This website requires JavaScript.

Privacy policy and information on data protection

Data protection notices and information on data protection

The protection of personal data you provide to us for processing is of utmost importance to us. In the following, we are providing information on the processing of personal data when using our online services.

Within the framework of our data protection responsibility, the commencement of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereafter referred to as:“GDPR”) has imposed additional duties on us to ensure the protection of personal data of a person who is affected by the processing of same (we are addressing you, as an affected person, with “Customer”, “User”, “You”, or “Affected Party”).

Insofar that we are making decisions on the purposes and means of data processing, either solely or jointly with others, this especially includes the duty to provide you with transparency regarding the type, scope, purpose, duration and legal basis of the processing (see section 13 and 14 GDPR). With these data protection notices, we are informing you of the way in which we process your personal data.

Our data protection notices have a modular structure. They consist of a general section for any processing of personal data and processing situations that come to bear each time a website is opened (A. General information) and a special section with content that refers exclusively to only the processing situation there with a description of the respective offer or product, particularly the visit of websites, which is explained in more detail (B. Visiting websites).

Section Designation This section is for you

Section A General information always relevant.

Section B Website relevant, if you are using our German online offer.

Section C Marketing Analytics relevant, if you are using our German online offer

Section D Online-Shops relevant, if you are using our online shops.

Section E CoffeeConnect relevant, if you are using our digital CoffeeConnect platform

Section F Cookie Policy relevant, if you are using our German online offer.

A. General information
(1) Definitions of terms

Modelled after section 4 GDPR, these data protection notices are based on the following definition of terms:

  • “Personal data” (section 4(1) GDPR) refers to all information that is related to an identified or identifiable natural person (“affected person”).
  • “Processing” (section 4(2) GDPR) is any process in which personal data is handled, regardless of whether or not automated (technical) processes are used.
  • “Responsible party” (section 4(7) GDPR) is the natural or legal person, public authority, public body or other body making decisions solely or jointly with others on the purposes and means of the processing of personal data.
  • “Third party” (section 4(10) GDPR) is any natural or legal person, public authority, public body or other body except for the affected party, the responsible party, the order processor and the persons who are authorised to process personal data; this also includes other legal persons belonging to the Group.
  • “Order processor” (section 4(8) GDPR) is a natural or legal person, public authority, public body or other body that processes personal data by order of the responsible party, particularly in accordance with its instructions (e.g. IT service provider). Within the meaning of data protection law, an order processor is particularly no third party.
  • “Consent” (section 4(11) GDPR) by the affected person designates any voluntary, informed and unambiguous consent given for the specific case in form of a declaration or other clear action, with which the affected person makes it understood that they agree to the processing of their personal data.
(2) Name and address of the party responsible for processing

We are the responsible party for processing your personal data within the meaning of section 4(7) GDPR:

WMF GmbH

WMF Platz 1, 73312 Geislingen/Steige

Telephone +49 (0) 7221 25-1; Telefax:+ 49 (0) 7331 453 87

E-mail address:kundencenter[at]wmf.de

For more information, please refer to the information in the legal notice on our website Internetseite.

(3) Contact details for the Data Protection Officer

Our Data Protection Officer is available to you to answer any questions and as your contact regarding data protection at any time. The contact details are as follows:

WMF GmbH

Data protection

WMF Platz 1, 73312 Geislingen/Steige

dataprivacy@wmf.de

(4) Legal bases of data processing

By law, any processing of personal data is generally prohibited, except if data is processed under one of the following legitimate interests:

  • Section 6(1)(1)(a) GDPR (“Consent”):if the affected person has relayed with voluntary, informed and unambiguous declaration or other clear confirming action that the affected person agrees to the processing of their personal data for one or more specific purposes;
  • Section 6(1)(1)(b) GDPR:if the processing is required for the performance of a contract where the contractual party is the affected person or for the performance of pre-contractual measures that occur upon the request of the affected person;
  • Section 6(1)(1)(c) GDPR:if the processing is required to meet a legal obligation that the responsible party is subject to (e.g. statutory storage requirement);
  • Section 6(1)(1)(f) GDPR (“Legitimate interests”):if the processing is required to protect legitimate (particularly legal or economic) interests of the responsible party or a third party unless there are overriding interests or rights of the affected person (particularly if a minor is involved).

We are indicating the applicable legal basis for the data processed by us below. Processing can also rest on multiple legal bases.

(5) Data erasure and storage period

For data processed by us, we are indicating in the following how long we will store the data and when it will be erased or blocked. If an explicit storage period is not given in the following, your personal data will be erased or blocked as soon as the purpose or legal basis for the storage no longer applies. Your data will exclusively be stored on servers within the provisions of the GDPR, reserving a possible disclosure in accordance with the provisions in A.(7) and A.(8).

However, data may be stored beyond the specified period of time in the case of a (threatening) legal dispute with you or another legal proceeding or if storage is required by statutory regulations we are subject to as the responsible party (e.g. section 257 HGB, section 147 AO). If the storage period required by law expires, the personal data will be blocked or erased unless we are required to store the data further and a legal basis exists.

(6) Data security

We are using suitable technical and organisational security measures to protect your data from incidental or intentional manipulations, partial or complete loss, destruction or unauthorised access by third parties (e.g. TLS encryption for our website) under consideration of the state of the art, implementation costs and the nature of the scope, context and purpose of processing as well as the existing risks of a data breach (including its probability and effects for the affected person. We are continuously improving our security measures according to the technological development.

We will be happy to provide you with further information upon request. Please contact our Data Protection Officer (see under A.(3)).

(7) Cooperation with order processors

As is customary in any larger company, we are using external national and foreign service providers for processing (e.g. for the areas of IT, logistics, telecommunication). They exclusively work as instructed by us and have been contractually obligated within the meaning of section 28 GDPR to comply with data protection regulations.

(8) Preconditions for the forwarding of personal data to third countries

Within the framework of our business relationships, we may forward or disclose your personal data to third-party companies. They can be located outside of the European Economic Area (EEA), which means in third countries. Such processing exclusively occurs for the performance of contractual and business obligations and to maintain your business relationship with us (legal basis is section 6(1)(b) or (f), in combination with section 44 ff. GDPR). We are providing you with information on the details of the forwarding in the following in the relevant places.

The European Commission certifies for some third countries by way of so-called adequacy decisions that the data protection is comparable to that of the EEA standard (a list of these countries and a copy of the adequacy decisions are provided here:https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). In other third countries, to which personal data may be transmitted, the data protection level may not be continuously high under certain circumstances due to the lack of legal requirements. Where this is the case, we are making sure that data protection is adequately ensured. Please contact our Data Protection Officer (see under A.(3)) for more information.

(9) No obligation to provide personal data

The conclusion of contracts with us is not contingent upon your provision of personal data. You, the customer, are not legally or contractually obligated at any time to provide us with your personal data. However, it is possible that we can provide certain offers only with restrictions or not at all if you do not provide the subsequently required data. Should this be the case as an exception for the products offered by us, you will be notified accordingly.

(10) Legal obligation to transmit specific data

Under certain circumstances, we may be subject to a particular statutory or legal obligation to provide the legitimately processed personal data to third parties, particularly public bodies (section 6(1)(1)(c) GDPR).

(11) Your rights

You can exercise your rights as an affected person regarding your processed personal data at any time at the contact details under A.(2).

  • You have the right to demand information about your data processed by us. If your identity cannot be unequivocally be verified for your request for information, you will receive follow-up questions because we have to ensure that you are the person you claim to be.
  • Furthermore, you also have the right to rectification or erasure or restriction of processing, if you are legally entitled to same.
  • You also have the right to data portability. In this case, this is only granted within the framework of the statutory requirements.
  • You also have the right to object to processing within the framework of the statutory requirements (section 21 GDPR).
  • Finally, you have the right to file a complaint at a data protection supervisory authority regarding the processing of your personal data at our company, such as the appropriate data protection supervisory authority for us:Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Lautenschlagerstraße 20 70173 Stuttgart.
B. Visiting websites
(1) Explanation of the function

Information about our company and services offered by us is particularly available under www.wmf-coffeemachines.com and its sub-domains and sub-pages. Your personal data may be processed when you are visiting our websites.

We are advising that you are providing your data at your discretion. However, if and to the extent that you are not providing data required for a specific service, you will not or not fully be able to use the respective service. We use the data exclusively to make the service you requested available to you.

(2) Processing activities

During the informational use of the websites, we may collect, store and further process personal data in the following categories:

a) Logging

“Log data”:when you visit our websites, a so-called log data record (so-called server log files) will be stored temporarily and anonymised on our web server. It consists of:

  • browser type/version
  • operating system of the requesting computer
  • file request of the computer
  • http response code
  • previous page visited (Referrer URL)
  • IP address of the requesting computer
  • time of the server request

The purpose of the processing is the provision of online services, security of online services and to ensure the functionality of the online services. Data is processed on the basis of section 25(2) TTDSG. The data is processed for the duration of the use of the online services.

b) Contact form

“Contact form data”:when using the contact form, the thereby transmitted data:title, surname and first name, address, e-mail address, any order data or product data and the time of transmission will be processed. Additionally, if you provide the data voluntarily:company, country, contact telephone number(s). The purpose of the processing is to be able to contact you in case of questions regarding our products and services and to be able to provide support, if necessary. The data will/can be stored for up to 10 years based on statutory requirements. Data is generally stored for three years. We are processing this data on the basis of section 6(1)(b) for the purpose of initiating or performing a contract.

c) Call Back Button

“Call Back Button data”:when using the Call-Back button, the thereby transmitted data:first name, surname, telephone number, will be processed to call you back. The purpose of processing is to contact you by telephone to respond to questions regarding our products and services and provide support, if necessary. The data will be stored for five days and then erased. We are processing this data on the basis of section 6(1)(b) for the purpose of initiating or performing a contract.

d) Newsletter

In addition to the purely informational use of our website, we are offering a subscription to our newsletter to inform you about current products, product developments, actions. If you register for our newsletter, we will collect, store and further process the following “newsletter data”:

  • the page from which the page was requested (so-called Referrer URL)
  • date and time of access
  • description of the type of web browser used
  • IP-address of the requesting computer, which is truncated so that a personal relation can no longer be established
  • e-mail address
  • date and time of registration and confirmation

We are advising you that we are analysing your user behaviour when sending the newsletter. For this analysis, the sent e-mails contain so-called web beacons or tracking pixels, which represent single-pixel image files, that are stored on our website. We link the data you provided in B.(2) and the web beacons with your e-mail address and an individual ID for the analyses. Links in the newsletter also contain this ID. We use the data to create a user profile to tailor the newsletter to your individual interests. We thereby record when you read our newsletters, which links you are clicking on in it and thereby derive your personal interests. We link this data with actions taken by you on our website.

You can object to the tracking at any time by clicking on the separate link that is provided in every e-mail or notify us through another contact channel. The information will be stored as long as you are subscribed to the newsletter. If you cancel the subscription, we will store the data purely statistically and anonymously. Additionally, such tracking is not possible if you have deactivated the display of images in your e-mail program by default. In this case, the newsletter will not be fully displayed for you and you may not be able to use all functions. If you are displaying the images manually, the tracking above will occur.

Newsletter data is processed for the purpose of sending you the newsletter. As part of your registration for our newsletter, you are giving your consent to the processing of your personal data (legal basis is section 6(1)(a) GDPR). We are using the so-called double opt-in method for the registration for the newsletter. This means, that we will send an e-mail to the e-mail address you provided to request your confirmation that you are requesting the receipt of the newsletter. The purpose of this method is to provide proof of your registration and be able to investigate any possible misuse of your personal data. You can withdraw your consent to receiving the newsletter at any time and cancel the subscription to the newsletter. You can withdraw your consent by clicking on the link provided in every newsletter e-mail, by e-mail to kundencenter@wmf.de or by sending a message to the contact provided in the legal notice.

(3) Transmission of personal data to third parties

The following categories of recipients, which are generally order processors (see A.(7)) may receive access to your personal data:

  • Service providers for the operation of our website and processing of data stored or transmitted through the systems (e.g. computer centre services, payment processing, IT security). The legal basis for the forwarding is then section 6(1)(1)(b) or (f) GDPR if they are not order processors;
  • State offices/authorities if this is required to meet a statutory obligation. The legal basis for the forwarding is then section 6(1)(1)(c) GDPR;
  • Persons assigned for the performance of our business operations (e.g. auditors, banks, insurance companies, legal consultants, supervisory authorities, participants in company purchases or the founding of joint companies). The legal basis for the forwarding is then section 6(1)(1)(b) or (f) GDPR.

To warrant an adequate level of data protection when forwarding data to third countries, see A.(8).

Additionally, we will only forward your personal data to third parties if you have given your explicit consent to do so in accordance with section 6(1)(1)(a) GDPR.

(4) Use of cookies, third-party providers and other technologies on our website

a) Cookie

We use cookies on our websites. Cookies are small text files that are assigned and stored for the browser you use on your hard drive with a characteristic string of characters and that allows certain information to flow through it to the office where the cookie was set. They serve to make the online offer more user-friendly and effective overall, which means more convenient for you.

Cookies can contain data that makes it possible to recognise the device that is used. However, cookies partially contain only information on certain settings that cannot be related to a person. Cookies cannot directly identify a user.

There is a differentiation between session cookies that will be deleted as soon as you close your browser and permanent cookies that are stored beyond the individual session. With regard to their function, there is a difference between cookies:

  • Technical (mandatory) cookies:these cookies are absolutely required to move around the website, use basic functions and ensure the security of the website. These cookies do not collect information about you for marketing purposes and do not store information on websites you have visited;
  • Functional cookies:these cookies collect information on how you are using our website, which pages you have visited and, for example, if errors have occurred while using our website. These cookies do not collect information that could identify you. All collected information is anonymous and will only be used to improve our website and learn what our users’ interests are;
  • Advertising and tracking cookies:these cookies serve to offer custom-tailored advertisements for the website user on the website or third-party offers and measure the effectiveness of these offers;
  • Sharing cookies:these cookies serve to improve the interaction of our website with other services (such as social networks);

The legal basis for cookies that are absolutely required to provide you with the explicitly desired service is section 25(2)(2) TTDSG. Any use of cookies that are not technically required for this purpose constitutes data processing that is permissible only with an explicit and active consent from you in accordance with section 25(1) TTDSG in combination with section 6(1)(1)(a) GDPR. This particularly applies to the use of performance, advertising, targeting or sharing cookies. Beyond that, we will only forward your personal data that was processed by cookies to third parties if you have given your explicit consent to do so in accordance with section 6(1)(1)(a) GDPR.

b) Cookie Policy

Further information on which cookies we are using and how you can manage your cookie settings and deactivate certain types of tracking is provided in our Cookie Policy (see under (F)). [Link to the Cookie Policy].

c) Embedding videos with YouTube

Nowadays, it is commonplace to supplement product offers on the internet with media from third-party platforms. Therefore, we are embedding our YouTube videos in our offer and ask you every time you access external contents if you would like to load them.

For the implementation of data protection friendly presets, contents are inactive by default. Initially, only an empty window is shown. The YouTube video will not play until you intentionally click on the provided button and give your consent to the data transmission and thereby the processing of your data by YouTube.

On the basis of this so-called two-click solution, you decide for yourself whether your data will flow to YouTube. This implementation is necessary because we have no influence on how YouTube processes your data. YouTube bears the responsibility for data protection in compliance with the law.

This is why we cannot obtain an effective data protection consent. This would have to primarily be done in an informed manner. However, since we do not have any knowledge of the purposes for which YouTube processes your data, we cannot provide you with any information on that.

In addition to the IP address, YouTube may also process technical data (screen resolution, browser used, operating system, etc.). It is also possible that so-called cookies are used, for example, to analyse your surfing behaviour. We do not receive information on how you use YouTube and what contents you are sharing or commenting on.

Therefore, we are advising you that you should obtain information from YouTube in advance as to how YouTube processes your data.

C. Marketing Analytics

We are using technologies for marketing analytics on our websites. They are described below.

(1) Google Analytics 4

If you have given your consent, this website uses Google Analytics 4, which is a web analysis service provided by Google LLC. The responsible office for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

a) Type and purpose of processing

Google Analytics uses cookies that enable us to analyse your use of our websites. The information that is collected by the cookies on your use of this website is generally transmitted to a Google server in the USA and stored there.

We are using the User ID function. With this User ID, we can assign a unique permanent ID to this or multiple sessions (and the activities during these sessions) and analyse user behaviour across devices.

In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to the IP anonymisation, Google truncates your IP address within the member states of the European Union or in other contractual states of the treaty for the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. According to Google, the IP address transmitted from your browser as part of Google Analytics will not be merged with other data.

During your website visit, your user behaviour will be recorded in form of “events”. Events can be:

  • Page views
  • Communication using contact form
  • Initial visit of the website
  • Start of the session
  • Visited websites
  • Your “click path” interaction with the website
  • Scrolls (whenever a user scrolls to the end of the page (90%))
  • Clicks on external links
  • Internal search queries
  • Interaction with videos
  • File downloads
  • Viewed / clicked advertisements
  • Language setting

The following is also recorded:

  • Your approximate location (region)
  • Date and time of your visit
  • Your IP address (truncated)
  • Technical information on your browser and end devices used by you (e.g. language setting, screen resolution)
  • Your internet provider
  • Referrer URL (which website/which advertising media brought you to this website)

b) Purposes of processing

On behalf of the operator of this website, Google will use this information to analyse your use of the website and to compile reports on website activities. Reports provided by Google Analytics serve to analyse the performance of our website and the success of our marketing campaigns.

c) Recipients

Recipients of the data are/may be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to section 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

d) Third-country transfer

For the USA, the European Commission has adopted its adequacy decision on 10 July 2023. Google LLC is certified according to the EU-US Privacy Framework. Because Google servers are distributed worldwide and a transfer to third countries (to Singapore, for example) cannot be fully excluded, we have also concluded EU standard clauses with the provider.

e) Storage period

Data sent by us and linked with cookies will be deleted automatically after 14 months. The maximum life cycle of the Google Analytics cookies is two years. Data that has reached the end of the storage period is automatically deleted monthly.

f) Legal basis

The legal basis for this data processing is your consent according to section 6(1)(1)(a) GDPR and section 25(1)(1) TTDSG.

g) Withdrawal

You can withdraw your consent at any time with future effect by opening the cookie settings [INSERT THE LINK TO THE SETTING OPTIONS FOR THE CONSENT TOOL HERE] and change your selection there. This does not affect the lawfulness of data processing based on the consent until the withdrawal of consent.

You can prevent the storage of cookies from the beginning by changing your browser settings accordingly. However, if you configure your browser to reject all cookies, the functionalities of this and other websites may be limited. Furthermore, you can also prevent transmission of the data generated by the cookie and relating to your use of the website (including your IP address) to Google and the processing of this data by Google by

  • withholding your consent to the setting of the cookie or
  • downloading and installing the browser add-on for the deactivation of Google Analytics HERE.

Further information on terms of use of Google Analytics and data protection at Google is available under https://marketingplatform.google.com/about/analytics/terms/de/ und unter https://policies.google.com/?hl=de.

(2) DoubleClick Floodlight

We are using DoubleClick Floodlight on our websites. DoubleClick Floodlight is a service offered by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). When you visit our websites, Google sets a cookie on your computer to generate a unique user identification. The data consumed by you is allocated to this user identification. For example, this can prevent that an ad is displayed for you that you have already seen. In addition, the cookies enable the measurement of conversions. This means, it determines if you, after you have viewed or opened a corresponding ad, have executed certain actions.

If you do not wish to receive interest-based advertising, you can deactivate the use of cookies for this purpose by accessing https://www.google.de/settings/ads. Alternatively, users can deactivate the use of cookies from third-party providers by starting the deactivation page of the network advertising initiative.

The users can view the purpose and scope of the data collection and the further processing and use of the data by Google as well as the related rights and setting options for the protection of the privacy of the users in the Google data protection notices:https://policies.google.com/privacy?hl=de&gl=de

(3) OwaPro

This website uses the web analysis and online marketing controlling system “OWAPro” by Hurra Communications GmbH (“hurra.com”) for web analysis and optimisation of online marketing campaigns.

Provider of OWAPro is Hurra Communications GmbH, Wollgrasweg 27, 70599 Stuttgart, Germany.

The web analysis primarily serves the analysis of user flows on this website and the optimisation of online marketing campaigns. OWAPro thereby allows the processing of the following personal data:online IDs, including cookie IDs, IP addresses, device IDs, customer IDs, referrers, transaction data. This data can also be used to measure and optimise the success of marketing campaigns and their cost-use analysis, to receive information on which offers are ordered by visitors or what other actions they have initiated (so-called “Conversion Tracking”). For this purpose, cookies can be used that enable the recognition of an Internet browser for another visit. Unique online IDs (“Cookie ID”) can be stored in these cookies on your device.

Generally, OWAPro exclusively processes pseudonymised data that hurra.com itself cannot assign to any identifiable natural person. By default, OWAPro automatically anonymises IP addresses. Further information on the type and scope of personal data processed by OWAPro and the possible cookies used is available in the privacy policy of hurra.com under:https://privacy.hurra.com/

You can object to the collection and processing of data by hurra.com services for this website at any time for the future with an Opt-Out [http://ssl.hurra.com/opt-out?cid=4755&ln=de].

D. Use of our online shops
(1) Processing of personal data

If you wish to order goods from our online shop, a contract can only be concluded with us if you provide the personal data we require for the purpose of processing your order.

Data processing when ordering products

Mandatory information is labelled as such; all other information is voluntary. The processed data categories are contact data, company data, customer data, personal data, order data, delivery data, invoice data and payment data. We will process data you have provided for processing contract initiation, orders and order processing. The legal basis here is section 6(1)(1)(b) GDPR.

Your data will be processed for as long as is required for the existing customer relationship. Irrespective of this, we are required under commercial and tax law to store your data for a period of up to ten years.

Payment information

If you select payment type “Credit Card”, your credit card data will be processed. For this purpose, we are transmitting your data to our payment service provider Adyen.

Payment processing follows the highest security requirements. All data is transmitted encrypted up to 256 Bit SSL and thereby protected from unauthorised access by third parties. We will process your payment information for the purpose of payment processing.

In cooperation with Adyen (Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ in Amsterdam; Netherlands), the payment is processed with the selected payment method. Adyen acts as the responsible party. Payment service provider Adyen hereby checks the creditworthiness and handles the financial processing of the order. We hereby transmit the following data to Adyen:identity data, address data, contact data, payment information, IP address.

For details on processing your personal data by Adyen, please view the Datenschutzhinweisen von Adyen.

Transmission of data to transport service providers

We are transmitting your personal data and delivery data to the transport service provider to process your order and deliver your order. Legal basis here is section 6(1)(1)(b) GDPR.

The transport service provider is the responsible party for processing within the framework of the delivery.

(2) Data security

We are using suitable technical and organisational security measures to protect your data from incidental or intentional manipulations, partial or complete loss, destruction or unauthorised access by third parties (e.g. TLS encryption for our website) under consideration of the state of the art, implementation costs and the nature of the scope, context and purpose of processing as well as the existing risks of a data breach (including its probability and effects for the affected person. We are continuously improving our security measures according to the technological development.

We will be happy to provide you with further information upon request. Please contact our Data Protection Officer (see under (A. 3)).

E. CoffeeConnect
(1) General information

The following data protection notice applies to the use of the digital solution WMF CoffeeConnect (“online portal”) and the services offered via this solution.

(2) Processing of personal data

As with any online service, our server automatically collects temporary information in the server log files, unless you have deactivated this function. If you want to view our web portal, we will collect the following data that we require technically to display our web portal for you and ensure stability and security:

  • IP address of the requesting computer
  • file request of the client
  • http response code
  • the website from which you are visiting us (referrer URL),
  • date and time of the server request
  • browser type and version
  • operating system of the requesting computer

No person-related analysis of the server log files takes place. At no time is the provider ever able to assign this data to specific persons. This data is not merged with data from other data sources.

If you provide personal data via our web portal (surname, first name, e-mail address, address), this generally occurs on a voluntary basis. This data is used by us for performance of our contract with you, to process your inquiries and orders and for the purposes of market research and opinion polling.

If you register at our web portal, we will process your data (surname, first name, e-mail address, address) to process the contract relationship. If you integrate a coffee machine in your profile, the technical data transmitted by the coffee machine will be linked with your profile (see under (F. 3)).

If you conclude a service agreement with us, we will also process your data in order to perform repairs and maintenance, in order to improve our service and for the purpose of product improvement and development.

If you want to order products via the web portal, you are required to enter your personal data (contact, delivery, invoice and payment data) we require to process your order to conclude the contract. Mandatory information is labelled as such; all other information is voluntary. We will use the data you provide in order to process your order. In this context, we are entitled to pass on your payment information to our bank or an online payment service.

(3) Processing of personal telemetry data

As a fundamental rule, the telemetry module allows a bidirectional data exchange which permits continuous remote retrieval of data for efficient monitoring, control and optimisation of economic and service-relevant processes.

On start-up of a coffee machine with WMF CoffeeConnect INSIDE, operating and status details of the coffee machine (“technical data“) are transmitted to WMF. In particular, this technical data includes:

  • the type and number of devices connected to the coffee machine with WMF CoffeeConnect INSIDE, e.g. cooler with compatible sensor system
  • counter readings and statistics on brewing processes, beverage and maintenance counters, milk temperature (in the case of add-on equipment or a countertop cooler), boiler temperature etc.
  • commands and functions executed via the portal, including time of operation
  • status of the coffee machine (on, off and time of change in status)
  • data on radio transmission, including signal strength, selected provider and the radio cell within which the coffee machine with WMF CoffeeConnect INSIDE is located
  • diagnostic and error messages of the coffee machine with WMF CoffeeConnect INSIDE and connected devices
  • cleaning operation types and times at which cleaning was carried out
  • software versions and times at which software and software log files were updated
  • beverage and machine settings

The technical data above has no personal relation for WMF unless the user uses WMF CoffeeConnect. The technical data is not linked to the user profile until the user integrates the coffee machine with WMF CoffeeConnect INSIDE. Where the technical data thus allows identification of a specific user as defined by section 4(1) GDPR, we process the data for the purpose of performance of the contractual services arising from the use of the web portal by the user.

Where further users are enabled as secondary users for a networked coffee machine in addition to the primary users, we also process the data listed above on use of the coffee machine by one or more secondary users within the same context in order to allow operation of the networked coffee machine by the further secondary users in accordance with the service to be provided.

As part of customer service, we will receive access to the technical data. The use is hereby pseudonymised. Any use related to a person occurs exclusively to provide the services from the contract that was concluded with the customer for the use of the WMF CoffeeConnect web portal or an existing service contract. We reserve the right to use the services of third parties to carry out maintenance work and to grant such third parties access to the user’s data within the context of commissioned data processing.

We reserve the right to use technical data and anonymised or pseudonymised usage data, particularly for statistical purposes or for the further development of products. This also applies if the user terminates the use of WMF CoffeeConnect. This data is exclusively technical, device-specific data. No person-related analysis is performed.

(4) Legal bases of data processing

The legal basis for the processing of personal data in connection with contact initiation using the contact form is section 6(1)(a) GDPR.

The legal basis for the processing of personal data in connection with purchase, service and maintenance agreements as well as for registration processes is section 6(1)(b) GDPR.

The legal basis for processing personal data in connection with the improvement and further development of our products and for advertising, market and opinion research is section 6(1)(1)(b) GDPR.

(5) Data erasure and storage period

We are required under commercial and tax law to store your address, payment and order data for a period of ten years. However, we will restrict processing after seven years, which means that your data will only be used for compliance with the statutory requirements. See also Regulations in A. (5)

(6) Data security

We are using suitable technical and organisational security measures to protect your data from incidental or intentional manipulations, partial or complete loss, destruction or unauthorised access by third parties (e.g. TLS encryption for our website) under consideration of the state of the art, implementation costs and the nature of the scope, context and purpose of processing as well as the existing risks of a data breach (including its probability and effects for the affected person. We are continuously improving our security measures according to the technological development.

We will be happy to provide you with further information upon request. Please contact our Data Protection Officer (see under (A. 3)).

F. Cookie Policy

The WMF Cookie Policy is directly linked with the setting options of the cookies. This will provide you with the necessary details on the cookies used and the options to accept or reject these cookies. This link takes you to the Cookie Policy.