top of page
Logo_lang.png

Privacy Policy

General Data Protection Regulation (GDPR)

We operate our websites in accordance with the principles set out below:
We undertake to comply with the statutory provisions on data protection and endeavor to always observe the principles of data avoidance and data minimization.
1. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is
Florian Engelmann
 Weingut Leininger

 Theilheimer Weg 3 - 5
 97246 Eibelstadt
 Eibelstadt, Germany
Phone: 09303/ 2209
 E-Mail: info@weingut-leininger.de
Website: www.weingut-leininger.de

2. Definitions

We have designed our privacy policy in accordance with the principles of clarity and transparency. Should there be any uncertainties regarding the use of specific terminology, the relevant definitions can be accessed here: https://dsgvo-gesetz.de/art-4-dsgvo/

 

3. Legal Basis for Processing Personal Data

We only process your personal data, such as your name, email address, and IP address, if there is a legal basis for doing so. Under the General Data Protection Regulation (GDPR), the following provisions are particularly relevant:

a) You have given us your consent for the processing of your personal data for one or more specific purposes, pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. In this context, you will be thoroughly informed about the purpose(s) of the processing, and your explicit consent will be documented.

b) The processing of your personal data is necessary for the performance of a contract or for the implementation of pre-contractual measures with you, pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.

c) The processing of personal data is necessary for the purposes of our legitimate interests, provided that your interests or fundamental rights and freedoms do not override these interests, pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

We will always inform you at the relevant points on which legal basis your personal data is being processed.

4. Disclosure of Personal Data

 Your personal data will not be transferred to third parties for purposes other than those listed below. We only share your personal data with third parties if:

a) You have given your explicit consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR,

b) the disclosure is necessary pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,

c) there is a legal obligation to disclose data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, or

d) it is legally permissible and necessary for the performance of a contract with you pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.

 

5. Data Retention and Deletion

We store all personal data that you provide to us only for as long as necessary to fulfill the purposes for which the data was transmitted or as required by law. Upon fulfillment of the purpose and/or expiration of the statutory retention periods, your data will be deleted or blocked.

 

6. SSL Encryption

 For security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the website operator, this website uses SSL encryption. You can recognize an encrypted connection by the change in the address line of the browser from "http://" to "https://" and by the lock icon in your browser line.

When SSL encryption is activated, the data you transmit to us cannot be read by third parties.

 

7. Collection and Storage of Personal Data and the Nature and Purpose of Their Use

a) When visiting the website When you access our website, the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:

  • IP address of the requesting computer

  • Date and time of access

  • Name and URL of the retrieved file

  • Website from which access is made (referrer URL)

  • Browser used and, if applicable, the operating system of your computer as well as the name of your access provider

The aforementioned data are processed for the following purposes:

  • Ensuring a smooth connection setup of the website

  • Ensuring comfortable use of our website

  • Evaluation of system security and stability

  • For further administrative purposes

Data that allows conclusions to be drawn about your person, such as the IP address, will be deleted after no later than 7 days. If we store the data beyond this period, the data will be pseudonymized so that assignment to you is no longer possible. The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

b) Contractual Relationship

(aa) Contract Conclusion

In the context of initiating a contractual relationship, we process only the personal data that is required for the execution of the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. If you provide further voluntary information, this data will be processed based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. This voluntary information is used to offer customer-friendly service and to continuously improve it.

(bb) Customer Account

You have the option to create a customer account with us. In this case, in addition to your data necessary for contractual performance, your voluntary information and purchase history are also stored and processed. This enables you to view your past purchases and simplifies future transactions. The legal basis for this is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. You can modify or delete your customer account at any time. If you choose to delete your account, all stored data will be removed immediately.

(cc) Data Disclosure for Shipping

Data necessary for the shipping of goods (first and last name, address, email address, phone number if required by the shipping method) will be forwarded to the corresponding shipping service provider for the purposes of notification and delivery of the goods. The legal basis for this data sharing is Art. 6 para. 1 sentence 1 lit. b GDPR.

We work with the following shipping service providers, where you can find more information about their data processing practices:

(dd) Disclosure of Data to Online Payment Providers

If you choose to pay using one of our online payment providers, your contact data will be transmitted to the respective provider as part of the transaction. The legality of this data transfer results from Art. 6 para. 1 sentence 1 lit. b GDPR (execution of payment) and our legitimate interest under Art. 6 para. 1 sentence 1 lit. f GDPR in offering a user-friendly and efficient payment process.

The data transferred typically includes: name, address, phone number, IP address, email address, number of items, item numbers, invoice amount and tax details, and other order-related data. Depending on the selected payment method (e.g., invoice or direct debit), the provider may forward the data to credit agencies for identity and credit checks.

Details of data processing can be found in the privacy policies of the providers, such as:

(ee) Blog

If you would like to comment on a blog post, your name, email address, and IP address will be collected and stored. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR, as storing this data is necessary to safeguard our legitimate interests, particularly in the event of legal claims concerning unlawful content. Other visitors to the website will see your name as the author, as well as the date and time of your comment.

ff) Contact Form / Non-binding Inquiry Forms / Email Contact

We offer contact forms on our website to allow you to get in touch with us at any time. To use these forms, we require a name (for personalized addressing) and a valid email address to respond to your inquiry. When you submit an inquiry via a contact form, the information you provide—including your contact details and your IP address—will be processed in accordance with Art. 6 para. 1 sentence 1 lit. b and f GDPR for the purpose of initiating pre-contractual actions at your request or to pursue our legitimate business interests. Alternatively, you may contact us via email using the address provided on our website. In this case, we will process your email address and any other data you include, also pursuant to Art. 6 para. 1 sentence 1 lit. b and f GDPR. We will delete inquiries and the related data no later than three months after receipt unless the data is needed to continue a contractual relationship.

gg) Google Fonts

We use Google Fonts on our website to ensure consistent and visually appealing font rendering. Google Fonts is a service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, California, 94043, USA). The web fonts are integrated via a server request, usually to a Google server in the USA. This may result in the following data being transmitted to and stored by Google:

  • Name and version of the browser used

  • Website from which the request was triggered (referrer URL)

  • Operating system of your device

  • Screen resolution

  • IP address of the requesting device

  • Language settings of the browser or operating system used

More information can be found in Google’s privacy notices:

We use Google Fonts to improve readability and user experience. The legal basis is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

hh) Use of Google Maps

Our website uses the Google Maps API. Using Google Maps may transmit data—including your IP address—to a Google server in the USA and store it there. Google may also share this data with third parties if required by law or if third parties process the data on Google's behalf. Your IP address will not be linked with other Google data. Nevertheless, it is technically possible that Google could identify individual users. We have no influence on the further use of your data by Google. If you want to avoid data transfer, you can deactivate JavaScript in your browser. However, this will disable the map display on our website. Google’s privacy policy: [https://www.google.com/policies/privacy/?hl=de]

We use Google Maps to help visitors find our location and plan their visit, based on our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

 

8. Cookies

We use cookies on our website. Cookies are small data packets that your browser automatically creates and that are stored on your device when you visit our website. These cookies store information relating to the specific device used. However, this does not mean that we directly obtain knowledge of your identity.

The data processed through cookies is necessary to protect our legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

Most browsers accept cookies automatically based on their default settings. However, you can configure your browser so that no cookies are stored on your device or so that a message appears before a new cookie is created. If you completely disable cookies in your browser, it is possible that you will not be able to use all the functions of our website.

We use the following types of cookies:

 

a) Session Cookies

We use session cookies to recognize that you have already visited individual pages on our website. These cookies are automatically deleted after you leave our site.

 

b) Temporary Cookies

We also use cookies that enable us to recognize you when you return to our website and use our services. This means you do not need to re-enter the settings and data you provided previously. These cookies are stored on your device for a defined period.

 

c) Optimization Cookies

Lastly, we use cookies to analyze the usage of our website statistically and to improve our offerings for you. These cookies allow us to recognize your browser upon your next visit. They are automatically deleted after a predefined time.

 

9. Analysis and Tracking Tools

We use the following analysis and tracking tools on our website to ensure ongoing optimization and tailor our services to meet user needs. These interests are deemed legitimate within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR. The purposes and categories of data processed by these tools can be found below:

 

a) Google AdWords

We use Google AdWords, an online advertising program from Google Inc. Our website also uses conversion tracking. A cookie is set on your device if you reach our website via a Google advertisement.

This cookie expires after 30 days and is not used to identify users personally. If the user visits specific pages on the AdWords customer's website and the cookie is still active, Google and the customer can recognize that the user clicked on the ad and was redirected to the page. Each Google AdWords customer receives a different cookie. Cookies cannot be tracked across AdWords customers' websites.

The information gathered using the conversion cookie is used to generate conversion statistics for AdWords customers. These customers learn the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users.

If you do not wish to participate in tracking, you can opt out by disabling the Google Conversion Tracking cookie in your internet browser. For more information on Google's privacy policies, visit: http://www.google.de/policies/privacy/

 

b) Wordfence Security

To protect our website against cybercrime and in particular viruses and malware, we use "Wordfence Security" from Defiant Inc., 800 5th Ave., Suite 4100, Seattle, WA 98104, USA.

Data processing is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. f GDPR (legitimate interest). The service distinguishes between natural persons and automated access (e.g., bots). Cookies are used for this purpose. To protect against brute-force and DDoS attacks, IP addresses are stored on Wordfence servers. IP addresses deemed safe are placed on a whitelist.

By protecting our website, Wordfence also protects visitors from malware, which constitutes a legitimate interest under Art. 6 para. 1 lit. f GDPR. The plugin's "Live Traffic View" feature is disabled.

More information: https://www.wordfence.com/privacy-policy/

 

10. Social Media

We use the following social media plugins to increase awareness of our website. The legal basis for using these plugins is Art. 6 para. 1 sentence 1 lit. f GDPR. The marketing purpose behind the use is considered a legitimate interest under GDPR.

The providers are responsible for the data protection-compliant operation. We use the "Shariff" tool to offer maximum protection to visitors.

 

a) Facebook Plugin "Like"

This site uses the Facebook "Like" plugin, identified by the blue logo and "Like" label. The plugin is operated by Facebook Ireland Ltd., Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland, and is directly connected to Facebook’s servers. No data is passed to the website operator.

When activated, the plugin collects, uses, and transmits data to Facebook, including when and that you visited our website. If you use the plugin actively (e.g., click the "Like" button), this information is also transmitted to Facebook.

Data collected depends on your Facebook login status. To prevent association with your profile, log out of Facebook before visiting our site. Facebook may process data in third countries.

More on Facebook’s data policies: http://www.facebook.com/policy.php  FAQs: http://www.facebook.com/help.php?page=1068

 

b) Use of Google +1

Our website uses Google +1 features by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

By using the Google +1 button, you can publish information globally. Google stores the content you +1 and information about your visit to the website. Your +1 activity may appear with your profile name and picture in Google services (e.g., search results, Google profile, or other websites).

To use +1, you need a public Google profile with a chosen name. This name is used across Google services and may replace other names used elsewhere. Information may also be displayed to people who know your email or have other identifying info.

Google’s data policies: http://www.google.com/intl/de/+/policy/+1button.html

 

c) Twitter

 Functions from Twitter Inc. (1355 Market Street, Suite 900, San Francisco, CA 94103, USA) are embedded in our site. By using Twitter and the "Re-Tweet" function, visited websites are linked to your Twitter account and shared. This transmits data to Twitter.

We do not know the content or usage of transmitted data. More information: http://twitter.com/privacy You can change your Twitter privacy settings at: http://twitter.com/account/settings

 

d) Instagram

We use features from Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA). Clicking the Instagram button links our website content to your profile—only if you are logged in.

We do not know the scope of data transmitted to or how it is used by Instagram. Instagram’s privacy policy: http://instagram.com/about/legal/privacy/

 

11. Rights of the Data Subject

You are entitled to the following rights:

 

a) Right of Access

Pursuant to Art. 15 GDPR, you have the right to request information about the personal data we process about you. This includes information about:

  • the purposes of the processing,

  • the categories of personal data,

  • the recipients or categories of recipients to whom your data has been or will be disclosed,

  • the planned duration of storage or the criteria used to determine the duration,

  • the existence of a right to rectification, deletion, restriction of processing, or objection,

  • the existence of a right to lodge a complaint with a supervisory authority,

  • the origin of your data, if not collected by us,

  • the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved.

b) Right to Rectification

 According to Art. 16 GDPR, you have the right to request the immediate correction of inaccurate or incomplete personal data stored by us.

 

c) Right to Erasure

 You have the right to request the deletion of your personal data under Art. 17 GDPR, unless further processing is required:

  • to exercise the right to freedom of expression and information,

  • to comply with a legal obligation,

  • for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR,

  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes according to Art. 89 para. 1 GDPR, insofar as the above-mentioned right is likely to render impossible or seriously impair the achievement of the objectives of that processing,

  • to establish, exercise or defend legal claims.

d) Right to Restriction of Processing

According to Art. 18 GDPR, you can request the restriction of processing of your personal data if:

  • you contest the accuracy of the data,

  • the processing is unlawful and you oppose the deletion,

  • we no longer need the data, but you need it for the establishment, exercise or defense of legal claims,

  • you have objected to processing pursuant to Art. 21 para. 1 GDPR.

e) Notification Obligation

If you have asserted the right to rectification, erasure or restriction of processing against us, we are obligated to inform all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

f) Right to Data Portability

You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller, where the processing is based on consent under Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a or on a contract under Art. 6 para. 1 lit. b GDPR and the processing is carried out by automated means.

g) Right to Withdraw Consent

You have the right to withdraw your consent under Art. 7 para. 3 GDPR at any time. The withdrawal does not affect the lawfulness of the processing based on consent before its withdrawal.​

h) Right to Lodge a Complaint

According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.

i) Right to Object

If your personal data is processed based on legitimate interests under Art. 6 para. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR if there are reasons arising from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right to object without specifying a particular situation. To exercise your right to withdraw or object, simply send an email to info@weingut-leininger.de

j) Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing—including profiling—which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

  • is necessary for entering into, or performance of, a contract between you and us,

  • is authorized by Union or Member State law and these laws contain suitable measures to safeguard your rights and freedoms and legitimate interests,

  • is based on your explicit consent.

Such decisions must not be based on special categories of personal data under Art. 9 para. 1 GDPR unless Art. 9 para. 2 lit. a or g applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In cases referred to in points i) and iii), we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention, to express your point of view, and to contest the decision.

 

12. Changes to This Privacy Policy

If we make changes to this privacy policy, these will be clearly indicated on the website and registered customers will be informed via email.

Last updated: January 18, 2023

bottom of page