Privacy Policy

As of: June 2020

Name: WilMa Digital GmbH
Str.: Grüner Weg 6
Location, Postcode: Cologne, 50825
Tel.: 0221 669 992 - 0
E-Mail: dialog@wilma.tech

a) Purpose of data processing
Every time a user accesses a page on our website and every time a file stored on the website is accessed, access data about this process is stored in a log file. Each data set consists of:
(1) the page from which the file was requested,
(2) the name of the file,
(3) the date and time of the request,
(4) the amount of data transferred,
(5) the access status (file transferred, file not found, etc.),
(6) a description of the type of operating system and web browser used,
(7) hostname of the accessing computer,
(8) the client IP address.

We use this data to operate our website, in particular to determine website load and website malfunctions and to make adjustments or improvements. The client IP address is used for the purpose of transmitting the requested data; Once the technical requirement no longer exists, it is anonymized by deleting the last block of numbers (Ipv4) or the last octet (Ipv6).
The personal data is passed on to service providers who perform IT tasks for the benefit of website operation (such as hosting service providers or providers of plugins).
b) Duration of storage
The data is stored every time a user accesses a page on our website and every time our website is accessed and is deleted as soon as it is no longer required for the purpose of the collection, which is the case no later than three months after visiting the website .
c) Legal basis
The temporary storage of the aforementioned data takes place on the legal basis of Article 6 Paragraph 1 Letter f of the EU General Data Protection Regulation (hereinafter “GDPR”). The legitimate interest lies in making our website available, ensuring stability and security and checking for improper use.
d) Possibility of objection and removal
By refraining from using our website, the person concerned can object to the processing and, subject to the conditions set out in more detail below in the “Rights” section, request that the data collected in this way be deleted by means of an informal declaration.

a) Purpose of data processing
In order to technically enable visiting our website, we transfer so-called cookies to the end device of the person concerned. Cookies are small text files that allow the data subject's device to be identified, usually by recording the name of the domain from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier. By storing the cookie on the device used - without interfering with the operating system - it is recognized again and allows us to make any default settings available immediately. We use this information to adapt our website and the services offered to your needs and to speed up access to our website.
The personal data will be passed on to third parties to analyze the use of our website, to the extent necessary for the purposes of the analysis. If cookies are used for tracking purposes, we will provide information about this separately in this data protection declaration.
b) Duration of storage
The storage period of the different cookies varies, but is a maximum of two years. They are stored on your local device, not on our server, which is why the actual deletion time depends on how your browser software is configured. Please refer to the operating instructions for your browser software to find out how you can delete cookies set by us on an occasion-related or automatic basis.
c) Legal basis
Strictly necessary cookies are based on the legal basis of Article 6 Paragraph 1 Letter b GDPR, as they are necessary for the operation of the website or use of our online offering. The use of non-essential cookies (such as marketing, statistical or third-party cookies) is based on consent given via the cookie banner on our website and on the legal basis of Art. 6 Para. 1 lit a. GDPR is based.
d) Possibility of objection and removal
The person concerned can block the use of cookies in the device used or the cookie banner displayed or delete them after use. However, under certain circumstances, individual functions of our offer may not be usable. How cookies can be blocked and cookies that have already been saved can be deleted can be found in the instructions for the browser software.

a) Purpose of data processing
Name, address(es), bank details, email address, VAT ID, telephone number, client IP address at the time of placing a customer order are collected, stored and processed solely for the purpose of establishing or executing the contract, which in particular Billing and processing of the contract includes. Personal data will only be passed on to third parties if this is necessary for the purpose of executing the contract.
b) Duration of storage
We store personal data that we collect and process for the purpose of executing contracts for a period of three years at the end of the year after the mutual service obligations have been fully fulfilled. If the data is the subject of business letters within the meaning of Sections 147 Paragraph 1 Nos. 2 and 3, 257 Paragraph 1 Nos. 2 and 3 HGB, the data will be deleted at the end of six years at the end of the year. The same applies if they are part of other documents that are important for taxation within the meaning of Section 147 Paragraph 1 No. 5 AO, unless shorter retention periods are permitted in other tax laws. If the data is part of accounting documents within the meaning of Sections 147 Paragraph 1 Nos. 1, 4, 4a AO, 257 Paragraph 1 Nos. 1 and 4 HGB, the data will be deleted at the end of ten years at the end of the year.
c) Legal basis
The aforementioned data is stored on the legal basis of Article 6 Paragraph 1 Letter b and Letter c GDPR in order to fulfill the obligations arising from the contract and to provide the services necessary for the execution of the contract. d) Possibility of objection and removal
Since there are legally standardized retention periods and the data must remain stored and processed to execute the contract, an objection or deletion is not possible.

a) Purpose of data processing
A user can contact us by email, contact form, message to our social network accounts, or telephone. We store the data transmitted to us and provided by the person concerned in order to process the request. This data regularly includes name, address, e-mail address, telephone number, date and time of the request, and the description of the request, if necessary contract data if the request is made as part of the establishment or processing of a contract.
If the personal data is sent via email or contact form, it will be passed on to service providers who enable the sending (participating mail providers or plug-in providers).
b) Duration of storage
We store personal data that we collect and process for the purpose of establishing contact for a period of three years at the end of the year after the mutual service obligations have been fully fulfilled. If the data is the subject of business letters within the meaning of Sections 147 Paragraph 1 Nos. 2 and 3, 257 Paragraph 1 Nos. 2 and 3 HGB, the data will be deleted at the end of six years at the end of the year. The same applies if they are part of other documents that are important for taxation within the meaning of Section 147 Paragraph 1 No. 5 AO unless shorter retention periods are permitted in other tax laws. If the data is part of 6 accounting documents within the meaning of Sections 147 Paragraph 1 Nos. 1, 4, 4a AO, 257 Paragraph 1 Nos. 1 and 4 HGB, the data will be deleted at the end of ten years at the end of the year.
c) Legal basis
The aforementioned data is stored on the legal basis of Art. 6 Para. 1 lit. b GDPR as part of the initiation or fulfillment of a contract or in accordance with Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is to be able to process the contact request and to prevent misuse of the contact request.
d) Possibility of objection and removal
The person concerned has the opportunity to object to the storage at any time. The data stored for the process will then be deleted. If a contract has been concluded, the above statements regarding the keyword “execution of the contract” apply.

a) Purpose of data processing
The person concerned can register with us by providing personal data that is transmitted to us and stored. The data provided during registration as well as the IP address, the date and time of registration are saved. Registration is necessary to provide certain content and services and also serves to establish and fulfill our contract with the person concerned.
b) Duration of storage
As soon as the data is no longer necessary to achieve the purpose, it will be deleted. If you register without further conclusion of a contract, this is the case when the customer account is deleted. Otherwise, personal data will be deleted from the additionally concluded contract after the mutual service obligations have been fully fulfilled.
c) Legal basis
The aforementioned data is stored on the legal basis according to Art. 6 Para. 1 lit. b GDPR as part of the fulfillment or initiation of the contract or according to Art. 6 Para. 1 lit. f GDPR. The legitimate interest of the person responsible is to be able to provide certain content and services for the benefit of users.
d) Possibility of objection and removal
The person concerned has the option to delete the customer account or adjust the data at any time. The account will be deleted or changed by notifying the contact named under Section I. There is no possibility of objection or deletion of the registration and the data if the registration was used to establish or implement a contractual relationship; Here you can only delete the account. The account is deleted using the steps mentioned above.

a) Purpose of data processing
This website uses Google Analytics, a web analysis service from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA). Google Analytics uses so-called “cookies”, text files that are stored on the data subject’s device and enable the use of the website to be analyzed. The information generated by the cookie about the use of this website is usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymization on this website, Google will first shorten the IP address of the data subject within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data.
As far as data is transferred to Google LLC in the USA, this is done on the basis of the EU-U.S. Privacy Shields (https://www.privacyshield.gov/participant? id=a2zt000000001L5AAI&status=Active). You can find further information about Google's data protection regulations at the following internet address: https://policies.google.com/privacy
b) Duration of storage
As soon as the data is no longer necessary to achieve the purpose, it will be deleted, which is the case when the anonymization, which takes place within the European Union, has been completed. This takes less than a second. The data we send and linked to cookies, user identifiers (e.g. user ID) or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has been reached occurs automatically once a month. Further information can be found at https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=de.
c) Legal basis
Processing takes place on the legal basis of Art. 6 Para. 1 lit. a GDPR only with prior consent.
d) Objection and removal option You can block the use of cookies in the device used or the cookie banner displayed or delete the cookies after use. How cookies can be blocked and cookies that have already been saved can be deleted can be found in the browser software instructions; However, we would like to point out that in this case not all functions of this website may be able to be used to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to the use of the website (including the IP address) and from processing this data by Google at http://tools.google. com/dlpage/gaoptout?hl=de install available browser plugin.

a) Purpose of data processing
Through the Twitter button (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A.) we do not collect any personal data at all . Nevertheless, for the sake of completeness, we explain the technical background. We only use a deactivated button from the social network Twitter. This means that no data is transmitted to this network. By clicking on the buttons, the person concerned decides to activate this and thereby establish a connection to the Twitter server and thus transmit data to the servers of the social networks in accordance with the agreement concluded by the person concerned with the social network. Activation leads to access to social network content. The type, purpose, and scope of data collection and use can be found in the relevant data protection declarations of the social networks.
As far as data is transmitted to Twitter Inc. in the USA, this is done on the basis of the EU-U.S. Privacy Shields (https://www.privacyshield.gov/participant? id=a2zt0000000TORzAAO&status=Active).
You can find further information about Twitter's data protection regulations at the following internet address https://twitter.com/de/privacy
b) Duration of storage
The duration of storage depends on the specifications of the social network operators.
c) Legal basis
The operators of the social networks inform those affected about the legal basis.
d) Possibility of objection and removal
On Twitter, you can restrict the processing of your data within the general settings of your account under “Data protection and security”.

a) Purpose of data processing
We use the Leaflet API to integrate the OpenStreetMap map service from the provider OpenStreetMap Foundation (OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB 4 0 WS, United Kingdom) into our website.
When the map service is called, the Leaflet script and the Leaflet CSS from unpkg.com as well as the map material from OpenStreetMap are loaded. Your IP address, a description of the type of operating system, web browser, and device used, the date and time of the pages accessed, and the page from which the file was requested are automatically processed. The data is used to make the map service available on our site. According to OpenStreetMap, they are used in particular to maintain and improve the service as well as for research and other purposes (partly anonymized for this purpose). According to OpenStreetMap, personal data will be passed on to third parties in particular within the people involved in the project and to the extent that there is a legal obligation to do so.
For details, we refer to https://www.leafletjs.com and the data protection regulations of OpenStreetMap at the following internet address https://wiki.osmfoundation.org/wiki/Privacy_Policy
b) Duration of storage
We do not evaluate this access data and will automatically overwrite it no later than seven days after the end of your visit to the site. OpenStreetMap claims to store the data for 180 days.
c) Legal basis
Processing takes place on the legal basis of Art. 6 Para. 1 lit. a GDPR only with prior consent. d) Objection and removal option The person concerned can deactivate JavaScript on the device used and block the use of cookies or the displayed cookie banner or delete them after use. How cookies can be blocked and cookies that have already been saved can be deleted can be found in the browser software instructions; However, we would like to point out that in this case, not all functions of this website may be able to be used to their full extent.

a) Purpose of data processing
In our blog, where we publish various articles on the topic of Magento, a user can make public comments. This will be published with the name provided in the post. Providing your email address is required; all other information is voluntary. The IP address is also stored.
Storage is necessary in order to be able to defend ourselves against liability claims in the event of possible publication of illegal content. We need your email address in order to contact you if a third party should complain that your comment is illegal. The personal data is passed on to service providers who perform IT tasks for the benefit of the blog (such as providers of plugins or anti-spam service providers).
b) Duration of storage
The data is saved for each user comment and deleted as soon as it is no longer required for the purpose of the collection, which is the case no later than three months after the comment was published.
c) Legal basis
The aforementioned data is stored in accordance with Article 6 Paragraph 1 Letter f of the GDPR. The legitimate interest lies in making our blog available and in order to be able to prevent misuse of the comment function.
d) Possibility of objection and removal
The person concerned has the opportunity to object to the storage at any time. The data stored for the process will then be deleted.

If personal data is processed by the user on our website, the data subject has the following rights towards the person responsible in accordance with the GDPR.

The data subject has the right to the following information:
a) the processing purposes;
b) the categories of personal data processed;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
d) if possible, the planned period for which the personal data will be stored or, if this is not possible, the criteria for determining that period;
e) the existence of a right to rectification or deletion of personal data concerning them or to restriction of processing by the controller or a right to object to such processing;
f) the existence of a right to lodge a complaint with a supervisory authority;
g) if the personal data are not collected from the data subject, any available information about the origin of the data;
h) the existence of automated decision-making including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.
i) if personal data is transferred to a third country or to an international organization, the data subject has the right to be informed of the appropriate guarantees in accordance with Article 46 GDPR in connection with the transfer.
We provide the data subject with a copy of the personal data that is the subject of processing. For all further copies requested by the data subject, the person responsible may charge a reasonable fee based on the administrative costs.

The data subject has the right to immediately request that the person responsible correct incorrect personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement.

The data subject has the right to request that the controller delete personal data concerning him/her without delay, and the controller is obliged to delete personal data without delay if one of the following reasons applies:
a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) the data subject revokes their consent on which the processing was based in accordance with Article 6 (1) (a) or Article 9 (2) (a) of the GDPR and there is no other legal basis for the processing;
c) the data subject objects to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing in accordance with Article 21 (2) GDPR;
d) the personal data were processed unlawfully;
e) the deletion of the personal data is necessary to comply with a legal obligation under Union or Member State law to which the controller is subject;
f) the personal data was collected in relation to information society services offered in accordance with Article 8 Para. 1 GDPR.

The data subject has the right to request that the controller restrict processing if one of the following conditions is met:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data,
b) the processing is unlawful and the data subject refuses the deletion of the personal data and instead requests the restriction of the use of the personal data;
c) the controller no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise, or defend legal claims, or
d) the data subject has lodged an objection to the processing in accordance with Article 21 Para. 1 GDPR as long as it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.

If the data subject has requested a correction in accordance with Art. 16 GDPR, a deletion in accordance with Art. 17 Paragraph 1 GDPR or a restriction of processing in accordance with Art. 18 GDPR with regard to his or her personal data, and the controller has all recipients to whom the data has been sent personal data of the data subject were disclosed, informed about the data subject's request (unless this was impossible or involved disproportionate effort), the data subject has the right to be informed by the person responsible about the recipients.

If the data subject has requested a correction in accordance with Art. 16 GDPR, a deletion in accordance with Art. 17 Paragraph 1 GDPR, or a restriction of processing in accordance with Art. 18 GDPR with regard to his or her personal data, and the controller has all recipients to whom the data has been sent personal data of the data subject were disclosed, informed about the data subject's request (unless this was impossible or involved disproportionate effort), the data subject has the right to be informed by the person about the recipients.

The data subject has the right, for reasons arising from his or her particular situation, to object at any time to the processing of personal data concerning him or her, which is carried out on the basis of Article 6 (1) (e) or (f) of the GDPR; This also applies to profiling based on these provisions.
We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise, or defend legal claims. If personal data is processed for the purpose of direct advertising, the data subject has the right to object at any time to the processing of personal data concerning him or her for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. If the data subject objects to the processing for direct advertising purposes, the personal data will no longer be processed for these purposes. The consent given by the person concerned can be revoked at any time. However, the collection and processing that has taken place up to this point remains lawful.

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him.
This does not apply if the decision
a) is necessary for the conclusion or fulfillment of a contract between the data subject and us,
b) is permitted by the laws of the Union or member states to which we are subject and these laws contain appropriate measures to safeguard the rights freedoms and legitimate interests of the data subject or
c) takes place with the express consent of the person concerned.
These decisions may not be based on special categories of personal data in accordance with Article 9 Paragraph 1 GDPR, unless Article 9 Paragraph 2 Letters a or g GDPR applies and appropriate measures are taken to protect the rights and freedoms and legitimate interests of the data subject were hit. In the cases mentioned under points a) and c), we take appropriate measures to protect the rights and freedoms as well as the legitimate interests of the person concerned, including at least the right to obtain the intervention of a person on our side, to express one's own point of view and heard to challenge the decision.

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her place of residence, place of work or the place of the alleged infringement, if the data subject is of the opinion that the processing of personal data concerning him or her is contrary to violates this regulation.
The supervisory authority to which the complaint was submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.

Without prejudice to any available administrative or extrajudicial remedy, including the right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR, any data subject shall have the right to an effective judicial remedy if he or she considers that the rights to which he or she is entitled under this Regulation have been violated as a result of an inconsistency the processing of his personal data in accordance with this regulation has been violated.
The courts of the Member State in which we or the processor have an establishment have jurisdiction over any legal action against us or against a processor. Alternatively, such actions may also be brought before the courts of the Member State in which the person concerned is domiciled unless we or the processor are an authority of a Member State which has acted in the exercise of its sovereign powers.