Privacy Notice of Wefatherm GmbH
General information regarding the handling of your data
The following notes provide you with information on the type, scope and purposes of the collection, use and processing of personal data on our website:
- Responsible Office – contact
- Data processed by us
- Data Security
- Collection of personal data when visiting our website
- Transfer of data to third parties and third party providers
- Where is your personal data stored?
- Integration of third party content
- Your rights regarding your data
- Right of objection
- Deletion and retention periods of your data
- Updates to our Privacy Notice
1. Responsible Office – contact
1.1 Responsible body within the meaning of the Data Protection Act
The responsible body within the meaning of Article 4 (7) of the EU General Data Protection Regulation (GDPR) is:
Managing directors: Peter Heine, Frank Thielen
Phone.: +49 5031 53 700
a) If you have any questions regarding data protection, or if you wish to exercise any rights or claims regarding your personal data, you can contact us using the contact details given above (under section 1.1.).
b) When you contact us (e.g. by telephone, e-mail), your details will be stored in accordance with Art. 6 para. 1 lit. b) GDPR for the purpose of processing your enquiry and in the event that follow-up questions arise. We delete the data arising in this connection after storage is no longer required or restrict processing if there are legal obligations to retain data (see number 12).
2. Data processed by us
2.1. Legal grounds
a) Personal data may be processed during each visit to our website. Your personal data will only be processed if this is legally permitted (legal basis). This is the case in accordance with Art. 6 para. 1 GDPR, if
- you have given us your consent, or
- the processing is necessary for the performance of our contract with you, or
- pre-contractual measures are required in the event of a request by you, or
- the processing is necessary in order to protect your vital interests, or
- to protect that of another natural person, or
- the processing is necessary for the protection of our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, outweigh the processing (balancing of interests)
b) The personal data collected from you will be deleted as soon as the purpose of the collection no longer applies (see section 12).
2.2. What are personal data?
a) The meaning of “personal data” can be derived from Article 4 of the General Data Protection Regulation (GDPR). According to this, personal data is information that can be assigned to your person using proportionate means. Personal data are divided into four groups. These include inventory data (e.g. names and addresses of customers), contract data (e.g. services used, names of clerks, payment information), usage data (e.g. the websites visited by our online offer, interest in our products) and content data (e.g. entries in the contact form). Information that cannot be attributed to a specific or determinable person, or only with a disproportionately large expenditure of time, cost and labour, are called anonymous data and are therefore not personalized.
b) In addition, when visiting our website, certain data is also processed for technical reasons. These are mainly technical information such as the IP address that your Internet access provider assigns to your computer when you connect to the Internet, or information about the Internet page from which you accessed our website or about the type and version of the Internet browser you are using. However, this also includes login data, your operating system, download errors, the length of visits to certain pages, and all telephone numbers from which you call our customer service number. This technical information may be personal data in individual cases. That technical information will only be used by us if this is necessary for technical reasons concerning the operation and protection of our website against attacks and misuse in accordance with Art. 6 para. 1 (f) GDPR.
2.3. What does “processing” mean?
“Processing”, as defined by Article 4 of the GDPR, includes all operations that are part of the handling of data. The term “processing” covers not only the collection or registration of data, but also its organisation, classification, storage, adaptation or modification. However, the term also covers other actions, such as actual use, or transmission or distribution. Ultimately, however, this also includes the restriction, deletion or destruction of data.
3. Data Security
The security of your personal data has a very high priority for us. Therefore, we protect your stored data by technical and organisational measures. This ensures compliance with data protection laws and effectively prevents loss or abuse by third parties. In particular, our employees who process personal data are obliged to maintain data secrecy and must comply with it.
Our website uses secure SSL encryption when transmitting personal data or personal content of our users. Please make sure that SSL encryption is activated for corresponding activities from your side. You can recognise an encrypted connection by your browser’s address bar changing from “http://” to “https://”. Data encrypted via SSL cannot be read by third parties. Therefore, please transmit your confidential information only if SSL encryption is activated and contact us if in doubt.
5. Collection of personal data when visiting our website
a) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to ensure its stability and security [legal basis is Art. 6 para. 1 (f) GDPR]:
- the IP address of the requesting device (i.e. your computer or smartphone)
- Date and time of access to our website,
- Search words you used to find our site,
- Time zone difference to Greenwich Mean Time (GMT),
- Content of the request ( specific page),
- Access status/ http status code,
- the amount of data transmitted,
- the website from which access is made (referrer URL),
- Operating system and its interface,
- as well as the browser used and, if applicable, the operating system of your computer and the name of your access provider.
b) For security reasons (e.g. for the investigation of potential cases of abuse or fraud), the above-mentioned data will be stored for a maximum of seven days and then deleted. Data whose further storage is required for evidential purposes are excluded from deletion until the respective incident has been conclusively clarified.
c) In addition to the data mentioned above, cookies are stored on your computer when you use our website. You will find more detailed information on cookies under section 8.
d) The data are collected by us on the basis of our legitimate interests as defined in Art. 6 para. 1 (f) GDPR. We do not use the collected data for the purpose of drawing conclusions about your person. The purposes pursued by us include in particular:
- ensuring a smooth connection to the website,
- ensuring a comfortable use of our website,
- the investigation of cases of abuse or fraud,
- the evaluation of system safety and stability, and
- other administrative purposes.
6. Transfer of data to third parties and third party providers
a) Data will only be passed on to third parties within the scope of the legal requirements. We therefore only pass on user data to third parties if:
- you have given your explicit consent in accordance with Art. 6 para. 1 (a) GDPR,
- the passing on is necessary in accordance with Art. 6 para. 1 (f) GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have a serious, great interest in your data not being passed on,
- if there is a legal obligation to pass on the data in accordance with Art. 6 para. 1 © GDPR, and
- this is legally permitted and is required under Art. 6 para.1 (b) GDPR for the handling of contractual relationships with you.
b) When passing on your personal data, we always ensure the highest possible level of security. For this reason, your data will only be passed on to service providers and partner companies that have been carefully selected and contractually obliged to ensure that personal data is protected in accordance with the relevant legal regulations.
c) We would like to point out to you that in addition to this data protection declaration, the data protection guidelines and declarations of the locally responsible partners and their authorised institutions may also apply.
7. Where is your personal data stored?
a) The personal data we collect is generally stored within the European Union (“EU”). However, it may happen in exceptional cases that personal data is transferred to non-European countries. In these so-called “third countries” the GDPR is not a directly applicable law. In such countries, the data protection law may be less strict.
b) Such transfer of data to countries outside the European Economic Area may occur, for example, when processing a request for services or providing support services by electronic means.
a) We use so-called “cookies” to recognise multiple use of our offer by the same user or Internet connection holder. Cookies are small text files that are stored by the web browser on the user’s terminal device to store certain information.
c) The cookies used by the website are divided into the following categories according to their purpose and function: Necessary cookies; functional cookies; performance cookies; marketing / third party cookies; cooking requiring consent.
Necessary cookies ensure that this website and the service functions properly. Functional cookies enable this website to store information such as the user name or language selection and to offer the user improved and personalised functions based on this information. These cookies collect and store only anonymous information. Performance cookies collect information on how our website is used in order to improve its attractiveness, content and functionality. Marketing / third party / consent cookies originate from external advertising companies and are used to collect information about the websites last visited by the user.
d) Necessary cookies cannot be deactivated or activated individually. The user has the possibility to adjust his cookie settings at any time or to deactivate cookies generally in his browser. The user can object to the use of functional cookies, performance cookies or marketing cookies at any time by adjusting his cookie settings accordingly. However, the exclusion of cookies may lead to functional restrictions of this online service. Information on how to deactivate cookies in the most common browsers can be found under the following links:
- Google Chrome https://support.google.com/chrome/answer/95647
- Microsoft Internet Explorer https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
- Safari https://support.apple.com/kb/PH19214?locale=de_DE&viewlocale=de_DE
- Firefox https://support.mozilla.org/de/kb/Cookies-blockieren
- Opera http://help.opera.com/Windows/9.20/de/cookies.html
9. Integration of third party content
9.1. Google Maps
a) On our website we use the services of Google Maps, a web service of Google Inc. (“Google”), 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
b) The use of Google Maps is based on our legitimate interests within the meaning of Art. 6 para. 1 (f) GDPR. We use Google Maps to display interactive maps directly on the website and provide you with the convenient use of the map function. This enables us to make our offer more interesting for you as a user.
c) By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under section 5 will be transmitted. This will occur regardless of whether Google provides a user account which you are logged in to or whether no user account exists. If you are logged in to your Google account, your data will be directly associated with your account. If you do not want your profile to be associated with your profile on Google, you must log out before activating the button.
Google stores your data in user profiles and uses them for the purposes of advertising, market research and/or the demand-oriented design of its website. Such an analysis is carried out in particular (even for users who are not logged in) to offer demand-oriented and tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. You must contact Google to exercise this right.
9.2. Integration of YouTube
a) Components (videos) of the company YouTube are used on our website. The legal basis for the use of YouTube is Art. 6 para. 1 (f) GDPR. We use it in order to make our website more appealing to the respective user and thereby make it better known. The advertising purpose behind this is to be regarded as a legitimate interest within the meaning of the GDPR.
b) YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, is a company belonging to Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA.
c) The YouTube videos on our website are all embedded in “enhanced privacy mode”, which means that no data about you as a user is transferred to YouTube if you do not watch the videos. Only when you do start playing the videos, the following data will be transmitted. We have no influence on this data transmission.
d) By visiting the website, YouTube is informed that you have visited the relevant subpage of our website. In addition, the data referred to under section 5 will be transmitted. This occurs regardless of whether YouTube provides a user account which you are logged into or whether no user account exists.
e) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under section 5 will be transmitted. This will occur regardless of whether YouTube provides a user account which you are logged in to or whether no user account exists. If you are logged in to your Google account, your data will be directly associated with your account. If you do not want your profile to be associated with YouTube, you must log out before activating the button.
YouTube stores your data in user profiles and uses them for the purposes of advertising, market research and/or the demand-oriented design of its website. Such an analysis is carried out in particular (even for users who are not logged in) to offer demand-oriented and tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. You must contact YouTube to exercise this right.
9.3. Google Analytics
a) For the purpose of a demand-oriented design and continuous optimisation, we use Google Analytics, a web analysis service of Google Inc. (“Google”), 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
b) The use of Google Analytics is based on our legitimate interests within the meaning of Art. 6 para. 1 (f) GDPR. We use Google Analytics to analyse and thus regularly improve the use of our website. We can use the statistics obtained to optimise our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has committed itself to the EU-US Privacy Shield and thus offers a guarantee of compliance with European data protection law https://www.privacyshield.gov/EU-US-Framework.
c) We also use Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”.
d) We use Google Analytics with the addition “_anonymizeIp()”. This allows IP addresses to be processed in a shortened form, thus excluding the possibility of identifying a person. If the data collected about you contains a personal reference, it will immediately be excluded. The personal data will therefore be deleted immediately.
e) We use the “demographic characteristics” function of Google Analytics. This allows us to create reports that contain statements about the age, gender and interests of the site visitors. This data comes from interest-based advertising by Google as well as from visitor data from third parties. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google Account or generally prohibit the collection of your data by Google Analytics as described in the section “Objection to data collection”.
f) Google Analytics uses so-called “cookies”, text files which are stored on your computer and allow an analysis of your use of the website (see clause 8). The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other states which are party to the Agreement of the European Economic Area. Only in exceptional cases the full IP address will be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating the use of the website by users, compiling reports on website activity and providing other services to the website operator relating to website activity and internet usage.
g) The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
i) You can find further information on the use of data for advertising purposes by Google, as well as setting and objection options, on their websites:
- Use of data by Google http://www.google.com/analytics/terms/de.html
- Use of data for advertising purposes http://www.google.com/policies/technologies/ads
- About data protection https://marketingplatform.google.com/about/analytics/terms/de/
a) On the basis of our legitimate interests [i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 (f) GDPR] we use the marketing and remarketing services (in short “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
b) Google is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law, (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
c) Google’s marketing services allow us to display advertisements for and on our website in a more targeted manner to show users only ads that potentially match their interests. E.g. if users see ads for products they were interested in on other websites, these are referred to as “remarketing”. When accessing our and other web pages on which Google marketing services are active, Google executes a Google code directly and (re)marketing tags (invisible graphics or code, also known as “web beacons”) will be incorporated into the web page. This happens for the purposes mentioned above. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com and googleadservices.com. This file records which websites the user has visited, what content he is interested in and which offers he has clicked on, as well as technical information on the browser and operating system, referring websites, visiting time and other information on the use of the online offer. The IP address of the user is also recorded. Within the framework of Google Analytics, we inform you that the IP address is shortened within member states of the European Union or in other states that are party to the Agreement on the European Economic Area and only in exceptional cases is it transmitted in full to a Google server in the USA and shortened there. The IP address is not merged with user data within other Google offers. Google may also combine the above-mentioned information with information from other sources. If the user subsequently visits other websites, advertisements tailored to the user’s interests may be displayed.
d) User data is processed pseudonymously within the framework of Google marketing services. This means that Google does not store and process the name or e-mail address of the user, but processes the relevant data cookie-related within pseudonymous user profiles. This means that from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected by Google marketing services about the users is transmitted to Google and stored on Google’s servers in the USA.
e) The Google marketing services we use include the online advertising programme “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked via the websites of AdWords customers. The information collected through the cookie is used to compile conversion statistics for AdWords customers who have chosen conversion tracking. The AdWords customers will know the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
g) If you wish to object to interest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google: https://adssettings.google.com/authenticated
9.5. Google Ad-sense
a) For the purpose of demand-oriented design and continuous optimisation and to record our website statistically, we also use Google Adsense, a web analysis service of Google Inc. (“Google”), 1600 Amphitheatre Parkway Mountain View, CA94043, USA.
b) The use of Google Adsense is based on our legitimate interests within the meaning of Art. 6 para. 1 (f) GDPR. We use the service to display advertisements on our website and receive payment for this. For these purposes, usage data such as the click on an advertisement and the IP address of the user are processed, whereby the IP address is shortened by the last two digits. Therefore, the processing of the users’ data is pseudonymised. For the exceptional cases in which personal data is transferred to the USA, Google has committed itself to the EU-US Privacy Shield and thus offers a guarantee to comply with European data protection law https://www.privacyshield.gov/EU-US-Framework.
c) For advertisements that are displayed on our website, we receive a fee for their display or other use. For these purposes, usage data, such as the click on an advertisement and the IP address of the user are processed, whereby the IP address is shortened by the last two digits. Therefore, the processing of user data is pseudonymised.
9.6. Use of LinkedIn
a) We use the LinkedIn social plugin on our website. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
b) The legal basis for the use of the plugins is Art. 6 para. 1 (f) GDPR. We use it in order to make our website more appealing to the respective user and thereby make it better known. The advertising purpose behind this is to be regarded as a legitimate interest within the meaning of the GDPR.
c) In order to increase the protection of your data when visiting our website, these buttons are not fully integrated into the page as plug-ins, but only using an HTML link. This type of integration ensures that no connection is made to LinkedIn’s servers when you visit a page on our website containing such buttons. When you click on the button, a new browser window opens and accesses the LinkedIn page, where you can interact with the plug-ins there (possibly after entering your login data).
10. Your rights regarding your data
You have the following rights regarding the processed data:
- in accordance with art. 15 of the GDPR, you can request information about your personal data processed by us. In particular, you may request information on the purposes of the processing, the category of personal data, the categories of recipients to whom your data have been or will be transmitted, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, if applicable, meaningful information on the details of the data;
- in accordance with Art. 16 GDPR, you can immediately request the correction of incorrect or incomplete personal data stored by us;
- in accordance with Art. 17 GDPR, you can request the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or if the data is necessary for the assertion, exercise or defence of legal claims
- in accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR
- in accordance with Art. 20 GDPR, you have the right to data transmission, i.e. to receive your personal data that you have provided us with in a structured, common and machine-readable format or may request the transfer to another responsible party, provided that the processing is based on your consent or on a contract with us and that the processing was carried out by using automated procedures. However, in the case of a transfer of data to another party, you can only request the transfer if it is technically feasible;
- In accordance with Art. 7 Para. 3 GDPR, you can withdraw your consent to us at any time. As a result, we may no longer continue to process the data that was based on this consent in the future; and
- Under Art. 77 GDPR, you have the right to file a complaint to a supervisory authority. To do so, you may contact the supervisory authority at your usual place of residence or work or at our head office.
In order to exercise your rights to correct or delete personal data, to request information, to revoke a consent or to object, only a simple message to us is required. There are no costs for you to exercise your rights. You can contact us using the contact information provided in section 1.1. of this data protection declaration.
11. Right of objection
a) If you have given your consent to the processing of your data, you can withdraw this consent at any time. After you have expressed it to us, such a withdrawal will affect the permissibility of the processing of your personal data.
b) If we base the processing of your personal data on the balancing of interests, you may object to the processing. If you do so, please explain the reasons why we should not process your personal data as we have done. If your objection is well-founded, we will examine the situation and either stop or adapt the data processing or outline our compelling reasons for continuing the processing. We will inform you of such compelling reasons. You have the right to file a complaint at any time to a supervisory authority (e.g. the supervisory authority at your place of residence or at the registered office of our company).
c) You can object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can inform us about your objection to advertising by using the contact details given in section 1.1.
d) If you wish to make use of your right of withdrawal or objection, it is sufficient to send an e-mail to the person named in section 1.1.
12. Deletion and retention periods of your data
a) The data stored with us will be deleted as soon as they are no longer required for the intended purpose. For details, please refer to the sections of this notice which explain the nature and purpose of the processing of personal data in question.
b) Data which we are required to be stored by law, statutes or contractual obligations (e.g. for tax reasons) will be blocked instead of deleted to prevent use for other purposes. This includes storage for 6 years in accordance with § 257 (1) German HGB (for trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) or storage for 10 years in accordance with § 147 (1) AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
13. Updates to our Privacy Notice
a) This Privacy Notice is currently valid and was updated in November 2020.
b) Due to changes in the law or adjustments in data processing, it may be necessary to update this data protection declaration. We therefore recommend that you check this page regularly for changes. If the change affects your consent or the provisions of the contractual relationship, these will only be made with your consent. You will be contacted separately by us for this purpose.