Data protection information for business partners 

Principles of data processing at the Winkelmann Group  

Do you want to know more about how we handle (your) personal data? To comply with our obligation to provide information pursuant to Article 12 et seq. of the German Data Protection Regulation (DSGVO – Datenschutz-Grundverordnung), we hereby present our principles.

Who is responsible for data processing?

In accordance with the German Data Protection Regulation (DSGVO), the controller is:  

Winkelmann Group GmbH + Co. KG
Heinrich-Winkelmann-Platz 1 
59227 Ahlen, Germany 

Tel: +49 (23 82) 856-0 
E-mail: datenschutz@winkelmann-group.de 

You will find further information about our group of companies, details about the individuals authorized to represent the group and also further ways to contact us in the “About this site” section of this website. 

What personal data is processed by us and for what purpose?

If we receive data from you, it is generally only processed for specific purposes, depending on the reason it was transmitted by you.

In particular, the categories of personal data processed include your general details such as first name, last name, titles/affixes/qualifiers, nationality, and contact details such as private address, mobile phone number, e-mail address. Your personal data is usually collected directly from you as part of either a customer relationship and quotation process, a supplier presentation or tendering process, or a general process to create master data. Under certain circumstances, your personal data will also be obtained from other bodies, e.g., Bisnode Germany, for risk assessments/credit checks. 

Data processing for other purposes shall only be undertaken if the legal requirements in this respect have been met in accordance with Art. 6 Para. 4 DSGVO. Under these circumstances, we will of course take into account any possible information obligations under Art. 13 Para. 3 DSGVO and Art. 14 Para. 4 DSGVO. 

What legal basis is used for processing?

The legal basis for processing personal data is, in principle, Art 6 DSGVO, unless there is more specific legislation. In particular, the following options may be considered: 

  • Consent (Art. 6 Para. 1(a) DSGVO) 

  • Data processing to fulfill contracts (Art. 6 Para. 1(b) DSGVO) 

  • Data processing based on a balance of interests (Art. 6 Para. 1(f) DSGVO) 

  • Data processing to fulfill a legal obligation (Art. 6 Para. 1(c) DSGVO) 

Data processing is primarily used to establish, execute, and end the business relationship. The primary legal basis for this is Art. 6 Para. 1(b) DSGVO. In addition, your separate consent in accordance with Art. 6 Para. 1(a) and Art. 7 DSGVO may be used as data protection permission requirement. If necessary, we will also process your data on the basis of Art. 6 Para. 1 DSGVO to protect our legitimate interests or those of third parties (e.g., government bodies). Thesis applies in particular within the group of companies for the purposes of management, internal communications and other administrative duties. 

In addition, European Anti-terrorism Regulations (2580/2001 and 881/2002) require us to check your data against the so-called "EU terrorist lists" to ensure that no funds or other economic resources are provided for terrorist purposes. 

If we need to process your personal data for a purpose not mentioned above, we will inform you beforehand. 

If personal data is processed on the basis of your consent, you have the right at any time to revoke your consent with us going forward. 

If we process data based on a balance of interests, you have the right, as a data subject, to object to the processing of personal data, taking into account the requirements of Art. 21 DSGVO. 

How long is data stored?

We process data as long as it is necessary for the respective purpose. 

If statutory retention obligations exist – e.g., in commercial law or tax law – the relevant personal data is stored for the duration of the retention obligation. After the retention obligation expires, a decision is made as to whether any further processing is required. If this is not the case, the data is deleted immediately 

We usually conduct a review of data towards the end of a calendar year to determine if further processing is required. Based on the volume of data, the review is carried out based on specific data types or purposes of processing.

Of course, you can always (see below) request information about the data stored by us about you and, if the data is no longer required, ask that it be deleted, or processing be restricted. 

Who will my data be passed on to?

Your personal data is only passed on to third parties if it is needed to carry out the contract with you, its disclosure is permitted based on a balance of interests within the meaning of Art. 6 Para. 1(f) DSGVO, we are legally obliged to disclose it, or you have given your consent in this respect.

If we transmit personal data to service providers or companies outside the European Economic Area (EEA), the transfer will only take place if the EU Commission has confirmed the third country has an appropriate level of data protection or if other appropriate data protection guarantees exist (e.g., binding corporate data protection rules or EU standard contractual clauses). You can request information from the contact mentioned above. 

Where is the data processed?

Your personal data will be primarily processed by us on internal databases and stored at datacenters located mainly in the Federal Republic of Germany.

If necessary, we also employ service providers in the European Economic Area or a third country. We carefully select these service providers – especially with regard to data protection and data security – and take all measures required by data protection regulations for lawful data processing. 

Your rights as data subject

You have the right to receive information about the personal data stored and processed by us about you. An inquiry about your personal data must be submitted in writing (by post or digitally) to ensure that you are entitled to the information.

Furthermore, you have the right to correct, delete or restrict processing to the extent that you are legally entitled to do so.

In addition, you have a right to object to the processing within the framework of the legal requirements. A right to data portability also exists within the framework of data protection regulations. In particular, under Art. 21 Para. 1 and 2 DSGVO, you have a right to object to the processing of your data in connection with direct advertising if this is based on a balance of interests.

Are you required to provide your data?

As part of our business relationship, you must provide any personal data which we are legally obliged to collect or which is required to establish, execute, or end the business relationship and to perform the related contractual obligations. Without this data, we are not able to establish a business relationship. 

Our company uses automated decision-making in accordance with Art. 22 Para. 2(a) and (b) DSGVO. This only applies to specific requests through an order app.

Our Data Protection Officer 

We have appointed a data protection officer for our organization – the Winkelmann Group, all affiliated companies as well as sales and production locations. You can reach them as follows: 

AVIATICS Cost & Safety Management GmbH & Co. KG  
Kieshecker Weg 148 
40468 Düsseldorf  
Germany 

E-mail: datenschutz@aviatics.de

Your right to complain

You have the right to complain about the processing of personal data by us to a supervisory authority for data protection. 

Winkelmann Group GmbH + Co. KG
Heinrich-Winkelmann-Platz 1
59227 Ahlen
PO Box 2655
Germany

T: +49 (0) 2382 / 856-0
F: +49 (0) 2382 / 856-9188

About this site Privacy policy Contact