DATA PROTECTION
Name and address of the data controller
The person responsible in the meaning of the General Data Protection Regulation and other national data protection laws of the EU Member States, as well as other data protection regulations, is:
WEMO-tec GmbH Germany
Managing director: Joachim Niessner
Bürgermeister-Ebert-Straße 17
36124 Eichenzell
GERMANY
Phone number: +49 (0 66 59) 86-0
Email address: info@wemo-tec.com
Name and address of the data protection officer
The Data Protection Officer of the data controller is:
BerIsDa GmbH
Rangstrasse 9
36037 Fulda
Germany
Phone number: +49 661 29 69 80 90
Email address: datenschutz@berisda.de
Internet: www.berisda.de
PRIVACY POLICY
I. General information on data processing
1. The scope of the processing of personal data
The controller takes care of the collection and uses the personal data of its users (hereinafter also referred to as the “involved person and/or the involved data subject”, the “data subject” or the ‘visitor’) only insofar as this will be required for the provision of a functional website and for the display of the content as well as of the performances. The collection and processing of the users’ personal data is regularly only done with the user’s consent. An exception shall be applied in cases in which the prior consent cannot be obtained for factual reasons, the processing is carried out on the basis of pre-contractual or contractual measures, the processing of the data is allowed by statutory provisions and/or there is a legitimate interest of the controller in the said processing.
2. The legal basis for the processing of personal data
Insofar as the person responsible for processing personal data is granted the consent of the involved data subject, art. 6 para. 1 sentence 1 lit. a of the EU General Data Protection Regulation (GDPR) applies as the legal basis for processing personal data. For any transfer to a non-secure third country, the processing will be carried out on the basis of what stated under art. 49 para. 1 sentence 1 lit. a GDPR.
For the processing of personal data necessary for performance of a contract to which the data subject is a party, art. 6 para. 1 sentence 1 lit. b GDPR shall apply as the legal basis. This also applies to processing that is necessary to implement pre-contractual measures.
Insofar as the processing of personal data is required in order to fulfill a legal obligation to which the Controller is subject, art. 6 para. 1 sentence 1 lit. c GDPR shall apply as the legal basis.
In the event that vital interests of the Data Subject or another natural person require the processing of personal data, art. 6 para. 1 sentence 1 lit. d GDPR shall apply as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, art. 6 para. 1 sentence 1 lit. f GDPR shall apply as the legal basis for processing.
3. Data deletion and duration of storage
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage ceases to apply or a granted consent is revoked by the involved data subject or there is an opposition to the respective processing. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the responsible party is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned regulations has elapsed, unless further storage of the data is necessary for the conclusion or fulfillment of a contract.
4. Data transfer to non-secure third countries
The transfer and processing of personal data of involved data subjects in a non-secure third country, such as for example the USA, shall take place under the conditions stated under art. 49 para. 1 sentence 1 lit. a GDPR – based on the consent given by the involved data subject. For the USA (and other non-secure third countries), at the moment, no adequacy decision has been made by the EU Commission within the meaning under art. 45 para. 1, 3 GDPR. This means that the EU Commission has not yet positively determined that there is a level of data protection which is comparable to the requirements of the GDPR. In addition, the GDPR requires the so-called “suitable guarantees” for a data transfer to a third country or to international organizations, art. 46 para. 2, 3 GDPR. These can be, for example, company-internal data protection regulations which have been approved by a supervisory authority or standard data protection contracts. In summary, there is no level of data protection which is comparable to the requirements of the GDPR in the aforementioned non-secure third countries.
Risks of transfer to a non-secure third country
Personal data may possibly be passed on by the provider to other third parties who use the data for advertising purposes, for example, beyond the actual purpose of the fulfillment of the order. Furthermore, the effective enforcement of any rights of information against the subcontractor is probably not feasible. There may be a higher level of probability that incorrect data processing may occur, since the technical and organizational measures of the subcontractor for the protection of personal data do not completely meet the requirements of the GDPR when it comes to quantity as well as quality. It is also possible for public authorities to access the personal data provided without the knowledge of the involved data subject. This risk exists in particular when there is a data transfer to the USA. Generally speaking, this also corresponds to the European legal regulations, for example for the purpose related to security. However, the admissibility threshold for such data processing is higher in the European Union than in the involved country of the data recipient.
In the event the data is transferred on the basis of consent to processors whose processing takes place in a non-secure third country, a separate notice is provided by the respective service provider.
II. Right of the involved data subject
In the event we process personal data about you, you as an involved data subject have the following rights towards us in our function as controller:
1. Right to information, art. 15 GDPR
You have the right to (free) information about your collected and stored personal data at any time within the framework of the applicable legal provisions. Among other aspects, this right includes information about their processing purposes, their origin and recipients, the period of storage and the existence of different rights.
2. Right to correct data, art. 16 GDPR
You have a right towards the controller to have your data corrected and/or completed in the event the personal data processed concerning your person is incorrect or incomplete. The data controller is required to make the correction and/or integration immediately.
3. Right to deletion, art. 17 GDPR
You are entitled to request the deletion of your personal data at any time under the conditions stated in art. 17 GDPR, unless there are still exceptions or circumstances which entitle the controller to continue the processing of your personal data (such as statutory retention obligations).
4. Right to restriction of processing, art. 18 GDPR
Within the framework of the provisions stated under art. 18 GDPR, you are entitled to request a restriction of the processing of your data. The prerequisite is one of the conditions set out under art. 18 para. 1 GDPR.
5. Right to information, art. 19 GDPR
If you have asserted the right to rectification, erasure or restriction of processing against the data controller, they are obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed as to these recipients by the data controller.
6. Right to data portability, art. 20 GDPR
In the event the said processing is carried out on the basis of the consent granted by us or on the basis of a contract and using automated procedures, you will be entitled to transfer the data provided by you within the scope stated under art. 20 GDPR whereby this applies provided that this does not affect the rights and freedoms of other persons. The said data shall be provided in a common as well as machine-readable format. If you request the direct transfer of data to another data controller, this will only occur if it is technically feasible.
7. Right of objection, art. 21 GDPR
You have the right, for reasons arising from your specific situation, to object to the processing of personal data concerning you at any time and which is carried out in accordance with art. 6 1 sentence 1 lit. e or f GDPR; the same applies to profiling based on these provisions. The data controller will no longer process the personal data relating to you unless they can prove a compelling, legitimate reason for this which outweighs your interests, rights, and freedoms or the processing serves to assert, exercise, or defend legal claims (objection according to art. 21 para. 1 GDPR).
If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to such processing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to your data being processed for direct marketing purposes, your personal data will no longer be processed for such purposes. (Objection according to art. 21 para. 2 GDPR).
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object using an automated process involving the use of technical specifications.
8. Automated decision in individual cases, art. 22 GDPR
In accordance with art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision (1) is required for the conclusion or performance of a contract between you and the data controller, (2) is permitted by Union or Member State legislation to which the data controller is subject, and that legislation is adequate to protect your rights and freedoms as well as your legitimate interests, or (3) is made with your express consent.
However, these decisions may not be based on special categories of personal data according to art. 9 1 GDPR unless art. 9 para. 2 a or g is applied and appropriate measures have been taken to protect your rights and freedom as well as your legitimate interests. In the cases referred to in sections (1) and (3), the data controller will take reasonable measures to safeguard your rights, freedoms, and legitimate interests, including, at a minimum, the right to obtain the intervention of an individual on the part of the data controller to state their own position and challenge the decision.
9. Right to withdraw your consent, art. 7 para. 3 GDPR
You have the right to withdraw your consent under data protection law at any time. The legality of the data processing performed prior to your revocation of consent remains unaffected. You can send the revocation to the Controller by E-mail or by post.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of personal data that concerns you is in contravention of GDPR.
The supervisory authority to which the appeal is submitted will inform you about the status and results of the appeal, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.
In the event you are in another federal state or if you are not in Germany, you can also get in touch with the local data protection authority. The supervisory authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information.
III. SSL/TLS encryption
This website uses SSL and/or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the queries you send to us as the involved subject in your function as site operator. An encrypted connection can be recognized by the fact that the address line of the browser changes from ‘http://” to “https:// ‘ and by the lock icon shown in the browser line. When SSL/TLS encryption is activated, the data you transfer to us cannot be read by third parties.
IV. External hosting
1. Description and scope of the data processing
The present website is hosted by an external service provider (the so-called hoster). The personal data collected on the present website is stored on the hoster’s servers. This information is primarily IP addresses, contact requests, meta and communication data, contract data, contact details, names, instances of website access, and other data generated via a website.
2. Legal basis for the data processing
The legal basis for data processing is art. 6 para. 1 sentence 1 lit. f GDPR for the provision of the website.
3. Purpose of the data processing
The hoster is used for the purpose of a secure, fast and efficient provision of our online offer as well as for the reliable presentation and provision of our website by a professional provider. Our legitimate interest in data processing lies in the said purposes.
4. Duration of storage, options for objecting to the collection of your data and requesting its deletion
Data will be deleted as soon as it is no longer required to fulfill the purpose for which it was collected. In the case the data was collected in order to provide the website, it will be deleted once your session on our site ends.
Collection of data required to make the website available and storage of the data in log files is essential for the operation of the website. Consequently, there is no option to object on the part of the user.
5. Agreement of an order processing contract
In connection with the data processing according to the above-mentioned description, the data is passed on and processed by our external hoster, the company achteins büro für textil- und webdesign, Frankfurter Straße 21, 36043 Fulda. We have entered into a contract for order processing with our hoster. The said contract is a data protection contract ensuring that the company achteins büro für textil- und webdesign, Frankfurter Straße 21, 36043 Fulda processes the personal data of our website visitors exclusively in accordance with our instructions and in compliance with the data protection regulations (see GDPR, BDSG/German Federal Data Protection Act, etc.).
V. Provision of the website and creation of log files
1. Description and scope of the data processing
Every time our website is accessed, our system will automatically collect data and information from the system of the calling device.
In this context, the following data is collected:
(1) Information about the browser type and version used
(2) The user’s operating system
(3) The user’s anonymised IP address
(4) Date and time of access
The data is also stored in our system’s log files. The log files contain no IP addresses or other data that allow assignment to a user. This data is not stored together with any other personal data pertaining to the user.
2. Legal basis for data processing:
The legal basis for the temporary storage of data and log files is art. 6 para. 1 sentence 1 lit. f GDPR.
3. Purpose of the data processing
The system needs to temporarily store the IP address to enable the website to be delivered to the user’s computer. To this end, the IP address of the user must be stored for the duration of the session.
The IP address is stored anonymously in log files in order to ensure the functionality of the website. The data is also used to optimize the website and ensure the security of our information technology systems. We do not evaluate this data for marketing purposes.
These purposes also encompass our legitimate interest in data processing in accordance with art. 6 1 sentence 1 lit. f GDPR.
4. Duration of storage, options for objecting to the collection of your data and requesting its deletion
Data will be deleted as soon as it is no longer required to fulfill the purpose for which it was collected. In the case the data was collected in order to provide the website, it will be deleted once your session on our site ends.
If the data is stored in log files, this will be undertaken after fourteen days at the latest.
Collection of data required to make the website available and storage of the data in log files is essential for the operation of the website. Consequently, users cannot object to its collection.
VI. Use of cookies
1. Description and scope of the data processing
By continuing to use our website you agree to the use of cookies. Cookies are text files that are stored within or by the internet browser on your computer system. If a user accesses our website, a cookie may be stored on your operating system. This cookie contains a distinctive character string that enables unique identification of the browser when the website is accessed again.
While accessing our website, the users are informed about the use of cookies by a consent management and are referred to the present privacy policy. To get more information concerning the consent management used, see item VII of the present data protection information.
We use cookies to make our website more user-friendly. Some elements of our website require that your browser be identifiable as you move on to another page within the site. To sum it up: These cookies are technically needed for the operation of our website.
We also use cookies on our website to analyze user behavior.
The following data can be transmitted in this way:
(1) Frequency of website visits
(2) Use of website functions
While accessing our website, you will be informed of the use of cookies for analytical purposes and we will obtain your consent for the processing of the personal data used in this context. We will at that time also make reference to this privacy information.
Transmission to a third country: The data collected via the aforementioned cookies for analysis purposes can be transmitted to a service provider based in a third country. Further information can be found in these data protection declarations at the respective service provider. Processing of personal data also takes place in a non-secure third country. In the USA, there is no level of data protection which may be compared to the requirements according to the GDPR. Further information on transfer to a non-secure third country can be found in this data protection information under “I. General information on data processing – 4. Data transfer to non-secure third countries’.
Generally speaking, you can prevent or block the storage of cookies in your device in the settings of your browser. For this purpose, you must call up the respective settings of your browser. In addition, you can delete your stored cookie data in your browser settings.
2. Legal basis for the data processing
The legal basis for the processing of personal data using technically necessary cookies is art. 6 para. 1 sentence 1 lit. f GDPR; the storage of cookies in your terminal device is based on § 25 para. 2 number 2 TTDSG.
The legal basis for processing personal data by using cookies for analytical purposes, if the user’s consent to this has been obtained, is art. 6 para. 1 sentence 1 lit. a GDPR; for a transfer to a non-secure third country, additionally what stated under art. 49 para. 1 lit. a GDPR shall be applied. The storage of the cookie in your device is based on art. 25 para. 1 sentence 1 of the Telecommunication Telemedia Data Protection Act (TTDSG).
3. Purpose of the data processing
The purpose of using technically necessary cookies is to simplify the use of the website for you. Some features of our website will not be available if the use of cookies is disallowed. This is why it is necessary that your browser remain recognisable as you make your way through our website. In addition, cookies are required to manage your consents and rejections.
We require cookies for the following applications:
(1) Consent Management
For the said purposes, our legitimate interest lies in the processing of personal data according to art. 6 para. 1 sentence 1 lit. f GDPR. The user data collected by technically necessary cookies is not used to create user profiles.
These cookies are used to improve the quality of our website and its content. By analyzing cookies, we learn how the website is used and can constantly optimize our service.
4. Duration of storage, options for objecting to the collection of your data and requesting its deletion
Cookies are stored on the user’s computer and transmitted to our website. For this reason, you retain full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies which have already been saved may be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all functions of the website in full.
Our cookies are stored in detail for the following duration:
borlabs-cookie– Storage period: 12 months
_ga and _ga_GQ24BMS6MT (Google Analytics Analysis)– Storage duration: 24 months
_gcl_au (Google AdSense) – Storage duration: 3 months
As a user, you have the right to revoke your data protection declaration of consent for technically unnecessary cookies at any time. Withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal. You can revoke the consent you have given at any time via you using the blue button at the bottom left of the page.
VII. Email contact
1. Description and scope of the data processing
Email addresses are provided on our website and our signatures, which can be used to contact us electronically. In this case, your personal data that is transmitted along with the email of the involved person will be stored.
Such data will not be disclosed to third parties in this context. The data is used exclusively for contacting and conducting the conversation.
2. Legal basis for the data processing
The legal basis for processing the data transmitted in the course of sending an email is art. 6 para. 1 sentence 1 lit. f GDPR. If you email us with the intention of entering into a contract, this creates an additional legal basis for its processing per art. 6 para. 1 sentence 1 lit. b GDPR.
3. Purpose of the data processing
We only process personal data for the purpose of facilitating contact with you. This also justifies the legitimate interest in processing the data.
4. Duration of storage, options for objecting to the collection of your data and requesting its deletion.
Data will be deleted as soon as it is no longer required to fulfill the purpose for which it was collected. For any personal data that were sent by email, this is the case when the respective conversation with the involved person has been completed. The conversation is considered to have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved. If a contract is concluded as a result of the e-mail contact, the corresponding (statutory) retention obligations and regulations apply.
An involved person who has contacted us by email can object at any time to the storage of their personal data. If you exercise this right, it will not be possible to continue our conversation. In such cases, all personal data that was stored when contact was made with us will be deleted.
VIII. Contact form
1. Description and scope of data processing
A contact form is available on our website. You can use it in order to contact us electronically. If users accept this option, the data entered in the input screen will be transmitted to us and stored. This data is:
(1) Name (mandatory field)
(2) E-mail address (mandatory field)
(3) Company
(4) Phone number
(5) Subject (mandatory field)
(6) Message (mandatory field) and other personal data that you transmit to us through the message field included in the contact form.
The following data are also stored at the time the message is sent:
(1) The user’s IP address
(2) Date and time of subscription
For the processing of the data, reference is made to this data protection information as part of the sending process. Such data will not be disclosed to third parties in this context. This data will be used exclusively to respond to your enquiry.
2. Legal basis for the data processing
The legal basis for the processing of data transmitted by means of the contact form is art. 6 para. 1 sentence 1 lit. a GDPR. If the purpose of contact is to conclude a contract, then an additional legal basis for processing is 1 sentence 1 lit. b GDPR.
3. Purpose of the data processing
We only process personal data provided in input forms to process the contact request. The other personal data processed during the sending process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage, options for objecting to the collection of your data and requesting its deletion
Data will be deleted as soon as it is no longer required to fulfill the purpose for which it was collected. For personal data from the input mask of the contact form, this is the case when the respective conversation with the user has ended. The conversation is considered to have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved. Personal data that was additionally collected during the transmission procedure will be deleted within seven days at the latest.
If a user contacts us via the form, he can revoke his consent at any time. Please use the information included in the imprint. If you exercise this right, it will not be possible to continue our conversation. In such cases, all personal data that was stored when contact was made with us will be deleted
