Privacy Statement

1) Information on the collection of personal data

(1) Below we inform you about the collection of personal data when using our website www.villa-wesco.com. Personal data are all data which refer to you personally and by which you may be identified, e.g. name, address, email address, user behaviour etc.

(2) The data controller within the meaning of Article 4(7) of the European General Data Protection Regulation (GDPR) is M. Westermann & Co. GmbH, Bahnhofstr. 205, D-59759 Arnsberg. Please refer to the imprint of our website for further information.
Our data protection officer Guido Aßhoff can be contacted using the email address [Datenschutz@wesco.de] and the details specified in the imprint of this website.

(3) When you contact us by email or through a contact form, the data provided by you (your email address, possibly your name and your telephone number) will be stored by us in order to answer your questions. We delete the data thus obtained once their storage is no longer necessary or, if there is a legal requirement of keeping and storing the data, we will restrict their processing.

(4) Where we opt to use selected service providers for certain functionalities of our offering or intend to use your data for advertising purposes, we inform you below in detail of the relevant procedures. In this context, we also specify the defined criteria for the storage period.

2) Your rights

(1) You have the following rights with regard to your personal data:
–   right to information,
–   right to correction or deletion,
–   right to restriction of processing,
–   right to objection to processing,
–   right to portability of data.

(2) In addition, you have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us. The competent supervisory authority in our case is
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
(North Rhine-Westphalia Commissioner for Data Protection and Freedom of Information)

Kavalleriestr. 2-4
40213 Düsseldorf
Telephone: 0211/38424-0 Fax: 0211/38424-10 email: poststelle@ldi.nrw.de

3) Collection of personal data when our website is visited

(1) If you use our website merely for purposes of information, i.e. if you do not register or otherwise transmit information to us, we will only collect the personal data transmitted by your browser to our server. If you wish to view our website, we collect the following data which we require for technical purposes, i.e. in order to display our website to you and to ensure the stability and security of the website (legal basis is Article 6(1)(f) of the GDPR):
–   IP address
–   Date and time of the inquiry
–   Time zone difference to Greenwich Mean Time (GMT)
–   Content of request (actual web page)
–   Access status/HTTP status code
–   Respective data quantity transferred
–   Website from which the request comes
–   Browser
– Operating system and its interface
–   Language and version of the browser software.

(2) This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as purchase orders or inquiries, which you send to us as the site operator. You can recognise an encrypted connection in the address line of your browser when it changes from “http://” to “https://” and the lock icon is displayed in the address bar of your browser. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

(3) In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are text files that are stored on the hard drive assigned to the browser you are using through which the entity which sets the cookie (in this case, us) receives certain information. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offering altogether more user-friendly and more effective, e.g. by recognising you when you next visit the website or by accelerating the build-up of the website or downloading.

(4) Use of cookies:
a)  This website uses the following types of cookies, the scope and operation of which are explained below:
–   Transient (session) cookies (see paragraph b)
–   Persistent cookies (see paragraph c).
b)  Transient cookies are automatically deleted when you close your browser. They also include session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.
c)  Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
d)  You can configure your browser setting according to your wishes, for instance you can decline the acceptance of third-party cookies or all cookies. Please be aware that in that case you may not be able to use all features of this site.
e)  Cookies which are necessary for electronic communication or to provide certain functions you wish to use (e.g. the shopping cart) are stored on the basis of Article 6(1)(f) of the GDPR since we have a legitimate interest in storing cookies to ensure the technical operation of the website. This includes greater ease of communication, execution of the website free of technical errors and enhanced provision of our services. Insofar as we or our service providers store cookies for any other purposes, such as analysing your use of our website, that usage is described separately for that processing.

4) Hosting

(1) Our website is hosted externally by the company ALL-INKL.COM – Neue Medien Münnich, owner: René Münnich, Hauptstrasse 68, D-02742 Friedersdorf. The hosting services used by us are meant to help us provide the following services: Infrastructure and platform services, compute capacity, storage space and database services, security services, and technical maintenance and service for the purpose of operating this online offering.

(2) Within this scope, our hosting provider processes existing data, contact data, content data, usage data, meta and communication data of customers, prospective customers and visitors of this online offering, based on our legitimate interest in an efficient and secure provision of this online offering in accordance with Article 6(1)(f) of the GDPR read in conjunction with Article 28 of the GDPR.

5) Other functions and offerings of our website

(1) In addition to the use of our website for purposes of information, we offer you the option to use our website for contacting us. If you wish to make use of this option, you will have to provide further personal data which we use to provide the relevant service; such personal data are subject to the data processing principles mentioned above.

(2) We may use external service providers when processing your data, e.g. for sending you our newsletter. Such service providers have been carefully selected and appointed by us, are bound by our instructions, and are regularly audited.

(3) Furthermore, we may pass on your personal data to third parties if we offer participation in promotions, competitions, conclusion of contracts or similar services together with our partners. That may be the case if you book a cooking course which we carry out together with an external chef.

(4) If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offering.

6) Objection or revocation of your consent to the processing of your data

(1) If you have given your consent to the processing of your data, you can revoke such consent at any time. Revocation affects the admissibility of the processing your personal data after such revocation.

(2) If our processing of your personal data is based on weighing of interests, you have the right to object to processing. This is the case if processing is not necessary in particular to fulfil a contract with you; more details on this issue are provided in the description of functions herein below. When you exercise your right to objection, we will ask you to give reasons why we should not process your personal data as we have done so far. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue processing the data.

(3) Of course, you have the right to object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your objection to advertising using the contact details provided in section 1 above.

7)  Contact form

If you send us an enquiry using our contact form, the details you provide in that contact form including your contact details will be stored by us for processing of your enquiry and for further questions. We do not pass on such data without your consent. The data provided in the contact form are processed exclusively on the basis of your consent (Article 6(1)(a) of the GDPR. Next to consent given as basis of processing, there may be other authorisations or obligations to process your data, such as legitimate interest, contractual relationship, legal obligation. You have the right to revoke your consent at any time. This can be done by an informal notice by e-mail sent to datenschutz@wesco.de. Your revocation does not affect the legality of any data processing carried out prior to the revocation. The data you have provided in the contact form are processed/stored by us until you ask us to delete such data or revoke your consent to storage or if the purpose for data storage has ceased to exist (e.g. after handling of our enquiry has been ended). Mandatory legal provisions – including without limitation data retention schedules – are not affected by revocation. In such a case, we will, however, restrict processing of your data.

8)  Newsletter

(1) Giving your consent, you can subscribe to our newsletter which regularly informs you about our company and our offering. Such consent is linked to entering into a client card agreement and cannot be given online via our website. We also reserve the right, to the extent legally permitted, to inform existing customers of similar products and services. The product categories and services promoted are specified in the declaration of informed consent and/or are identical with the general goods and services offering of our company.

(2) For subscription to our newsletter, we exclusively use forms connected with our club card.

(3) The only mandatory field for receiving the newsletter is your e-mail address. After your confirmation we will store your e-mail address so that we can send you our newsletter. In accordance with Article 6(1)(a) of the GDPR your consent forms the legal basis for the forwarding of our newsletter.

(4) You can at any time revoke your consent to the forwarding of our newsletter and unsubscribe from the newsletter. To revoke your consent, you can click on the link provided in every single newsletter e-mail, send an e-mail to info@villa-wesco.de or send a message to the contact detailed in the imprint of our website.

(5) This website uses CleverReach to forward newsletters. The supplier is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service that can be used to organise and analyse the distribution of newsletters. The data you provide (e.g. your email address) to subscribe to our newsletter will be stored on CleverReach servers in Germany and/or Ireland. Our newsletters forwarded by using CleverReach allow us to analyse the behaviour of the recipients of the newsletters. Among other things, we can analyse how many recipients have opened the message containing the newsletter and how often various links contained therein have been clicked. With the help of so-called conversion tracking, we can also analyse whether a predefined action (e.g. the purchase of a product on our website) has taken place after clicking on the link in the newsletter. We analyse these data on the basis of Article 6(1)(f) of the GDPR (legitimate interest) in order to adjust our newsletter offering to your needs (especially content) and to optimise our marketing. 
For further information on data analysis by means of CleverReach-empowered newsletters please visit: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/
Data processing in connection with the forwarding of the newsletter is based on your consent (Article 6(1)(a) of the GDPR). You can revoke your consent at any time by unsubscribing from the newsletter. Your revocation does not affect the legality of any data processing carried out prior to the revocation.
If you do not wish analysis by CleverReach, you need to unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter forwarded. Otherwise, please notify us by sending a message to datenschutz@wesco.de.
We will store the data you have submitted to us in order to receive our newsletter until you unsubscribe from the newsletter; after that, the data will be deleted both from our own servers as well as the servers of CleverReach. Data stored by us for any other purpose (e.g. e-mail addresses for the member area) are not affected by this.
For further details please refer to the privacy policies of CleverReach at:
https://www.cleverreach.com/de/datenschutz/
We have entered into a contract for data processing with CleverReach and in using their services have fully complied with the requirements of German data protection authorities.

9)  Integration of YouTube videos

(1) We have integrated YouTube videos in our online offers, which are stored on http://YouTube.com and which can be directly playable from our website. The videos are all integrated in the “extended data protection mode”, i.e. YouTube does at first not create any cookies and no data about you as user is transmitted to YouTube if you do not play the videos. Only if you play the videos, the data listed in paragraph 2 are transmitted. We have no control of such data transmission.

(2) Through the visit of the website, YouTube receives the information that you have accessed the respective page of our website. In addition, the data specified in section 3 of this Privacy Statement is transmitted. This is regardless of whether YouTube provides a user account through which you have been logged in or there is no user account. If you are logged in at Google, your data is allocated directly to your account. If you do not wish allocation with your YouTube profile, you need to log out of YouTube before activating the button. YouTube saves your data as your user profile and uses the data for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation (even for not logged-in users) in particular serves to provide demand-oriented advertising and to inform other users of that social network of your activities on our website. You have a right to object to the creation of such user profiles; you need to contact YouTube to exercise that right. Processing is based on a legitimate interest in accordance with Article 6(1)(f) of the GDPR; such legitimate interest consists in displaying additional content about our company to you and to make our website more informative for you.

(3) Please refer to the privacy statement of YouTube for further information on the purpose and scope of collection and processing of data by YouTube. There, you can also find further information on your rights and setting options for the protection of your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield Framework: https://www.privacyshield.gov/EU-US-Framework.

10) Integration of Google Maps

(1)   On this website, we use the services of Google Maps. As a result, we can display interactive maps directly on the website, thus allowing a more comfortable use of the map function.

(2) Through the visit of the website, Google receives the information that you have accessed the respective page of our website. In addition, the data specified in section 3 of this Privacy Statement is transmitted. This is regardless of whether Google provides a user account through which you have been logged in or there is no user account. If you are logged in at Google, your data is allocated directly to your account. If you do not wish allocation with your Google profile, you need to log out of Google before activating the button. Google saves your data as your user profile and uses the data for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation (even for not logged-in users) in particular serves to provide demand-oriented advertising and to inform other users of that social network of your activities on our website. You have a right to object to the creation of such user profiles; you need to contact Google to exercise that right. Processing is based on a legitimate interest in accordance with Article 6(1)(f) of the GDPR in order to give you directions on how to find each of our establishments and make navigation easier.

(3) Please refer to the service provider’s privacy statement for further information on the purpose and scope of data collection and processing of the data by the provider of the plug in. There, you can also find further information on your rights and setting options for the protection of your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield Framework: https://www.privacyshield.gov/EU-US-Framework.

11) Use of the Facebook corporate website

Apart from its website, Villa Wesco has a company profile on the social media platform Facebook; in order to provide this service, Villa Wesco uses the technical platform and the services of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Please be reminded that you use that Facebook page and its functionalities on your own responsibility. The above applies, without being limited to, the use of interactive functions (commenting, sharing, evaluating). As an alternative, you can access some of the information provided on that page on our website www.villa-wesco.com.
When you visit our Facebook page, Facebook collects your IP address and other information which is stored on your PC in cookies. This information is used to provide us as operator of the Facebook pages with statistical information on the use of those Facebook pages. Further information is provided by Facebook at: http://de-de.facebook.com/help/pages/insights.
The data collected about you in this context are processed by Facebook Ltd. and may be transmitted to countries outside the European Union in the course of such processing. In its data use policies, Facebook provides a general description of which information Facebook receives and how such information is used. In those policies, you may also find information on how to contact Facebook and on the setting options for the display of ads. The data use policies are available at:
http://de-de.facebook.com/about/privacy
The complete privacy policies of Facebook can be found here:
https://de-de.facebook.com/full_data_use_policy
Facebook has not conclusively and clearly stated, and we do not know, how Facebook uses data from a visit of Facebook pages for its own purposes; to what extent activities on the Facebook page are allocated to individual users; for how long Facebook stores these data; and whether or not data from a visit to the Facebook page are disclosed to third parties.
When you access a Facebook page, the IP address allocated to your end device is forwarded to Facebook. According to Facebook, this IP address is anonymised (if a “German” IP address) and deleted after 90 days. In addition, Facebook stores information about its user’s devices (e.g. in the scope of the “Login Notification”); this may allow Facebook to allocate IP addresses to individual users.
If you as a user are currently logged in into Facebook, a cookie with your Facebook ID is stored on your device. That cookie provides Facebook with the information that you accessed this page and how you used it. This also applies to all other Facebook pages. Facebook buttons integrated in websites allow Facebook to record your visits to those websites and allocate them to you Facebook profile. Based on that data, it is possible to target you with personalised content or ads.
If you wish to avoid that, you should log out of Facebook or disable the function “stay logged in”, delete the cookies stored on your device, and close and then restart your browser. That way, any Facebook information which allows to directly identify you, is deleted. You can thus use our Facebook page without disclosing your Facebook ID. If you access interactive functions on our page (Like, commenting, sharing, messaging etc.), a Facebook login mask is displayed. Once you have logged in into Facebook, you are again identifiable to Facebook as a certain user.
Information on how to manage or delete existing information can be found on the following Facebook support pages: https://de-de.facebook.com/about/privacy#
We as provider of the information service collect and process data only if you participate in one of our competitions via Facebook or use Facebook Messenger to contact us. Winners of competitions conducted by us at Facebook are notified by us.
In those cases, your profile name and communication data are transferred to us. We use such data exclusively for satisfying our contractual duty (drawing and notification of a win) and/or based on our legitimate interest to answer your concrete enquiry.
If you have any questions regarding our information offering, please use the contact details provided in section 1 above.
Please be advised that the above-mentioned data processing by Facebook may take place also if you use the link to our Facebook page provided on our own website.

Privacy statement for video surveillance in the VILLA WESCO Mallorca

Person in charge:
VILLA WESCO S.L.U., Calle Bernat de Santa Eugènia 28, Santa Maria del Cami, ES-07320 Mallorca; C.I.F.: B-57856965

Data protection officer contact details:
datenschutz@wesco.de

Storage period:
72 hours; in case of suspicion: termination of criminal and civil proceedings

Recipient:
Law enforcement agencies, lawyers

Purposes and legal basis of the data processing:
Vandalism and Theft Prevention, Domestic Law, Art. 6(1)(f) of the GDPR

Legitimate interests being pursued:
Protection of Property, Art.13(1)(d) of the GDPR

References to the rights of data subjects
The data subject has the right to ask the person responsible to confirm whether personal data concerning him/her are being processed. If this is the case the data subject has the right to be informed about these personal data and the information specified in Article 15 GDPR.

The data subject has the right to demand the correction of incorrect personal data concerning him/her and, if necessary, completion of incomplete personal data (Art. 16 GDPR) from the person responsible without delay.

The data subject has the right to demand immediate deletion of personal data concerning him/her from the person responsible, provided that one of the reasons specified in Art. 17 GDPR is fulfilled, e.g. if the data are no longer needed for the purposes pursued (right to deletion).

The data subject has the right to require the person responsible to restrict the processing if one of the conditions specified in Art. 18 GDPR is fulfilled, e.g. if the data subject has objected to processing for the duration of the review by the person responsible.

The data subject has the right at any time to object to the processing of personal data concerning him/her for reasons arising out of his/her particular situation. The person responsible shall then no longer process the personal data unless he/she can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and liberties of the data subject, or if the processing serves the establishment, exercise or defence of legal claims (Art. 21 GDPR).

Without prejudice to any other administrative or judicial remedy, any data subject has the right to lodge a complaint with a supervisory authority if the data subject considers his/her personal data to have been processed in breach of GDPR (Art. 77 GDPR). The data subject may assert this right with a supervisory authority in the Member State of his/her place of residence, place of work or place of presumed infringement.

Privacy Statement for the Customer Card Program Registration

1. Information on the collection of personal data

(1) Below you will find details about the collection of personal data when you register for our customer card program and the associated use of our customer card. Personal data are all data which refer to you personally and by which you may be identified, e.g. name, address, email addresses, user behav-iour etc.

(2) The controller pursuant to Art. 4(7) of the EU General Data Protection Regulation (GDPR) is M. Westermann & Co. GmbH, Bahnhofstr. 205, D-59759 Arnsberg. Please refer to the imprint of our website for further information.
Our data protection officer, Mr Guido Asshoff, can be contacted using the email address [Datenschutz@wesco.de] or the contact details specified in the imprint of this website.

(3) When you contact us by email or through a contact form, the data provided by you (your email address, possibly your name and your telephone number) will be stored by us in order to answer your questions. We delete the data thus obtained once their storage is no longer necessary or restrict their processing if there is a legal requirement to retain the data.

(4) Where we opt to use selected service providers for certain functionalities of our offering or intend to use your data for advertising purposes, we inform you below in detail of the relevant procedures. In this context, we also specify the defined criteria for the storage period.

2. Registration for the customer card program and taking benefits

You can register for our customer card program by filling in an application form. After submit-ting/sending a registration form your data will be processed automatically in our systems to register you as a participant of the program, create a customer card and grant you benefits for holders of cus-tomer cards in the future. As a customer card holder you are entitled to special discounts and promo-tions from our company and to receive information on special events and courses as well as preferen-tial options to register for these events. If you want to claim a discount in our online shop we will pro-cess your membership number to verify your membership.
We process your data to initiate contracts and fulfil our contractual obligations, in particular for the purpose of granting discounts when you purchase or order products from our range and for transfer-ring information on the benefits that we offer to our members. Specifically, we collect and process your personal data as they are presented in the registration form, in particular your name, address and contact information. If you register in writing our staff will collect your data and enter them in our cus-tomer data system.
We process your data so that we can conclude and execute a contract with you (Art. 6(1)(b) GDPR), e.g. to send you a registration confirmation, to collect the course fee or to plan and execute the course on site (e.g. for the preparation of participant lists). On one hand, we process your email address to handle the existing customer card contract and, in particular, to send you information on the contrac-tual relationship, e.g. modification of the contractual terms.
The contractual relationship between you and us in the context of the customer card program includes providing you with information about the contractual benefits. We assume that we may do so on the basis of the existing contract in the sense of Art. 6(1)(b) GDPR. Nevertheless, we offer you the oppor-tunity to object to the sending of advertising information with regard to the customer card program by email in the future.
If you have given us your consent to sending you newsletters we will process your data in accordance with Art. 6(1)(b) GDPR. You can withdraw your consent for the future at any time.

3. Your rights (1) You have the following rights with regard to your personal data: – right to information,
– right to correction or deletion,
– right to restriction of processing,
– right to object to processing,
– right to data portability.

(2) In addition, you have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us. The competent supervisory authority in our case is
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
(North Rhine-Westphalia Commissioner for Data Protection and Freedom of Information)
Kavalleriestr. 2-4
D-40213 Düsseldorf
Telephone: +49(0)211/38424-0 Fax: +49(0)211/38424-10 Email: poststelle@ldi.nrw.de

4. Objection to or withdrawal of consent for the processing of your data

(1) If you have given your consent to the processing of your data, you may withdraw such consent at any time. Such a withdrawal affects the legitimacy of the processing of your personal data once you have notified us of the withdrawal.

(2) If our processing of your personal data is based on weighing of interests, you have the right to object to processing. In particular, this is the case if processing is not necessary to fulfil a contract with you; more details on this are provided in the description of functions below. When you exercise your right to object, we ask that you specify the reasons why we should not process your personal data in this way. If your objection is justified, we will examine the situation and either cease or adjust the data processing or explain to you the compelling legitimate grounds on which we will continue to process the data.

(3) Of course, you have the right to object to the processing of your personal data for purposes of ad-vertising and data analysis at any time. You can inform us about your objection to advertising using the contact details provided in Section 1 above.

5. Erasure of your data

We generally erase your data when the purpose of the processing no longer exists, e.g. because you have terminated your membership, you have withdrawn your consent or legal obligations to process or retain your data no longer apply.
As soon as you join the customer card program a contractual relationship with WESCO is established. We are entitled to process the data as long as the contract continues. From the time of termination of the contractual relationship there may be obligations to retain data, e.g. due to the granting of a dis-count we may be obliged to retain information on your membership for tax reasons, or we if have a legitimate interest for retention to enforce our own legal interests such as general periods of limitation.
In this case, permanent erasure of your data in is only possible after the retention period has expired. We delete bank details provided after revocation of the direct debit authorisation or successful pay-ment of the course fee. For information on the erasure of technical data such as cookies please refer to the relevant section in this declaration.

Use of Google Analytics for web analysis

This website uses Website Google Analytics, a web analytics service operated by Google LLC (www.google.de), for purposes of website analysis. This serves to protect our overriding legitimate interests in an enhanced and demand-oriented presentation of our offering. Google Analytics uses methods that allow the analysis of your use of the website, e.g. by installing cookies. The information automatically collected about your use of this website will as a rule be transmitted to and stored by Google on servers in the United States. By activating IP anonymisation on this website, the IP address is truncated before transmission within the Member States of the European Union or in other member states to Agreement on the European Economic Area. Only under exceptional circumstances, the complete IP address is transmitted to a server of Google in the USA and truncated there. The anonymised IP address transmitted by your browser in connection with Google Analytics is never associated with other data held by Google.

Google LLC has its head office in the USA and is certified under the EU-US Privacy Shield. An up to date certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has identified an adequate data protection level for enterprises certified under the Privacy Shield.

You can prevent the data generated by the cookie based on your usage of this website (including your IP address) being sent to and processed by Google by downloading and installing the browser plug-in available under the following link:http://tools.google.com/dlpage/gaoptout?hl=de

As an alternative to the browser plugin you can click on this link to stop future data collection via Google Analytics on this website. When doing so, an opt-out cookie is created on your device. If you delete your cookies, you will need to click on that link again.