Data Protection and Privacy Policy
Reflex Winkelmann GmbH B2B E-commerce Platform
1. Who We Are and What This Policy Covers
Data Controller:
Reflex Winkelmann GmbH
Gersteinstraße 19,
59227 Ahlen
Germany
Email: privacy@reflex-winkelmann.de
What this covers: How we handle personal data on our B2B platform for HVAC installers in Estonia, in compliance with GDPR and Estonian data protection laws.
2. What Personal Data We Process
Business Contact Information
Name, job title, company name
Business email and phone number
Company registration details
Account Information
Login credentials (encrypted passwords)
Account preferences and settings
Login history for security purposes
Order and Transaction Data
Order details and delivery addresses
Payment information (we don't store full card details)
Order history and preferences
Platform Usage Data
IP addresses and basic device information
How you use the platform (for improvements)
Customer service communications
3. Why We Process Your Data (Legal Basis)
Contract Performance: Processing your orders, managing your account, customer service, payments and deliveries.
Legitimate Business Interest: Platform security, fraud prevention, improving our services, and business communications about our products/services.
Legal Obligations: Tax records, accounting requirements, trade documentation.
Consent: Marketing emails (only if you opt-in) and optional cookies.
4. Who We Share Data With
Local Reflex Partners in Estonia
When you order from a partner, we share only the necessary order information:
Your business contact details
Delivery address and order specifics
Special instructions
Service Providers
Payment processors (Klarna, PayPal, credit card companies)
Delivery companies
IT support and hosting providers
Security services
Important: All service providers have contracts requiring them to protect your data and use it only for specified purposes.
Legal Requirements
We may share data when required by law or to protect our legal rights.
5. How Long We Keep Your Data
Data Type | Retention Period | Why |
Account data | While account is active + 3 months | Business relationship |
Order records | 10 years | German commercial law |
Payment data | 10 years | Tax requirements |
Customer service records | 3 years | Service quality |
System logs | 12 months | Security and troubleshooting |
After these periods, data is securely deleted unless we have a legal obligation to keep it longer.
6. Your Rights Under GDPR
Access: Ask for a copy of your personal data
Correction: Fix any wrong information
Deletion: Ask us to delete your data (with some legal exceptions)
Restrict Processing: Limit how we use your data
Data Portability: Get your data in a portable format
Object: Object to processing based on legitimate interest
Marketing Opt-out: Unsubscribe from marketing at any time
How to exercise your rights: Email privacy@reflex-winkelmann.de
Response time: Within 1 month (free of charge for reasonable requests)
7. Data Security
Technical Protection
Encrypted data transmission and storage
Secure access controls and authentication
Regular security monitoring and updates
Secure data centers with physical protection
Organizational Protection
Employee training on data protection
Limited access on need-to-know basis
Confidentiality agreements
Regular security reviews
Data Breaches
If a serious data breach occurs that could affect you, we'll notify the relevant authorities within 72 hours and inform you without undue delay.
8. International Data Transfers
Within EU/EEA: Most data processing happens within the EU/EEA.
Outside EU/EEA: When necessary (some payment processors), we use:
EU adequacy decisions for safe countries
Standard contractual clauses approved by the EU
Additional security measures
9. Cookies and Website Technology
Essential Cookies (always active)
Platform functionality and security
Your login session and preferences
Analytics Cookies (with your consent)
Understanding how the platform is used
Improving performance and user experience
Marketing Cookies (with your consent)
Personalizing business communications
Measuring marketing effectiveness
Managing cookies: You can control cookies through your browser settings or our cookie preferences center.
10. Business-to-Business Context
Important: This is a B2B platform. We don't process data of consumers or children. All users must be authorized business representatives acting in their professional capacity.
11. Automated Decision-Making
We don't make automated decisions that significantly affect you. Any automated processing (like fraud detection) includes human oversight.
12. Updates to This Policy
We'll notify you of significant changes by email and platform announcement. Continued use after changes means you accept the updated policy.
Last updated: August 22, 2025
Next review: August 22, 2026
13. Contact Us
General questions: privacy@reflex-winkelmann.de
Data rights requests: privacy@reflex-winkelmann.de
Complaints: You can also contact your local data protection authority
Estonian Data Protection Authority: info@aki.ee
German Data Protection Authorities: [Relevant state authority based on your location]