Privacy policy

This Privacy Policy describes how we process personal data, cookies and other Information Technology in connection with your use of our website www.winderen.com, applications, services and your communications and interactions with us.

  1. Personal data processing

    We process your personal data in a compliant, reliable and transparent way. In doing that, we ensure adequate security, including protection from prohibited or unlawful processing or accidental loss or destruction of the data or damage thereto, by means of appropriate technical and organisational measures.

    We process personal data:

    1. in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “the GDPR”,
    2. in accordance with the rules specified in this document, hereinafter referred to as “the Privacy Policy”, applicable from 06 April 2022.
    3. as described in the privacy policies of Facebook, Instagram, Pinterest and TikTok regarding your interactions with us on these social media, which apply if you have interacted with our profiles on these media.

  2. The Controller

    We are responsible for the purpose and manner of our use of your personal data. The entity responsible (hereinafter referred to as “the Controller”) for personal data processing is:

    Winderen Sp. z o.o.
    ul. Młyńska 27, 22-400 Zamość
    Poland
    Tel. no. +48 (84) 538 75 84

  3. Contact details for matters connected with personal data

    In the matters connected with personal data processing you can contact us using the following details:

    Winderen Sp. z o.o.
    ul. Młyńska 27, 22-400 Zamość
    Poland

  4. Source of personal data

    We have obtained your personal data:

    1. directly from you:
      1. through voluntarily completed electronic forms on our website www.winderen.com, e.g. during registration or in contact forms;
      2. through voluntarily completed forms (e.g. surveys) submitted to us via other providers of electronic services;
      3. in submitted documents, correspondence, orally or by means of electronic communication, e.g. telephone, email, chat;
      4. in connection with taking action prior to entering into a contract or in connection with the performance of a contract;
    2. from a third party, most often in connection with taking action prior to entering into a contract or performing a contract to which your employer, principal, subcontractor, partner, supplier, client or intermediary will be or is a party, in particular for the purpose of delivering or receiving an order or service;
    3. from our partners through whom you have entered into a contract with us (e.g. eBay);
    4. automatically - when you access our website www.winderen.com or in connection with your communication with us by electronic means, using Information Technology;
    5. from publicly available registers – in some situations we use data made available in public registers, e.g. CEIDG (Central Registration and Information on Business), KRS (National Court Register),, Portal Podatkowy (Tax Portal), VIES.

  5. Information technology used by the Controller

    When you browse our website www.winderen.com or communicate with our telecommunication systems by means of electronic communication, we process your Telemetric Data such as your computer's IP address, identifiers, technical parameters of your browser and device, information about your activities and actions. If you communicate with us via electronic mail (email), within the scope of Telemetric Data we can process the IP address of the computer, from which your message was sent. Similarly, in the case of other means of electronic communication, e.g. when you call us, we will process your telephone number and if you contact us via instant messaging – your online ID.

    We use Information Technology from us and our partners to process Telemetric Data:

    1. ICT system logs - records of the time, parameters and nature of events relating to your communication with us;
    2. cookies - small files stored in the memory of your web browser (more);
    3. scripts (including SDKs) - computer code executed by a web browser;
    4. tags (pixels) - graphic files that signal visits to our website or reading of an email coming from us;
    5. local storage - usually used to speed up loading of a website, store user preferences and other information.

    We use the following tools, which work on the basis of Information Technology:

    1. essential - Information Technology necessary for the proper functioning of our website, which stores temporary session IDs and thus provides you with secure access to your data (access authorisation), enables you to save and continue your purchases, stores your privacy settings, enables you to make payments through our partners: PayPro S.A., PayPal Inc., Stripe Inc., Apple Inc., Google LLC, Currence Holding B.V., SIBS, Klarna Bank AB, Sofort GmbH, Giropay GmBH, Studiengesellschaft für Zusammenarbeit im Zahlungsverkehr GmbH, Bancontact Payconiq Company NV/SA;

    2. functional - they store your preferences and settings regarding:

      1. the use of our website (e.g. remembering your login details, language settings);
      2. video players used on our website - YouTube and Vimeo;

    3. analytical - used to analyse the sources of traffic on our website and how they are used:

      1. Google Analytics
        In order to analyse the sources of traffic on our website and the manner in which they are used by visitors, we use Google Analytics tools based on cookies. Google processes data (related to the device and browser, as well as the actions of the website user) gathered during the use of our website in the manner described here. The data processed by Google Analytics are anonymised – their processing does not constitute the processing of your personal data.

    4. marketing - allow us to tailor the marketing content to your interests and to assess its effectiveness:

      1. Google Analytics and Google Marketing Platform advertising features
        We use Google Analytics and Google Marketing Platform advertising features such as: remarketing, viewing reports, demographic and interest data reports. Operation of these functions requires the use of Google ad cookies. We do not have access to the data from the cookies stored on your device but we can commission advertisements for specific target categories of our choice (based on the information on behaviour, interests and demographic data), e.g. for all people, who have visited our website in the last 7 days. Google processes data in the manner described here.
      2. Facebook Pixel
        We use Facebook Pixel tools for managing advertisements on Facebook and for remarketing activities. Pixel works on the basis of data processing: HTTP headers, pixel data, button clicks, optional values, form field names. It analyses user visits on our website and collectively provides us with statistics on our Facebook and Instagram social media activities including: page likes (Facebook), followers (Instagram), age, gender, most popular cities and countries, location, interests (more). This allows us to have ads displayed for these people (remarketing).
        Meta Platforms Ireland Ltd. (owner of Facebook and Instagram) processes your data in accordance with the rules described for Facebook and Instagram. We process your data using Pixel tools to create non-standard target groups for our advertising campaigns and to measure the effectiveness and reach of the advertising campaigns and return statistics of people who displayed the advertisements and responded to them.
      3. Klaviyo
        In order to maintain the business relationship and provide you with the best experience during the shopping process and use of our website, we process information about your orders, your reading of emails from us and your activity on our website. We therefore benefit from the support of Klaviyo tools (more).
      4. Pinterest Tag
        We may use information about your activity on our website to display ads on Pinterest that may be of particular interest to you, analyze statistics about them, and create custom audiences for those ads. We therefore use the technologies described here.
      5. TikTok Pixel
        TikTok Pixel is a tool that, based on your activity on our website, allows us to advertise products of particular interest to you on TikTok, monitor the effectiveness of ads and create custom audiences for remarketing. Pixel works based on data processing: HTTP headers (browser, IP address, country, language), user interactions with ads and activity on our website (more).

  6. Purpose and legal basis of the processing

    We gather personal data for specific, clear and legitimate purposes and we do not process them further beyond these purposes. We process your personal data for the following purposes and on the following legal basis:

    1. performance of a contract or order, including pre-contractual action, performance of a service or order (especially if placed by means of electronic communication) and delivery of goods - performance of the contract;
    2. execution of payment for goods or services - performance of the contract;
    3. handling of receivablesour legitimate interest consisting of the enforcement of receivables and preventing the accumulation of arrears;
    4. preparation, storage and maintenance of the documentation required by law, including especially bills, invoices, accounting ledgers and other documents confirming and describing the circumstances of contract execution – our legal obligation under the Accounting Act and the provisions of the tax law;
    5. handling and recording of correspondence – our legitimate interest connected with the organisation of our business processes, documenting the circumstances of contract execution and making it possible to pursue or defend any claims;
    6. making it possible to pursue or defend any claims – our legitimate interest;
    7. establishment and maintenance of a commercial relation and maintenance of an account in the transaction system with an event log – this is our legitimate interest in connection with the organisation of our business processes with regards to the provision or reception of services (including electronically supplied services), execution of contracts and technological requirements;
    8. handling of complaints – contract execution (if you are our supplier, it is our legitimate interest);
    9. monitoring technical support services – our legitimate interest connected with monitoring the use of the technical support services we provide and documenting their scope and the process of their provision;
    10. promotion of products and services, including sending newsletters, direct mail etc. – your consent to the processing;
    11. running advertising and marketing campaigns and organising events, training and competitions – your consent to the processing;
    12. processing of Telemetric Data for the purposes of identification and rectification of errors, troubleshooting, optimising and securing IT infrastructure, pursuing and defending any claims - our legitimate interest in connection with our business activities;
    13. collecting feedback on purchased goods and services – our legitimate interest in relation to monitoring customer satisfaction and improving the quality of goods and services;
    14. displaying marketing content - our legitimate interest in connection with promoting our products and services;
    15. measuring, managing marketing content and conducting remarketing activities - our legitimate interest in connection with promoting our products and services;
    16. creating custom audiences for marketing campaigns, evaluating their effectiveness and reach - our legitimate interest in connection with promoting our products and services;

    In addition, we process your data using Information Technology for the purposes listed below:

    1. storing a temporary session ID and settings regarding our website, including the acceptance of cookies - performance of a contract in connection with the provision of electronic services;
    2. analysing how you came to us and how you use our website using Google Analytics - our legitimate interest;

  7. Categories of personal data

    Depending on the circumstances and scope of cooperation, the scope of data subject to processing may vary. It is always adequate, appropriate and limited to what is necessary for the purposes of the processing. As a rule, you decide what data you make available to us and how you use our services.

    Most often, we process your Address Details (full name or entity name, street, city and post code) and/or Company Details (name of the organisational unit or entrepreneur, name and surname of the natural person performing the professional activity, street, city, post code, tax identification number, sometimes also REGON number and other identifiers and registration numbers, e-mail address). The processing of the aforementioned data shall be performed for the purposes of contract execution, including the provision or receipt of services (also electronically supplied services), delivery/receipt of the commodities ordered and compiling, storage and maintaining the documentation required by law (e.g. invoices).

    In connection with the processing of online payments and receivables, we process Billing Data (depending on the payment method selected, this may include: credit/debit card number, card expiry date, CVV/CVC code, bank account number, payment processor ID, payment amount, currency, payment method), Address Details, Company Details and Contact Details. If you do not want us to process this type of data, you must use cash on delivery shipment or visit our premises and pay cash.

    If the business relationship between us is advanced, we will process your Business Details (full name, business name and contact details of the company, position) and Other Data (data voluntarily made available or provided to us, e.g. content entered in the optional fields in online forms).

    In order to create and maintain your account in our transaction system, it is necessary to process your e-mail address and the necessary Information Technology. If you agree, we will use your email address to send you commercial information. If you do not provide your email address or do not allow the necessary Information Technology to be processed - unfortunately we will not be able to process your order in the online shop (services provided electronically).
    We will not process your personal data (Address Details, Company details, Contact Details, etc.) if you are a consumer within the meaning of the Civil Code and you order and collect your order at our premises paying cash - in this case you will receive a receipt. If you would like to receive an invoice with your PESEL (personal identification) number, the number shall be processed solely for this purpose.

    We may receive your Address Details and/or Contact Details from a third party in connection with the performance of a contract concluded with that party. In such cases, you will be most often identified as the recipient of a shipment or a person, with whom we shall make arrangements in connection with the performed contract.

    If you provide us with your Contact Details (full name, nick/login and other online IDs, telephone number, e-mail address, website), we will be able to keep you informed about the progress in the execution of your order or contract and it will significantly improve the quality of our commercial/business relationship.

    We will process Company Details, Contact Details i Business Details for the purposes of establishing and maintaining a business or commercial relationship, monitoring technical support services, handling complaints, maintaining and recording correspondence. With your consent, we may use these data in connection with the promotion of products and services, conducting advertising and marketing activities and the organisation of events, training and competitions.

    We may ask you to provide your feedback on goods or services purchased from us. For this purpose we will process your email address, first name and country of delivery. If we publish your feedback it will only be signed with your first name and country of delivery to ensure your anonymity.

    When you visit our website or contact us by means of electronic communication (e.g. email, telephone, instant messaging, etc.) we will process your Telemetric Data. We process Telemetric Data for the purposes of identification and rectification of errors, troubleshooting, optimising and securing IT infrastructure, pursuing and defending any claims, analysing where you came to us from and how you use our website, maintaining a commercial relationship, displaying, measuring and managing marketing content, conducting remarketing activities, including creating customised audiences for marketing campaigns, evaluating their effectiveness and reach.

    Please do not to provide us in any way with any data that qualifies as a special category of personal data (i.e. personal data revealing ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data relating to health, sexuality or sexual orientation and criminal record), personal data regarding criminal convictions or any other data beyond the data categories listed above. Making such data available to us will be understood as your express consent to our processing of these data. As we do not have any basis for their processing, we reserve the right to delete them upon their detection, according to the principle of data minimisation.

    All personal data are processed in accordance with the principles of: accountability, transparency, correctness, accuracy, integrity and confidentiality.

  8. Recipient categories

    We make available or entrust the processing of your personal data to partners (persons or entities) and other data recipients only in cases justified by the performance of a contract, legal obligation, our legitimate interest or with your express consent. Every recipient receives only as much data as necessary for fulfilling a given processing purpose.

    Your personal data are made available to other data controllers:

    1. postal operators (entities carrying out postal or courier activities) – e.g. for the purpose of shipment and correspondence delivery;
    2. telecommunications operators and other entities providing telecommunications services delivered by electronic means - in connection with handling and registration of correspondence;
    3. financial institutions (banks, payment intermediaries) in connection with the execution of payments and the actions they take to ensure the legality of financial operations (detection, monitoring and prevention of fraud), verify identity and assess the risks involved in attempting to make a payment: PayPro S.A., PayPal Inc., Stripe Inc., Apple Inc., Google LLC, Currence Holding B.V., SIBS, Klarna Bank AB, Sofort GmbH, Giropay GmBH, Studiengesellschaft für Zusammenarbeit im Zahlungsverkehr GmbH, Bancontact Payconiq Company NV/SA;
    4. public bodies and entities (courts, revenue authorities, police etc.) – e.g. in connection with pursuing or defending claims;
    5. entities connected with handling of debt (bailiffs, debt collectors, economic information offices) – e.g. in connection with the necessity of receivables enforcement;
    6. Google Ireland Limited - creation of remarketing audience lists using Google Analytics Advertising Functions - our legitimate interest;
    7. Meta Platforms Ireland Ltd. - for the purposes of displaying, measuring, managing and remarketing marketing content using Facebook Pixel;
    8. Pinterest Europe Ltd. - for the purpose of displaying, measuring, managing and remarketing marketing content using Pinterest Tag;
    9. TikTok Technology Limited - for the purposes of displaying, measuring, managing and conducting remarketing content using TikTok Pixel;

    We entrust the processing of your personal data to the following processing entities:

    1. financial institutions (banks, payment intermediaries) - in connection with the processing of payments, refunds, etc., such as: PayPro S.A., PayPal Inc., Stripe Inc., Apple Inc., Google LLC, Currence Holding B.V., SIBS, Klarna Bank AB, Sofort GmbH, Giropay GmBH, Studiengesellschaft für Zusammenarbeit im Zahlungsverkehr GmbH, Bancontact Payconiq Company NV/SA;
    2. IT service providers (entities which operate our information systems or provide us with technical support services, entities which provide data communication tools, including statistical and marketing tools, telecommunications operators, cloud service providers) - such as Google Ireland Limited, Apple Distribution International Limited in Ireland, Microsoft Ireland Operations Limited;
    3. agencies (advertising and marketing agencies, entities intermediating in the organisation of marketing activities) – e.g. advertising and promotional campaigns, organisation of events and training;
    4. subcontractors (e.g. our advisers, consultants, auditors, legal, tax, accounting assistance, tax representatives) for the purpose of subcontracting certain services and certain work;
    5. Meta Platforms Ireland Ltd. - for the purpose of creating custom audiences for advertising campaigns using Facebook Pixel, evaluating their effectiveness and reach, and sending return statistics of people who displayed the advertisements and responded to them;
    6. Pinterest Europe Ltd. - for the purpose of creating custom audiences for advertising campaigns using Pinterest Tag, evaluating their effectiveness and reach, and sending return statistics of people who displayed the advertisements and responded to them;
    7. TikTok Technology Limited - for the purpose of creating custom audiences for advertising campaigns using TikTok Pixel, evaluating their effectiveness and reach, and sending return statistics of people who displayed the advertisements and responded to them;
    8. Klaviyo, Inc. - for the purpose of maintaining a business relationship;

    Additionally, we entrust the processing of your data (not constituting personal data within the meaning of the GDPR) to the following processing entities:

    1. Google Ireland Limited - in connection with the use of Analytical Information Technologies;
    2. Google Ireland Limited and Vimeo.com Inc. - in connection with the use of YouTube and Vimeo video players on our website;

    Some data may be transferred to a third country (outside the European Economic Area). We transfer data to entities: Google Ireland Limited, Apple Distribution International Limited in Ireland, Microsoft Ireland Operations Limited, Meta Platforms Ireland Ltd., Klaviyo Inc., Pinterest Inc., TikTok Technology Limited, Vimeo.com Inc., which may process data at their data processing centres located in the United States of America and possibly other countries based on:

    1. the legal mechanisms and standard contractual clauses used by IT service providers to ensure adequate protection of data when it is transferred outside the EEA;
    2. a finding by the European Commission that third countries ensure an adequate level of protection of personal data;
    3. the so-called Privacy Shield standard.

  9. Period of data processing

    Your personal data will be processed for a period not longer than necessary for the purposes of the processing:

    1. the establishment and maintenance of a commercial relation and maintenance of an account in the transaction system, monitoring of technical support services, handling of complaints – up to 5 years from the time of last login/transaction or up to 90 days from the date of recognition of your right to: deletion of data, restriction of processing, objection to processing;
    2. execution of a contract or an order – up to 31 days from the order pick-up or contract execution;
    3. drawing up, storing and keeping the legally required documentation, processing payments - up to 10 years;
    4. handling and recording of correspondence, handling of receivables, making it possible to pursue or defend claims – up to 10 years from the occurrence of the last event;
    5. Identification and rectification of errors, troubleshooting, optimisation and security of the ICT infrastructure - up to 2 years from the collection;
    6. promotion of products and services, conducting advertising and marketing activities and organisation of events, training and competitions – until you withdraw your consent to the processing, up to a maximum of 30 days from the date of the withdrawal;
    7. display of marketing content using the advertising functions of Google Analytics and Google Marketing Platform, Facebook Pixel, Pinterest Pixel, TikTok Pixel and Klaviyo tools - up to a maximum of 180 days from the date of the objection;
    8. measuring, managing marketing content and conducting remarketing activities using the advertising functions of Google Analytics and Google Marketing Platform, Facebook Pixel, Pinterest Pixel and TikTok Pixel - up to a maximum of 180 days from the date of the objection;
    9. Creating custom audiences for marketing campaigns, evaluating their effectiveness and reach using Facebook Pixel, Pinterest Pixel and TikTok Pixel - up to a maximum of 180 days from the date of the objection;

    Additionally, we process your data (not constituting personal data within the meaning of the GDPR) for the following purposes and in the following periods:

    1. use of analytical Information Technology - up to 14 months from the date of your last activity on our website, or a maximum of 180 days from the date of your objection.

    If your personal data are used as evidence in legal proceedings, they may be stored for longer than indicated above, until the legal conclusion of those proceedings.

  10. Your rights

    According to the GDPR, you have the right to the protection of your personal data, especially you have the right to:

    1. make a request to the Controller to provide you with access to your personal data;
    2. rectification of your personal data;
    3. delete your personal data;
    4. restrict the processing of your personal data;
    5. object to the processing of your personal data, including processing for the purpose of maintaining business relations and direct marketing (once the objection is raised, the data will not be processed to the extent of the objection);
    6. transfer your personal data;
    7. withdraw your consent to the processing of your personal data at any time, provided that the withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of your consent before its withdrawal;
    8. lodge a complaint with a supervisory authority – the President of the Personal Data Protection Office;

    If you want to withdraw your consent to the promotion of products and services (receiving newsletters), there is a link for cancelling subscription in every newsletter. Click on the link and confirm the cancellation of your subscription.

    You have the right to choose how we and our partners process your data at any time, you can:

    1. block cookies in your Internet browser that are stored by us and our partners and thus block the Information Technology that uses them. Please note, however, that if you block the necessary cookies in your browser, you will not be able to make purchases in our online shop. The necessary cookies are technically necessary for the operation of our shop (provision of the service electronically);
    2. delete already stored cookies. If you do not know how to do it, use the support tab in your web browser;
    3. object to the processing of your data using Information Technology - you can do it here. If you exercise this right in relation to selected tools - you will not be able to use the functionality they provide;
    4. you can also use the tools that allow you to choose your advertising and privacy settings: Digital Advertising Alliance, European Interactive Digital Advertising Alliance, Facebook privacy settings, Google privacy settings, browser add-on to block Google Analytics, Pinterest privacy settings and TikTok privacy settings.

    You can also exercise your rights by contacting us as described in section 3.

  11. Amendments to the Privacy Policy

    We reserve the right to amend the Privacy Policy without stating reasons at any time. The amendments referred to above do not limit the rights acquired before the amendments enter into force. We will communicate any amendments on our website: www.winderen.com.

Country: Deutschland

If this is wrong, please pick your country below to get the best Winderen experience

To the shop