Wunderpen processes personal data exclusively on the basis of the German Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG).

The use of our website is generally possible without providing personal data. Insofar as personal data (e.g. name, address or e-mail addresses) is collected on our pages, this is always done, as far as possible, on a voluntary basis. This data will not be passed on to third parties without your express consent.

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Furthermore, Wunderpen only processes personal data in the event of a data protection law permit, a legal obligation or on the basis of express consent.

‍
What personal data do we collect?

Personal data is any information about an identified or identifiable natural person that you provide to us or that is generated by us or collected by us.

‍Server log data (technical characteristics)
When you use our website, data about this (such as the date and time of your visit, pages viewed, duration of use, performance of online training programmes, type and operating system of the terminal device you are using and your IP address) is temporarily stored in a log file on our servers.
‍
Cookies
We use cookies, which are small text files that are temporarily stored on your computer and saved by your browser. You can set your browser so that these cookies are not stored or are deleted at the end of your internet session.
‍
What data we use and why
‍
2.1 Hosting
The hosting services we use are for the provision of the following services:
Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating the website. In this context, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors to this website on the basis of our legitimate interests in the efficient and secure provision of our website pursuant to Art. 6 (1) sentence 1 f) DSGVO in conjunction with Art. 28 DSGVO. Art. 28 DSGVO.

2.2 Cookies
We use so-called session cookies to optimise our website. A session cookie is a small text file that is sent by the respective servers when you visit a website and is temporarily stored on your hard drive. This file contains a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our website. These cookies are deleted again after you close your browser. They are used, for example, to enable you to use the shopping basket function across several pages.
To a lesser extent, we also use persistent cookies (also small text files that are stored on your end device) that remain on your end device and enable us to recognise your browser on your next visit. These cookies are stored on your hard drive and delete themselves after the specified time. They have a lifespan of between 1 month and 10 years. They are used to make our website more user-friendly, effective and secure for you and, for example, to display information on the site that is specifically tailored to your interests. Our legitimate interest in the use of cookies in accordance with Art. 6 para. 1 sentence 1 f) GDPR is to make our website more user-friendly, effective and secure. The following data and information, for example, are stored in the cookies

2.3 Access data
We collect information about you when you use this website. We automatically collect information about your usage behaviour and your interaction with us and register data about your computer or mobile device. We collect, store and use data about each access to our website (so-called server log files). The access data includes:
‍
Name and URL of the file accessed
‍
We use this log data without assigning it to you personally or otherwise profiling it for statistical evaluations for the purpose of operating, securing and optimising our website, but also to anonymously record the number of visitors to our website (traffic) and the extent and type of use of our website and services, as well as for accounting purposes to measure the number of clicks received from cooperation partners. This information allows us to provide personalised and location-based content and to analyse traffic, troubleshoot and improve our services.
‍
This is also our legitimate interest pursuant to Art 6 (1) p. 1 f) DSGVO.
‍
We reserve the right to subsequently review the log data if there is a justified suspicion of unlawful use based on concrete indications. We store IP addresses in the log files for a limited period of time if this is required for security purposes or necessary for the provision of services or the billing of a service, e.g. if you use one of our offers. After the order process has been cancelled or after payment has been received, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website. We also store the date of your last visit as part of your account (e.g. when registering, logging in, clicking on links, etc.).
‍
2.4 Data to fulfil our contractual obligations
We process personal data that we need to fulfil our contractual obligations, such as name, address, e-mail address, products ordered, billing and payment data. The collection of this data is necessary for the conclusion of the contract.
The deletion of the data takes place after the expiry of warranty periods and legal retention periods. Data that are linked to a user account (see below) are retained in any case for the time of the management of this account.
The legal basis for the processing of this data is Art. 6 para. 1 p. 1 b) DSGVO, because this data is required so that we can fulfil our contractual obligations towards you.
‍
2.5 Newsletter
To register for the newsletter, the data requested in the registration process is required. The registration for the newsletter is logged. After registering, you will receive a message to the email address provided in which you are asked to confirm your registration ("double opt-in"). This is necessary to prevent third parties from registering with your email address.
You can revoke your consent to receive the newsletter at any time and thus unsubscribe.
We store the registration data for as long as it is needed to send the newsletter. We store the logging of the registration and the mailing address as long as there was an interest in proving the consent originally given; as a rule, these are the limitation periods for claims under civil law, i.e. a maximum of three years.
The legal basis for sending the newsletter is your consent in accordance with Art. 6 Para. 1 S. 1 a) in conjunction with Art. 7 DSGVO. The legal basis for logging the registration is our legitimate interest in proving that the mailing was carried out with your consent.
You can cancel your registration at any time. A notification in text form to the contact details mentioned under point 1 (e.g. e-mail, fax, letter) is sufficient for this. Of course, you will also find an unsubscribe link in every newsletter.
‍
2.6 E-mail contact
If you contact us (e.g. via contact form or e-mail), we will process your data to process the enquiry and in the event that follow-up questions arise.
If the data processing is carried out for the implementation of pre-contractual measures, which are carried out in response to your enquiry, or, if you are already our customer, for the implementation of the contract, the legal basis for this data processing is Art. 6 para. 1 p. 1 b) DSGVO.
We only process other personal data if you consent to this (Art. 6 para. 1 p. 1 a) DSGVO) or we have a legitimate interest in processing your data (Art. 6 para. 1 p. 1 f) DSGVO). A legitimate interest is, for example, to respond to your email.
‍
3. webshop "shop.wunderpen.com"
In the Wunderpen webshop, accessible at shop.wunderpen.com, automatically created handwritten products can be ordered online. This is not order processing, but rather the use of a specialised service between two end customers.
Wunderpen acts as a service provider here, and all data is deleted immediately upon successful completion of the service, unless there are legal retention obligations to the contrary.
‍
4. storage period
Unless specifically stated, we only store personal data for as long as is necessary to fulfil the purposes pursued. In some cases, the legislator provides for the retention of personal data, for example in tax or commercial law. In these cases, we only continue to store the data for these statutory purposes, but do not process it elsewhere and delete it after the statutory retention period has expired.
‍
5. your rights as a data subject affected by the processing
You have the right to information according to Art. 15 DSGVO, the right to rectification according to Art. 16 DSGVO, the right to erasure according to Art. 17 DSGVO, the right to restriction of processing according to Art. 18 DSGVO, the right to data portability from Art. 20 DSGVO as well as the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(f) of the DSGVO (processing of data on the basis of a balance of interests). For more details on the right to object, please refer to the information pursuant to Articles 13, 14 and 21 of the GDPR.

6. right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you is unlawful.
‍
7. data security
We make maximum efforts to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.
Your personal data will be transmitted in encrypted form. We use the SSL (Secure Socket Layer) coding system, but we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
To protect your data, we maintain technical and organisational security measures in accordance with Art. 32 DSGVO, which we continually adapt to the state of the art.
We also do not guarantee that our offer will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.
‍
8. disclosure of data to third parties
In principle, we only use your personal data within our company.
If and to the extent that we involve third parties in the performance of contracts, they will only receive personal data to the extent that the transfer is necessary for the corresponding service.
In the event that we outsource certain parts of data processing ("commissioned processing"), we contractually oblige commissioned processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.
‍
9. data protection officer
If you have any further questions or concerns about data protection, please contact our Data Protection Officer:
datenschutz@wunderpen.com