Data privacy policy

WERMA Privacy Policy

Thank you for your interest in our company. Data privacy is particularly important to us. It is possible in principle to use our website without providing any personal data. However, if a data subject wants to use particular services offered by our company on our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.
Personal data, for example, the name, address, email address or phone number of a data subject, are always processed in line with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to our company. By publishing this Data Privacy Policy, our company wishes to make public the nature, scope and purpose of personal data collected, used and processed. Furthermore, this Data Privacy Policy will make it clear to data subjects what their rights are.
As the controller responsible for processing, our company has implemented numerous technical and organisational measures to ensure seamless protection wherever possible of the personal data processed via this website. However, Internet-based data transfers may still in principle have security vulnerabilities and consequently absolute protection cannot be guaranteed. For this reason, each data subject is at liberty to send us personal data using alternative means, for example over the phone.

1. Introduction

We look forward to you visiting our website. WERMA Signaltechnik GmbH + Co. KG (hereinafter referred to as WERMA, we or us) attaches great importance to the security of users’ data and compliance with data protection regulations. In the following, we would like to inform you about how your personal data is processed by our website.

2. Controller and data protection officer

The controller within the meaning of the General Data Protection Regulation, other data protection legislation applicable in the Member States of the European Union and other provisions of a data protection nature is:

Responsible body:
WERMA Signaltechnik GmbH + Co. KG
Dürbheimer Str. 15
78604 Rietheim-Weilheim, Germany
Tel. +49(0)7424 9557-0
Email: info@werma.com

External data protection officer:
Deutsche Datenschutzkanzlei
Maximilian Musch
Tel. +49(0)7524 949 21 02
Email: musch@ddsk.de

3. Terms

The technical terms used in this data protection declaration are to be understood as they are legally defined in Article 4 of the GDPR.

4. Information on data processing

4.1 Automated data processing (log files, etc.)

You can visit our site without actively providing any information about yourself. However, we automatically save access data (server log files), such as the name of your Internet service provider, the operating system used, the website from which you visit us, the date and duration of the visit, the name of the requested file and the IP address of the computer used. We store this information for a period of 7 days for security reasons, e.g. to detect attacks on our website. This data is evaluated exclusively for the purpose of improving our range of services and does not enable conclusions to be drawn about your person. This data is not consolidated with other data sources. The legal basis for the processing of data is article 6, paragraph 1 f) of the GDPR. We process and use the data for the following purposes: 1. Providing the website, 2. Improving our websites and 3. Preventing and detecting errors/malfunctions and misuse of the website. The data is processed to pursue legitimate interests in ensuring the functionality and the error-free and safe operation of the website and to adapt this website to suit user requirements.

4.2 Use of cookies (general, function, opt-out links etc.)

We use cookies on our website to make visiting our website attractive and enable certain functions to be used. The use of cookies serves our legitimate interest in making your visit to our website as pleasant as possible and is based on article 6, paragraph 1 f) of the GDPR. Cookies are a standard Internet technology for storing and retrieving the login data and other usage information of all users of the website. Cookies are small text files that are stored on your end device. Among other things, they allow us to save user settings so that our website can be displayed in a format tailored to your device. Some of the cookies we use are deleted again after the end of the browser session, i.e. after you close your browser. These are known as session cookies. Other cookies remain on your end device and allow us or our partner companies to recognise your browser on the next visit. These are known as permanent cookies.

You can set your browser to inform you when cookies are set and can decide individually whether to accept or reject the acceptance of cookies in specific cases or in general. Cookies can also be deleted later on to remove data that the website has stored on your computer. Disabling cookies (referred to as opting out) can result in some of the functions of our website being restricted.

Categories of data subjects: website visitors, users of online services
Opt-out information: Internet Explorer: https://support.microsoft.com/de-de/help/17442 | Firefox: https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen | Google Chrome: https://support.google.com/chrome/answer/95647?hl=de | Safari: https://support.apple.com/de-de/HT201265
Legal bases: consent (article 6, paragraph 1 a) of the GDPR); legitimate interests (article 6, paragraph 1 f) of the GDPR). The respective legal basis is stated specifically for the relevant tool.
Legitimate interests: storage of opt-in preferences, website presentation, guaranteeing website functions, maintaining user statuses across the entire website, user recognition on next website visit, user-friendly website, providing chat functions

4.3 Web analysis and optimization

We use web analysis and range measurement tools to enable us to evaluate the streams of visitors viewing our website. For this purpose, we collect information about the behaviour, interests or demographic information of visitors, for instance their age, gender or similar. This helps us to recognise the times at which our website and its functions or content are most frequently used or to invite users to visit our site again. We can also use the collected information to determine whether our website needs to be optimised or adapted.

The information collected for this purpose is stored in cookies or similar processes and used for range measurement and optimisation. The data stored in the cookies may include viewed content, visited websites, settings and any functions and systems used. However, no clear user data is regularly processed for the purposes described. If clear data is processed, the data will be changed in such a way that the actual identity of the user is not known to us, nor does the provider of the tool used know the actual identity of the visitor. The changed data is often saved in user profiles.

Categories of data subjects: website visitors, users of online services
Data categories: user data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses), contact data, content data
Purposes of processing: website analysis, range measurement, utilization and evaluation of website interaction, lead evaluation
Legal bases: consent (article 6, paragraph 1 a) of the GDPR); legitimate interests (article 6, paragraph 1 f) of the GDPR)
Legitimate interests: optimisation and further development of the website, increase in profits, customer loyalty and customer acquisition

4.4 Online marketing

We process personal data as part of online marketing to continuously increase our reach and awareness of our website. In particular, we process this data with regard to potential interests and to measure the effectiveness of our marketing measures.

Relevant information is stored in cookies or similar processes for the purpose of measuring the effectiveness of our marketing measures and identifying potential interests. The data stored in the cookies may include viewed content, visited websites, settings and any functions and systems used. However, no clear user data is regularly processed for the purposes described. The data is then changed in such a way that the actual identity of the user is not known to us, nor does the provider of the tool used know the actual identity of the visitor. The changed data is often saved in user profiles.

If user profiles are stored, the data can be read out, supplemented and added to the server of the online marketing tool when the user visits other websites that use the same online marketing tool.

We can determine the success of our advertisements based on summarised data made available to us by the provider of the online marketing tool (known as conversion measurement). As part of these conversion measurements, we can track whether a marketing measure has led to a visitor of our website making a purchase decision. This evaluation serves to analyse the success of our online marketing.

Categories of data subjects: website visitors, users of online services, interested parties, communication partners, business partners and contractual partners
Data categories: user data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses), location data, contact data, content data
Purposes of processing: marketing (in some cases also interest-based and behavioural), conversion measurement, target group formation, click tracking, development of marketing strategies and increased campaign efficiency
Legal bases: consent (article 6, paragraph 1 a) of the GDPR); legitimate interests (article 6, paragraph 1 f) of the GDPR)
Legitimate interests: optimisation and further development of the website, increase in profits, customer loyalty and customer acquisition

4.4.1 Google Tag Manager

Service used: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data protection: https://policies.google.com/privacy
Opt-Out-Link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal basis: legitimate interest (article 6, paragraph 1 f) of the GDPR)
Legitimate interests: coordination of different tools, management, ease of use and presentation

4.4.2 Google Analytics

Service used: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data protection:: https://policies.google.com/privacy
Opt-Out-Link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal basis: consent (article 6, paragraph 1 a) of the GDPR)

4.4.3 Facebook Pixel

Service used: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Data protection: https://www.facebook.com/privacy/explanation and https://www.facebook.com/legal/terms/page_controller_addendum
Opt-Out-Link: https://www.facebook.com/settings?tab=ads

4.4.4 LinkedIn Insight Tag

Service used: Linkedin Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA
Data protection: https://www.linkedin.com/legal/privacy-policy
Opt-Out-Link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

4.4.5 Wiredminds

Service used: WiredMinds GmbH, Lindenspürstaße 32, 70176 Stuttgart, Germany
Data protection:: https://www.wiredminds.de/datenschutz/
Opt-Out-Link: exclude from tracking
Legal basis: Consent (art. 6 para. 1 a) of the GDPR)

4.5 Social media presence

We maintain online presences on social networks and career platforms to exchange information with the users registered there and to be able to contact them easily.

In some cases, the data of users on social networks will be used to conduct market research and thus pursue advertising purposes. User profiles can be created and used to adapt advertisements to the interests of target groups based on user behaviour, e.g. the indication of interests. Cookies are regularly stored on the end devices of users for this purpose, sometime regardless of whether you are a registered user of the social network.

Depending on where the social network is operated, user data may be processed outside the European Union or the European Economic Area. This can pose risks to users, for example, because enforcing their rights can be difficult.

Categories of data subjects: registered and unregistered users of the social network
Data categories: master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text information, photographs, videos), usage data (e.g. websites visited, interests, access times), metadata and communication data (e.g. device information, IP address)
Purposes of processing:: extending reach, networking
Legal bases: legitimate interests (article 6, paragraph 1 f) of the GDPR), consent (article 6, paragraph 1 a) of the GDPR)
Legitimate interests: interaction and communication on social media presence, profit increase, insights concerning target groups

4.5.1 Facebook

Service used: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Data protection: https://www.facebook.com/privacy/explanation and https://www.facebook.com/legal/terms/page_controller_addendum
Opt-Out-Link: https://www.facebook.com/settings?tab=ads

4.5.2 LinkedIn

Service used: LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA
Data protection: https://www.linkedin.com/legal/privacy-policy
Opt-Out-Link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

4.5.3 Twitter

Service used: Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland
Data protection: https://twitter.com/de/privacy
Opt-Out-Link: https://help.twitter.com/de/rules-and-policies/twitter-cookies#privacy-options

4.5.4 YouTube

Service used: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data protection: https://policies.google.com/privacy?hl=de&gl=de
Opt-Out-Link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

4.5.5 Xing

Service used: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
Data protection: https://privacy.xing.com/de/datenschutzerklaerung

4.6 Payment service providers

We use various payment service providers in addition to banks and other credit institutions to make and receive payments easily.

We also accept payments made via payment service providers to make transactions particularly convenient and easy for users who visit our website. Payment service providers process the data required for the transaction; when the payment service provider is used, we do not receive any of the data that users visiting our website have made available to them. When the payment service provider is used, we only receive information containing a confirmation or negative information about the payment.

Categories of data subjects: customers
Data categories: master data (e.g. name, address), transaction data (bank details, invoices, payment history), contract data (e.g. subject matter of the contract, duration), metadata and communication data (e.g. device information, IP address), contact data (e.g. email address, telephone number)
Purposes of processing: simplifying order processing and payment processing, outsourcing, data minimisation
Legal bases: legitimate interests (article 6, paragraph 1 f) of the GDPR)
Legitimate interests: simplifying workflows, resource-efficient order fulfilment, market research, service provision

4.6.1 Mastercard

Service used: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium
Data protection: https://www.mastercard.de/de-de/datenschutz.html

4.6.2 Visa

Service used: Visa Europe Services Inc., Zweigniederlassung London, 1 Sheldon Square, London W2 6TT, United Kingdom
Data protection: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html

4.7 Credit Check

If we commence advance service provision prior to the provision of services, we reserve the right to carry out an identity check or credit check. To this end, we use special service providers who use mathematical and statistical methods to provide us with a regular assessment of the risks that we face.

Based on the results provided by the respective service provider, we decide at our own discretion whether and, where applicable, how we wish to establish, implement or terminate a contractual relationship with you. If we receive a negative credit report, we reserve the right to refuse certain payment methods or other forms of advance payment. We make this decision on the basis of the results determined by our respective service provider.

Categories of data subjects: customers in our online shop
Data categories:: master data (e.g. name, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. email address, telephone number), contract data (e.g. subject matter of the contract, term), credit data (incl. scoring values)
Purposes of processing: avoiding payment defaults and reducing the default rate of payments, reducing our creditor risk
Legal bases: legitimate interests (article 6, paragraph 1 f) of the GDPR), consent (article 6, paragraph 1 a) of the GDPR
Legitimate interests: Financial protection, protection against payment defaults, reduction of vendor risk, profit generation

4.7.1 Creditreform Reutlingen Degner KG

Service used: Creditreform Reutlingen Degner KG, Auwiesenstr. 30, 72770 Reutlingen, Germany
Data protection: https://www.creditreform.de/reutlingen/datenschutz

4.8 Returns

On our website, we offer the option of contacting us directly and creating, transmitting and printing returns slips. If contact is established, we process the data of person making the request to the extent necessary for processing the return.

Categories of data subjects: persons making requests, customers
Data categories: master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text entries, photographs, videos), usage data (e.g. interests, access times), metadata and communication data (e.g. device information, IP address), information on the article, processing request
Purposes of processing: processing enquiries
Legal bases: consent (article 6, paragraph 1 a) of the GDPR), fulfilment or initiation of a contract (article 6, paragraph 1 b) of the GDPR), fulfilment of a legal obligation (article 6, paragraph 1 c) of the GDPR)

4.9. Newsletters and communications (with tracking, if necessary)

On our website, users have the option to subscribe to our newsletter or to receive notifications via various channels (hereinafter collectively referred to as a newsletter). We only send newsletters to recipients who have consented to receiving the newsletter. We only send newsletters within the legal framework.

An email address is required to subscribe to our newsletters. We may also collect additional data, for example to add a personal greeting to our newsletters.

Our newsletter will only be sent once the double opt-in procedure has been completed. If visitors to our website decide to receive our newsletter, they will receive a confirmation email. This prevents the misuse of incorrect email addresses and is intended to prevent the newsletter from being sent due to a visitor merely clicking on a link, perhaps accidentally. The future receipt of our newsletter can be terminated at any time. A Unsubscribe link (opt-out link) is included at the end of each newsletter.

We are also obliged to provide proof that our subscribers actually wanted to receive the newsletter. For this purpose, we collect and store the IP address and the time of registration and cancellation.

Our newsletters are designed to enable us to gain insights into improvements, target groups or the reading behaviour of our subscribers. This enables us to use a web beacon or tracking pixel that reacts to interactions with the newsletter. It informs us, for example, whether links are clicked, whether the newsletter is opened at all or at what time the newsletter is read. We can assign this information to individual subscribers for technical reasons.

Categories of data subjects: newsletter subscribers
Data categories: master data (e.g. name, address), contact data (e.g. email address, telephone number), metadata and communication data (e.g. device information, IP address), usage data (e.g. interests, access times)
Purposes of processing: marketing, customer loyalty and new customer acquisition, analysis and evaluation of the campaign's success
Legal basis: consent (article 6, paragraph 1 a) of the GDPR)

4.10 Advertising communication

We also use the data provided to us for advertising purposes, in particular to provide news concerning our company or our product portfolio via various channels. However, we only establish communication for promotional reasons within the scope of legal requirements and, if necessary thereafter, after obtaining consent.

If the recipients of our promotions do not wish to receive these in future, they can inform us of this at any time. We will be happy to fulfil the corresponding request.

Categories of data subjects: communication partners
Data categories: master data (e.g. name, address), contact data (e.g. email address, telephone number),
Purposes of processing: direct marketing
Legal basis: consent (article 6, paragraph 1 a) of the GDPR), legitimate interests (article 6, paragraph 1 f) of the GDPR)
Legitimate interests: retaining existing contacts and winning new ones

4.11 Making contact

On our website, we offer the option of contacting us directly or obtaining information about various contact options. We use a management tool to deal with corresponding enquiries and keep track of contacts.

If contact is established, we process the data of person making the request to the extent necessary for answering or processing the enquiry. The processed data may vary depending on how we are contacted.

Categories of data subjects: enquiring persons
Data categories: master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text entries, photographs, videos), usage data (e.g. interests, access times), metadata and communication data (e.g. device information, IP address).
Purposes of processing: processing enquiries
Legal bases: consent (article 6, paragraph 1 a) of the GDPR), fulfilment or initiation of contract (article 6, paragraph 1 b) of the GDPR)

Communicall
Service used: Communicall GmbH, Weiherstrasse 19, 95448 Bayreuth, Germany
Data protection: https://www.communicall.de/Datenschutzhinweis.htm

4.12 Online Shop

We offer our customers the opportunity to use our online shop and to purchase our products. To this end, we collect the data required for the initiation and execution of the contract. We also collect data to provide our customers with promotions or discounts tailored to their interests.

Insofar as this is necessary, we pass on the data to third parties who can help us to process the order or pass on the data if we are legally obliged to provide certain data.

Categories of data subjects: customers in our online shop, shop visitors when registering
Data categories: master data (e.g. name, address), contact data (e.g. email address, telephone number), contract data (e.g. order history, payment data), metadata and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interests, access times)
Purposes of processing: contract initiation and execution, interest-related promotions, if applicable customer-account-related premiums or discounts, outsourcing
Legal bases: contract initiation and implementation (article 6, paragraph 1 b) of the GDPR), legitimate interests (article 6, paragraph 1 f) of the GDPR)
Legitimate interests: simplifying workflows, resource-efficient order fulfilment, market research, marketing

4.13 Registration

We provide the option of creating a user account on our website. As part of the registration process, we collect the necessary data from interested visitors. We require this data to provide a user account and the associated functions.

In order to protect the use of the internal area, we collect the IP addresses and the time of access to prevent misuse of a user account and unauthorised use. We do not pass on this data to third parties unless this is necessary to pursue our claims or we are legally obliged to do so.

Categories of data subjects: registered users
Data categories: master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text entries, photographs, videos), metadata and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interests, access times)
Purposes of processing: simplifying website function, fulfilment of contract, customer loyalty
Legal bases: consent (article 6, paragraph 1 a) of the GDPR)

4.14 Data transfer

We transfer the personal data of visitors to our website for internal purposes (e.g. for internal administration or to the HR department to fulfil legal or contractual obligations). The data is only transferred or disclosed internally to the extent necessary in compliance with the relevant data protection regulations.

We are a global company with headquarters in Germany. The data of visitors to our website is stored in our centralised customer database in Germany in compliance with the relevant data protection regulations and is processed throughout the Group for internal administrative purposes. No processing takes place beyond administrative purposes.

Legal basis: legitimate interests (article 6, paragraph 1 f) of the GDPR)
Legitimate interests: small group exemption, centralised management and administration within the company to exploit synergy effects, lowering costs, increasing effectiveness

We may need to pass on personal data to execute contracts or fulfil a legal obligation. If we are not provided with the necessary data, it may be impossible to conclude the contract with the data subject.

We transfer data to countries outside the EEC (known as third countries). This is done for the purposes mentioned above (transfer within the Group and/or other recipients). The transfer only takes place for the fulfilment of our contractual and legal obligations or on the basis of consent previously granted by the data subject. In addition, this transfer takes place in compliance with the applicable data protection laws and in particular in accordance with article 44 et seqq. of the GDPR, in particular on the basis of the European Commission's adequacy decisions or on the basis of certain guarantees (e.g. standard data protection clauses etc.).

4.15 Storage period

In principle, we store the data of visitors to our website for as long as this is necessary for the provision of our services or for as long as is stipulated by the European legislator or another legislator in laws or regulations to which we are subject. In all other cases, we delete the personal data after completion of the purpose, with the exception of data that we must continue to store to fulfil legal obligations (e.g. we are obliged to keep documents such as contracts and invoices for a certain period of time to comply with fiscal and commercial retention periods).

4.16 Automated decision making

We do not use automated decision-making or profiling.

4.17 Legal bases

Relevant legal bases arise primarily from the GDPR. These are supplemented by national laws of the member states and may be applicable together with or in addition to the GDPR.

Consent: article 6, paragraph 1 a) of the GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose.
Contract performance: article 6, paragraph 1 b) of the GDPR serves as the legal basis for processing that is necessary for the fulfilment of a contract to which the data subject is a party or for the implementation of pre-contractual measures at the request of the data subject.
Legal obligation: article 6, paragraph 1 c) of the GDPR serves as the legal basis for processing that is necessary to fulfil a legal obligation.
Vital interests:: article 6, paragraph 1 d) of the GDPR serves as a legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.
Public interest: article 6, paragraph 1 e) of the GDPR serves as the legal basis for processing that is necessary for the performance of a task carried out in the public interest or in the exercise of public authority entrusted to the controller.
Legitimate interest: article 6, paragraph 1 f) of the GDPR serves as a legal basis for processing that is necessary to safeguard the legitimate interests of the controller or a third party, unless such considerations are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, in particular if the data subject is a child.

4.18 Rights of the data subject

Right of access: in line with article 15 of the GDPR, data subjects have the right to request confirmation as to whether we process data concerning them. You can request information about this data as well as the further information listed in article 15, paragraph 1 of the GDPR and a copy of your data.
Right to rectification: in line with article 16 of the GDPR, data subjects have the right to request the rectification or completion of their personal data that is processed by us.
Right to erasure: in line with article 17 of the GDPR, data subjects have the right to request the immediate deletion of their personal data. Alternatively, they can demand that the processing of their data be restricted in line with article 18 of the GDPR.
Right to data portability: in line with article 20 of the GDPR, data subjects have the right to demand to be supplied with the data that they provided and to request its transfer to another controller.
Right to lodge a complaint: data subjects also have the right to lodge a complaint with the supervisory authority responsible for them in accordance with article 77 of the GDPR.
Right to object: If personal data has been processed based on legitimate interests as stipulated in article 6, paragraph 1, sentence 1 f) of the GDPR, data subjects have the right to object to the processing of their personal data, if there are reasons for this arising from their particular situation or the objection is directed against direct marketing as stipulated in article 21 of the GDPR. In the latter case, data subjects have a general right to object, and this will be implemented by us without them stating a specific situation.

4.19 Retraction

Some data processing operations are only possible with the express consent of the data subjects. You have the option of revoking consent that has already been granted at any time. Simply send an informal message or email to us at info@werma.com. The lawfulness of any data processing performed before consent was retracted remains unaffected.

4.20 External links

Links to the websites of other providers can be found on our website. We hereby inform you that we have no influence on the content of the linked websites or on the compliance of their providers with data protection regulations.

4.21 Changes

We reserve the right to adapt this data protection notice at any time in the event that changes are made to our website and in compliance with the applicable data protection regulations, so that this notice complies with the legal requirements.

This translation is for a better understanding of the privacy policy. In case of questions regarding the interpretation of the text, the German version shall prevail.

This privacy policy has been created by the Deutsche Datenschutzkanzlei office in Oberteuringen

DOWNLOAD: