercising the right to freedom of expression and information; • to fulfill a legal obligation that requires processing under the law of the Union or the Member States to which the person responsible is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible; • for reasons of public interest in the area of public health in accordance with Article 9 paragraph 2 letters h and i and Article 9 paragraph 3; • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 paragraph 1, insofar as the right referred to in paragraph 1 is likely to make the realization of the objectives of this processing impossible or seriously impaired, or • for the establishment, exercise or defense of legal claims. e. Right to data portability According to Art. 20 GDPR, every person affected by the processing of personal data has the right to receive the personal data relating to them, which the person concerned has provided to a person responsible, in a structured, common and machine-readable format the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that • the processing is based on consent pursuant to Art. 6 Para. 1 Letter a GDPR or Art. 9 Para. 2 Letter a GDPR or on a contract in accordance with Art. 6 Paragraph 1 Letter b GDPR and • the processing is carried out using automated procedures. This right does not apply to processing that is necessary for the performance of a task that is in the public interest or takes place in the exercise of official authority that has been assigned to the person responsible. Furthermore, when exercising their right to data portability in accordance with Art. 20 (1) GDPR, the person concerned has the right to have the personal data transmitted directly from one person responsible to another, insofar as this is technically feasible and if this does not affect the rights and freedoms of other persons. f. Right of objection According to Art. 21 GDPR, every person affected by the processing of personal data has the right, for reasons that arise from their particular situation, to object at any time to the processing of personal data concerning them that is based on Art. 6 Para. 1 lit . e or lit. f DS-GVO takes place, to object; this also applies to profiling based on these provisions. In the event of an objection, we will no longer process the personal data, unless we can demonstrate compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims . If we process personal data in order to operate direct mail, the data subject has the right to object at any time to the processing of personal data concerning him or her for the purpose of such advertising; this also applies to profiling insofar as it is connected to such direct advertising. If the data subject objects to processing for direct marketing purposes, we will no longer process the personal data for these purposes. In addition, the data subject has the right, for reasons arising from his or her particular situation, to object to the processing of personal data concerning him or her, which we use for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR To object, unless such processing is necessary to fulfill a task in the public interest. If you want to make use of your right of objection, it is sufficient to send an email to our email address given in Section 2 of this data protection declaration. G. Right to revoke consent under data protection law Many data processing operations are only possible with your express consent. According to Art. 7 Para. 3 GDPR, every person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time. If you want to make use of your right of withdrawal, an email to info@hlweb.de is sufficient. The legality of the data processing operations carried out on the basis of the consent until the revocation remains unaffected by the revocation. H. Right to lodge a complaint with the competent supervisory authority In the event of violations of data protection law, the person concerned has the right to lodge a complaint with the competent supervisory authority in accordance with Art. The responsible supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html. 6. Data security As the person responsible for data processing, we use numerous technical and organizational measures on our website to ensure the most complete protection possible for the personal data processed via our website and to protect your data from accidental or deliberate manipulation, partial or complete To protect against loss or destruction or against unauthorized access by third parties. For security reasons and to protect the transmission of confidential content, our website uses SSL (Secure Socket Layer) or TLS (Transport Layer Security) encryption. You can recognize an encrypted transmission of content on our website by the "padlock" symbol in front of our domain in the address bar of your browser. However, we would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. A complete protection of the data against access by third parties is not possible. 7. Up-to-dateness, status and changes This data protection declaration is currently valid and has the status May 2018. Due to the further development of our website and our offers or due to changed legal or official requirements, it may be necessary to change this data protection declaration. You can call up and print out the current data protection declaration at any time on our website. Your rights You have the fundamental right to information, correction, deletion, restriction, data portability, revocation and objection. If you believe that the processing of your data violates data protection law or your data protection claims have been violated in any other way, you can complain to the supervisory authority. In Rhineland-Palatinate, this is the state commissioner for data protection (www.datenschutz.rlp.de). You can reach us under the following contact details: Weingut Heymann-Löwenstein GdBR Bahnhofstr. 10 56333 Winningen Phone 02606 1919 E-Mail info (at) hl.wine