Data protection:
The following data protection relates to the use of the website "www.windstrom.de" (hereinafter "Website").
The carriers of this homepage are seriously concerned about the protection of your personal data. The collection and processing of your personal data takes place under consideration of the relevant data protection regulations (GDPR). We gather and use your personal data to offer the above mentioned website. This declaration deescribes how and where for your personal data is gathered and used for and show the opportunities you got in relation to your personal data.
With the use of this website you declare your agreement with gathering, use and transmission of your personal data accoring to this data protection declaration.

1.Responsible
Responsible for gathering, processing and use of your personal data according to Art. 4 No. 7 GDPR:
WindStrom Erneuerbare Energien GmbH & Co. KG
Am Torfstich 11
31234 Edemissen
Phone: + 49 (0) 51 76 / 92 04 - 0
Facsimile: + 49 (0) 51 76 / 92 04 - 10
E-mail: info@windstrom.de

If you disagree with the gathering, processing or use of your personal data in accordance with this data protection declaration in total or just for single measures, please address your disagreement to the responsible.
This data protection declaration is based on a standardized template by:

Lawyer Maximilian Greger
E-Mail: maximilian.greger@snp-online.de
Web: www.law-blog.de

You can store and print it at any time.

2. General use of the website

2.1 Hosting
The hosting services we use are for the purose of providing the following services:
Infrastructure and platform services, computing capacity, disk space and database services, and collateral and technical maintenance services we use to operate the site.
In this context data may be processed by us or our hosting provider, including inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, prospects and visitors to this online offer, on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR.

2.2 Access Data
We may collect information about you when you use this website. We may automatically collect information about your usage behaviour and your interaction with us and may register information about your computer or mobile device. If required, we collect, store and use data about every instance of access to our online offer (so-called server log files). The access data includes:

- Name and URL of the retrieved file
- Date and time of retrieval
- Amount of data transferred
- Message about successful retrieval (HTTP response code)
- Browser type and browser version
- Operating system
- Referrer URL (i.e. the previously visited page) - Websites accessed by the user`s system through our website
- Internet service provider of the user
- IP address and the requesting provider

We may use this log data without any personal assignment or profiling for statistical purposes for the purpose of operation, security and optimisation of our online offer, but also for the anonymous collection of data on the number of visitors to our website (traffic) and the extent and nature of the traffic, the use of our website and services, as well as for billing purposes, and to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalised and location-based content, analyse traffic, troubleshoot and improve our services.

Our legitimate interest in accordance with Art. 6 (1) (f) GDPR also lies therein.

We reserve the right to retrospectively review the log data if, on the basis of concrete evidence, there is a legitimate suspicion of unlawful use. We store IP addresses in the log files for a limited period of time, if this is necessary for security purposes. We also store IP addresses if we have a specific suspicion of a crime in connection with the use of our website. In addition, as part of your account, we save the date of your last visit (e.g. when registering, logging in, clicking links etc.).

2.3 Cookies
We use so-called session cookies to optimise our online offer. A session cookie is a small text file that is sent by the respective servers when visiting a website and is stored on your hard disk. As such, this file contains a so-called session ID, with which various requests from your browser can be assigned to the shared session. This will allow your computer to be recognised when you return to our website. These cookies are deleted after you close your browser.

Our legitimate interest in the use of cookies in accordance with Art. 6 (1) (f) GDPR is to make our website more user-friendly, effective and secure.

The cookies store the following data and information:

- Log-in information
- Language settings
- Search terms entered
- Information about the number of visits to our website and use of indivdual features of our website

When the cookie is activated, it will be assigned an identification number. An assignment of your personal data to this identification number will not be made. Your name, IP address or similar data that would allow the cookie to be associated with you as a person will not be included in the cookie.

You can set your browser so that you are informed in advance about the setting of cookies and can decide on a case-by-case basis whether you exclude the acceptance of cookies for specific cases or in general, or permanently prevent the setting of cookies. This may limit the functionality of the website.

2.4 E-mail contact
If you contact us (e.g. via contact form or e-mail), we will save your details for the processing of the inquiry as well as for the case that follow-up questions arise.
Our legitimate interest in accordance with Art. 6 (1) (f) GDPR also lies therein.
We store and use other personal data only if you consent to it or if this is permitted by law without special consent.

2.5 Google Maps
On our website we use the Google Maps map service, operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The purpose of this use is to improve the user experience as well as improve the findability of our company. Under certain circumstances, the IP addresses and location data of our visitors are collected. The processing of the location data requires consent, e.g. by a setting in the user’s mobile device. It cannot be ruled out that the data will be processed in the USA. More information about the handling of user data can be found in the Google privacy policy under https://www.google.com/policies/privacy/. There is an option to opt out at https://adssettings.google.com/authenticated .

2.6 Storage duration
Unless specifically stated, we store personal data only as long as necessary to fulfil the purposes pursued.

3. Your rights as a data subject
You have various rights regarding your personal data under the applicable legislation. If you would like to assert these rights, please send your request by e-mail or by post with a clear identification of your person to the address specified in section 1.
Below is an overview of your rights.

3.1 Right to confirmation and information
You have the right at any time to obtain confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have the right to ask us for free information about your personal data stored together with a copy of this data. Furthermore, there is a right to the following information:

1. The processing purposes
2. The categories of personal data being processed
3. The recipients or categories of recipients in third countries or international organisations
4. If possible, the planned duration for which the personal data is stored or, if that is not possible, the criteria for determining that duration
5. The right to correct or delete the personal data concerning you or to limit processing by the controller, and a right to object to such processing
6. The existence of a right of appeal to a supervisory authority
7. If the personal data is not collected from you, all available information on the source of the data
8. The existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on you.

If personal data is transferred to a third country or to an international organisation, you have the right to be informed about the appropriate guarantees under Art. 46 GDPR in connection with the transfer.

3.2 Right to correction
You have the right to demand immediate correction of incorrect personal data concerning you. Taking into account the purposes of processing, you also have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

3.3 Right to deletion ("Right to be forgotten")
You have the right under Art. 17 (1) GDPR to request that personal data relating to you be deleted without delay, and we are obliged to delete personal data immediately, provided that one of the following applies:

1. The personal data is no longer necessary for the purposes for which it was collected or otherwise processed
2. You revoke their consent on the basis of which the processing was done pursuant to Art. 6 (1) (a) GDPR or Art. 9  (2)  (a) GDPR, and there is no other legal basis for the processing
3. Pursuant to Art. 21   (1) GDPR, you object to the processing and there are no prevailing justifiable grounds for processing, or you object to the processing pursuant to Art. 21 (2) GDPR
4. The personal data was processed unlawfully
5. The deletion of personal data is required to fulfil a legal obligation under Union or national law to which we are subject
6. The personal data was provided in relation to information society services offered in accordance with Art. 8 (1) GDPR

If we have made the personal data publicly available and if we are obliged to delete it in accordance with Art. 17 (1) GDPR, we shall take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to inform data controllers who are responsible for the personal data that you as a data subject have requested deletion of any links to such personal data or copies or replications of such personal data.

3.4 Right to restriction of processing
You have the right to demand that we restrict processing if one of the following conditions applies:

1. The accuracy of your personal data is contested by you for a period of time that allows us to verify the accuracy of your personal data;
2. The processing is unlawful and you refuse the deletion of your personal data and, instead, request the restriction of the use of the personal data;
3. We no longer need the personal data for the purposes of processing, but you need the data for the establishment, exercise or defence of legal claims;
4. You object to the processing according to Art. 21 (1) GDPR, as long as it is not certain whether the legitimate reasons of our company outweigh yours.

3.5 Right to data portability
You have the right to receive the personal data you provide to us in a structured, common and machine-readable format, and you have the right to transfer such data to another controller without hindrance provided that:

1. The processing is based on consent in accordance with Art. 6 (1) (a) GDPR orArt. 9 (2) (a) GDPR or is based on a contract in accordance with Art. 6 (1) (b) GDPR, and
2. The processing is carried out using automated procedures.

In exercising your right to data portability in accordance with paragraph 1, you have the right to obtain that the personal data be transmitted directly by us to another controller, as far as this is technically feasible.

3.6 Right to objection
You have the right at any time, for reasons that arise from your particular situation, to object to the processing of personal data relating to you, based on   Art. 6   (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. We will no longer process personal data, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.

If personal data is processed by us in order to operate direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.

You have the right, for reasons arising out of your particular situation, to object to processing of personal data relating to you for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, unless the processing is necessary to fulfil a task of public interest.

3.7 Automated decision-making including profiling
You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect on you or affect you in a similar manner.
There is no automated decision-making done based on the personal data collected.

3.8 Right to revoke a data protection consent
You have the right to revoke a consent to the processing of personal data at any time.

3.9 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in your Member State of residence, employment or the place of the alleged infringement, if you believe that the processing of your personal data is unlawful.

4. Data security
We make every effort to ensure the security of your data within the framework of applicable data protection laws and technical possibilities.
Your personal data will be transmitted in encrypted form with us. This applies to your orders and also to the customer login. We use the encryption system SSL (Secure Socket Layer), but point out that data transmission over the internet (e.g. in the case of communication by e-mail) can have security gaps. Complete protection of the data from access by third parties is therefore not possible.
To safeguard your data, we maintain technical and organisational security measures in accordance with Art. 32 GDPR, which we always adapt to state-of-the-art technology.
We also do not guarantee that our offer will be available at specific times; disturbances, interruptions or failures cannot be excluded. The servers we use are regularly backed up with care.

5. Transfer of data to third parties, no data transfer to non-EU countries
In principle, we use your personal data only within our company.
If and to the extent that we engage third parties in the performance of contracts (such as logistics service providers), they will only receive personal data to the extent that the transmission is required for the corresponding service.
In the event that we outsource certain parts of the data processing (“commissioned processing”), we contractually obligate processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the data subject’s rights.
Data transmission to agencies or persons outside the EU outside of the cases mentioned in this declaration in paragraph 2 does not take place and is not planned.

6. Data protection officer
Should you have any questions or concerns about data protection, please contact our data protection officer. The contact details of the data protection officer are:

Kämmer Consulting GmbH
Phone: +49 53 1 / 70 22 49 - 0
E-mail: dsb-team(at)kaemmer-consulting.de