Privacy policy

Information on the handling of data protection at wingsacademy

Privacy policy information of wingsacademy GmbH & Co. KG

 

Privacy policy wingsacademy GmbH & Co. KG website

Read more

Privacy policy for prospects/customers/business partners/suppliers

read more

Privacy policy information for the websites

wingsacademy GmbH & Co. KG takes the handling of your personal data very seriously. We feel that we have a special duty to preserve and protect the data and privacy of customers, prospects and employees.

However, many internet users are concerned about their personal data – they want to know whether it's being collected, stored, processed and shared, who is performing these activities, and what data is affected.

We want to earn your trust. That is why we strictly comply with all data protection laws and do everything in our power to protect your personal privacy and trade secrets.

In particular, this means:

 This privacy policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter “data”) within our website and the webpages, functions and content associated with it as well as external online presences such as our social media profiles (hereinafter collectively referred to as "online presence"). We have explained terms such as “processing” or “controller” below but also refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Terms used

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations that is performed upon personal data, whether or not by automated means. The term is broad and encompasses practically any handling of data.

“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that the additional information is kept separately and is protected by technical and organisational measures which prevent the personal data being attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Controller for purposes of the General Data Protection Regulation (GDPR)

wingsacademy GmbH & Co. KG
Bensheim Headquarters
Heimrodstraße 14
D-64625 Bensheim
Darmstadt Local Court HRA 84230
VAT no. DE274079785
Personally liable partner:
Aviatics GmbH
Domicile: Erich-Kästner-Weg 2, 64625 Bensheim
Commercial register court: Darmstadt Local Court HRB 25066
The courts of Bensheim have jurisdiction

Managing Director: Dipl.-Ing. Peter Arnold

Responsible under the Telemedia Act (TMG): Dipl.-Ing. Peter Arnold

Data Protection Officer

We have appointed a data protection officer.

Our data protection officer is Streit GmbH, Lahnstraße 27-29, 64625 Bensheim. Can be contacted at datenschutz@aviatics.de

Categories of data subjects

Visitors and users of the online presence (henceforth we also refer to the data subjects collectively as “users”).

Types of data processed:

- Master data (e.g., names, addresses).
- Contact details (e.g., email, phone numbers).
- Content data (e.g., text input, photographs, videos).
- Usage data (e.g., pages visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).

Purpose of the processing

- Provide the online presence, its functions and content.
- Respond to contact requests and communicate with users.
- Security measures.
- Measure reach/engage in marketing

Relevant legal bases

We inform you of the legal bases of our data processing as required by Art. 13 GDPR. The following applies wherever the legal basis is not stated in the privacy policy: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR; the legal basis of processing for the performance of our services and contractual measures and for the answering of inquiries is Art. 6(1)(b) GDPR; the legal basis of processing for compliance with our legal obligations is Art. 6(1)(c) GDPR; and the legal basis of processing for the protection of our legitimate interests is Art. 6(1)(f) GDPR. Art. 6 (1)(d) GDPR serves as the legal basis wherever the processing of personal data is necessary to protect the vital interests of the data subject or of another natural person.

Category of recipients - collaboration with processors and third parties

We will only disclose, transmit or otherwise make data available to other persons and companies (processors or third parties) in the course of our processing if we are permitted to do so by law (e.g. if data has to be transmitted to third parties such as payment service providers for the performance of the contract pursuant to Art. 6 (1)(b) GDPR), if you have consented, if we are under a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we engage third parties to process data on the basis of an “order processing agreement”, this is done on the basis of Art. 28 GDPR.

Transfers to third countries

We only process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or do so in the context of using third-party services or disclosing or transferring data to third parties where this is necessary for the fulfilment of our (pre-)contractual obligations or on the basis of your consent, a legal obligation or our legitimate interests. We will only process or have data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met, subject to statutory or contractual permissions. I.e. the processing may be based on special guarantees or compliance with officially recognised special contractual commitments (known as “standard contractual clauses”).

Security measures

We shall implement appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

The measures include, without limitation, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as data access, data entry, data disclosure, assurance of data availability and data segregation. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, erasure of data and response to data compromise. We start considering personal data protection when developing and selecting hardware, software and processes in accordance with the principle of privacy by design and privacy by default (Art. 25 GDPR).

Contact

The details of any user who contacts us (e.g. via contact form, email, telephone or social media) are processed for the purpose of handling and processing the contact request pursuant to Art. 6 (1)(b) GDPR. The user’s details may be stored in a customer relationship management system (“CRM system”) or comparable tool for organising inquiries.

We will delete the requests as soon as they are no longer necessary. We review their necessity every two years; the statutory retention obligations apply as well.

Newsletter

By subscribing to our newsletter, you agree to receive it and to the described procedures.

Newsletter content: We only send newsletters, emails and other electronic messages with promotional content (hereinafter "newsletter") if the recipients have given their consent or if we are allowed by law to do so. The user’s consent is based on the content of the newsletter wherever the content is specifically described during the subscription process. Our newsletters also contain information about our services and us.

Double opt-in and logging: Users subscribe to our newsletter in a double opt-in process. That is, after subscribing you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent anyone subscribing with other people’s e-mail addresses. Newsletter subscriptions are logged in order to be able to present evidence of the subscription process in accordance with legal requirements. This includes storing the login time, confirmation time and IP address. Likewise, changes to the data you have stored with the shipping service provider are logged.

Login data: All you need to do to subscribe to the newsletter is enter your email address. You can optionally provide a name so that we can address you personally in the newsletter.

The newsletter is sent and its engagement measured based on the recipients’ consent pursuant to Art. 6(1)(a), Art. 7 GDPR in conjunction with Section 7(2)(3) of the German Act against Unfair Competition (“UWG”) or, if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6(1)(f) GDPR in conjunction with Section 7(3) UWG.

The subscription process is logged based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. We are interested in using a secure, user-friendly newsletter system that serves our business interests, meets users’ expectations and allows us to document evidence of consent.

Cancellation/revocation - You can cancel receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interest in proving consent was previously given before deleting them. The processing of this data is limited to the purpose of potentially defending against claims. An individual erasure request may be filed at any time, provided that the previous existence of consent is confirmed at the same time.

Integration of external online services

Xing

Our online presence may integrate features and content from the service Xing, provided by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. This may include content such as images, videos or texts and buttons that users can use to share content from this online presence within Xing. If the users are members of the Xing platform, Xing can associate the invocation of the aforementioned features and content with the users’ Xing profiles.

Information on the provider’s privacy policy is available here: www.xing.com/app/share.

LinkedIn

Our online presence may integrate features and content from the service LinkedIn, provided by LinkedIn Ireland Unlimited Company, Attn: Legal Dept. (Privacy Policy and User Agreement), Wilton Plaza, Wilton Place, Dublin 2, Ireland. This may include content such as images, videos or texts and buttons that users can use to share content from this online presence within LinkedIn. If the users are members of the LinkedIn platform, LinkedIn can associate the invocation of the aforementioned features and content with the users’ LinkedIn profiles.

Information on the provider’s privacy policy is available here:

de.linkedin.com/legal/privacy-policy

Data erasure

The data that we process will be erased or its processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data that we store will be erased as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. The processing of the data will be restricted if it is not erased because it is required for other, legally permissible purposes. That is, the data is blocked and not processed for other purposes. This rule applies to data that has to be retained under commercial or tax law, for example.

In Germany, data has to be stored for 10 years under Section 147(1) of the German Tax Code (AO), Section 257(1)(1) and (4) and 257(4) of the German Commercial Code (HGB) (books, records, management reports, accounting records, commercial books, documents relevant for taxes, etc.) and for 6 years under Section 257(1)(2) and (3), Section 257(4) HGB (business correspondence).

Rights of the data subjects

You have the right under Art. 15 GDPR to obtain confirmation as to whether data concerning you is being processed, to access this data and to obtain further information and a copy of the data.

You have the right under Art. 16 GDPR to request that the data concerning you be completed or that the inaccurate data concerning you be rectified.

You have the right under Art. 17 GDPR to demand that the data concerning you be erased without undue delay or, alternatively, to obtain restriction of the processing of the data under Article 18 GDPR.

You have the right to request to receive the data concerning you that you have provided to us in accordance with Article 20 GDPR and to transmit that data to other data controllers.

You also have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR.

Right of withdrawal

You have the right under Art. 7(3) GDPR to withdraw previously granted consent with future effect.

Right to object

You may object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. The objection may specifically relate to processing for the purpose of direct marketing.

Cookies and right to object to direct marketing

“Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after the user’s visit to an online presence. Temporary cookies, also known as “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online presence and closes their browser. This kind of cookie may store the contents of a shopping cart in an online shop or a login status, for example. “Permanent” or “persistent” cookies are cookies that remain stored even after the browser is closed. For example, they may store a login status if users visit the online presence after several days. Likewise, users’ interests can be stored in this kind of cookie and used for marketing purposes or for measuring reach. “Third-party cookies” are cookies provided by providers other than the controller operating the online presence (if they are solely the controller’s cookies, they are referred to as "first-party cookies").

This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses “cookies”, text files placed on your computer to help us analyse how you use the website.

The following statistical cookies are used:

https://www.wingsacademy.de/en/legal-notice/cookies

Privacy policy for prospects/customers/business partners/suppliers

Controller for purposes of the General Data Protection Regulation (GDPR)
wingsacademy GmbH & Co. KG
Bensheim Headquarters
Heimrodstraße 14
D-64625 Bensheim
Darmstadt Local Court HRA 84230
VAT no. DE274079785
Personally liable partner:
Aviatics GmbH
Domicile: Erich-Kästner-Weg 2, 64625 Bensheim
Commercial register court: Darmstadt Local Court HRB 25066
The courts of Bensheim have jurisdiction

Managing Director: Dipl.-Ing. Peter Arnold

Responsible under the Telemedia Act (TMG): Dipl.-Ing. Peter Arnold

Data Protection Officer

We have appointed a data protection officer.

Our data protection officer is Streit GmbH, Lahnstraße 27-29, 64625 Bensheim. Can be contacted at datenschutz@aviatics.de

We process the data of our prospects, business partners, clients, customers and contractual partners (all referred to as “business partners”) in accordance with Art. 6(1)(b) GDPR in order to provide them with our contractual or pre-contractual services. The data processed in this context as well as the type, scope and purpose and necessity of its processing are determined by the underlying contractual relationship.

The processed data includes the master data of our business partners (e.g., names and addresses), contact data (e.g., email addresses and telephone numbers), contractual data (e.g., services used, contract content, contractual communications, names of contacts) and payment data (e.g., bank details, payment history).

We generally do not process special categories of personal data, unless they are part of commissioned or contractual processing.

In special times like these (pandemic), it may be required by law to collect and process health data such as your “vaccinated, recovered or tested” records. We will then provide you with separate privacy policy details. 

We process data that is required for the establishment and fulfilment of the contractual services and point out the need to provide it, unless this is evident to the business partners. Data is only disclosed to external persons or companies if contractually required. When processing the data provided to us in connection with an order, we act in accordance with the client’s instructions and the legal requirements.

We may store the IP address and the time of each user action when visitors use our online services. The data is stored based on our legitimate interests and on users’ interest in preventing misuse and other unauthorised use. This data is generally not shared with third parties except where necessary for the pursuit of our interests pursuant to Art. 6(1)(f) GDPR or there is a legal obligation to do so pursuant to Art. 6(1)(c) GDPR.

Data is erased when it is no longer required for the fulfilment of contractual or statutory duties of care or for dealing with any warranty and comparable obligations, with the need for data retention being reviewed every three years; the statutory retention obligations apply in all other regards.

We use payment service providers when performing contracts on the basis of Art. 6(1)(b) GDPR. We also use external payment service providers on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR in order to offer our users effective and secure payment options.

The data processed by the payment service providers includes master data such as name and address; bank data such as account numbers or credit card numbers, passwords, TANs and checksums; as well as contract details, totals and recipient information. The information is required to carry out the transactions. However, only the payment service providers process and store data that has been entered. In other words, we receive no account or credit card information and only receive information confirming or denying payment. The payment service providers may transmit the data to credit agencies in certain circumstances. This is done to verify identities and check creditworthiness. Please see the payment service providers’ general terms and conditions and privacy policies for details.

The payment service providers’ terms and conditions and privacy policies apply to the payment transactions and can be accessed within the providers’ websites or transaction applications. Please see these websites or transaction applications for further information and for asserting withdrawal, access and other rights held by data subjects.

Administration, financial accounting, office organisation, contact management

We process data when performing administrative tasks, organising our operations, carrying out financial accounting and complying with legal obligations such as archiving. The data that we process during these activities is the same as the data that we process when providing our contractual services. The legal bases of processing are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. The processing affects customers, prospects, business partners and website visitors. The purpose of the processing and our interest in it consists of administration, financial accounting, office organisation, data archiving, i.e. activities that enable us to maintain our business operations, perform our tasks and provide our services. Data relating to contractual services and contractual communications is erased based on the information applicable to these processing activities.

We disclose or transmit data to the tax administration, advisors such as tax advisors or certified public auditors, other fee offices and payment service providers.

We also store details of suppliers, event organisers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. We generally store this – usually company-specific – data permanently.

Business analyses and market research

We analyse the data we have on business transactions, contracts, inquiries, etc. in order to operate our business efficiently, recognise market trends and identify users’ and business partners’ preferences. That requires us to process master data, communication data, contract data, payment data, usage data and metadata on the basis of Art. 6(1)(f) GDPR, with the data subjects consisting of business partners, prospects, customers, visitors and users of our online presence.

The analyses are carried out for the purpose of business evaluations, marketing and market research. We may include in our analyses the profiles of registered users along with details such as the services they have used. The analyses help us increase user-friendliness, optimise our offering and improve our profitability. The analyses are only used for us and are not disclosed externally, unless they are anonymous analyses with condensed values.

Personal analyses or profiles will be deleted or anonymised upon termination by the user or within two years of the conclusion of the contract, whichever comes first. Macroeconomic analyses and general trend determinations are prepared anonymously whenever possible.

Rights of the data subjects

You have the right under Art. 15 GDPR to obtain confirmation as to whether data concerning you is being processed, to access this data and to obtain further information and a copy of the data.

You have the right under Art. 16 GDPR to request that the data concerning you be completed or that the inaccurate data concerning you be rectified.

You have the right under Art. 17 GDPR to demand that the data concerning you be erased without undue delay or, alternatively, to obtain restriction of the processing of the data under Article 18 GDPR.

You have the right to request to receive the data concerning you that you have provided to us in accordance with Article 20 GDPR and to transmit that data to other data controllers.

You also have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR.

Right of withdrawal

You have the right under Art. 7(3) GDPR to withdraw previously granted consent with future effect.

Right to object

You may object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. The objection may specifically relate to processing for the purpose of direct marketing.

Modification of this privacy policy

We will revise this privacy policy in response to changes in data processing or other occasions that make a revision necessary. The current version can always be found on this webpage.

Last updated: 08 December 2021