We take the protection of your personal data very seriously and handle your data confidentially and in accordance with legal data protection regulations.


Controller in the sense of Art. 24 of the GDPR

WFL Millturn Technologies GmbH & CO KG (hereinafter known as WFL, we or the controller) Wahringerstrasse 36 4030 Linz, office(at)


Data collection and processing

We only collect and process the personal data required for the establishment and content wording or amendment of our legal relationship (inventory data). We do not collect personal data through the use of our websites (usage data).


Contact and quotation form

If you decide to contact us using the forms on our website, the personal data that you supply to us (for example name, title, email address, address and your concern) will be processed. These data will be processed to respond to your questions, address your concerns or otherwise communicate with you. The forms on our website are linked to Salesforce Pardot to record your enquiry in our Salesforce CRM system and for the purposes of making contact with you or sending you information. Salesforce does not save any IP addresses, but instead uses the individual assignment features “unique visitor ID” and “unique identifier”.

Legal principle:

  • Art. 6 paragraph 1 letter b of the GDPR – performance of (pre-)contractual duties.

Legal principles:

  • Consent under Art. 6 paragraph 1 letter a of the GDPR
  • Performance of a contract or pre-contractual action as described in Art. 6 paragraph 1 letter b of the GDPR.

Duration of storage:

  • 7 years from the receipt of the enquiry



If you have subscribed to our newsletter on the website, the personal data you provided (for example name, email address, date of birth and product preferences) will be processed to enable us to send you the newsletter you require containing tailored information about our products and promotions. If you no longer wish to receive the newsletter, you can unsubscribe at any time by clicking on the appropriate link in the newsletter.

Legal principle:

  • Art. 6 paragraph 1 letter a of the GDPR – consent.

Some of the data which we request in conjunction with our offerings described above may be marked as mandatory (*). You are not obliged to provide these data. However, if you do not provide this information it is possible that we will be unable to process your enquiry or provide our services to you.

The following cookies will be set (for the duration of one session):

  • If Pardot Salesforce Marketing Automation is used, the following will also be set:
  • Visitor cookie
  • Pardot app session cookie​


Pardot Salesforce Marketing Automation

We use the analysis tool Pardot from, inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States. Pardot Services sets a maximum of two cookies. These are one 'visitor cookie' and one 'Pardot app session cookie'. These cookies generate an identification number with which the browser of the website visitor can be recognised. The identification number is a generated numerical code, which has no meaning outside Pardot Services. The “Pardot app session cookie” is only set if a customer logs into the Pardot app as a user. All cookies only receive a generated numerical code. We use Pardot to analyse the use of our website so that we can make regular improvements to it. For this purpose, we analyse user and clicking behaviour on our website to enable us to ensure that our communication is better suited to our customers’ needs.

We also use the Pardot newsletter tool from our service provider to send and process it. We evaluate user behaviour using the tracking technologies provided in this software. To do so, we analyse reading habits, monitor whether our emails are opened, check which links are clicked and what the interests of our recipients are. This information enables us to improve the emails that we send and our services. Further information relating to the privacy policy of our service provider is available at

Duration of storage:

  • Until you withdraw your consent


Double opt-in and logging

Subscription to our newsletter uses what is known as the double opt-in method. This means that after you subscribe, you will receive an email in which you are requested to confirm your subscription.

Subscriptions to the newsletter are logged to enable us to provide the evidence of the subscription process that legal requirements demand. This process also includes saving the times of the subscription confirmation and the relevant IP address.


Job applications

When you send your job application to us, you expressly consent to our processing your personal data. The forwarding, processing and use of these data are restricted to HR search and HR administration purposes. The processing may also take place electronically. This is particularly the case if you have sent us your application documents electronically, for example by email or using our career portal.

If the application results in a contract of employment, the data you sent us will be processed on the basis of the statutory regulations. If, however, no contract of employment results, your job application documents will be deleted after an archiving period of six months as required by law unless this deletion is opposed by other legitimate interests.

As part of the application process, we use a tool provided by eRecruiter GmbH (eRecruiter GmbH, Am Winterhafen 4, A-4020 Linz, Universitätsring 8/Stg. II/1A, Austria). Your application will be forwarded to its server. The privacy policy of eRecruiter GmbH applies to this process and can be found at htps://

You may withdraw your consent at any time. Your data may not be forwarded, processed or used after you have withdrawn your consent. Furthermore, you are entitled to request information about or an update to your personal data.

Legal principles:

  • Consent under Art. 6 paragraph 1 letter a of the GDPR

Duration of storage:

  • 6 months from the date on which you withdrew your consent
  • Also, 3 years if express consent for this has been granted


Server log

We automatically collect and store information in log files that are transmitted to us automatically by your browser. These include browser type/browser version, operating system used, referrer URL and time of server request. These data cannot be assigned to specific persons. These data are not collated with other data sources.

Legal principles:

  • Our legitimate interests as described in Art. 6 paragraph 1 letter f of the GDPR

Duration of storage:

  • 6 months from the creation date


myMILLTURN privacy policy

Data protection is one of myMILLTURN’s highest priorities. We know how sensitive corporate data are and therefore take careful precautions to ensure that they remain secure – by means of technically encrypted, exclusive and individually reviewed access to the system but also by the encryption of the data themselves, using one of the most powerful encryption systems available. The data we receive are reviewed by us and treated in absolute confidentiality. The profiles of individual companies are not visible to other users. Users of the portal are also subject to a duty of confidentiality, to which they agree when they register. Personal login data must not be disclosed to third parties by users (not even to parties within the same company). All MILLTURN customers will be sent their personal access details on request.

Legal principles:

  • Consent under Art. 6 paragraph 1 letter a of the GDPR
  • Performance of a contract or pre-contractual action as described in Art. 6 paragraph 1 letter b of the GDPR.

Duration of storage:

  • Up to the end of our working relationship and thereafter on the basis of any applicable statutory archiving periods (for example, 7 years from the receipt of the enquiry)

Data transmission/transfer to third parties

Your personal data will not be transferred to third parties for any purposes other than those listed below.

We only transfer your personal data to third parties if:

  • you have granted express consent for this under Art. 6 paragraph 1 letter a of the GDPR,
  • the transfer is required to protect our corporate interests as described in Art. 6 paragraph 1 letter f of the GDPR and to lodge, exercise or defend lawsuits, and there is no reason to assume that you have an overriding interest in your data not being transferred,
  • if there is a statutory duty to transfer the data under Art. 6 paragraph 1 letter c of the GDPR and
  • this is permitted under the law and is necessary for the performance of contracts under Art. 6 paragraph 1 letter b of the GDPR.

The controller may forward your personal data to suppliers who provide services on our behalf and on the basis of our instructions. The controller may also forward your personal data to our affiliates and partners. Furthermore, the controller may also disclose your personal details if we have a statutory, legal or official duty to do so or if we hold the view that disclosure is necessary or reasonable to prevent physical damage or financial losses.

The controller reserves the right to transfer the personal data that we have about you if we sell or transfer our business or assets in full or in part (including restructuring, winding up or liquidation).


Data transfers

The controller may also transfer your personal data to countries outside the country in which the information was originally collected. The same data protection laws may not apply in these countries as in the country in which you originally provided your personal data. If we transfer your data to other countries, we will protect these data as described in this privacy policy and these data transfers are also subject to the relevant laws.

The countries to which we forward your personal data are located

  • within the European Union or
  • outside the European Union

If we transfer personal data from the European Union to countries or international organisations outside the European Union, any such transfer takes the place on the basis of an

  • adequacy decision made by the European Commission;
  • In the absence of any such decision, the data will be transferred on the basis of other legally admissible grounds such as the existence of a legally binding, enforceable document between the authorities or public bodies, binding internal corporate rules, standard data protection clauses and approved or certified codes of conduct.

In exceptional cases, data may also be transferred on the basis of Art. 49 of the GDPR:

  • Art. 49 paragraph 1 letter a of the GDPR where the data subject has expressly consented to the proposed data transfer after being informed of the possible risks to them of such data transfers without the existence of an adequacy decision and without suitable guarantees,
  • Art. 49 paragraph 1 letter b of the GDPR where the transfer is required for the performance of a contract between the data subject and the controller or to perform pre-contractual measures at the request of the data subject,
  • Art. 49 paragraph 1 letter c of the GDPR where the transfer is required to conclude or perform a contract concluded in the interest of the data subject by the controller with another private individual or a legal entity.


Use of cookies

Some of the websites use cookies. The purpose of these is to make our services more user-friendly, effective and secure. Cookies are small text files that are placed on your computer and stored in your browser. The majority of the cookies we use are 'session cookies'. They are automatically deleted at the end of your visit. Cookies do not damage your computer and do not contain any viruses.


Google Analytics and Leadfeeder

This website uses Google Analytics, a web analysis service of Google Inc. ('Google') and Leadfeeder. Both use text files called 'cookies', which are stored on your computer and make it possible to analyse your use of the website. The information on your use of this website that is generated by the cookie is generally transmitted to a Google server in the USA and stored there. You can find more information on the way user data is handled in Google Analytics in Google's Privacy Policy: htps://


Browser plugin

You can prevent the storage of cookies through appropriate configuration of your browser software; however, we wish to point out that, in this case, you may not be able to make full use of all the functions of this website. In addition, you can prevent Google from collecting the data generated by the cookie pertaining to your website usage (including your IP address) and from carrying out processing of this data, by downloading and installing the browser plugin available at the following link: htps://


Objection to data recording

You can prevent Google Analytics from recording your data by clicking on the following link. An opt-out cookie will be set up that prevents recording of your data for future visits to this website: Disable Google Analytics


Google Tag Manager

This website uses Google Tag Manager. This service enables website tags to be managed using an interface. Google Tag Manager only implements tags. It does not set any cookies or record any personal data. Google Tag Manager deploys tags which may record data. Google Tag Manager does not access these data. If the user disables this process at domain or cookie level, this remains in force for all tracking tags as long as they are implemented by Google Tag Manager. More information about Google Tag Manager is available using the following link: htp:// The user can prevent all tags from Google Tag Manager being sent. For this purpose, the user must click on the following opt-out link to place the Google Tag Manager disabling cookie in his browser. Further information is available in the user guidelines at


How do we secure and protect your personal data?

All personal, confidential or otherwise sensitive data is protected according to the relevant security policies. The technical and organisational measures implemented by WFL are constantly being adapted to comply with the current legal situation in respect of data protection and reflect the latest state of the art. The employees who process your personal data are conversant with the relevant data protection regulations pertaining to your work.


What data protection rights do I have?

The General Data Protection Regulation provides you with extensive rights, such as the following:

  • Right of access (Art. 15 of the GDPR)
  • Right to rectification (Art. 16 of the GDPR)
  • Right to erasure (Art. 17 of the GDPR)
  • Right to restriction of processing (Art. 18 of the GDPR)
  • Right to data portability (Art. 20 of the GDPR)
  • Right to object (Art. 21 of the GDPR)
  • Right to withdraw consent (Art. 7 paragraph 3 of the GDPR)
  • Right to lodge a complaint (Art. 77 of the GDPR)

Please contact us if you wish to exercise your rights (office(at)

We cannot process any data subject concerns unless we have first successfully established your identity. With this in mind, we would be grateful if you would support us in establishing your identity and attach a copy of your ID with your enquiry. If you come to the conclusion that your data being processed breaches data protection regulations or your legal data protection rights have otherwise been infringed, you can complain to the supervisory authority. In Austria, this is the Datenschutzbehörde (Data Protection Authority), Wickenburggasse 8, 1080 Vienna.


SSL encryption

We use state of the art encryption methods (for example SSL) using HTTPS to protect the security of your data whilst they are being transferred. You can identify an encrypted connection by the character sequence “https://” and the padlock icon in your browser bar


Amendments or supplements

We reserve the right to make amendments or supplements to the information content at any time without notice. If parts or individual formulations of this text are not, no longer or not completely in keeping with the current legal situation, the content and validity of the remaining parts of the document will not be affected.

Date of issue 10/2022



Back to top