Privacy policy information of wingsacademy GmbH & Co. KG

wingsacademy GmbH & Co. KG takes the handling of your personal data very seriously. We feel that we have a special duty to preserve and protect the data and privacy of customers, prospects and employees.

However, many internet users are concerned about their personal data – they want to know whether it's being collected, stored, processed and shared, who is performing these activities, and what data is affected.

We want to earn your trust. That is why we strictly comply with all data protection laws and do everything in our power to protect your personal privacy and trade secrets.

In particular, this means:

 This privacy policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter “data”) within our website and the webpages, functions and content associated with it as well as external online presences such as our social media profiles (hereinafter collectively referred to as "online presence"). We have explained terms such as “processing” or “controller” below but also refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Terms used

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations that is performed upon personal data, whether or not by automated means. The term is broad and encompasses practically any handling of data.

“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that the additional information is kept separately and is protected by technical and organisational measures which prevent the personal data being attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Controller for purposes of the General Data Protection Regulation (GDPR)

wingsacademy GmbH & Co. KG
Bensheim Headquarters
Heimrodstraße 14
D-64625 Bensheim
Darmstadt Local Court HRA 84230
VAT no. DE274079785

Personally liable partner:

Aviatics GmbH
Domicile: Erich-Kästner-Weg 2, 64625 Bensheim
Commercial register court: Darmstadt Local Court HRB 25066
The courts of Bensheim have jurisdiction

Managing Director: Dipl.-Ing. Peter Arnold

Responsible under the Telemedia Act (TMG): Dipl.-Ing. Peter Arnold

Data Protection Officer

We have appointed a data protection officer.

Our data protection officer is Streit GmbH, Lahnstraße 27-29, 64625 Bensheim. Can be contacted at datenschutz@aviatics.de

Categories of data subjects

Visitors and users of the online presence (henceforth we also refer to the data subjects collectively as “users”).

Types of data processed:

- Master data (e.g., names, addresses).
- Contact details (e.g., email, phone numbers).
- Content data (e.g., text input, photographs, videos).
- Usage data (e.g., pages visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).

Purpose of the processing

- Provide the online presence, its functions and content.
- Respond to contact requests and communicate with users.
- Security measures.
- Measure reach/engage in marketing

Relevant legal bases

We inform you of the legal bases of our data processing as required by Art. 13 GDPR. The following applies wherever the legal basis is not stated in the privacy policy: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR; the legal basis of processing for the performance of our services and contractual measures and for the answering of inquiries is Art. 6(1)(b) GDPR; the legal basis of processing for compliance with our legal obligations is Art. 6(1)(c) GDPR; and the legal basis of processing for the protection of our legitimate interests is Art. 6(1)(f) GDPR. Art. 6 (1)(d) GDPR serves as the legal basis wherever the processing of personal data is necessary to protect the vital interests of the data subject or of another natural person.

Category of recipients - collaboration with processors and third parties

We will only disclose, transmit or otherwise make data available to other persons and companies (processors or third parties) in the course of our processing if we are permitted to do so by law (e.g. if data has to be transmitted to third parties such as payment service providers for the performance of the contract pursuant to Art. 6 (1)(b) GDPR), if you have consented, if we are under a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we engage third parties to process data on the basis of an “order processing agreement”, this is done on the basis of Art. 28 GDPR.

Transfers to third countries

We only process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or do so in the context of using third-party services or disclosing or transferring data to third parties where this is necessary for the fulfilment of our (pre-)contractual obligations or on the basis of your consent, a legal obligation or our legitimate interests. We will only process or have data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met, subject to statutory or contractual permissions. I.e. the processing may be based on special guarantees or compliance with officially recognised special contractual commitments (known as “standard contractual clauses”).

Security measures

We shall implement appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

The measures include, without limitation, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as data access, data entry, data disclosure, assurance of data availability and data segregation. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, erasure of data and response to data compromise. We start considering personal data protection when developing and selecting hardware, software and processes in accordance with the principle of privacy by design and privacy by default (Art. 25 GDPR).

Contact

The details of any user who contacts us (e.g. via contact form, email, telephone or social media) are processed for the purpose of handling and processing the contact request pursuant to Art. 6 (1)(b) GDPR. The user’s details may be stored in a customer relationship management system (“CRM system”) or comparable tool for organising inquiries.

We will delete the requests as soon as they are no longer necessary. We review their necessity every two years; the statutory retention obligations apply as well.

Newsletter

By subscribing to our newsletter, you agree to receive it and to the described procedures.

Newsletter content: We only send newsletters, emails and other electronic messages with promotional content (hereinafter "newsletter") if the recipients have given their consent or if we are allowed by law to do so. The user’s consent is based on the content of the newsletter wherever the content is specifically described during the subscription process. Our newsletters also contain information about our services and us.

Double opt-in and logging: Users subscribe to our newsletter in a double opt-in process. That is, after subscribing you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent anyone subscribing with other people’s e-mail addresses. Newsletter subscriptions are logged in order to be able to present evidence of the subscription process in accordance with legal requirements. This includes storing the login time, confirmation time and IP address. Likewise, changes to the data you have stored with the shipping service provider are logged.

Login data: All you need to do to subscribe to the newsletter is enter your email address. You can optionally provide a name so that we can address you personally in the newsletter.

The newsletter is sent and its engagement measured based on the recipients’ consent pursuant to Art. 6(1)(a), Art. 7 GDPR in conjunction with Section 7(2)(3) of the German Act against Unfair Competition (“UWG”) or, if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6(1)(f) GDPR in conjunction with Section 7(3) UWG.

The subscription process is logged based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. We are interested in using a secure, user-friendly newsletter system that serves our business interests, meets users’ expectations and allows us to document evidence of consent.

We have commissioned a specialised service provider to send the newsletter and the associated services. We have concluded an order processing contract with this service provider. It cannot be ruled out that the external service provider may commission subcontractors and affiliated companies in third countries to process the data.

Cancellation/revocation - You can cancel receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interest in proving consent was previously given before deleting them. The processing of this data is limited to the purpose of potentially defending against claims. An individual erasure request may be filed at any time, provided that the previous existence of consent is confirmed at the same time.

Hosting and Email Delivery

The hosting services we use provide the following functions: infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services, and technical maintenance services, all of which are necessary for operating this online offering.

In this context, we—or our hosting provider—process inventory data, contact data, content data, contract data, usage data, metadata, and communication data of customers, interested parties, and visitors of this online offering. This processing is based on our legitimate interest in the efficient and secure provision of this online offering in accordance with Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

Order Processing in the Online Shop and Customer Account

We process our customers' data as part of the order process in our online shop to enable them to select and purchase the desired products and services, as well as to facilitate payment, delivery, and execution.

The data processed includes inventory data, communication data, contract data, and payment data. The individuals affected by this processing include our customers, prospective clients, and other business partners. Processing is carried out for the purpose of fulfilling contractual obligations related to the operation of the online shop, invoicing, delivery, and customer service. We use session cookies to store shopping cart contents and persistent cookies to retain login status.

Processing is based on Art. 6(1)(b) GDPR (execution of order processes) and Art. 6(1)(c) GDPR (legal archiving requirements). The information marked as required is necessary for the establishment and fulfillment of the contract. Data is disclosed to third parties only as necessary for delivery, payment processing, or in accordance with legal requirements and obligations, such as to legal advisors and authorities. Data is processed in third countries only if required for contract fulfillment (e.g., upon customer request for delivery or payment processing).

Users have the option to create a user account, where they can review their orders. During registration, users will be informed of the required mandatory information. User accounts are private and are not indexed by search engines. If users terminate their account, their data related to the account will be deleted unless retention is required for commercial or tax-related reasons in accordance with Art. 6(1)(c) GDPR. Customer account information is stored until account deletion, followed by archiving in the case of legal obligations. Users are responsible for securing their data before terminating their account.

During registration, subsequent logins, and the use of our online services, we store the IP address and the timestamp of each user action. This storage is based on our legitimate interests, as well as the users' interest in protection against misuse and unauthorized access. This data is not shared with third parties unless necessary to enforce our legal claims or if there is a legal obligation to do so in accordance with Art. 6(1)(c) GDPR.

Data is deleted after the expiration of legal warranty and comparable obligations. The necessity of data retention is reviewed every three years. If legal archiving obligations apply, deletion occurs after their expiration (six years for commercial records, ten years for tax-related records).

External Payment Service Providers

We use external payment service providers through whose platforms both our users and we can process payment transactions.

For contract fulfillment, we rely on these payment service providers based on Art. 6(1)(b) GDPR. Additionally, we use external payment service providers based on our legitimate interests in providing our users with efficient and secure payment options, in accordance with Art. 6(1)(f) GDPR.

The data processed by payment service providers includes customer details (such as name and address), banking details (such as account or credit card numbers), passwords, TANs, and verification checks, as well as contract, transaction, and recipient-related information. This data is necessary to carry out transactions. It is expressly not considered commissioned data processing within the meaning of Art. 4(8) GDPR, as the payment service providers act as independent controllers. The entered payment data is processed and stored exclusively by the payment service providers. This means that we do not receive account or credit card details but only information confirming or rejecting a payment. In some cases, payment service providers may transmit data to credit agencies to verify identity and creditworthiness.

Please refer to the terms and privacy policies of the respective payment service providers for further details. The terms and privacy policies of the respective payment service providers apply to all payment transactions. These can be accessed on the respective provider’s website or transaction application. We encourage users to review these policies for further information and to exercise their rights regarding withdrawal, access to data, and other data subject rights.

PayPal: You can access PayPal’s privacy policy via the following link: www.paypal.com/de/webapps/mpp/ua/privacy-full.

Integration of external online services

Xing

Our online presence may integrate features and content from the service Xing, provided by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. This may include content such as images, videos or texts and buttons that users can use to share content from this online presence within Xing. If the users are members of the Xing platform, Xing can associate the invocation of the aforementioned features and content with the users’ Xing profiles.

Information on the provider’s privacy policy is available here: www.xing.com/app/share.

LinkedIn

Our online presence may integrate features and content from the service LinkedIn, provided by LinkedIn Ireland Unlimited Company, Attn: Legal Dept. (Privacy Policy and User Agreement), Wilton Plaza, Wilton Place, Dublin 2, Ireland. This may include content such as images, videos or texts and buttons that users can use to share content from this online presence within LinkedIn. If the users are members of the LinkedIn platform, LinkedIn can associate the invocation of the aforementioned features and content with the users’ LinkedIn profiles.

Information on the provider’s privacy policy is available here:

de.linkedin.com/legal/privacy-policy

Data erasure

The data that we process will be erased or its processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data that we store will be erased as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. The processing of the data will be restricted if it is not erased because it is required for other, legally permissible purposes. That is, the data is blocked and not processed for other purposes. This rule applies to data that has to be retained under commercial or tax law, for example.

In Germany, data has to be stored for 10 years under Section 147(1) of the German Tax Code (AO), Section 257(1)(1) and (4) and 257(4) of the German Commercial Code (HGB) (books, records, management reports, accounting records, commercial books, documents relevant for taxes, etc.) and for 6 years under Section 257(1)(2) and (3), Section 257(4) HGB (business correspondence).

Rights of the data subjects

You have the right under Art. 15 GDPR to obtain confirmation as to whether data concerning you is being processed, to access this data and to obtain further information and a copy of the data.

You have the right under Art. 16 GDPR to request that the data concerning you be completed or that the inaccurate data concerning you be rectified.

You have the right under Art. 17 GDPR to demand that the data concerning you be erased without undue delay or, alternatively, to obtain restriction of the processing of the data under Article 18 GDPR.

You have the right to request to receive the data concerning you that you have provided to us in accordance with Article 20 GDPR and to transmit that data to other data controllers.

You also have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR.

Right of withdrawal

You have the right under Art. 7(3) GDPR to withdraw previously granted consent with future effect.

Right to object

You may object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. The objection may specifically relate to processing for the purpose of direct marketing.

Cookies and right to object to direct marketing

“Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after the user’s visit to an online presence. Temporary cookies, also known as “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online presence and closes their browser. This kind of cookie may store the contents of a shopping cart in an online shop or a login status, for example. “Permanent” or “persistent” cookies are cookies that remain stored even after the browser is closed. For example, they may store a login status if users visit the online presence after several days. Likewise, users’ interests can be stored in this kind of cookie and used for marketing purposes or for measuring reach. “Third-party cookies” are cookies provided by providers other than the controller operating the online presence (if they are solely the controller’s cookies, they are referred to as "first-party cookies").

This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses “cookies”, text files placed on your computer to help us analyse how you use the website.

The following statistical cookies are used:

https://www.wingsacademy.de/en/legal-notice/cookies