Data Protection Declaration

Version 2.0 from 12th October, 2020

Wilh. Werhahn KG attaches great importance to the protection of personal data belonging to our customers, employees, job applicants and all other third parties connected with us. We collect, store, and use your personal information only according to the terms of the General Data Protection Regulation of the European Union and the Data Protection Act of the Federal Republic of Germany. You can therefore be assured that we are always committed to the protection of your privacy and your right to data protection. In the following, we will inform you about the nature, extent and purpose of the recording and use of your personal data.

1. General Section

I. Name and address of the responsible party

The responsible party in the context of the General Data Protection Regulation and other national data protection acts, as well as all other data protection regulations is

Wilh. Werhahn KG
Königstr. 1
41460 Neuss
Germany
Tel.: +49 2131 916-0
E-mail: info@werhahn.de
Website: www.werhahn.de

II. Name and address of the data protection officer

The data protection officer of the responsible party can be reached at:

Wilh. Werhahn KG
Datenschutzbeauftragter
Königstr. 1
41460 Neuss
Germany
Tel.: +49 2131 916-0
E-mail: datenschutz@werhahn.de
Website: www.werhahn.de

III. General information on data processing

Scope of personal data processing

Wilh. Werhahn KG processes our users’ personal data only as far as it is necessary for providing a functional website, as well as our content and services. The processing of our users’ personal data is done regularly only after the users have declared their consent. An exception is made if prior consent cannot be given for factual reasons and the processing of the data is allowed by legal regulations.

Legal basis for the processing of personal data

As far as we seek the consent of the affected person for the processing of personal data, article 6, paragraph 1, lit. a of the General Data Protection Regulation (GDPR) of the European Union serves as the legal basis.

For the processing of personal data which are required for the fulfillment of a contract whose contractual party is the affected person, article 6, paragraph 1, lit. b GDPR serves as the legal basis. This also applies to processing procedures which are required for the execution of pre-contractual measures.

As far as the processing of personal data is required for the fulfillment of a legal obligation of our company, article 6, paragraph 1, lit. c GDPR serves as the legal basis.

If the processing is required for the protection of a legitimate interest of our company or a third party, and if the interests, fundamental rights, and fundamental freedoms of the affected persons do not predominate this interest, article 6, paragraph 1, lit. f GDPR serves as the legal basis for the processing.

External online presences

In this section, you will find information about our data processing within the context of the operation of external online presences, e.g. in social media.

Online presences in social media

We maintain online presences within social networks and platforms to communicate with the users who are active there and to inform them about our services.
We would like to point out that in this context, user data may be processed outside the European Union. This could entail risks for users, e.g. because it could make it more difficult to enforce the rights of users.

In addition, user data is usually processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and the resulting interests of users. The usage profiles can, in turn, be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, permanent cookies are usually stored on the user’s computer, in which the user’s usage behavior and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
The processing of the personal data of the users takes place based on our legitimate interests in effective information of the users and communication with the users in accordance with Art. 6 Para. 1 letter f. DSGVO. If the users are asked by the respective providers for their consent to data processing (i.e. declare their consent e.g. by ticking a checkbox or confirming a button), the legal basis for processing is Art. 6 para. 1 lit. a., Art. 7 DSGVO.
For a detailed description of the respective processing operations and the opt-out options, please refer to the following linked information provided by the providers.

Also in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and give information. Should you nevertheless need help, you can contact us.
The links/buttons to social networks and platforms (hereinafter referred to as “social media”) used within our website only establish contact between social networks and users when users click on the links/buttons and the respective networks or their websites are called up. This function corresponds to the mode of operation of a regular online link.

– Processed data: Contact data, content data, usage data, metadata.
– Special categories of personal data: Basically no, except as stated by users.
– Legal basis: Art. 6 para. 1 lit a / Art. 6 para. 1 lit f. DSGVO.
– Affected parties: Users of social media presences (this may include customers and interested parties).
– Purpose of processing: Information and communication.
– Type, scope, mode of operation of the processing: By operators of the respective platforms as a rule: permanent cookies, tracking, targeting, remarketing, content-related and behavioral advertising.
– Necessity/interest in processing: Expectations of the users who are active on the platforms, business interests.
– External disclosure and purpose: vis-à-vis social networks/platforms.
– Deletion of data: The deletion rules of the respective platforms apply.

– Used services:

– Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland) – Privacy Policy / Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.

Data deletion and storage period

The personal data of the affected person are deleted or locked as soon as the purpose of the storage is canceled. Data can also be stored if this was intended by the European or national legislative in Union regulations, laws or other requirements to which the responsible party is subject. The data will also be locked or deleted if a storage period determined by the above-mentioned norms has expired, unless the data storage needs to be continued for the sake of the conclusion or performance of a contract.

2. Individual processing

I. Provision of the website and creation of log files

1. Description and extent of data processing

Whenever our internet page is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data are collected:

  1. Information about the browser type and the version used
  2. The user’s operating system
  3. The user’s internet service provider
  4. The user’s IP address
  5. Date and time of access
  6. Websites from which the user’s system reaches our internet page
  7. Websites which are accessed by the user’s system via our website

Our system’s log files only store the IP address of the user. These data are not stored together with other personal data of the user.

2. Legal basis of data processing

The legal basis for the temporary storage of data and log files is article 6, paragraph 1, lit. f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary in order to enable the website to be delivered to the computer of the user. To this purpose, the IP address of the user needs to be stored for the duration of the session.

The storage in log files enables the functioning of the website. Also, the data serve us to optimize the website and to guarantee the security of our information technology systems. In this context, no data are analyzed for marketing purposes.

These purposes also constitute our legitimate interest in data processing according to article 6, paragraph 1, lit. f GDPR.

4. Storage duration

The data are deleted as soon as they are not required any more for the purpose of their collection. In case of data collection for the purpose of providing the website, this is the case when the respective session is finished.

In case of data storage in log files, this is the case after seven days at the latest. A longer storage period is possible. In this case, the users’ IP addresses are deleted or modified in such a way that the allocation of the invoking client is not possible any more.

5. Option for objection and removal

Both the collection of data for providing the website and the data storage in log files are mandatory for the running of the internet page. Therefore there exists no option for the user to object.

II. Use of cookies

1) Description and extent of data processing

Our website uses cookies. Cookies are text files that are saved in the internet browser, or by the internet browser on the computer system of the user. If a user accesses a website, a cookie can be saved in the user’s operating system. This cookie contains a character string that enables a clear identification of the browser when the website is accessed again.

We use cookies in order to make our website more user-friendly. Some elements of our website require the accessing browser to be identified even after a change of pages.

The following data are stored and transferred in the cookies:

  1. Language settings
  2. Monitor resolution

2) Legal basis of data processing

The legal basis for the processing of personal data by way of use of cookies is article 6, paragraph 1, lit. f GDPR.

3) Purpose of data processing

The purpose of the use of technically necessary cookies is to make the use of the websites easier for the users. Some functions of our internet page cannot be offered without the use of cookies. They require the re-identification of the browser even after a change of pages.

We require cookies for the following applications:

  1. Adoption of language settings
  2. Adjustment of monitor resolution

The user data which are acquired by technically necessary cookies are not used for the creation of user profiles.

These purposes also constitute our legitimate interest in the processing of personal data according to article 6, paragraph 1, lit. f GDPR.verwendet.

4) Duration of storage, option for objection and removal

Cookies are stored on the computer of the user, which transmits them to our website. As the user, you therefore have full control of the use of cookies. You can limit or deactivate the transfer of cookies by making adjustments to the respective settings of your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all of its functions can be fully used any more.

Cookies stored by us are deleted after 24 hours at the latest.

III. Contact form and contact by e-mail

1. Description and extent of data processing

Our internet page contains a contact form which can be used for making contact electronically. If a user chooses this option, the data entered into the entry form are transferred to us and saved. These data are:

  1. Surname
  2. First name
  3. E-mail address
  4. Telephone number
  5. Message

At the time when the message is sent, the following additional data are stored:

  1. The user’s IP address

In the context of the sending procedure, your consent is sought for the processing of the data, and a referral to this data protection declaration is made.

Alternatively, contact can be made by means of the e-mail address which is provided. In this case, the user’s personal data that are transferred with the e-mail are stored.

In this context, no data are passed on to third parties. The data are exclusively used for the processing of the conversation.

2. Legal basis of data processing

The legal basis for the processing of data, in case of the user’s consent having been given, is article 6, paragraph 1, lit. a GDPR.

The legal basis for the processing of data which are transferred when an e-mail is sent is article 6, paragraph 1, lit. f GDPR. If the e-mail contact has the purpose of the conclusion of a contract, the additional legal basis for the processing is article 6, paragraph 1, lit. b GDPR.

3. Purpose of data processing

The processing of the personal data from the entry form serves only for the purpose of processing the contact procedures. In case of a contact being made by e-mail, this also constitutes the necessary legitimate interest for the data processing.

The additional personal data that are processed during the sending procedures serve to prevent an abuse of the contact form and to guarantee the security of our information technology systems.

4. Storage duration

After your request has been settled, personal data are automatically deleted, unless the deletion is prevented by the legal data retention period.

The additional personal data gained during the sending procedure are deleted after a period of seven days at the latest.

5. Option for objection and removal

The user can revoke their consent to process personal data at any time. When contacting us via e-mail, the user can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

In this case, all personal data stored in the context of the establishment of contact are deleted.

3. Rights of the data subject

If your personal data are processed, you are a data subject according to GDPR and you have the following rights against the responsible party:

1. Right to information

You can request a confirmation from the responsible party whether your personal data are processed by us.

If this is the case, you can request information from the responsible party about the following issues:

  1. the purposes of the processing of personal data;
  2. the categories of processed personal data;
  3. the recipient, or the categories of recipients for whom your personal data have been, or will be, made accessible;
  4. the planned duration of the storage of your personal data or, if this can not be specified, the criteria for the determination of the storage duration;
  5. the existence of a right to rectification or deletion of your personal data, a right to limitation of processing by the responsible party, or a right to objection against this processing;
  6. the existence of a right to file a complaint to a supervisory authority;
  7. all available information on the origin of the data, if the personal data are not collected from the affected person;
  8. the existence of an automated decision making, including profiling, according to article 22, paragraphs 1 and 4 GDPR, and – at least in these cases – conclusive information on the involved logic as well as the scope and the aspired consequences of such a processing for the affected person.

You have the right to request information whether your personal data are transmitted to a third country or an international organization. In this context you can request to be informed about the appropriate guarantees according to article 46 GDPR in connection with the transmission.

2. Right to rectification

You have a right to rectification and/or completion to the responsible party, insofar as the processed personal data are incorrect or incomplete. The responsible party must carry out the rectifications immediately.

3. Right to restriction of processing

Under the following conditions you can request a restriction of the processing of your personal data:

  1. if you contest the accuracy of your personal data for a duration of time that enables the responsible party to examine the accuracy of the personal data;
  2. the processing is unlawful and you reject the deletion of the personal data but instead request the limitation of use of the personal data;
  3. the responsible party does not require the personal data any longer for the purposes of processing, but you require them for the establishment, exercise, or defense of legal claims, or
  4. if you filed an objection against the processing according to article 21, paragraph 1 GDPR and it is not yet certain whether the legitimate reasons of the responsible party outweigh your arguments.

If the processing of your personal data has been limited, these data – apart from their storage – must only be processed if you have given our consent, or for the purpose of the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interest of the Union or a member state.

If the limitation of the processing has been restricted according to the above-mentioned conditions, you will be informed by the responsible party before the limitation will be revoked.

4. Right to deletion

a) Obligation of delition

You can request from the responsible party that your personal data will be deleted immediately, and the responsible party is obliged to promptly delete these data, provided that one of the following reasons applies:

  1. Your personal data are not necessary any more for the purposes for which they have been collected or otherwise processed.
  2. You revoke your consent on which the processing according to article 6, paragraph 1, lit a or article 9, paragraph 2, lit a GDPR was based, and there is no other legal basis for the processing.
  3. You file an objection against the processing according to article 21 paragraph 1 GDPR, and there exist no overriding legitimate reasons for the processing, or you object against the processing according to article 21, paragraph 2 GDPR.
  4. Your personal data have been processed illegally.
  5. The deletion of your personal data is necessary in order to fulfill a legal obligation according to Union law or the law of a member state to which the responsible party is subject.
  6. Your personal data were collected in relation to offered services of the information society according to article 8, paragraph 1 GDPR.

b) Information to third parties

If the responsible party has made your personal data publicly available and is obliged to delete them according to to article 17, paragraph 1 GDPR, appropriate measures, including technical ones, will be taken – with regard to the available technologies and the costs of implementation – to inform those who are in charge of processing the personal data that you, as the person concerned, have requested them to delete all links to these personal data, or the copies or replications of these personal data.

c) Exceptions

The right to deletion does not exist, provided that the processing is necessary

  1. for exercising the right to freedom of expression and information;
  2. for fulfilling a legal obligation that requires the processing according to the laws of the Union or the member states to which the responsible party is subject, or for carrying out a task that is in the public interest or in the exercise of official authority that has been assigned to the responsible party;
  3. for reasons of public interests in the field of public health according to article 9, paragraph 2, lit. h and i, as well as article 9, paragraph 3 GDPR;
  4. for archiving purposes, scientific or historical research in the public interest, or for statistical purposes according to article 89, paragraph 1 GDPR, insofar as the right described in section a) is likely to make impossible or to seriously compromise the realization of the purposes of this processing, or
  5. for the establishment, exercise or defense of legal claims.

5. Right to information

If you have claimed the right to rectification, deletion or limitation of processing towards the responsible party, they are obliged to inform all recipients to whom your personal data have been made accessible about this rectification or deletion of the data or the limitation of the processing, unless this turns out to be impossible or would cause disproportionate effort.

You have the right to be informed by the responsible party about these recipients.

6. Right to objection

You have the right to object at any time against the processing of your personal data according to article 6, paragraph 1, lit e or f GDPR, due to reasons that reflect your special situation.

The responsible party will not process your personal data any longer, unless they can present compelling legitimate grounds that predominate your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

If your personal data are processed for the purpose of direct advertising, you have the right to object at any time against the processing of your personal data for the purpose of such advertising; this also applies to profiling, if it is connected to such direct advertising.

If you object the processing for purposes of direct advertising, your personal data will not be processed any longer for such purposes.

You are entitled, in connection with the usage of services of the information society, – notwithstanding directive 2002/58/EG – to exercise your right of objection by means of automated processes for which technical specifications are used.

7. Right to withdrawal of the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of your consent does not affect the legality of the processing that was performed due to the consent until the time of withdrawal.

8. Right to file a complaint to a supervisory authority

Notwithstanding other administrative or judicial legal remedy, you have the right to file a complaint to a supervisory authority – in particular in the member state in which you reside or work, or the suspected violation has taken place -, if you take the view that the processing of your personal data constitutes a violation of the GDPR.

The supervisory authority to which the complaint has been filed informs the appellant about the state and the results of the complaint, including the option of the right to apply to the courts according to article 78 GDPR.

4. Amendment of our data protection declaration

We reserve the right to amend this data protection declaration so that it continually meets the current legal requirements or in order to incorporate changes to our services into the data protection declaration, for example when new services are introduced. In this case, the new data protection declaration will be valid at your following visit.