Privacy Notice

Privacy Notice

Status: May 2018

This website is operated by WindStar Medical GmbH based in Wehrheim/Ts.

The protection of your privacy and your personal data when using our websites is very important to us. To protect you, we strictly observe the provisions of the Federal Data Protection Act (BDSG) and other data protection laws. In the following we explain which personal data we collect during your visit to our website and how we use this information.

All employees of WindStar Medical GmbH and its subsidiaries are bound to data secrecy according to § 5 BDSG and are trained by our data protection officer on the subject of data protection.

The following privacy notice is valid for the online offer at If you want to read the whole document in context or want to print it, please click here.

1. Controller

Controller is WindStar Medical GmbH, Am Joseph 15, 61273 Wehrheim, Germany, E-Mail:, in the following referred to as "WindStar Medical" or"we" or "us".

Exceptions will be explained in this privacy notice.

2. Collection and processing of personal data

2.1 General

All information which is related to an identified or identifiable natural person (e.g., name, address, phone number, date of birth or email address) is personal data.

In general, you are able to use our online offer without providing personal data. The usage of certain services may, however, require you to provide personal data, e.g., registration or the participation in a raffle. Mandatory fields are generally denoted with an *.

2.2 Purposes of processing and legal basis for the processing

We process your personal data for the following purposes, based on the Legal Bases listed:

  • Providing this online offer.
  • House and third party advertising as well as market research and reach measurement to the legally allowed extent or based on consent.
  • Performance of raffles under respective raffle terms.

2.3 Data transfer to third parties, service providers

a) Data transfer to third parties

Your personal data is generally only being transferred to third parties as far as this is necessary for performance of the contract, if we or the third party have legitimate interests in transferring or if you have consented to this. If data is transferred to third parties based on legitimate interests, this will be explained in this privacy notice.

Beyond or in addition to this, data may be transferred to third parties as far as we are obligated to do so under statutory provisions or an enforceable decision made by an authority or a court.

b) Service providers

We reserve the right to use service providers in collecting or processing data. Service providers are only given personal data that is necessary for their concrete task. This means that your email address may be forwarded to a service provider so you can receive a newsletter that you ordered. Service providers may also be assigned to provide server capacity. Service providers are generally involved as so-called processors which may only process users' personal data based on our instructions.

2.4 Data transfer to non-EEA countries

We also forward personal data to third parties or processors who are located outside EEA countries. In such cases we ensure prior to the transfer that the transfer is subject to appropriate safeguards (e.g., by self-certification of the recipient for the EU US Privacy Shield or by having agreed upon so-called standard dta protection clauses of the European Union with the recipient) or sufficient user consent is given.

You may receive an overview of third country recipients and a copy of the appropriate or suitable safeguards in place. Please use the details provided in the Contact section.

2.5 Duration of storage; retention periods

We store your data as long as it is necessary to provide our online offer and the services connected with it or as long as we have a legitimate interest in continued storage. In all other cases, we delete your personal data with the exception of such data that we are required to retain for the purpose of contractual or statutory (e.g., taxation or commercial law) retention periods (e.g., invoices). At this point, contractual retention periods may also result from contracts with third parties (e.g., those holding copyrights or IP rights).

Data that is only retained because it is subject to a retention period is restricted from processing until the period expires and will then be deleted.

3. Log files

  • Every time you use the internet, your internet browser automatically transmits certain information which is then saved by us in log files.
  • We save log files for the purposes of determining disruptions and for security reasons (e.g., to elucidate attack attempts) for a period of 7 to 10 days and delete them thereafter. Log files which need to remain stored for evidence purposes are excluded from deletion until the respective incident has been finally resolved and may be forwarded to investigating authorities on a case-by-case basis.

Log files contain especially following information:

  • IP address (internet protocol address) of the terminal device which is used to access the online offer;
  • Internet address of the website from which the online offer is accessed (so-called URL of origin or referrer URL);
  • Name of the service provider through which access to the online offer occurs;
  • Name of accessed file or information;
  • Date and time and duration of access;
  • Amount of data transmitted;
  • Operating system and informations on the internet browser used, including add-ons installed (e.g., for the Flash Player);
  • http status code (e.g. “request successful” or “file not found”).

4. Cookies

4.1 What are cookies?

Cookies are little text files that are sent when visiting an internet page and are stored in a user’s browser. In case the respective internet page is accessed once again, the user’s browser sends back the content of the cookies and, thus, allows for the recognition of the user. Certain cookies are automatically deleted upon ending the browser session (so-called session cookies), others are saved for a set time or permanently in the user’s browser and delete themselves thereafter (so-called temporary or persistent cookies).

4.2 Which files are saved in cookies?

Cookies generally do not contain personal data, but instead only an online ID.

4.3 How can you avoid the usage of cookies or delete cookies?

You can deactivate the storage of cookies through your browser settings and you may delete cookies that have already been saved in your browser at any time (see Technical Notes – Module 17). Please take note that this online offer might not be functional without cookies or the functionality might be reduced.

Please be further advised that refusing to allow the creation of usage profiles partially works through „opt out cookies“. In case you delete all cookies, an objection might, under certain circumstances, no longer be considered or be valid and would have to be restated.

4.4 What cookies do we use?

a) Cookies strictly necessary for a service

Some cookies are strictly necessary so we can host our online offer safely. This category includes, e.g.,

  • Cookies which serve the purpose of identifying or authenticating our users;
  • Cookies that temporarily store certain user entries (e.g., shopping basket content or content of an online form);
  • Cookies that remember certain user preferences (e.g., search query and language settings)
  • Cookies that store data to ensure the uninterrupted playback of video and audio content;

 b) Analytics cookies

We use analytics cookies to record and statistically evaluate our users’ usage behavior (e.g., clicked ad banners, visited subpages, search queries asked).

c) Advertising-cookies

We also use advertising cookies. The usage behavior profiles created by using these cookies (e.g., clicked ad banners, visited subpages, search queries asked) are used by us to show you advertisements or offers which are tailored to your interests (“interest based advertisement”).

d) Third party advertising cookies

We also allow other companies to gather data from our users using advertising cookies. This allows us and third parties to show interest-based advertisements to the users of our online offer, which are based on an analysis of their usage behavior e.g., clicked ad banners, visited subpages, search queries) in general and not restricted to our online offer.

5. Webanalysis

We need statistical information about the usage of our Online Offers to design them to be user-friendlier and to perform reach measurements and market research.

For this purpose, we use the web analysis tools described in this section.

The usage profiles created by these tools using analysis cookies or by evaluating log files are not combined with personal data.

The providers of the tools (vendors) process data only as processors subject to our directives and not for their own purposes.

The tools either do not use user IP addresses at all or shorten them immediately after obtaining them.

You will find information on each tool's vendor and how you are able to object to the collection and processing of data that is done with the tool.

Be advised that with regard to tools that use opt out cookies, the opt out function is related to a device or browser and is thus valid for the terminal device or browser used at this time. In case you use several terminal devices or browsers you must opt out on every device and in every browser used.

Additionally, you can generally avoid the creation of usage profiles by generally deactivating cookie usage.

Google Tag Manager

This website uses the Google Tag Manager. With Google Tag Manager, marketers can manage website tags through a single interface. The Tool Tag Manager itself (which implements the tags) is a cookieless domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. The Google Tag Manager does not access this data. If deactivated at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.

Google Analytics

Google Analytics is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use Google Analytics with the additional function offered by Google to anonymize IP addresses. While doing so, Google already shortens IPs within the EU in most cases and only does so in the United States in exceptional cases, while always saving shortened IPs only.

You may object to the collection or processing of your data by using the following link to download and install a browser plugin:

Click here to disable tracking by Google Analytics

6. Logging and evaluating usage behavior for interest based advertisement (also for third parties)

We want to present to our users advertisements, which are tailored to their interests or special offers (“interest based advertisement”), and want to limit the frequency of the visibility of certain advertisements - limit how often they see certain advertisements.

For this purpose, we use the following tools. The usage profiles created by the tools using advertising cookies or third party advertising cookies, so-called web beacons (invisible graphics which are also called pixels or counting pixels) or similar technologies. Usage profiles are not combined with personal data.

The tools are used by the providers to show our users in our online offer and in third party offers interest-based advertisements and to steer the frequency with which users see certain advertisements. Regarding the processing of data in connection with the tools, the providers serve as controllers as long as we have not stated otherwise. The tools’ providers forward information, for the purposes mentioned before, to third parties, if necessary.

The tools either do not process user IP addresses at all or shorten them immediately upon collection.

You can find information on a tool's provider for each tool as well as information on how to object to the data collection performed by this tool.

Be advised that with regard to tools which use opt out cookies, the opt out function is related to a device or browser and is thus valid for the terminal device or browser used at this time. In case you use several terminal devices or browsers you must opt out on every device and in every browser used.

Additionally, you are able to generally avoid the creation of usage profiles by generally deactivating cookie usage.

We voluntarily follow the self regulation of the German Data Protection Council for Online Advertisements (DDOW). Please find the self regulation code applicable for us (Code for Tele Media Providers – First Parties) at the following link:

Further information on interest-based advertising may be found on the consumer portal The following link to the portal also enables you to view the activation status of certain tools provided by different providers and to object to the collection and processing of your data by these tools:

A key possibility to object to certain tools in particular those issued by U.S.-based providers can be found at the following link:

7. integration of services and contents of third parties


On our website we integrate videos from the platform YouTube of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

You can find the data protection declaration here: and here the opt-out:

Google Fonts

We integrate the fonts of "Google Fonts" from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

You can find the data protection declaration here: and the opt-out here: 

Google Maps

We integrate the maps of "Google Maps" of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

You can find the data protection declaration here: and the opt-out here:

8. Adblocker and Opt Out Cookies

We point your attention to the fact that ad blocker usage may affect the functionality of opt out cookies. In certain cases it may be the case that the relevant tools continue to gather data even though an opt out cookie has been stored. You can restore functionality by configuring the ad blocker appropriately or by uninstalling it.

9. Recommendation function

To provide you with an optimal usage experience which suits your interests, MAXDOME offers a recommendation function. Upon signing in, we collect data on your VoD usage on a pseudonymized basis, in particular, your rating, your usage of content and/or your watchlist as well as your gender and your date of birth (if disclosed) and information on the type of contract used by you (e.g. single view or subscription). This way, Maxdome is able to give you recommendations for content from our online offer based on your interests.

You can deactivate the recommendation function at any time by telling customer service that you do not want to use it any longer. Please use the details provided in the Contact section. You may reactivate the recommendation function in the same manner.

10. User´s rights (rights of the data subject)

You have the right to receive information as well as – under certain prerequisites – the rights to correction, deletion, restriction of processing or objection to personal data processing and – from May 25, 2018, on – the right to data portability. Right to object against direct marketing Additionally, you may at all times object to the processing of your personal data for advertising purposes ("advertisement objection"). Please take into account that, due to logistical reasons, there might be an overlap between your objection and the usage of your data within the scope of a campaign which is already running.

In case you consented to the processing of your data, you can always revoke this consent at any time. The lawfulness of processing based on consent before its withdrawal remains unaffected.

To enforce your rights, please use the details provided in the Contact section. When doing so, please ensure that it is possible to clearly and unambiguously identify you.

11. Contact to our data protection officer

We and our data protection officer are available for your inquiries and suggestions regarding data protection at the email address

As data protection officers we have appointed:

SECUWING GmbH & Co. KG / Datenschutz Agentur
Maximilian Hartung
Frauentorstraße 9
86152 Augsburg

12. right to complain with the regulatory authority

You have the right to file a complaint with a data protection authority. You can appeal to the data protection authority, which is competent for your place of residence or your state or to the data protection authority which is competent for us. This is: Der Hessische Datenschutzbeauftragte, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Tel. 0611/1408-0.

13. annex: technical notes

All employees of our company are regularly trained in data protection and are committed to data protection. Our computer centre and our in-house EDP department continuously adapt the technical security precautions to the current conditions and requirements. Both are subject to constant control by our internal processes and the data protection officer. Nevertheless, Internet technologies can have security gaps that cannot guarantee comprehensive protection one hundred percent. Therefore, our users can also transmit data to us via other contact options, such as telephone or fax.

You can adjust your browser's data protection settings under the following technical notes.

Internet Explorer:


Mozilla Firefox:


Google Chrome: