We are delighted that you’re interested in our company. Data protection is very important to the senior management team at Vincenz Wiederholt GmbH. In principle, it is possible to use the Vincenz Wiederholt GmbH website without entering any personal data. If a data subject wishes to make use of specific services from our company via our website, it may be necessary to process personal data. If it is necessary to process personal data and there is no legal basis for doing so, we will request permission from the data subject.
As the data controller, Vincenz Wiederholt GmbH has implemented numerous technical and organisational measures in order to ensure the protection of the personal data processed through this website with as few gaps as possible. However, online data transmissions may have fundamental security holes, meaning that absolute protection cannot be assured. For this reason, each data subject is free to submit personal data to us by alternative methods, by phone for example.
a) Personal data
Personal data is all the information relating to an identified or identifiable natural person (hereafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
Processing is a process carried out with or without the help of automated procedures or any such series of processes in connection with personal data, such as the collection, recording, organisation, ordering, storage, amendment or modification, reading, querying, use, publication through transmission, dissemination, comparison or linking, restriction, erasure or destruction of data.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.
Profiling is any type of automated personal data processing in which this personal data is used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, conduct, location or change of location.
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be associated with a specific data subject without additional information so long as this additional information is stored separately and is subject to technical and organisational measures guaranteeing that the personal data is not allocated to an identified or identifiable natural person.
g) Controller or data controller
The controller or data controller is the natural or legal person, authority, organisation or other body who – individually or together with others – determines the purposes and means of the processing of personal data. If the purposes and means of such processing are specified by EU law or by the law of the Member States, provision may be made for the controller to be designated in accordance with specific criteria in EU law or by the law of the Member States.
The processor is a natural or legal person, authority, organisation or other body who processes the data on behalf of the controller.
The recipient is a natural or legal person, authority, organisation or other body to whom personal data is disclosed, regardless of whether they are a third party or not. However, authorities who may receive personal data as part of a specific investigation mandate in accordance with EU law or the law of the Member States shall not be considered to be recipients.
j) Third parties
A third party is a natural or legal person, authority, organisation or other body outside of the data subject, the controller, the processor and the people who, under the direct authority of the controller or the processor, are authorised to process personal data.
Consent is any freely-given, informed and unambiguous declaration of will by the data subject in the form of a declaration or other clear, affirmative act by which the data subject confirms that they consent to the processing of personal data relating to them.
2. Name and address of the data controller
The controller, as defined by the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other regulations relating to data protection, is:
3. Contact details for the Data Protection Officer
The Data Protection Officer can be contacted in the following ways:
Tel.: +49 (0) 2301 / 80-318
Any data subject can contact our Data Protection Officer directly with any questions or comments regarding data protection at any time.
4. Collection of general data and information
Whenever the Vincenz Wiederholt GmbH website is accessed by a data subject or an automated system, the website collects a range of general data and information. The general data and information are stored in the server’s log files. The (1) browser type and version used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-sites on our website which an accessing system visits, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet Service Provider for the accessing system and (8) other similar data and information which is used for emergency response in the event of attacks on our IT systems may be recorded.
In the event of this general data and information being used, Vincenz Wiederholt GmbH draws no conclusions about the data subject. Rather, this information is required in order to (1) correctly deliver the content of our website, (2) to optimise the content of our website and advertising for it, (3) to ensure the ongoing functionality of our IT systems and the technology of our website and (4) to provide the information required for prosecution to the law enforcement authorities in the event of a cyber-attack. This anonymously-collected data and information is therefore subjected to statistical analysis by Vincenz Wiederholt GmbH and is furthermore analysed with the aim of improving data protection and data security within our company in order to ultimately ensure an optimal level of protection for the personal data we have processed. The anonymous data in the server log files is stored separately from all personal data given by a data subject.
The data subject can prevent cookies being placed by our website at any time via the appropriate setting on the web browser they are using and thus permanently reject the placement of cookies. Furthermore, cookies which have already been placed can be erased at any time via a web browser or other piece of software. This can be done using any popular web browser. If the data subject deactivates cookie placement in the web browser used, full use of some of the functions of our website may not be possible.
6. Contacting us via our website
Due to statutory regulations, the Vincenz Wiederholt GmbH website contains information making it possible to quickly get in touch with us electronically and to communicate with us directly, including a general email address. If a data subject contacts the data controller by email or via a contact form, the personal data transmitted pertaining to the data subject is automatically stored. Personal data sent voluntarily by a data subject to the data controller is stored for the purposes of processing and contacting the data subject. This personal data is not passed on to third parties.
7. Routine erasure and blocking of personal data
The data controller shall process and store personal data relating to the data subject only for the period of time necessary to achieve the purpose for which the data is stored or if provided for by the European legislature or any other legislature in laws or regulations to which the controller is subject. If the purpose for which the data is stored lapses or the data retention period stipulated by the European legislature or another competent legislature expires, the personal data shall be routinely blocked or erased in accordance with the legal regulations.
8. Rights of the data subject
a) Right of confirmation
Each individual affected by the processing of personal data has the right granted by the European legislature to obtain confirmation from the data controller as to whether or not personal data pertaining to them is being processed. Should a data subject wish to exercise this right of confirmation, they can contact our Data Protection Officer or another employee of the data controller at any time for this purpose.
b) Right of access
Each individual affected by the processing of personal data has the right granted by the European legislature to obtain from the controller free information about their personal data stored at any time and to obtain a copy of this information. Furthermore, the European legislature grants the data subject access to the following information:
- the purposes of processing their data
- the categories of personal data being processed
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly recipients in third countries or international organisations
- if possible, the planned period for which the personal data shall be stored or, if this is not possible, the criteria for determining this period
- the existence of the right to request rectification or erasure of their personal data, the restriction of processing by the data controller and the right to object to this processing
- the existence of the right to lodge a complaint with a supervisory authority
- where the personal data has not been collected from the data subject, all available information as to the source of the data
- the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject
Furthermore, the data subject has the right to information as to whether their personal data has been transmitted to a third country or an international organisation. Where this is the case, the data subject has the right to obtain information regarding the suitable security relating to this transmission. Should a data subject wish to exercise this right of access, they can contact our Data Protection Officer or another employee of the data controller at any time for this purpose.
c) Right to rectification
Each individual affected by the processing of personal data has the right granted by the European legislature to request the immediate rectification of incorrect personal data concerning themselves. Furthermore, the data subject has the right, taking the purposes of processing into account, to request the completion of incomplete personal data – including by means of a supplementary statement.
Should a data subject wish to exercise this right to rectification, they can contact our Data Protection Officer or another employee of the data controller at any time for this purpose.
d) Right to erasure (Right to be forgotten)
Each individual affected by the processing of personal data has the right granted by the European legislature to request that their personal data is immediately erased, provided that one of the following reasons applies and as long as the processing is not necessary:
- The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- The data subject withdraws the consent on which this processing is based in accordance with point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal basis for the processing.
- The data subject objects to the processing in accordance with Article 21(1) of the GDPR and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing in accordance with Article 21(2) of the GDPR.
- The personal data was unlawfully processed.
- The personal data must be erased to comply with a legal obligation in EU or Member State law to which the data controller is subject.
- The personal data was collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
If one of the aforementioned reasons applies, and a data subject would like to request the erasure of their personal data stored by Vincenz Wiederholt GmbH, they can contact our Data Protection Officer or another employee of the data controller at any time. The Data Protection Officer or another employee of Vincenz Wiederholt GmbH will make sure that the erasure request is complied with immediately.
Where Vincenz Wiederholt GmbH has made personal data public and, as controller, our company is obliged to erase the personal data in accordance with Article 17(1) of the GDPR, taking account of available technology and the cost of implementation, Vincenz Wiederholt GmbH shall take reasonable steps, including technical measures, to inform other controllers processing the published personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, that personal data, as long as processing is not required. The Data Protection Officer or another employee of Vincenz Wiederholt GmbH will make the necessary arrangements in individual cases.
e) Right to restriction of processing
Each individual affected by the processing of personal data has the right granted by the European legislature to obtain from the controller the restriction of processing if one of the following conditions is met:
- The accuracy of the personal data is disputed by the data subject, for a period which allows the controller to verify the accuracy of the personal data.
- The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of the use of the personal data instead.
- The controller no longer requires the personal data for the purposes for which it was processed, but the data subject needs it to establish, exercise or defend legal claims.
- The data subject has objected to processing in accordance with Article 21(1) of the GDPR and it is not yet certain whether the controller’s legitimate reasons override those of the data subject.
If one of the aforementioned conditions is met, and a data subject would like to request the restriction of their personal data stored by Vincenz Wiederholt GmbH, they can contact our Data Protection Officer or another employee of the data controller at any time. The Data Protection Officer or another employee of Vincenz Wiederholt GmbH will arrange for processing to be restricted.
f) Right to data portability
Each individual affected by the processing of personal data has the right granted by the European legislature to receive the personal data concerning themselves which has been provided by the data subject to a controller in a structured, commonly-used and machine-readable format. They also have the right to transmit this data to another controller without hinderance from the controller to which the personal data was provided, so long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority given to the controller.
Furthermore, when exercising their right to data portability pursuant to Article 20(1) of the GDPR, the data subject has the right to have their personal data transmitted from one controller to another controller, so long as this is technically feasible and so long as doing so does not adversely affect the rights and freedoms of other people. The data subject can contact the appointed Data Protection Officer or another employee of Vincenz Wiederholt GmbH at any time in order to exercise this right to data portability.
g) Right to object
Each individual affected by the processing of personal data has the right granted by the European legislature to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning themselves which is based on point e or f of Art. 6(1) of the GDPR. This also applies for profiling based on those provisions.
If the data subject exercises their right to object, Vincenz Wiederholt GmbH will no longer process the personal data, unless we are able to demonstrate compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject, or if processing serves the establishment, exercise or defence of legal claims.
If Vincenz Wiederholt GmbH processes personal data in order to conduct direct marketing, then the data subject has the right to object to the processing of personal data for the purposes of such advertising at any time. This also includes profiling to the extent that it is related to such direct marketing. If the data subject files an objection with Vincenz Wiederholt GmbH regarding processing for direct marketing purposes, Vincenz Wiederholt GmbH will no longer process personal data for such purposes.
Additionally, the data subject has the right, on grounds relating to their particular situation, to object to the processing of their personal data by Vincenz Wiederholt GmbH for scientific or historical research purposes or for statistical purposes as per Article 89(1) of the GDPR unless such processing is necessary for performing a task which is in the public interest.
The data subject can contact the Data Protection Officer or another employee of Vincenz Wiederholt GmbH directly in order to exercise this right to object. Furthermore, the data subject is free, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise their right to object by automated means using technical specifications.
h) Automated individual decision-making including profiling
Each individual affected by the processing of personal data has the right granted by the European legislature to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or which adversely affects them in a similar way, so long as the decision (1) is not necessary for entering into, or for the performance of, a contract between the data subject and data controller, or (2) is not authorised by EU or Member State law to which the controller is subject and which also contains suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.
If the decision is (1) necessary for entering into or the performance of a contract between the data subject and the controller, or (2) based on the data subject’s explicit consent, Vincenz Wiederholt GmbH shall take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, which shall include, as a minimum, the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision. Should the data subject wish to exercise their rights with regard to automated decision-making, they can contact our Data Protection Officer or another employee of the data controller at any time for this purpose.
i) Right to withdraw the declaration of consent under data protection law
Each individual affected by the processing of personal data has the right granted by the European legislature to withdraw their consent to the processing of their personal data at any time. Should the data subject wish to exercise their right to withdraw their consent, they can contact our Data Protection Officer or another employee of the data controller at any time for this purpose.
9. Data protection for job applications and application procedures
The data controller collects and processes the personal data of applicants for the purpose of moving the application process forward. This processing may also be carried out electronically. This shall particularly be the case if an applicant submits relevant application documents to the data controller electronically – by email or via a web form found on our website, for example. If the data controller enters into an employment contract with an applicant, the data submitted shall be stored for the purpose of processing the employment relationship in compliance with statutory regulations. If the data controller does not enter into an employment contract with the applicant, the application documents shall be automatically erased two months after notification of this decision has been given, provided that no other legitimate interests for the controller oppose this. Other legitimate interests in this context could be, for example, burden of proof in a procedure under the General Act on Equal Treatment (AGG – Allgemeines Gleichbehandlungsgesetz).
10. Data protection provisions on the use and application of YouTube
The data controller has integrated components from YouTube on this website. YouTube is an online video portal which enables video-makers to publish their videos for free, and which allows other users to view, rate and comment on these videos for free. YouTube permits the publication of all kinds of videos, which is why entire films and TV programmes, music videos, trailers and videos produced by the users themselves are all available via the portal.
The operating company for YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, United States. YouTube LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
With each view of the individual pages of this website which are operated by the controller and on which a YouTube module (YouTube video) has been integrated, the web browser on the data subject’s IT system is automatically prompted by the respective YouTube module to download a thumbnail of the video in question from YouTube. Visit https://www.youtube.com/yt/about/en/ for more information on YouTube. As part of this technical process, YouTube and Google receive information about which specific sub-page on our site is visited by the data subject.
If the data subject is logged into YouTube at the same time, YouTube identifies which specific sub-page of our website the data subject is visiting when a sub-page containing a YouTube video is accessed. This information is collected by YouTube and Google and attributed to the YouTube account belonging to the data subject in question.
The YouTube module always sends YouTube and Google information when the data subject accesses our website while simultaneously logged in to YouTube. This happens regardless of whether or not the data subject clicks on a YouTube video. If the data subject does not want this information to be transmitted to YouTube and Google, they can prevent this from happening by logging out of their YouTube account before accessing our website.
11. Data protection provisions on the use and application of Google Maps
This website uses the map service Google Maps via an API. It is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
It is necessary to store your IP address in order to use the Google Maps functions. This information is usually transmitted to a Google server in the USA and stored there. The provider of this website has no influence on this data transmission.
We use Google Maps in the interest of making our website more attractive and making the sites we have listed on our website easier to find. This constitutes a legitimate interest within the meaning of point (f) of Art. 6(1) of the GDPR.
12. Google Analytics
This website uses functions of the web analytics service Google Analytics. It is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
Google Analytics uses so-called “cookies”. They are text files stored on your computer that allow the analysis of your use of the website. The information generated by the cookie concerning your use of this website is usually transmitted to a Google server in the US and stored there.
The basis for the storage of Google Analytics cookies is point (f) of Art. 6(1) of the GDPR. The owner of the website has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
a) IP anonymisation
We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or other states party to the Agreement on the European Economic Area before it is transmitted to the US. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activities and to provide other services relating to the use of the website and the internet to the website operator. The IP address transmitted by your browser in connection with Google Analytics will not be merged with any other Google data.
b) Browser plug-in
You can prevent the storage of such cookies by changing the settings of your browser software accordingly; however, please note that, in this case, you may not be able to make full use of all this website’s functions. In addition, you can prevent the collection of the data created by the cookie and related to your use of the website (including your IP address) as well as the processing of such data by Google by downloading and installing the browser plugin available at the following link:
c) Objection to data collection
You can prevent Google Analytics from collecting your data on this website by clicking on the link below. An opt-out cookie will be set which will prevent any future collection of your data when you visit this website: Deactivate Google Analytics.
d) Third-party data processing
We have entered into a contract for data processing with Google and in using Google Analytics fully implement the strict guidelines of the German data protection authorities.
e) Demographics and Interests in Google Analytics
This website uses the function “Demographics and Interests” from Google Analytics. This allows for the compilation of reports containing information about age, gender and interests of website visitors. These data originate from advertisements by Google based on users’ interests and from third-party user data. These data cannot be attributed to a specific person. You can deactivate this function at any time in the display settings in your Google account or refuse the collection of data by Google Analytics entirely, as described in the section ‘Objection to data collection’.
f) Google Analytics Remarketing
Our websites use Google Analytics Remarketing functions in connection with the cross-device functions of Google AdWords and Google DoubleClick. It is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
This function allows linking the advertising target groups compiled by Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, personalised advertising messages based on your interests that have been customised for you as a result of your earlier user and surfing behaviour on one device (e.g. mobile) can also be displayed on another of your devices (e.g. tablet or PC).
If you have given consent to this, Google will, for this purpose, link your web and app browser history to your Google account. In this way, the same personalised advertising messages can be activated on each device on which you log in to your Google account.
To support this function, Google Analytics collects Google-authenticated user IDs which are temporarily linked with our Google Analytics data in order to define and compile target groups for cross-device advertising.
You can permanently object to cross-device remarketing/targeting by deactivating personalised advertising in your Google account; to do so follow this link: https://www.google.com/settings/ads/onweb/.
The data collected are combined in your Google account solely on the basis of your consent which you may give to or withdraw from Google (point (a) of Art. 6(1) of the GDPR). In the case of data collection processes not merged in your Google account (e.g. if you do not have a Google account or have objected to the merger), the basis for the data collection will be point (f) of Art. 6(1) of the GDPR. The legitimate interest arises because the owner of the website has an interest in the anonymised analysis of website users for marketing purposes.
g) Google AdWords and Google Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising programme of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (‘Google’).
Within Google AdWords, we use conversion tracking. When you click on an advertisement activated by Google, a conversion tracking cookie will be set. Cookies are small text files stored on the user’s computer by the web browser. These cookies expire after 30 days and are not used for the personal identification of users. If a user visits certain pages of the website and the cookie has not yet expired, Google and we ourselves can see that the user has clicked on the ad and was forwarded to that page.
Each Google AdWords customer receives a different cookie. It is thus not possible to track cookies through the websites of AdWords customers. The information obtained using the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. Customers receive information on the total number of users who have clicked on their ad and have been forwarded to a web page with a conversion tracking tag. They do not, however, receive any information which can be used for the personal identification of users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie in the user settings of your web browser. This means that you will not be included in the conversion tracking statistics.
The basis for the storage of ‘conversion cookies’ is point (f) of Art. 6(1) of the GDPR. The owner of the website has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
13. Legal basis for processing
Point (a) of Article 6 (1)of the GDPR serves as our company’s legal basis for the processing operations for which we obtain consent for a specific processing purpose. If it is necessary to process personal data in order to fulfil a contract to which the data subject is party – as is the case, for example, when processing operations are necessary for the delivery of goods or to provide any other service – the data is processed based on point (b) of Article 6(1) of the GDPR.
The same applies to those processing operations which are necessary for carrying out pre-contractual measures, such as for queries regarding our products or services. If our company is subject to a legal obligation making it necessary to process personal data, such as for the fulfilment of tax obligations, the data is processed based on point (c) of Article 6(1) of the GDPR. In rare cases, it may be necessary to process personal data in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises – in this case, the visitor’s name, age, health insurance information and other vital information would have to be passed on to a doctor, hospital or other third party. This processing would be based on point (d), Article 6(1) of the GDPR. Finally, processing operations could be based on point (f), Article 6(1) of the GDPR. Processing operations which are not covered by the aforementioned legal foundations are based on this legal foundation if the processing is necessary in order to safeguard the legitimate interests of our company or a third party so long as they are not overridden by the interests or the fundamental rights and freedoms of the data subject. Such processing operations are permitted in particular because they are specifically mentioned by the European legislature. The legislature took the view that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47, clause 2 of the GDPR).
14. Legitimate interests in processing pursued by the controller or a third party
If the personal data is processed based on point (f) of Article 6(1) of the GDPR, our legitimate interest is in conducting our business for the benefit and well-being of all our employees and our shareholders.
15. Period for which the personal data is stored
The criterion for the storage period for personal data is the applicable legal retention period. Upon expiry of the period, the corresponding data is routinely erased unless it is still required for fulfilment of a contract or initiation of a contract.
16. Statutory or contractual requirements for providing personal data; necessity for entering into a contract; obligation of the data subject to provide personal data; potential consequences of the failure to provide such data
We would like to inform you that the provision of personal data is legally required to some extent (e.g. tax regulations) or may result from contractual arrangements (e.g. information about the contractual partner). It may sometimes be necessary for the data subject to provide us with personal data for the conclusion of a contract which we must then process. The data subject is required, for example, to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data will result in an inability to conclude the contract with the data subject. Before providing personal data, the data subject must contact our Data Protection Officer. For each case, our Data Protection Officer explains to the data subject whether the provision of personal data is legally or contractually required or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences of failure to provide the personal data would be.
17. Existence of automated decision-making
As a responsible company, we do not use automated decision-making or profiling.