Data Privacy Statement Download | PDF (81kB)
The following Data Privacy Statement applies for the use of our online offering www.weha.com. Data protection is a very important matter to us. The collecting and processing of your personal data takes place in observance of the applicable data protection regulations, particularly the General Data Protection Regulation (GDPR).
1. Responsible party
The responsible party for the collection, processing and use of your personal data in accordance with Art. 4 no. 7 of the GDPR is:
Weha - Ludwig Werwein GmbH
Managing Directors: Stefan Deschler
Augsburg District Court, Commercial Register Section B no. 7274
Tel. +49 8231 6007-0
2. Collection of personal data when our website is visited
When the website is used strictly for informational purposes, i.e. if you do not register or transmit information to us in another manner, we collect only the personal data that you browser transmits to our server. If you would like to view our website, we collect the following data, which is technically necessary for us in order to present our website to you and guarantee stability and security (the legal basis is Art. 6, para. 1, p. 1 lit. f of the GDPR):
- IP address
- Date and time of the query
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Data quantity transmitted
- Web site from which the request originated
- Operating system and its interface
- Language and version of the browser software.
3. Registration function
You can create a user account on our website. Should you wish to do so, we require the personal data requested on login. When you log in later, only your customer number and the password which you have chosen are required. You can have us delete your user account at any time without any additional costs other than the transmission rates based on the basic tariff. Notification in text format to the indicated contact data (e.g. email, fax, letter) is sufficient for this purpose. Then, we will delete your stored personal data, insofar as it is not required for processing of orders or on the basis of statutory obligations to retain information. The legal basis for the processing of this data for the fulfilment of a contract or pre-contractual measures necessary for implementation is Art. 6, para. 1, lit. b of the GDPR.
4. Contact option
When you contact us (e.g. via contact form or email), we process your information in order to process the enquiry and in case any follow-up questions should arise. Should the data processing take place for implementation of pre-contractual activities which take place on your request, and/or if you are already our customer, for implementation of the contract, the legal basis for this data processing is Art. 6, para. 1, p. 1 a) of the GDPR. We only process additional personal data if you have given your consent (Art. 6, para. 1, p. 1 a) of the GDPR) or we have a legitimate interest in the processing of your data (Art. 6, para. 1, p. 1 f) of the GDPR). An example of a legitimate interest would be to answer your email.
The data requested in the registration process is required to register for the newsletter. The registration for the newsletter is logged. After registration, a message is sent to the email address specified by you, wherein you are requested to confirm the registration ("double opt-in"). This is necessary so that third parties cannot register with your email address. You can revoke your consent to receive the newsletter at any time and thus cancel the newsletter subscription. We store the registration data as long as it is necessary to send the newsletter. We store the log of the registration and the shipping address as long as there is an interest in proving that the original consent was given; normally, the period of limitation of civil claims is a maximum of three years. The legal basis for the delivery of the newsletter is your consent in accordance with Art. 6, para. 1 p. 1 a) with respect to Art. 7 of the GDPR with respect to Art 7, para. 2, no. 3 of the German Act Against Unfair Competition. The legal basis for the logging of the registration is our legitimate interest in proof that the delivery took place with your consent. You can cancel your registration at any time without any additional costs other than the transmission rates based on the basic tariff. Notification in text format to the indicated contact data (e.g. email, fax, letter) is sufficient for this purpose. Of course, there is also an unsubscribe link in every newsletter.
6. Use of Google-Analytics
We use Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses "cookies", text files which are stored on your computer and enable use of the website by you. The information generated by the cookie about use of this website by site visitors is normally transmitted to a server of Google in the USA and stored there. Insofar as these cookies or the information contained therein involve personal data, the legal basis for the data processing is Art. 6, para. 1, pl. 1 f of the GDPR. Our interest in optimising our website is our entitled interest in accordance with Art. 6, para. 1 p. 1 f of the GDPR. Google is subject to and certified under the Privacy Shield Framework between the European Union and the USA. Consequently, Google is obligated to conform to the standards and regulations of European data privacy law. For further information, click on the linked entry: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. We have activated IP anonymisation on this website (anonymizeIp). As a result, your IP address is truncated within Member States of the European Union or in Contract States of the Agreement on the European Economic Area. The complete IP address is transmitted to a server of Google in the USA and truncated there only in exceptional cases. Google will use this information on our behalf to evaluate use of the website by you in order to compile reports on website activities and to provide us with additional services associated with the website use and internet use. The IP address of your browser transmitted by Google Analytics is not combined with other data by Google. You can prevent the storage of cookies with an appropriate setting in your browser software; however, bear in mind that in this case you cannot use all functions of this website to the full extent. You can also prevent the transmission of the information generated by the cookie about your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
7. Use of Facebook-Components
We use components of the provider facebook.com on our page. Facebook is a service of facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA. With each individual visit to our website, which is equipped with such a component, this component makes it possible for the browser used by you to download a corresponding representation of the component of facebook. With this process, facebook is made aware which exact page of our internet presence you have just visited. If you visit our page and are logged into facebook at the same time, facebook recognises from the information gathered by the component which specific page you visit and assigns this information to your personal account on facebook. If, for example, you click on the "like" button or enter a comment, this information is transmitted to your personal user account on facebook and saved there. Moreover, the information that you have visited the site is forwarded to facebook. This takes place regardless of whether you click on the component or not. If you would like to suppress this transmission and storage of data about you and your behaviour on our website by facebook, you must log out of facebook before visiting our page. The data privacy notices of facebook provide further information, particularly about the collection and use of the data by facebook, about your rights in this respect and settings options for protection of your private sphere: https://de-de.facebook.com/about/privacy/ In addition, external tools available in the market can be used to block facebook social plugins with add-ons for all common browsers http://webgraph.com/resources/facebookblocker/ An overview of the facebook data privacy statement is provided under https://www.weha.com/img/Facebook_Datenschutzverordnung.pdf
We have integrated YouTube videos into our online offering, which are stored on http://www.YouTube.com and can be played directly from our website. They are all integrated in "extended data protection mode", which means that no data about you as a user is transmitted to YouTube if you do not play the videos. The data indicated in section 2 is only transmitted if you play the videos. We have no influence over this data transmission. When you visit the website, YouTube receives the information that you have viewed the corresponding sub-page of our website. The data indicated under no. 2 of this Statement is also transmitted. This takes place regardless of whether YouTube provides a user account that you are logged in to or if no user account exists. When you are logged into Google, your data is assigned directly to your account. If you do not wish for assignment to your profile with YouTube to take place, you must log out before actuating the button. YouTube stores your data as usage profiles and uses it for purposes of advertising, market research and/or needs-based configuration their website. Such evaluation takes place, in particular, (even for users who are not logged in) for provision of needs-based advertising and in order to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles, wherein you must assert this right towards YouTube. For further information about the purpose and scope of data collection and the processing thereof by YouTube, refer to the data privacy statement. Further information about your rights and settings options for protection of your private sphere are provided there: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
10. Integration of Google Maps
We use the offering of Google Maps on this website. This makes it possible for use to display interactive maps directly on the website and enable you to use the map function conveniently. When you visit the website, Google receives the information that you have viewed the corresponding sub-page of our website. The data indicated under no. 2 of this Statement is also transmitted. This takes place regardless of whether Google provides a user account that you are logged in to or if no user account exists. When you are logged into Google, your data is assigned directly to your account. If you do not wish for assignment to your profile with Google to take place, you must log out before actuating the button. Google stores your data as usage profiles and uses it for purposes of advertising, market research and/or needs-based configuration their website. Such evaluation takes place, in particular, (even for users who are not logged in) for provision of needs-based advertising and in order to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles, wherein you must assert this right towards Google. For further information about the purpose and scope of data collection and the processing thereof by the plugin provider, refer to the data privacy statement of the provider. Further information about your rights in this respect and settings options for protection of your private sphere are provided there: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
If you would like to order from our web shop, you must provide the necessary information for conclusion of contract that we need in order to process your order. Mandatory information for the processing of contracts is identified; other information is provided voluntarily. We process the data provided by you for the processing of your order. For this purpose, we can forward your payment information to our bank. The legal basis for this is Art. 6, para. 1, p. 1 lit. b of the GDPR. We can also process the data provided by you in order to inform you about additional interesting products from our portfolio or to send you emails with technical information. We are obligated, on the basis of requirements under commercial and fiscal law, to store your address, payment and order data for the duration of ten years. However, after [two years] we limit the processing, i.e. your data is used strictly for compliance with statutory obligations. To prevent unauthorised access to your personal data, particularly financial data, the ordering processed is encrypted with SSL technology.
12. Data security
We strive to protect the security of your data in the scope of the applicable data protection regulations and technical possibilities. Your personal data is transmitted to us under encryption. This applies for your orders and for the customer login. We use the SSL coding system (Secure Socket Layer), but point out that data transmission in the internet (e.g. email communication) can have security loopholes. Seamless protection of data from third-party access is not possible. To protect your data, we maintain technical and organisational security measures in accordance with Art. 32 of the GDPR which are always updated to remain state-of-the-art. We do not guarantee that our offering is available at certain times; faults, interruptions or failures cannot be ruled out. The servers used by us are carefully safeguarded on a regular basis.
13. Transfer of data to third parties
As a fundamental rule, we use your personal data exclusively within our company. If and the extent to that we include third parties in contract implementation, they only receive third personal data in the scope in which the transmission is necessary for the relevant performance. In the event that we outsource certain parts of the data processing ("job processing"), we obligate the job processor contractually to use personal data strictly in compliance with the requirements of data protection legislation and to guarantee protection of the rights of the affected persons.
14. Picture source references
The layout of the website, the graphics used and the other contents are protected by copyright. Reproduction or use of the texts and graphics in other electronic or printed publications is not permitted without express consent. The images used on our website are from Adobe Stock (https://stock.adobe.com).
15. Data protection officer
Should you have further questions or concerns about data protection, please contact our data protection officer:
Mr. Carsten Krois
HBK Datenschutz Consulting UG
Bahnhofstr. 5b | D-86368 Gersthofen, Germany
16. Your rights as the person affected by the data processing
In accordance with the applicable laws, you have various rights with respect to your personal data. If you intend to assert these rights, please direct your enquiry to the specified email or post address for your enquiry with specification of your unique identification of your person. An overview of your rights is presented below.
Right to confirmation and information
You have the right to receive clearly organised information about the processing of your personal data.
You have the right to receive confirmation from us regarding whether personal data relating to you is processed at any time. If this is the case, you have the right to receive information from us about your stored personal data and to demand a copy of this data free of charge. Moreover, you have the right to the following information:
- purposes of the processing
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom personal data has been disclosed or will be disclosed, particularly in case of recipients in third countries or international organisations;
- if possible, the planned duration for which the personal data is stored, or, if this is not possible, the criteria for determining this duration
- the existence of a right to reporting or deletion of the personal data relating to you or to limitation of the processing by the responsible party or a right of objection to this processing
- the existence of a right of appeal to a supervisory authority
- if the personal data has not been collected from you, all information about the original of the data
- the existence of an automated decision-making process, including profiling, in accordance with Art. 22, para. 1 and 4 of the GDPR and - at least in these cases - meaningful information about the logic involved and the implications and desired effects of such processing for you. If personal data is transmitted to a third country or an international organisation, you have the right to be notified about the appropriate guarantees in accordance with Art. 46 of the GDPR associated with the transmission.
Right to correction
You have the right to demand correction and, if applicable, completion of the personal data relating to you. Specifically:
You have the right to demand correction by us of incorrect personal data relating to you. In consideration of the purposes of the processing, you have the right to demand completion of incomplete personal data - including by means of a supplemental declaration.
Right to deletion ("Right to be forgotten")
In a series of cases, we are obligated to delete personal data relating to you.
In accordance with Art. 17, para. 1 of the GDPR, you have the right to demand that we delete the personal data relating to you immediately, and we are obligated to delete personal data immediately, insofar as one of the following reasons applies:
- The personal data is no longer necessary for the purposes for which it was collected or processed in any other manner.
- You withdraw your consent to the processing in accordance with Art. 6, para. 1, p. 1 a) of the GDPR or Art. 9, para. 2 a) of the GDPR and there is no other legal basis for the processing.
- You object to the processing in accordance with Art. 21, para. 1 of the GDPR and there are not entitled reasons for the processing taking priority, or you object to the processing according to Art. 21, para. 2 of the GDPR.
- The personal data was processed illegally.
- The deletion of personal data is necessary for fulfilment of a legal obligation according to European Union law or the law of the Member States to which we are subject.
- The personal data was collected in relation to information society services in accordance with Art. 8, para. 1 of the GDPR.
If we have disclosed the personal data and we are obligated to deletion thereof in accordance with Art. 17, para. 1 of the GDPR, we will take appropriate measures in consideration of the available technology and implementation costs, also of a technical manner, to inform the party responsible for the data processing that processes the personal data that you have demanded deletion of all links to this personal data or of copies or replications of this personal data.
Right to data transferability
You have the right to receive, transmit or have us transmit machine-readable personal data related to you.
You have the right to receive the personal data relating to you in a structured, common and machine-readable format from us and you have the right to the transfer of this data to another responsible party without interference by us, insofar as
- the processing is based on consent in accordance with Art. 6, para. 1, p. 1 a) of the GDPR or Art. 9, para. 2 a) of the GDPR or on a contract in accordance with Art. 6, para. 1, p. 1 b) of the GDPR and
- the processing takes place using automated processes. Bei der Ausübung Ihres Rechts auf Datenübertragbarkeit gemäß Absatz 1 haben Sie das Recht, zu erwirken, dass die personenbezogenen Daten direkt von uns einem anderen Verantwortlichen übermittelt werden, soweit dies technisch machbar ist.
Right to objection
You have the right to object to legal processing of your personal data by us, if this is justified by your specific situation and our interests in the processing do not take priority.
You have the right, for reasons arising from you specific situation, to object at any time to the processing of personal data relating, which takes place on the basis of Art. 6, para. 1, p. 1 e) or f) of the GDPR. Then we will no longer process the personal data unless we can prove that there are compelling reasons for the processing that are worth protecting which outweigh you interests, rights and liberties, or the processing takes place for the assertion, exercise or protection of legal claims. If personal data is processed by us in order to send direct advertising, you have the right to object to the processing of personal data related to you for the purpose of such advertising at any time; this also applies for profiling, insofar as it is related to such direct advertisement. You have the right, for reasons arising from your specific situation, to object to the processing of personal data related to you, which takes place for scientific or historical research purposes or statistical purposes in accordance with Art. 89, para. 1 of the GDPR unless the processing is necessary for fulfilment of a function that is in the public interest.
Right to legal remedy with a supervisory authority
You have the right to legal remedy with a supervisory authority, particularly in the Member State of your residence, your place of work or the location of the presumed violation, if it is your opinion that the processing of personal data related to you is illegal.