Status: June 2020

Contact details of the person responsibleName: WilMa Digital GmbH
Street: Grüner Weg 6
City, Postcode: Cologne, 50825
Phone: 0221 669 992 - 0
E-mail: dialog@wilma.tech

a) Purpose of data processing
Every time a user accesses a page of our website and every time a file stored on the website is accessed, access data about this process is stored in a log file. Each data record consists of:
(1) the page from which the file was requested,
(2) the name of the file,
(3) the date and time of the request,
(4) the amount of data transferred,
(5) the access status (file transferred, file not found, etc.),
(6) a description of the type of operating system and web browser used,
(7) the host name of the accessing computer,
(8) the client IP address.

We use this data to operate our website, in particular to determine the utilization of the website and website malfunctions and to make adjustments or improvements. The client IP address is used for the purpose of transmitting the requested data; it is anonymized by deleting the last block of digits (Ipv4) or the last octet (Ipv6) once the technical requirement no longer applies.
The personal data is passed on to service providers who perform IT tasks for the benefit of website operation (such as hosting service providers or providers of plug-ins).
b) Duration of storage
The data is stored each time a user accesses a page of our website and each time our website is accessed and is deleted as soon as it is no longer required for the purpose for which it was collected, which is the case no later than three months after the website visit.
c) Legal basis
The temporary storage of the aforementioned data takes place on the legal basis of Art. 6 para. 1 lit. f EU General Data Protection Regulation (hereinafter "GDPR"). The legitimate interest lies in the provision of our website, ensuring stability and security and checking for misuse.
d) Possibility of objection and removal
The data subject can object to the processing by refraining from using our website and, subject to the conditions described in more detail in the "Rights" section below, request the deletion of data collected from them in this way by means of an informal declaration.

a) Purpose of data processing
In order to technically enable the visit to our website, we transmit so-called cookies to the end device of the data subject. Cookies are small text files that can be used to identify the data subject's device, usually by recording the name of the domain from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier. By storing the cookie on the end device used - without interfering with the operating system - it is recognized again and enables us to make any default settings immediately available. We use this information to adapt our website and the services offered to your needs and to speed up your visit to our website.
The personal data is passed on to third-party providers to analyze the use of our website, insofar as this is necessary for the purposes of the analysis. If cookies are used for tracking purposes, we will inform you about this separately in this privacy policy.
b) Duration of storage
The storage period of the various cookies varies, but is a maximum of two years. They are stored on your local end device, not on our server, which is why the actual deletion period depends on how your browser software is configured. Please refer to the operating instructions of your browser software to find out how you can delete cookies set by us on an ad hoc or automatic basis.
c) Legal basis
Strictly necessary cookies are based on the legal basis of Art. 6 para. 1 lit. b GDPR, as they are necessary for the operation of the website or use of our online offer. The use of non-essential cookies (such as marketing, statistics or third-party cookies) is based on consent given via the cookie banner on our website and is based on the legal basis of Art. 6 para. 1 lit. a. DSGVO is based.
d) Possibility of objection and removal
The data subject can block the use of cookies in the end device used or the cookie banner displayed or delete them after use. However, individual functions of our website may then not be usable. How cookies can be blocked and cookies already stored can be deleted can be found in the instructions for the browser software.

a) Purpose of data processing
Name, address(es), bank details, e-mail address, VAT ID, telephone number, client IP address at the time a customer order is placed are collected, stored and processed solely for the purpose of establishing or executing the contract, which includes in particular billing and processing the contract. The personal data will only be passed on to third parties if this is necessary for the purpose of executing the contract.
b) Duration of storage
We store personal data that we collect and process for the purpose of executing contracts for a period of three years at the end of the year following the complete fulfillment of the reciprocal performance obligations. If the data is the subject of business letters within the meaning of §§ 147 para. 1 no. 2 and 3, 257 para. 1 no. 2 and 3 HGB, the data will be deleted after six years at the end of the year. The same applies if they are part of other documents that are relevant for taxation within the meaning of Section 147 (1) No. 5 AO, unless shorter retention periods are permitted in other tax laws. If the data is part of accounting documents within the meaning of §§ 147 para. 1 no. 1, 4, 4a AO, 257 para. 1 no. 1 and 4 HGB, the data will be deleted after ten years at the end of the year.
c) Legal basis
The aforementioned data is stored on the legal basis of Art. 6 para. 1 lit. b and lit. c GDPR in order to fulfill the obligations arising from the contract and to provide the services required for the execution of the contract. d) Right of objection and removal
Since there are legally standardized retention periods and the data must remain stored and processed for the execution of the contract, an objection or deletion is not possible.

a) Purpose of data processing
A user can contact us by e-mail, contact form, message to our social network accounts or telephone. We store the data transmitted to us and provided by the data subject in order to process the inquiry. This data regularly includes the name, address, email address, telephone number, date and time of the inquiry and the description of the request and, if applicable, contract data if the inquiry is made in the context of entering into or processing a contract.
If the personal data is sent by e-mail or contact form, it is passed on to service providers who enable the sending (participating mail providers or providers of plugins).
b) Duration of storage
We store personal data that we collect and process for the purpose of establishing contact for a period of three years at the end of the year following the complete fulfillment of the reciprocal service obligations. If the data is the subject of business letters within the meaning of §§ 147 para. 1 no. 2 and 3, 257 para. 1 no. 2 and 3 HGB, the data will be deleted after six years at the end of the year. The same applies if they are part of other documents that are relevant for taxation within the meaning of Section 147 (1) No. 5 AO, unless shorter retention periods are permitted in other tax laws. If the data is part of accounting documents within the meaning of §§ 147 para. 1 no. 1, 4, 4a AO, 257 para. 1 no. 1 and 4 HGB, the data will be deleted after ten years at the end of the year.
c) Legal basis
The aforementioned data is stored on the legal basis of Art. 6 para. 1 lit. b GDPR in the context of contract initiation or fulfillment or in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to be able to process the contact request and prevent misuse of the contact request.
d) Possibility of objection and removal
The data subject has the option to object to storage at any time. The data stored for this process will then be deleted. If a contract has been concluded, the above statements on the keyword "Contract execution" apply.

a) Purpose of data processing
The data subject can register with us by providing personal data, which is transmitted to us and stored. The data provided during registration as well as the IP address, date and time of registration are stored. Registration is necessary for the provision of certain content and services and also serves to establish and fulfill our contract with the data subject.
b) Duration of storage
As soon as the data is no longer required to achieve the purpose, it will be deleted. In the case of registration without further conclusion of a contract, this is the case when the customer account is deleted. Otherwise, personal data will be deleted once the reciprocal performance obligations arising from the additionally concluded contract have been met in full.
c) Legal basis
The storage of the aforementioned data takes place on the legal basis of Art. 6 para. 1 lit. b GDPR in the context of contract fulfillment or initiation or according to Art. 6 para. 1 lit. f GDPR. The legitimate interest of the controller is to be able to provide certain content and services for the benefit of users.
d) Possibility of objection and removal
The data subject has the option of deleting the customer account or modifying the data at any time. The account can be deleted or modified by sending a message to the contact named in Section I. There is no option to object to or delete the registration and the data if the registration was used to establish or implement a contractual relationship; in this case, only the account can be deleted. The account is deleted by means of the aforementioned steps.

a) Purpose of data processing
This website uses Google Analytics, a web analytics service provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics uses so-called "cookies", text files that are stored on the end device of the person concerned and that enable an analysis of the use of the website. The information generated by the cookie about the use of this website is usually also transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymization on this website, the IP address of the person concerned will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Insofar as data is transmitted to Google LLC in the USA, this is done on the basis of the EU-U.S. Privacy Shield (https://www.privacyshield.gov/participant? id=a2zt000000001L5AAI&status=Active). You can find more information about Google's privacy policy at the following Internet address: https://policies.google.com/privacy
b) Duration of storage
As soon as the data is no longer necessary to achieve the purpose, it is deleted, which is the case when the anonymization, which takes place within the European Union, is completed. This takes less than a second. The data sent by us and linked to cookies, user identifiers (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data that has reached the end of its retention period is automatically deleted once a month. Further information can be found at https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=de.
c) Legal basis
Processing is carried out on the legal basis of Art. 6 para. 1 lit. a GDPR only with prior consent.
d) Objection and removal options You can block the use of cookies in the end device used or the cookie banner displayed or delete the cookies after use. How cookies can be blocked and cookies already stored can be deleted can be found in the instructions of the browser software; however, we would like to point out that in this case not all functions of this website can be used to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to the use of the website (including the IP address) and from processing this data by Google by installing the browser plug-in available at http://tools.google.com/dlpage/gaoptout?hl=de.

a) Purpose of data processing
Through the Twitter button (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A), we do not collect any personal data at all. Nevertheless, we explain the technical background for the sake of completeness. We only use a deactivated button of the social network Twitter. This means that no data is transmitted to this network. By clicking on the button, the data subject decides to activate it and thus establish a connection to the Twitter server and thus transmit data to the social network servers in accordance with the agreement concluded by the data subject with the social network. The activation leads to the calling up of social network content. The type, purpose and scope of data collection and use can be found in the corresponding data protection declarations of the social networks.
Insofar as data is transmitted to Twitter Inc. in the USA, this is done on the basis of the EU-U.S. Privacy Shield (https://www.privacyshield.gov/participant? id=a2zt0000000TORzAAO&status=Active).
You can find more information about Twitter's privacy policy at the following Internet address https://twitter.com/de/privacy
b) Duration of storage
The duration of storage depends on the specifications of the social network operators.
c) Legal basis
The operators of the social networks inform the data subjects about the legal basis.
d) Possibility of objection and removal
On Twitter, you can restrict the processing of your data within the general settings of your account under "Privacy and security".

a) Purpose of data processing
We use the Leaflet API to integrate the OpenStreetMap map service of the provider OpenStreetMap Foundation (OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB 4 0 WS, United Kingdom) into our website.
When the map service is called up, the Leaflet script and the Leaflet CSS from unpkg.com and the map material from OpenStreetMap are loaded. Your IP address, a description of the type of operating system, web browser and end device used, the date and time of the pages accessed and the page from which the file was requested are automatically processed. The data is used to provide the map service on our website. According to OpenStreetMap, it is used in particular to maintain and improve the service as well as for research and other purposes (partly anonymized for this purpose). According to OpenStreetMap, personal data is passed on to third parties, in particular within the persons involved in the project and insofar as there is a legal obligation to do so.
For details, please refer to https://www.leafletjs.com and the data protection provisions of OpenStreetMap at the following Internet address https://wiki.osmfoundation.org/wiki/Privacy_Policy
b) Duration of storage
This access data is not analyzed by us and is automatically overwritten no later than seven days after the end of your visit to the site. According to OpenStreetMap, it stores the data for 180 days.
c) Legal basis
Processing is carried out on the legal basis of Art. 6 para. 1 lit. a GDPR only with prior consent. d) Objection and removal option The data subject can deactivate JavaScript in the terminal device used and block the use of cookies or the cookie banner displayed or delete them after use. How cookies can be blocked and cookies already stored can be deleted can be found in the instructions of the browser software; however, we would like to point out that in this case not all functions of this website can be used to their full extent.

a) Purpose of data processing
In our blog, in which we publish various articles on the topic of Magento, a user can make public comments. This will be published with the name given in the post. The e-mail address is required, all other information is voluntary. The IP address is also stored.
The storage is necessary in order to be able to defend ourselves against liability claims in cases of possible publication of unlawful content. We need your e-mail address in order to contact you if a third party objects to your comment as unlawful. The personal data will be passed on to service providers who perform IT tasks for the benefit of the blog (such as providers of plugins or anti-spam service providers).
b) Duration of storage
The data is stored for each user comment and deleted as soon as it is no longer required for the purpose for which it was collected, which is no later than three months after the comment was published.
c) Legal basis
The aforementioned data is stored in accordance with Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in the provision of our blog and to prevent misuse of the comment function.
d) Possibility of objection and removal
The data subject has the option to object to the storage at any time. The data stored for this process will then be deleted.

If personal data is processed by the user on our website, the data subject (data subject) has the following rights vis-à-vis the controller in accordance with the GDPR.

The data subject has the right to the following information:
(a) the purposes of the processing;
b) the categories of personal data being processed
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
f) the existence of the right to lodge a complaint with a supervisory authority
g) where the personal data are not collected from the data subject, any available information as to their source
h) the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
i) If personal data are transferred to a third country or to an international organization, the data subject has the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
We will provide the data subject with a copy of the personal data that is the subject of the processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs.

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing
c) the data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR;
d) the personal data have been processed unlawfully;
e) the erasure of personal data is necessary for compliance with a legal obligation in Union or Member State law to which the controller is subject
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data,
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; or
d) the data subject has objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If the data subject has requested from the controller rectification pursuant to Art. 16 GDPR, erasure pursuant to Art. 17 (1) GDPR or restriction of processing pursuant to Art. 18 GDPR and the controller has informed all recipients to whom the data subject's personal data have been disclosed of the data subject's request (unless this was impossible or would involve disproportionate effort), the data subject has the right to be informed of the recipients by the controller.

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where
a) the processing is based on consent pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and b) the processing is carried out by automated means.
This must not adversely affect the rights and freedoms of other persons. When exercising the right to data portability in accordance with paragraph 1, the data subject has the right to obtain that the personal data be transferred directly by us to another controller, insofar as this is technically feasible.
The exercise of the right to data portability does not affect the right to erasure pursuant to Art. 17 GDPR. The right to data portability does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. If the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes. Consent given by the data subject can be revoked at any time. However, the collection and processing carried out up to this point in time remains lawful.

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
This does not apply if the decision
a) is necessary for entering into, or performance of, a contract between the data subject and us
b) is authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
c) with the express consent of the data subject.
These decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as the legitimate interests of the data subject. In the cases referred to in points a) and c), we shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on our part, to express his or her point of view and to contest the decision.

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Without prejudice to any available administrative or extrajudicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation.
Actions against us or against a processor shall be brought before the courts of the Member State in which we or the processor have an establishment. Alternatively, such actions may also be brought before the courts of the Member State in which the data subject is domiciled, unless we or the processor is a public authority of a Member State acting in the exercise of its public powers.