Contact us
01905 330990

Feel free to contact us Our friendly customer service in Worcester is looking forward to speaking to you:

0 1905 330990* *Mon - Fri 9am - 5pm

Data protection information of HMK V AG

From 25 May 2018, the provisions of the EU General Data Protection Regulation (hereinafter referred to as: GDPR) will apply across Europe. Below, we wish to inform you of the processing of personal data carried out by HMK V AG in accordance with this new regulation (see Article 13 GDPR). Please read our data protection information carefully. Should you have questions or comments concerning this data protection information, you can contact us via the email address stated in Number 2 at any time.

Content overview

1. Overview
2. Name and contact information for the person responsible for the processing, as well as for the company data protection officer
3. Purpose of the data processing, legal basis and legitimate interests which are pursued by HMK V AG or a third party, as well as categories of recipients
3.1. Accessing our website
3.2. Conclusion, performance or termination of a contract
3.3. Data processing for advertising purposes
3.4. Online presence and website optimisation
3.5. Customer account
3.6. Contact form
4. Transfer to recipients outside of the EU
5. Your rights
6. Data protection measures
7. Changes to the data protection information

1. Overview

The following data protection notice informs you of the type and scope of processing of so-called personal data by HMK V AG. Personal data is information which can be directly or indirectly attributed or assigned to your person.

The data processing by HMK V AG can be broken down essentially into two categories:

- For the purpose of carrying out a contract, all necessary data for the performance of a contract with HMK V AG will be processed. Should external service providers also be included in the performance of a contract, for example logistics companies or payment service providers, your data will be passed on to these to the necessary extent.

- By accessing the website of HMK V AG, various information will be exchanged between your end device and our server. This can also include personal data. The information which is gathered in such a way is used, amongst others, to optimise our website or to display advertising in the browser of your end device.
In accordance with the guidelines of the GDPR, you have various rights which you can claim in relation to us. Amongst others, this includes the right to raise an objection in relation to selected data processing, in particular for advertising purposes. The option to raise an objection is available in typographical form.
Should you have any questions concerning our data protection notice, you can contact our company data protection officer at any time. The contact details are below.

2. Name and contact information for the person responsible for the processing, as well as for the company data protection officer

This data protection information applies to the data processing by HMK V AG, Leubernstrasse 6, CH-8280 Kreuzlingen ("responsible body") in relation to the trademark Windsor Mint® and the website www.windsormint.co.uk
The company data protection officer of HMK V AG can be contacted at WINDSOR MINT®, Customer Data Protection Department, 11 Lowesmoor Wharf, Worcester WR1 2RS and via email by data-protection@windsormint.co.uk

3. Purpose of the data processing, legal basis and legitimate interests which are pursued by HMK V AG or a third party, as well as categories of recipients

3.1. Accessing our website

When accessing our website, information is automatically sent to the server of our website by the browser being used on your end device and is temporarily saved in a so-called log file. We do not have any control over this. The following information is recorded in such a case without any action on your part and is saved until automated deletion:
• The IP address of the requesting device with Internet capability
• The date and time of the access
• The name and URL of the accessing file
• The website from which the access took place (referrer URL)
• The browser used by you and, if applicable, the operating system of your device with Internet capability and the name of your access provider.

The legal basis for the processing of the IP address is Article 6 Paragraph 1 Letter f) GDPR. Our legitimate interest arises from the following purposes of data gathering listed below. We now wish to point out that we are not directly able to trace your identity through the data gathered by us and that this is not carried out by us.
The IP address of your end device, as well as the other data listed above is used by us for the following purposes:
• Ensuring a seamless establishment of a connection
• Ensuring comfortable use of our website
• Evaluation of system security and stability

The data is only saved for as long as is necessary to fulfil the purpose of the saving of the data and is then automatically deleted. In addition, we use so-called cookies, tracking tools and targeting procedures for our website. A more precise explanation of this process and how your data is used for this can be found in Number 3.4 below.
Should you have agreed to so-called geo localisation in your browser or in the operating system, we use this function in order to offer you individual services which are based on your current location. Your location data which is processed in this way is only processed by us for this function. The data is deleted once you end the use.

3.2. Conclusion, performance or termination of a contract

3.2.1. Data processing at the time of conclusion of a contract

The company purpose of HMK V AG is the remote sale of collectable goods, in particular coins and medals. In connection with the above, we process the data which is necessary in order to conclude, perform of terminate a contract with you. This includes:
• First name, surname
• Invoice and delivery address
• Email address
• Invoice and payment data
• If applicable, date of birth
• If applicable, telephone number

The legal basis for this is Article 6 Paragraph 1 Letter b) GDPR, ie you provide us with the data on the basis of the contractual relationship between yourself and us. Unless we use your contact data for advertising purposes (see 3.3. below), we save the data which is gathered for the performance of the contract until the expiry of the statutory or possible contract warranty and guarantee rights. Following the expiry of this period, we retain the necessary information relating to the contractual relationship under commercial and tax laws for the period of time mandated by legislation. For this period of time (as a rule ten years from the time of conclusion of the contract), the data will only be processed again in case of a check by the financial administration.
In order to perform the sales agreement, the following data processing is also necessary:
Should you have selected a payment method other than advance payment or payment on invoice, we pass on the necessary payment data to a payment service provider engaged by us. Information concerning your delivery address is passed on by us to the logistics company engaged by us in order to perform the sales agreement.

3.2.2. Identity, scoring and transfer to information bodies

Where necessary, we check your identity using information from service providers. The legal basis for this is Article 6 Paragraph 1 Letters b) and f) GDPR. We are entitled to do this in order to protect your identity and to prevent fraud attempts against us. The circumstances and the results of our enquiry will be saved in your customer account or guest account for the duration of the contractual relationship.
Should you already have made a purchase from us, your data saved by us can also be supplemented by so-called score values. Scoring is defined as the production of a prognosis concerning future events on the basis of compiled information and experiences in the past. On the basis of the data relating to your person which has been saved, an allocation to statistical groups of persons who demonstrated similar entries in the past will be carried out. The procedure which forms the basis of this is a sound mathematical-statistical method which has been tried and tested for a long period of time which evaluates the likelihood of risks.
In case of payment delays, we reserve the right to transfer the necessary data to a company which is engaged in relation to collection of the claim, provided that the other statutory requirements are met. The legal basis for this is Article 6 Paragraph 1 Letter b) and Article 6 Paragraph 1 Letter f) GDPR. The collection of a contractual claim is considered to be a legitimate interest under the second named regulation. Should the other statutory requirements be met, we will also transfer information concerning the payment delay or other loss of claim to information bodies which co-operate with us. The legal basis for this is Article 6 Paragraph 1 Letter f) GDPR. The necessary legitimate interest under the regulation above is our interest and that of third parties in reducing contractual risks for future agreements.

3.3. Data processing for advertising purposes

The following information relates to the processing of personal data for advertising purposes. The GDPR states that such data processing on the basis of Article 6 Paragraph 1 Letter f) is conceivable as a rule and represents a legitimate interest. The duration of the data saving for advertising purposes does not follow any principles which are set in stone, rather whether the saving is necessary for addressing customers through advertising. The procedure to be followed in case of an objection by you can be found in Number 3.3.3

3.3.1. Advertising purposes of HMK V AG and of third parties

Should you have concluded a contract with us, we enter you into our list of regular customers. In such a case, we process your postal contact without concrete consent, in order to provide you with information concerning new products and services by this channel. From time to time, we will transfer your postal contact data to contracting partners in the area of online shopping who have been carefully selected by us, so that these companies can also inform you of their products. Your email address is processed by us in order to provide you with information concerning our own, similar products, if received by us and also without concrete consent.

3.3.2. Advertising in line with interests

So that you only receive advertising information which we consider to be of interest to you, we categorise and supplement your customer profile with additional information. For this purpose, both statistical information and information relating to your person (for example basic data of your customer profile) is used. The purpose of this is to make sure that you only receive advertising which is tailored to your actual or supposed requirements and that you are not caused a nuisance by advertising which is not of use to you.

3.3.3. Data transfer to Epsilon Abacus

We work with Epsilon Abacus (registered as Epsilon International UK Ltd), a company that manages the Abacus Alliance on behalf of UK retailers and charities. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, home interiors and travel categories. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to understand consumer's wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy. For more information and details, please refer to the privacy policy of Epsilon Abacus.

3.3.4. Right of objection

You can raise a free-of-charge objection to the data processing for the purposes referred to above at any time with effect for the future separately via the respective communications channel. An email or personal letter to the address stated under 2 suffices for this purpose.

Once you raise an objection, the contact address concerned will be blocked for subsequent advertising related data processing. We wish to point out that in exceptional cases, advertising materials may continue to be sent temporarily, also following receipt of your objection. This is due to technical reasons connected to the necessary lead time for adverts and does not mean that we are not implementing your objection. We appreciate your patience in this respect. 

3.3.5. Sending of newsletters

On our website, we offer you the option of registering for our newsletter. In order to ensure that no errors occurred when entering the email address, we use the so-called double opt in procedure. This means: Once you have entered your email address in the registration field, we send you a confirmation link. The email address is not included in our distributor until you click on this confirmation link. The processing of your electronic contact data here takes place exclusively on the basis of your consent in accordance with Article 6 Paragraph 1 Letter a) GDPR. You can revoke your consent which has been declared here at any time with effect for the future. For this purpose, a short note by email to the email address stated under 2 suffices or you can click on the "de-register" button at the end of each newsletter.

3.4. Online presence and website optimisation

3.4.1. Cookies - general notice

We use so-called cookies on our website. Should these cookies concern personal data, the use takes place in accordance with Article 6 Paragraph 1 Letter f) GDPR. Our interest in optimising our website is considered to be justified under the regulation referred to above. Cookies are small files which are automatically created by your browser and which are saved on your end device (laptop, tablet, smartphone etc) when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, trojan horses or other malicious software. Information which is gathered in connection with the specific end device being used is stored in the cookie. However, this does not mean that we obtain direct knowledge of your identity as a result. One of the purposes of the use of cookies is to make the use of our service more attractive to you. For this purpose, we use so-called session cookies in order to recognise that you have already visited certain pages of our website or have already registered through your customer account. These are automatically deleted when you leave our website. In addition, we also use temporary cookies for the purpose of user friendliness. These are saved on your end device for a specified period of time. Should you visit our website again in order to use our services, it is automatically recognised that you have already visited our website and what entries and settings you carried out, so that you do not need to do this again.

We also use cookies in order to record statistics concerning the use of our website and for the purpose of evaluating the optimisation of our services for you, as well as to provide you with special information tailored to you. These cookies enable us to automatically recognise that you have already visited our website, should you visit our website again. These cookies are automatically deleted after a defined time. Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies are saved on your computer or that a notice always appears before a new cookie is deposited. However, if you fully deactivate cookies, this may mean that you cannot use all functions of our website. The period of time for which the cookies are saved depends on their purpose of use and is not the same for all of these.

Under the following links you can find out how to manage (including deactivating) cookies on the most important browsers:

Chrome Browser: https://support.google.com/accounts/answer/61416?hl=de

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

3.4.2. Web Analytics Services

3.4.2.1. Google Analytics

For the purpose of tailoring our website to requirements and for the purpose of ongoing optimisation, on the basis of Article 6 Paragraph 1 Letter f) GDPR, we use Google Analytics, a web analysis service of Google Inc ("Google"). During this process, pseudonymised usage profiles are created and cookies are used. The information concerning your use of the website generated by the cookie, such as

  • browser type/version
  • operating system used
  • referrer URL (the preceding site visited)
  • host name of the accessing computer (IP address)
  • and time of the server query

are transferred to a Google server in the USA and saved there. The information is used to evaluate the use of the website, to compile reports concerning the website activities and to provide further services connected to the use of the website and use of the Internet for market research purposes and to ensure the design of these Internet sites is tailored to requirements. This information may also be transferred to third parties, should this be required by law or should third parties process this data on our behalf. Under no circumstances will your IP address be combined with other data by Google. The IP addresses are anonymised, so that it is not possible to attribute these (so-called IP masking).

You can prevent the installation of the cookies by setting your browser software accordingly. However, we wish to point out that in such a case, you may not be able to fully use all functions of this website.  You can also prevent the recording of the data generated by the cookie and which relates to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing this browser add on. As an alternative to the browser on, particularly in the case of browsers on mobile end devices, you can also prevent the recording by Google Analytics by clicking on this link. An opt out cookie is set, which prevents the future recording of your data when visiting this website. The opt out cookie is only valid in this browser and only for our website and is set on your device. Should you delete the cookies in this browser, you need to reset the opt out cookie. Further information concerning data protection in connection with Google Analytics can be found on the website of Google Analytics.

3.4.2.2. Hotjar

For the needs-based design and optimization of this website we also use the web analysis service Hotjar of Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta. Hotjar uses, among other things, cookies and so-called tracking codes, which enable an analysis of the use of our website. With the help of Hotjar, you can track movements on the website. For example, the following information is collected:

  • IP address of your terminal device (collected and stored in an anonymized format)
  • Screen size of your device
  • Device type and browser information
  • Geographic data (country only)
  • Language for displaying our website
  • User interactions
  • Mouse commands (movement, position and clicks)
  • Keystrokes
  • Referring domain
  • Websites visited
  • Date and time of access
     

Hotjar uses this information to evaluate your use of our website, to report on its use and to provide other services in connection with the evaluation of our website. In this way, we gain valuable information to make our website even faster and more customer-friendly. The above analysis is based on our legitimate interests in optimization and marketing purposes and the interest-appropriate design of our website in accordance with Art. 6 paragraph 1 letter f) GDPR.

Of course, when using Hotjar, we pay attention to the protection of your personal data. Due to its anonymization, we can only understand which buttons you click and how far you scroll. Areas of the website where personal data are displayed by you or third parties are automatically hidden by Hotjar and are therefore not complete at any point.

Hotjar allows every user to use this "Do Not Track header" to prevent the use of the Hotjar tool, so that no data about the visit to the respective website is recorded. This is a setting that all common browsers in current versions support. For this purpose, your browser sends a request to Hotjar, with the indication to deactivate the tracking of the respective user. If you use our website with different browsers/computers, you have to set up the "Do Not Track header" for each of these browsers/computers separately. For more information about data protection related to Hotjar, visit the Hotjar Ldt website.

3.4.3. Targeting

The targeting measures listed below which are used by us are carried out on the basis of Article 6 Paragraph 1 Letter f) GDPR. By means of the targeting measures which are used, we wish to ensure that only advertising which is in line with your actual or supposed interests is placed on your end devices. Not causing you a nuisance with advertising which is not of interest to you is in both of our interests.

3.4.3.1 Onsite-Targeting

By using cookies, information for the optimisation and display of adverts is recorded and evaluated on our website. For example, this information concerns statements concerning which of our products are of interest to you. The recording and evaluation take place exclusively in pseudonomymised form and do not enable us to identify you. In particular, the information is not combined with personal data relating to you. On the basis of the information, we can display products and services to you on our website which correspond to your interests based on your previous surfing behaviour. The cookie is automatically deleted when you leave our website.

3.4.3.2. Re-Targeting

We also use re-targeting technology of Google. This enables us to make our online service more interesting to you and to tailor it in accordance with your interests. For this purpose, a cookie is set, by means of which data relating to your interests is gathered by using a pseudonym. On the basis of this information, adverts concerning our products and services which are of interest to you are displayed on the websites of our partners. No direct personal data is saved and also no use profiles are combined with personal data relating to you. The cookie is saved for a period of up to two years and is then deleted automatically.

3.4.3.3. Objection / opt out option

Alongside the described de-activation methods, you can also prevent the targeting technologies referred to above generally by means of a corresponding cookie setting in your browser (see also 3.4.1). You also have the option of deactivating preference-based advertising with the assistance of the preference manager which can be obtained here.

3.5. Customer account

In order to provide you with the best possible comfort during the purchasing process, we can permanently store your personal data in a password protected customer account. The setting up of the customer account is voluntary and takes place on the basis of your consent in accordance with Article 6 Paragraph 1 Letter a) GDPR. Once you have set up the customer account, it is not necessary to enter data once again. In addition, you can view and alter the data saved about you in your customer account at any time.
In addition to the data requested when placing an order, you need to choose a password for setting up the customer account. Together with your email, address, this is necessary in order to access your customer account. Please treat your personal access data confidentially and be sure in particular not to make this accessible to any unauthorised third party. We cannot assume any liability for passwords which have been misused unless we are responsible for this. Please bear in mind that you remain automatically logged in after leaving our website, unless you actively log out. You can delete your customer account at any time. However, please bear in mind that the data which can be viewed in the customer account will not be deleted at the same time.

3.6. Contact form

In order to make contact initiation speedier and less complicated, you have our contact form available for queries and concerns, in compliance with the principle of integrity and confidentiality in accordance with Article 5 Paragraph 1 Letter f) GDPR and Article 32 Paragraph 1 Sentence 1 Half Sentence 2 Letters a) and d) GDPR.
When using the contact form, the personal data entered by you and your query, including the information provided therein will be saved and used for further processing. This takes place on the basis of Article 6 Paragraph 1 Letter f) GDPR. Unless statutory retention periods apply, the provided data will be deleted immediately once the matter is closed. Use for other purposes or the disclosure of data to third parties does not take place, unless you have consented to such.

4. Recipients outside of the EU

Apart from the processing of your data by us or by service providers engaged by us in Switzerland in accordance with the GDPR, with the exception of the processing stated under 3.4.2 we do not pass your data on to recipients headquartered outside of the European Union or European Economic Area. The processing named under 3.4.2 leads to a data transfer of the servers of the providers of tracking and targeting technologies engaged by us. These servers are located in the USA. The data transfer takes place in accordance with the principles of the so-called Privacy Shield and on the basis of so-called standard contractual clauses of the EU Commission.

5. Your rights

5.1. Overview

Alongside the right to revoke any consent you have issued to us, you have the following additional rights, should the respective statutory requirements be present:
Right to information in relation to your personal data saved by us in accordance with Article 15 GDPR; in particular, you can obtain information concerning the processing purposes, the category of the personal data, the category of recipients to whom your data was or is being disclosed, the planned period of saving and the origin of your data, should this not have been obtained from you directly.
Right to correction uof incorrect data or to completion of correct data in accordance with Article 16 GDPR.
Right to deletion of your personal data saved by us in accordance with Article 17 GDPR, unless statutory or contractual retention periods or other statutory rights and obligations concerning the continued saving of the data must be complied with.
Right to restriction of the processing of your data in accordance with Article 18 GDPR, should the correctness of the data be disputed by you, should the processing be unlawful but you reject its deletion, should the responsible body no longer require the data however you require it in order to claim, exercise or defend legal claims or should you have submitted an objection to the processing in accordance with Article 21 GDPR.
Right to data transferability in accordance with Article 20 GDPR, ie the right to be provided with selected data saved by us in a current, machine readable format or to request the transfer to another responsible body.
Right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or of our place of business in this respect.

5.2. Right of objection

In line with the requirements of Article 21 Paragraph 1 GDPR, the processing of data can be objected to for reasons connected to the specific situation of the affected person.
The general right f objection applies to all processing purposes described in this data protection information which are carried out on the basis of Article 6 Paragraph 1 Letter f) GDPR. Except for the special right of objection relating to the processing of data for advertising purposes (see 3.3.3 above), according to the GDPR we are only obliged to implement such a general objection if you state significant reasons for such (for example possible danger to life or health). In addition, you have the option of contacting a supervisory authority or competent body, should you have a reason to object.

6. Data security

All data transmitted by you personally, including your payment data, is transferred with the generally normal and secure standard SSL (secure socket layer). SSL is a secure and trusted standard, which is also used in online banking for example. Amongst others, you can recognise a secure SSL connection by the attached s in the http (for example https://...) in the address list of your browser or by the key symbol in the lower part of your browser.
We also use suitable technical and organisational security measures in order to protect your personal data saved by us against manipulation, partial or complete loss or unauthorised third party access an endeavour to constantly improve our security measures in line with technical developments.

7. Changes to the data protection information

Technological developments, statutory guidelines or differing processes may also impact on this data protection information. Therefore, we reserve the right to alter this data protection information at any time with effect for the future. The respective current version of the data protection information can be found on our website. We recommend that you regularly visit this document which forms part of our web shop, so that you can familiarise yourself with the respectively applicable provisions.

As of: 09.09.2019

Viewed