Skip to content
DATA PROTECTION

Data protection declaration

 

We take the protection of your personal data very seriously and adhere stringently to the rules of the currently applicable General Data Protection Regulation (GDPR, EU regulation 2016/679). Personal data is only collected on our website, our apps and all services when necessary and always processed for a specific purpose. Within this data protection declaration, we differentiate between general information on the website and information that is relevant to you as a private individual or corporate client.
 

Responsible party and contact information

Windhager Zentralheizung GmbH
Anton Windhagerstrasse 20
5201 Seekirchen, Austria
Phone: +43 6212 2341 – 0
e-mail: datenschutz@windhager.com
 

Data processing within the Windhager Group

The data protection agreement applies to all companies belonging to the Windhager Group and data processing is a collective responsibility.

Windhager Zentralheizung GmbH, 5201 Seekirchen , Austria
Windhager Zentralheizung Technik GmbH, 5201 Seekirchen, Austria
Windhager Zentralheizung Beteiligungs GmbH, 5201 Seekirchen, Austria
Windhager Zentralheizung GmbH, 86368 Gersthofen, Germany
Windhager Zentralheizung Schweiz AG, 6203 Sempach, Switzerland

In the following, the term “Windhager Group” will be used instead of the individual company names.
 

General data protection declaration

Duties to provide information in accordance with Article 13 of the EU General Data Protection Regulation (GDPR)

When you access our websites, information about the visit (date, time, sites visited, IP address) is saved as log files on our server. We do this as a result of the legitimate interest to monitor technical operations, to optimise the information we offer and to detect any attacks on our website. This data is analysed by us in an anonymised form exclusively for our own statistical purposes. The log files are deleted after three months. Data is processed on behalf of the Windhager Group. In general, no personal data is collected by us when you use our website. If you contact us via the contact form provided, your e-mail address and any other personal data you provide will only be used in personal correspondence to respond to your request. We guarantee that your details are only used by us, that they are never passed on to third parties, and that they are treated as confidential in accordance with the applicable legal provisions. An exception to this is when information is passed on to data processors who only work on our instructions and do not use the data for their own purposes. Furthermore, they are bound by their own agreements to the data protection obligations of the General Data Protection Regulation. Owing to our legitimate interest to minimise payment defaults, in some cases we will pass on information to credit insurance companies, credit agencies and debt collection agencies as part of an application, transaction or payment, as well as if there is a risk of a payment default. These companies and agencies process the data under their own authority and also use it for the purposes of scoring with the intention of providing their contractual partner with information, such as creditworthiness. You always have the right to access, rectification and erasure of the data, the right to restriction of processing, the right to object to processing (in particular to object to the sending of direct marketing), as well as the right to lodge a complaint with a supervisory authority.
 

General requests

The data in your request (name, contact details, content of the request, history of any previous contact with us) that you share with us via the contact form, the online customer satisfaction survey, the Expertise Atlas contact form or via e-mail is processed by us for the purposes of customer service (in order to take steps prior to entering into a contract) and for marketing purposes (legitimate interest in sending direct marketing by post). Your data is deleted by us 3 years after your last request, provided that there are no legal obligations requiring us to store the data.
 

Customer satisfaction survey

Our partner Netigate (www.netigate.de) conducts the customer satisfaction survey on our behalf, and participation is voluntary. We process this data (answers to the survey) on the basis of our legitimate interest to optimise our procedures and to improve our products. Netigate is not authorised to use the data for its own purposes and is bound to the provisions of the General Data Protection Regulation by an order processing agreement. Your data will be anonymised at the latest 12 months after having filled out the survey and any personal references will therefore be removed.
 

Competitions

Participation in competitions is voluntary and the personal data entered for this purpose is used to communicate with the winner.
 

Newsletter

Signing up to our newsletter is voluntary and is permitted on the legal basis of your explicit consent. The obligatory fields are used to allocate the responsible sales contact. Registration is only valid once confirmed (double opt-in). Consent applies until it is withdrawn. Each newsletter e-mail contains the option to withdraw consent. Along with your contact details, your usage behaviour is logged when you read the newsletter and used for statistical analyses.
 

“Subscribing to the blog” at blog.windhager.com

The news subscription to new blog articles at blog.windhager.com is voluntary and is permitted on the legal basis of your explicit consent. Consent applies until it is withdrawn. The option to withdraw consent is provided each time you receive notification of new contributions. Your e-mail address will be forwarded to our service provider wordpress.com (Aut O’Mattic Ltd, Ireland, data processor) and data will also be transmitted to a country outside of the European Union. We have arranged our own agreement with this data processor that ensures data processing security. Data transmission to a third country (the USA) may be performed subject to an adequacy decision by the EU Commission (EU-US Privacy Shield) in accordance with Article 45 of the GDPR, as Automattic Inc. (US) is entered as an active member of Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).
 

Notice on the use of cookies

Software is used on this website to analyse the use of the website. Analysing this data can reveal valuable findings about the needs of the users. These findings contribute to further improving the quality of what we offer. We therefore also use cookies in this context. Cookies are text files that are saved on the website visitor's computer and that therefore make it possible to recognise a user anonymously. Cookies can generally be declined or deleted by making the appropriate browser settings.
 

Vimeo

Our website uses plugins from the Vimeo video portal. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.
When you visit one of our pages that contains a Vimeo plugin, a connection to the Vimeo servers will be established. In the process, the Vimeo server will be notified of which pages of our website you have visited. Vimeo will also receive your IP address. This is the case even if you are not logged in to Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to the Vimeo server in the USA.

If you are logged into your Vimeo account, you enable Vimeo to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your Vimeo account. For more information on how Vimeo manages user data, please see Vimeo’s privacy policy at: https://vimeo.com/privacy.
 

Hosting

The website is hosted by: 

conova communications GmbH
Karolingerstraße 36A
5020 Salzburg

The server location and therefore the personal data that is generated during your visit to the website is/are located in Austria. 
 

Google Analytics

This website uses Google Analytics – a web analytics service provided by Google LLC (“Google”). The information gathered by the Google cookie about your site usage is usually sent to a Google server in the USA, where it is stored. However, if IP anonymisation has been enabled on this site, in member states of the European Union and other countries which are signatories to the EEA agreement, your IP address will first be shortened by Google. In exceptional cases, the full IP address will be sent to and shortened on a Google server in the USA. Google has entered into the EU-US Privacy Shield agreement and an appropriate level of protection is therefore in place for the processing of data in accordance with the resolution by the EU Commission and Article 45 of the GDPR. Google will use this information on behalf of the site operator to analyse your use of the site, compile reports on site activity, and provide other services relating to site and Internet usage. The IP address collected by Google Analytics will not be linked with any other data held by Google. You may prevent cookies from being stored by selecting the appropriate setting in your browser software. Please note, however, that this may prevent you from making full use of the functions on this website. You may also prevent the site usage data collected by cookies (including your IP address) being stored and processed by Google by downloading and installing the browser plug-in available through this link: http://tools.google.com/dlpage/gaoptout?hl=de. Further information on the conditions of use and data protection can be found under the Google Analytics Terms of Service and the Google Analytics overview. Please note that the code “gat._anonymizeIp();” was added to Google Analytics on this website to ensure that IP addresses are collected anonymously (this is known as IP masking).
 

Google reCAPTCHA

Some of our Internet forms are protected against the use of bots. Bots are programs that automatically enter data into forms at high frequency and therefore impair the system. To protect ourselves against this, we use “reCAPTCHA” from the following provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You will find a data protection declaration under https://www.google.com/policies/privacy/. Options for opting out are available under https://adssettings.google.de. Google LLC is an active participant in the Privacy Shield agreement (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). This means an appropriate level of protection for your personal data based on a resolution by the European Commission in accordance with Article 45 of the GDPR.
 

Google DoubleClick

We use the services provided by Google DoubleClick and Google AdWords to display and distribute online advertisements. These services are made available by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google DoubleClick detects your visit to our website and you therefore also receive online advertisements for our products on other websites. You have the option to opt out under https://adssettings.google.de. Google LLC is an active participant in the Privacy Shield agreement (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). This means an appropriate level of protection for your personal data based on a resolution by the European Commission in accordance with Article 45 of the GDPR.
 

The use of Facebook Social Plugins

On the basis of our legitimate interest (i.e. our interest in analysis, optimisation and economic operation of our online content with respect to Article 6 Paragraph 1 lit. f. GDPR), we use Social Plugins from the social network facebook.com. These are operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). Plug-ins can take the form of interactive elements or content (e.g. videos, graphics or text) and are identifiable by one of the Facebook logos (a white “f” in a blue tile, the option to “Like” a contribution or a “thumbs-up” symbol). Alternatively, they can be recognised by the addition of “Facebook Social Plugin”. You can view the different Social Plugins here: https://developers.facebook.com/docs/plugins/. Facebook is certified under the Privacy Shield agreement and therefore provides a guarantee that it complies with the European data protection law and that it has an appropriate level of data protection in accordance with an adequacy decision by the EU Commission and in line with Article 45 of the GDPR. (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). If a user accesses a function of this online content that contains this type of plug-in, the device establishes a direct connection to the Facebook servers. The content of the plug-in is transferred directly from Facebook to the user's device and integrated into the online content. Usage profiles for the users can be created from the processed data. We therefore do not have any influence over the scope of data that Facebook collects using these plug-ins and we can only provide users with as much information as we have available. By integrating plug-ins, Facebook is able to find out that a user has visited the corresponding page of the online content. If the user is logged into Facebook, Facebook can assign the visit to their Facebook account. If users interact with the plug-ins, such as by selecting the Like button or entering a comment, the relevant information is transferred directly from your device to Facebook and saved. If a user is not a member of Facebook, there is still a chance that Facebook will find out their IP address and save it. Information on the purpose and scope of data collection, further processing and the use of data by Facebook, as well as the relevant rights and setting options for protecting the privacy of the user can be found in Facebook's Data Policy: https://www.facebook.com/about/privacy/. If a user is member of Facebook and does not want Facebook to collect data about them via this online content and to connect with their personal membership data that is saved on Facebook, they must log out of Facebook before using our online content and delete their cookies. It is possible to make further settings and to object to your data being used for marketing purposes within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US web page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are changed across the various platforms, i.e. they are applied to all devices including desktop computers and mobile devices. Deactivating the use of data for marketing purposes stops advertisements from being displayed but does not prevent data being collected.
 

Facebook pixel

In some cases, we place advertisements on the social media platform Facebook. These are operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). Clicking on any these advertisements redirects you to one of our websites. The information provided by Facebook pixel helps us to check which advertisements were successful and which were not so successful. A log is also created that records which pages of our website were viewed after the advertisement was clicked on. Facebook is certified under the Privacy Shield agreement and therefore provides a guarantee that it complies with the European data protection law and that it has an appropriate level of data protection in accordance with an adequacy decision by the EU Commission and in line with Article 45 of the GDPR. (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). Information on the purpose and scope of data collection, further processing and the use of data by Facebook, as well as the relevant rights and setting options for protecting the privacy of the user can be found in Facebook's Data Policy: https://www.facebook.com/about/privacy/. If a user is member of Facebook and does not want Facebook to collect data about them via this online content and to connect with their personal membership data that is saved on Facebook, they must log out of Facebook before using our online content and delete their cookies. It is possible to make further settings and to object to your data being used for marketing purposes within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US web page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are changed across the various platforms, i.e. they are applied to all devices including desktop computers and mobile devices. Deactivating the use of data for marketing purposes stops advertisements from being displayed but does not prevent data being collected.
 

Information for private individuals and owners of Windhager heating systems

Windhager has acquired your data from your installation company or heating engineer and processes personal data linked to customers and potential customers for the purposes of ordering and supplying products and services (e.g. to perform service operations or to start up systems), to carry out sales activities, for accounting purposes, for customer service on the legal basis of an agreement or in order to take steps prior to entering into a contract, as well as for marketing purposes on the legal basis of Windhager's legitimate interest to send direct marketing by post and to fulfil our duty of care by ensuring system safety. Names and contact details, technical system information, any agreements, as well communication and order history are processed. The provision of this data is a requirement of the business relationship, as otherwise contractual or legal obligations cannot be satisfied. Data is processed on behalf of the Windhager Group. Data is never passed onto third parties without consent unless this is required by law or to satisfy contractual obligations. This could be the case, for example, if data is passed on to logistics partners and forwarding companies so that they can make delivery of the goods. Another exception to this is when information is passed on to data processors who only work on the instructions of Windhager and do not use the data for their own purposes. Furthermore, they are bound by their own agreements to the data protection obligations of the General Data Protection Regulation. Data is not passed on to countries outside of the European Union or to international organisations. In addition to statutory retention obligations, data is stored for a maximum of 20 years so that we can provide information on new findings relating to the service life of individual components in the system and new product developments. You have the right to access, rectification and erasure of the data, the right to restriction of processing, the right to object to processing (particularly the sending of direct marketing), as well as the right to data portability to another data controller. You also have the right to lodge a complaint with a supervisory authority.
 

Information for companies

As part of the business relationship with the companies of the Windhager Group, personal data from customers, prospects, suppliers or other business partners is processed for the purposes of ordering and supplying products and services, for sales activities, training, purchasing, accounting, customer service, as well as for sending direct marketing. Names and contact details, any agreements, required qualifications, as well communication and order history are processed. The provision of this data is a requirement of the business relationship, as otherwise contractual or legal obligations cannot be satisfied. Data is processed on behalf of the Windhager Group. Data is never passed onto third parties without consent unless this is required by law. Data is not passed on to countries outside of the European Union or to international organisations. An exception to this is when information is passed on to data processors who only work on the instructions of the Windhager Group and do not use the data for their own purposes. Furthermore, they are bound by their own agreements to the data protection obligations of the General Data Protection Regulation. Once the obligatory statutory retention period has lapsed, data is stored for a maximum of three years from the last point of contact. You always have the right to access, rectification and erasure of the data, the right to restriction of processing, the right to object to processing (in particular to object to the sending of direct marketing), as well as the right to data portability to another data controller. You also have the right to lodge a complaint with a supervisory authority.