Data privacy policy

WERMA Privacy Policy

Thank you for your interest in our company. Data privacy is particularly important to us. It is possible in principle to use our website without providing any personal data. However, if a data subject wants to use particular services offered by our company on our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.
Personal data, for example, the name, address, email address or phone number of a data subject, are always processed in line with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to our company. By publishing this Data Privacy Policy, our company wishes to make public the nature, scope and purpose of personal data collected, used and processed. Furthermore, this Data Privacy Policy will make it clear to data subjects what their rights are.
As the controller responsible for processing, our company has implemented numerous technical and organisational measures to ensure seamless protection wherever possible of the personal data processed via this website. However, Internet-based data transfers may still in principle have security vulnerabilities and consequently absolute protection cannot be guaranteed. For this reason, each data subject is at liberty to send us personal data using alternative means, for example over the phone.

DOWNLOAD:

Responsible party

WERMA Signaltechnik GmbH + Co. KG
Dürbheimer Strasse 15
78604 Rietheim-Weilheim, Germany
Get in touch via:
Tel. +49 (0) 7424 9557 -0
e-mail: info@werma.com

Data Protection Officer

Deutsche Datenschutzkanzlei
Maximilian Musch - External Data Protection Officer
Tel. +49(0)7524 949 21 02
Get in touch via:
e-mail: musch@ddsk.de
Web: www.ddsk.de

General information on data processing on the website

Terms

The technical terms used in this data protection declaration are to be understood as they are legally defined in article 4 of the GDPR. The terms “user” and “website visitor” are used synonymously in our Privacy Policy.

Recipients of data

Recipients of data are named in our privacy policy under the respective category/heading.

Categories of data subjects

The categories of data subjects are website visitors and other users of online services.

Automated data processing (log files, etc.)

Our site can be visited without active information about the user. However, we automatically save access data (server log files), such as the name of the Internet service provider, the operating system used, the website from which the user visits us, the date and duration of the visit, the name of the requested file and the IP address of the device used. We store this information for a period of 7 days for security reasons, e.g. to detect attacks on our website.  This data is not consolidated with other data sources.

Data categories:
Metadata and communication data (e.g. IP address, date and time of access, time, type of HTTP request, website from which access takes place (referrer URL), browser used and, if applicable, operating system of the accessing computer (user agent)
Purpose of processing:
Provision of the website, prevention and detection of errors/malfunctions, and misuse of the website
Legal basis:
Legitimate interests as per: article 6, paragraph 1 f) of the GDPR)
Legitimate interests:
Fraud prevention to detect misuse of the website

 

Required cookies (function, opt-out links, etc.)

In order to enable the use of the basic functions on our website and to provide the service requested by the user, we use cookies on our website. Cookies are a standard Internet technology for storing and retrieving information for users of the website. Cookies are small fragments of text that are stored as files on the user’s end device. In classic cookie technology, the user’s browser receives the instruction to store certain information on the user’s end device when a specific website is called up.

Strictly necessary cookies are used to provide a telemedia service explicitly requested by the user, for example:

  • Cookies for error analysis and security purposes
  • Cookies for storing logins
  • Cookies for storing data in online forms if the form covers several pages
  • Cookies for storing (language) settings
  • Cookies to store items placed in the shopping cart by users
  • Cookies for storing consent or revocation (opt-in, opt-out)

Some of the cookies used (so-called session cookies) are deleted after the end of the browser session, i.e. after the browser is closed. Cookies can be deleted retrospectively by users in order to remove data that the website has stored on the user’s computer.

The data processing described may also refer to information that is not personal, but information within the meaning of the German telecommunications act (TTDSG). In these cases, too, this information may be required for the use of an expressly requested service and may therefore be stored in accordance with section 25 TTDSG.

 
Opt-out:

 

Firefox:

https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen

Google Chrome:

https://support.google.com/chrome/answer/95647?hl=de

Microsoft Edge:

https://support.microsoft.com/de-de/microsoft-edge/inprivate-browsen-in-microsoft-edge-cd2c9a48-0bc4-b98e-5e46-ac40c84e27e2

Opera:

https://help.opera.com/en/latest/security-and-privacy/

Safari

https://support.apple.com/de-de/HT201265

  

Legal bases:

Legitimate interests (Art. 6 para. 1 lit. f) GDPR as per section 25 para. 2 no. 2 TTDSG), consent (Art. 6 para. 1 a) GDPR as per section 25 para. 1 TTDSG)

Legitimate interests:
Storage of opt-in preferences, ensuring the functionality of the website, retention of user status via complete website
Storage period:
14 days
 
   

Storage and processing of unnecessary information and data

Beyond the necessary framework, user data may be processed using cookies, similar technologies or application-related technologies, e.g. for the purpose of (cross-website) tracking or personalised advertising, etc. Data may be transmitted to third-party providers.

Legal bases:

The storage and further processing of user data, which is not absolutely necessary to provide the telemedia service, takes place on the basis of consent as per Art. 6 para. 1 lit. a) GDPR (if applicable, in connection with section 25 para. 1 p. 2 TTDSG).

Storage period:
365 days   

The data is deleted earlier if the user exercises their right of withdrawal

 

Consent Management Platforms

We use a consent management procedure on our website in order to be able to demonstrably store and manage the consent given by website visitors in accordance with data protection requirements. The consent management platform used helps us to recognise all cookies and tracking technologies and to control them on the basis of consent status. At the same time, visitors to our website can use the consent management service integrated by us to manage the consents and preferences granted (optional setting of cookies and other technologies that are not required) or revoke consent at any time via the button.

The consent status is stored on the server side and/or in a cookie (so-called opt-in cookie) or comparable technology in order to be able to assign the consent to a user or their device. In addition, the time of declaration of consent is recorded.

Data categories:

Data for consent (consent, consent ID and number, time of consent submission, opt-in or opt-out), metadata and communication data (e.g. device information, IP addresses)

Purposes of processing:

fulfilment of accountability, consent management

Legal bases:

Legal obligation (Art. 6 para. 1 c) GDPR in conjunction with Art. 7 GDPR)

 

Content Management System (with data transfer)

We use a Content Management System (CMS) to edit, organise and display digital content on our website. The use of the application is web-based on the provider’s servers.

With the help of the CMS, our website can be created, edited and managed and can be configured according to the necessary functions (e.g. forms, blogs, images and other digital content). In addition, the website designed by the CMS helps to make our website easier to find when users make enquiries on the search engine results page (SERP).

Support for an integrated firewall within the CMS ensures that our website is protected against external attacks and thus prevents misuse of the website.

In addition, we ensure that the CMS undergoes regular updates and patches to ensure the security of our website, which is based on the CMS. 

Data categories:

Usage data (e.g. access times), metadata and communication data (e.g. device information, IP address)

Purposes of processing:

Create, edit and manage page content, save and archive data, create landing pages

Legal bases:

legitimate interests (article 6, paragraph 1 f) of the GDPR), consent (article 6, paragraph 1 a) of the GDPR

Legitimate interests:

as reliable a representation of our website as possible, efficient format of forms, high usability

 

HubSpot CMS

Recipients: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA         

Guarantee for transfer to an insecure third country: Standard contractual clauses, additional technical and organisational measures/precautions, performance of a risk analysis (Art. 44 et seqq. GDPR)

 

Hosting (incl. Content Delivery Network)

Our website is hosted by an external service provider. Data of visitors to our website, in particular so-called log files, are stored on the servers of our service provider. By using a specialised service provider, we can efficiently deliver our website. The data is not processed by the hosting provider we use for our own purposes.

We also use a Content Delivery Network (CDN) in order to be able to provide content on our website more quickly. For example, when website visitors access graphics, scripts, or other content, they are optimised and quickly delivered using regionally and internationally distributed servers. When the files are retrieved, a connection is established to the servers of a CDN provider, whereby personal data of visitors to our website is processed, such as the IP address and browser data.

Data categories:
user data (e.g. visited websites, interest in content, access times), metadata and communication data (e.g. device information, IP addresses)
Purposes of processing:
proper display and optimisation of the website, faster and location-independent availability of the website
Legal bases:
legitimate interests (article 6, paragraph 1 f) of the GDPR)
Legitimate interests:
Avoid downtime, high scalability

 

Wind Internethaus

Recipients: Wind Internethaus GmbH, Am Krebsgraben 15, 78048 Villingen-Schwenningen, Germany  

 

Website support and advice, web agency

We have commissioned a web agency to provide support and advice for services and applications on our website. They support us in all activities arising from the design and functionality of our website. In this context, the web agency selected by us receives the access data for our website in order to make necessary adjustments and changes, such as the design of forms or other programming activities. Access to personal data, such as data from forms or access times by website visitors, cannot be excluded. The web agency also supports us with the administration of our content management system.

The web agency acts as a so-called processor for us and acts exclusively on our instructions. The processing of data for other purposes is prohibited.

Data categories:
usage data (e.g. access times), meta and communication data (e.g. device information, IP addresses), contact details (e.g. e-mail address), content data (e.g. text entries)
Purposes of processing:
support with web analysis and optimisation, analysis of usage behaviour on the website (website interaction) for web optimisation and reach measurement, checking the productivity of the website
Legal bases:
legitimate interests (article 6, paragraph 1 f) of the GDPR)
Legitimate interests:
Support and assistance with website management through a high level of specialist expertise, efficiency through outsourcing

 

Soliq GmbH

Recipients: Soliq GmbH, Christophstraße 21, 88662 Überlingen, Germany        

 

Web analysis and optimisation

We use methods on our website to analyse usage behaviour and to measure reach. For this purpose, information about the behaviour, interests or demographic information of visitors is collected in order to determine whether and where our website needs to be optimised or adapted (e.g. forms on the website, improved placement of buttons or call-to-action buttons, etc.).

In addition, we can measure the click and scroll behaviour of website visitors. Among other things, this helps us to identify at what time our website, its functions or content is most frequently used.

The collection of this data is enabled by the use of certain technologies (e.g. cookies). These are stored on the user’s end devices as part of client-side tracking when they visit our website.

We take precautions to protect the identity of our website visitors. We do not process any clear data of website visitors for the purposes described.

Website visitors are assigned an ID (identification code) when they visit the website so they can be recognised when they visit it again. This helps us to determine whether we have won new leads. The IDs and associated information are stored in user profiles. In addition, the IP addresses of website visitors are anonymised and the storage duration of cookies is reduced.

We have also integrated the data for analysing usage behaviour and measuring reach into our CMS. The CMS provider may also receive information about the data collected here.

Data categories:
usage data (e.g. visited websites, interest in content, access times), demographic characteristics (e.g. age, gender), meta and communication data (e.g. device information, partially anonymised IP addresses, location data)
Purposes of processing:
checking the status of target achievement (success monitoring) of all online activities: analysis of usage behaviour on the website (website interaction) for web optimisation and reach measurement, checking the productivity of the website, lead generation and lead evaluation, sales increase, budget control
Legal bases:
Consent (article 6, paragraph 1 a) of the GDPR; legitimate interests (article 6, paragraph 1 f) of the GDPR)

 

Google Tag Manager and Google Analytics

Recipients: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland      

Legal basis: Consent (art. 6 para. 1 a) of the GDPR

 

HubSpot

Recipients: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA        

Legal basis: Consent (art. 6 para. 1 a) of the GDPR

Guarantee for transfer to an insecure third country: Standard contractual clauses, additional technical and organisational measures/precautions, performance of a risk analysis

 

LeadLab (lead generation)

Recipients: WiredMinds GmbH, Lindenspürstrasse 32, 70176 Stuttgart, Germany

Legal basis: Legitimate interests (article 6, paragraph 1 f) of the GDPR)

Legitimate interests: Acquisition of new customers in the B2B sector, exclusive evaluation of company-related IP addresses

Opt-out link: Exclude from tracking

 

Online marketing 

Various services and procedures are used on our website for the purpose of online marketing. These can be controlled via our CMS. The CMS provider may also receive information about the data collected here.

Search Engine Marketing

We use search engine marketing methods. Search engine marketing includes all measures/precautions that are suitable for improving our website in the organic or non-organic search results of search engines, expanding our reach and thus increasing visitor traffic on our website. We can also use search engine marketing to generate new leads.

Search engine advertising can take place on various external platforms or websites. The advertising is provided to users in the form of text or video advertisements (e.g. YouTube).

Via our tracking tool, we first create a campaign for search engine advertising and store various dimensions there that are to be recorded by the search engine provider selected by us, e.g. location of users, device information and target groups (demographic characteristics). This enables us to gain further insights into the interest in our content/products and, if necessary, to identify trends.

Keyword advertising

In addition, our advert is linked to specific keywords that we define in advance and a link. The ad then also appears to users who submit a search query for a specific keyword, which we have defined in advance. These are related to our products or services.

The process is implemented by a cookie or similar technology. When a visitor visits our website or searches for a specific keyword within the search engine used (e.g. Google), a cookie or similar technology is placed on the website visitor’s end device. This data may include, for example: location of users and device information transmitted to the search engine provider’s server. The search engine provider aggregates this data and makes it available to us automatically in the form of a statistical evaluation via a dashboard in our account with the search engine provider.

The statistics tell us which of our ads are clicked on, how often and at what prices. Because we incur costs with every click on an ad, these clicks on external platforms and websites are recorded via our tracking tool. The recording is used for budget control. We cannot identify individual users on the basis of this information.

Conversion measurement (measurement of the success of our advertisements)

We can determine the success of our advertisements based on summarised data made available to us by the provider of the search engine (known as conversion measurement). This enables us to track whether a marketing measure has led to a so-called event (e.g. downloading a PDF or playing a video) or a conversion (e.g. purchase of a product or registration on our website). The evaluation is provided to us in the form of statistics on our tracking tool and is used to analyse the success of our online activities (success monitoring). It helps us to derive measures/precautions for improving the so-called customer journey.

Please note

Data of the website visitor (e.g. name and e-mail address) can be matched directly if they are logged into their account with the search engine provider. If the website visitor does not want this, they must log out of the search engine provider before visiting our website.

Data categories:
user and interaction data (e.g. visited websites, interest in content, access times), meta and communication data (e.g. device information, partially anonymised IP addresses), location data if applicable
Purposes of processing:
increasing sales and reach, conversion measurement, target group formation, recognition of trends for developing marketing strategies
Legal bases:
Consent (art. 6 para. 1 a) of the GDPR)

 

Google Ads (advertisements on Google and YouTube)

Recipients: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

 

Social media presence

We maintain online presences on social networks and career platforms to exchange information with the users registered there and to be able to contact them easily.

In some cases, the data of users on social networks will be used to conduct market research and thus pursue advertising purposes. User profiles can be created and used to adapt advertisements to the interests of target groups based on user behaviour, e.g. the indication of interests. Cookies are regularly stored on the end devices of users for this purpose, regardless of whether they are a registered user of the social network.

Social media messengers

In connection with the use of social media, we may use the associated messengers in order to be able to communicate with users in an uncomplicated manner. The security of individual services may depend on the user’s account settings. Even in the case of end-to-end encryption, the service provider can draw conclusions as to when and whether users communicate with us. Location data can also be recorded.

Depending on where the social network is operated, user data may be processed outside the European Union or the European Economic Area. This can result in risks for users as it makes it more difficult to enforce their rights.

Data categories:
Usernames (e.g. last name, first name), contact details (e.g. e-mail address), content data (e.g. text, photographs, videos), usage and interaction data (e.g. visited websites, interests, likes, shares, access times), meta and communication data (e.g. device information, IP address, location data if applicable)
Purposes of processing:
extending reach, networking
Legal bases:
legitimate interests (article 6, paragraph 1 f) of the GDPR), consent (article 6, paragraph 1 a) of the GDPR)
Legitimate interests:

Interaction and communication on social media channels, increasing reach and awareness, insights into target groups

Facebook

Recipients: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
 

LinkedIn

Recipients: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Twitter

Recipients: Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland
 

XING

Recipients: New Work SE, Dammtorstrasse 30, 20354 Hamburg, Germany

YouTube

Recipients: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
 
 

Social media channels

We use our social media channels to advertise our products and services. Our goal is to address a broad community that we cannot reach via traditional advertising channels.

Targeting

As part of our social media channels, we use targeting procedures to track certain user activities (interactions) in order to ensure that our advertisements are delivered to specific target groups. We use the processes and technologies of various social media providers. A common technology is the so-called cookie or pixel.

We install this technology in our tracking tool (e.g. via our website or social media channel). Cookies or pixels are stored on the user’s end device. It ensures that users' navigation is recorded. When users interact with our website or our ad on social media, the technology records the people and actions they perform (e.g. clicks on ads, jumps to websites) and they store which pages and subpages have been accessed.

Viewed but not purchased products and services of our advertisements are analysed based on the technologies used. This is used to display real-time and behaviour-based advertising to potential customers on various social media platforms.

Data categories:
usage and interaction data (e.g. visited websites, interests, access times), metadata and communication data (e.g. device information, IP address, location data if applicable)
 
Purposes of processing:
extension of reach, analysis of reach and statistical evaluations
 
Legal bases:
consent (article 6, paragraph 1 a) of the GDPR)
 

Facebook ads with Facebook Pixel (adverts on Facebook)

Recipients: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
 

LinkedIn Insight Day (advertisements on LinkedIn)

Recipients: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
 

 

Plugins and integrated third-party content

Functions and elements obtained from third-party providers are integrated into our website. This includes, for example: videos, displays, buttons, map services (maps) or posts (hereinafter referred to as content).

If this third-party content is accessed by website visitors (e.g. click, play, etc.) information and data are collected and stored in the form of cookies or other technologies (e.g. pixels, Java Script commands or web assembly), are stored on the end device of the website visitor and users of the third-party content, and transmitted to the server of the third-party provider. The third-party provider thus receives usage and interaction data of the website visitor and provides this to us in the form of statistics via a dashboard. The statistics we receive contain dimensions and metrics and no clear user data.

Without this processing step, it is not possible to load and display this third-party content.

In order to protect the personal data of website visitors, we have taken protective measures to prevent automatic transmission of this data to the third-party provider. This data is only transmitted if the users actively use the buttons and click on the third-party content.

Data categories:
usage data (e.g. visited websites, interests, access time), meta and communication data (e.g. device information, partially anonymised IP address)
Purposes of processing:
sharing posts and content, interest and behaviour-based marketing, evaluating statistics, increasing the reach of advertisements on social media
Legal bases:
consent (article 6, paragraph 1 a) of the GDPR)

 

YouTube video

Recipients: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

                  

Newsletter (with tracking)

On our website, users have the option to subscribe to our newsletter or to receive notifications via various channels (hereinafter collectively referred to as a newsletter). We only send newsletters to recipients who have consented to receiving the newsletter. We only send newsletters within the legal framework. We use a selected service provider to send out our newsletter.

An e-mail address is required to subscribe to our newsletters. We may also collect additional data, for example to add a personal greeting to our newsletters.

Our newsletter will only be sent once the double opt-in procedure has been completed. If visitors to our website decide to receive our newsletter, they will receive a confirmation e-mail. This prevents the misuse of incorrect e-mail addresses and is intended to prevent the newsletter from being sent due to a visitor merely clicking on a link, perhaps accidentally. The future receipt of our newsletter can be terminated at any time. An unsubscribe link (opt-out link) is included at the end of each newsletter.

We are also obliged to provide proof that our subscribers actually wanted to receive the newsletter. For this purpose, we collect and store the IP address and the time that the user signs up and/or unsubscribes.

Our newsletters are designed to enable us to gain insights into improvements, target groups or the reading behaviour of our subscribers. This enables us to use a web beacon or tracking pixel that reacts to interactions with the newsletter. It informs us, for example, whether links are clicked on, whether the newsletter is opened at all or at what time the newsletter is read. We can assign this information to individual subscribers for technical reasons.

Data categories:
contact details (e.g. e-mail address, telephone number), meta and communication data (e.g. device information, IP address), usage data (e.g. interests, access times)
Purposes of processing:
marketing, customer loyalty and new customer acquisition, analysis and evaluation of the campaign's success
Legal basis:
consent (article 6, paragraph 1 a) of the GDPR)

 

HubSpot

Recipients: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA         

What it is used for: Dispatch by the service provider to customers based in Germany

Guarantee for transfer to an insecure third country: Standard contractual clauses, additional technical and organisational measures/precautions, performance of a risk analysis

 

Soliq GmbH

Recipients: Soliq GmbH, Christophstraße 21, 88662 Überlingen, Germany        

What it is used for: Dispatch by the service provider to customers based outside Germany

 

Advertising communication

We also use the data provided to us for advertising purposes, in particular to provide news concerning our company or our product portfolio via various channels. However, we only establish communication for promotional reasons within the scope of legal requirements and, if necessary thereafter, after obtaining consent.

If the recipients of our promotions do not wish to receive ads, they can inform us of this at any time.

Data categories:

master data (e.g. name, address), contact details (e.g. e-mail address, telephone number if applicable)

Purposes of processing:

direct marketing

Legal basis:

consent (article 6, paragraph 1 a) of the GDPR), legitimate interests (article 6, paragraph 1 f) of the GDPR)

Legitimate interests:

retaining existing contacts and winning new ones

 

eCommerce and payment methods

Online shop and orders

We offer our customers the opportunity to use our online shop and to purchase our products on it.

Registration on our website is not required for ordering or using fee-based businesses and services. The guest order can be used for this purpose.

We collect the data required for the initiation and execution of the contract from users or buyers.

If users visit our online shop and add items to their shopping cart, cookies are stored on the user’s end device, which ensure that the items remain in the shopping cart until the order process is completed. As part of the process, the data is not transferred by cookies to third parties. We have also not integrated any third-party elements via the shopping basket function.

After the order process has been completed, users or customers will receive an automatically generated e-mail from us confirming that the order has been successful. Our customers are informed about the status of their order (e.g. expected delivery date), separately by e-mail.

Once the ordering process has been completed, we pass on the user’s data to third parties, who will help us to process the order. In addition, disclosure to third parties may be necessary after the ordering process if we are legally obliged to provide certain data.

Returns

In the case of returns, customers can contact us directly via our website and create, transmit and print return slips. If contact is established, we process the data of person making the request to the extent necessary for processing the return.

Data categories:
master data (e.g. company, name or contact person, address, country), contact data (e.g. e-mail address), contract data (e.g. order history, payment data and means of payment), metadata and communication data (e.g. device information, IP addresses), usage data (e.g. visited websites, interest in products/services, access times), returns data (item information, processing request)
 
Purposes of processing:
initiation and implementation of the contract

 

Legal bases:
contract initiation and implementation (article 6, paragraph 1 b) of the GDPR), legitimate interests (article 6, paragraph 1 f) of the GDPR)
 
 

Payment service providers

We use various payment service providers in addition to banks and other credit institutions to make and receive payments easily.

We also accept payments made via payment service providers to make transactions particularly convenient and easy for users who visit our website. Payment service providers process the data required for the transaction; when the payment service provider is used, we do not receive any of the data that users visiting our website have made available to them. When the payment service provider is used, we only receive information containing a confirmation or negative information about the payment.

Data categories:

master data (e.g. company, name or contact person, address), transaction data (bank details, invoices, payment history), contract data (e.g. subject matter of the contract, term), metadata and communication data (e.g. device information, IP address), contact details (e.g. e-mail address, telephone number)

Purposes of processing:

simplifying order processing and payment processing, outsourcing, data minimisation

Legal bases:

legitimate interests (article 6, paragraph 1 f) of the GDPR)

Legitimate interests:

Simplification of workflows, resource-efficient processing, customer service

 

Mastercard

Recipients: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium
                       

Visa

Recipients: Visa Europe Services Inc., 1 Sheldon Square, London W2 6TT, United Kingdom

 

Credit check

If we commence advance service provision prior to the provision of services, we reserve the right to carry out an identity check or credit check on new customers (companies). To this end, we use service providers who use mathematical and statistical methods to provide us with a regular assessment of the risks that we face.

Based on the results provided by the respective service provider, we decide at our own discretion whether and, where applicable, how we wish to establish, implement or terminate a contractual relationship with new customers. If we receive a negative credit report, we reserve the right to refuse certain payment methods or other forms of advance payment.

Data categories:

master data (e.g. company, contact person, address), payment data (e.g. bank details, invoices, payment history), contact details (e.g. e-mail address, telephone number), contract data (e.g. subject matter of the contract, term), creditworthiness data

Purposes of processing:

avoiding payment defaults and reducing the default rate of payments, reducing our creditor risk      

Legal bases:

legitimate interests (article 6, paragraph 1 f) of the GDPR)

Legitimate interests:

Financial protection, protection against payment defaults, reduction of vendor risk

 

Dun & Bradstreet

Recipients: Dun & Bradstreet Deutschland GmbH, Robert-Bosch-Strasse 11, 64293 Darmstadt, Germany

 

Internal area and digital services

Registration

We provide the option of creating a user account on our website. As part of the registration process, we collect the necessary data from interested visitors. We require this data to provide a user account and the associated functions.

If website visitors decide to register, they will receive an e-mail that must be confirmed. This is used to prevent the misuse of incorrect e-mail addresses.

In order to protect the use of the internal area, we collect the IP addresses and the time of access to prevent misuse of a user account and unauthorised use. We do not pass on this data to third parties unless this is necessary to pursue our claims or we are legally obliged to do so.

In addition, we have set up the so-called double opt-in procedure for initial registration. When users register for the first time, they will receive a confirmation link from us to the e-mail address (username) provided, which must be confirmed separately by the user within a certain period of time. In this way, we ensure that registration is actually carried out at the user’s request and that misuse is avoided.

Protected login area

To protect the user accounts from unauthorised access, logging in to the user account requires another measure/precaution in addition to entering the password, e.g. entering a specific combination of numbers and letters (security code). In this way, we ensure that the user account is set up securely and that misuse of the login procedure is avoided.

Data categories:
master data (e.g. name, address), contact details (e.g. e-mail address, telephone number), login data (e.g. username and password), other content data if applicable (e.g. text input), metadata and communication data (e.g. device information, IP addresses), usage data (e.g. access times)
 
Purposes of processing:
fulfilment of contract, customer loyalty
 
Legal bases:
contract initiation and implementation (article 6, paragraph 1 b of the GDPR), consent (article 6, paragraph 1 f of the GDPR)

 

Making contact

On our website, we offer the option of contacting us directly or obtaining information about various contact options. In order to keep track of contact made with us, we use a CRM system in which the data for processing corresponding requests is stored.

If contact is established, we process the data of person making the request to the extent necessary for answering or processing the enquiry. The processed data may vary depending on how we are contacted.

Data categories:
master data from forms (e.g. company, contact person, address), contact details (e.g. e-mail address, optional telephone number), content data (e.g. text entries, usage data (e.g. length of stay, access times), meta and communication data (e.g. device information, IP address, location data), target group (industry of the requesting party)
 
Purposes of processing:
processing enquiries
 
Legal bases:
consent (article 6, paragraph 1 a) of the GDPR), fulfilment or initiation of contract (article 6, paragraph 1 b) of the GDPR)

 

Hubspot CRM

Recipients: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA         

Guarantee for transfer to an insecure third country: Standard contractual clauses, additional technical and organisational measures/precautions, performance of a risk analysis

Communicall

Recipients: Communicall GmbH, Weiherstrasse 19, 95448 Bayreuth, Germany

 

Downloads (white papers, product information)

We offer the possibility of downloads (files, e.g. CAD) on our website in order to provide our users with current information or information concerning them.

In some cases, we may make the provision of our free services or downloads dependent on registration in our customer account. In this case, a so-called double opt-in procedure is used. Documents are downloaded via a download link, which is provided to our users by e-mail.

In addition, we statistically evaluate the downloads made during registration. These statistics are generally not personal and do not allow conclusions to be drawn about an individual person. We simply record when and how often our documents are downloaded.

Data categories:

Metadata and communication data (e.g. device information, IP addresses), usage data (e.g. access time)

Purposes of processing:

marketing, acquisition of new customers, increase in sales

Legal bases:

consent (article 6, paragraph 1 a) of the GDPR)

 

Web meeting and audio conferences

We make use of the possibility of holding online meetings (e.g. webinars). For this purpose, we use the services of other providers, which we have carefully selected. If such offers are actively used, data of the communication participants is processed and stored on the servers of the third-party providers used, insofar as the data is necessary for the communication process. Usage and metadata may also be processed.

Data categories:

master data (e.g. username), contact details (e.g. e-mail address, telephone number), content data (e.g. text input, photographs, videos), metadata and communication data (e.g. device information, IP addresses)

Purposes of processing:

processing enquiries, increasing efficiency, promoting cross-company or cross-site collaboration

Legal bases:

consent (article 6, paragraph 1 a) of the GDPR)

 

Microsoft Teams

Recipients: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA with a selection of German data centres

Opt-out link: https://account.microsoft.com/account/privacy

Guarantee for transfer to an insecure third country: standard contractual clauses, additional technical and organisational measures/precautions, performance of a risk analysis.

 

Further mandatory information on data processing

Data transfer within the EU/EEA

We transfer the personal data of visitors to our website for internal purposes (e.g. for internal administration or to the HR department to fulfil legal or contractual obligations). The data is only transferred or disclosed internally to the extent necessary in compliance with the relevant data protection regulations.

We may need to pass on personal data to execute contracts or fulfil a legal obligation. If we are not provided with the necessary data, it may be impossible to conclude the contract with the data subject.

We are a global company with headquarters in Germany. The data of website visitors is stored in our centralised customer database in Germany in compliance with the relevant data protection regulations and can be processed in this context by other WERMA branches within the EU for internal administrative purposes. No processing takes place beyond administrative purposes.

Legal basis:
legitimate interests (article 6, paragraph 1 f) of the GDPR)
Legitimate interests:
so-called small-corporation exemption, centralised management and administration within the company to exploit synergy effects, lowering costs, increasing effectiveness
Recipient:
https://www.werma.com/de/company/subsidiaries.php

 

Data transfer outside the EU/EEA

If your data is processed outside the EU/EEA, in so-called third countries (e.g. USA), we ensure that this is done in accordance with the requirements of Art. 44 et seqq. GDPR (General Data Protection Regulation). In doing so, we take additional measures/precautions to ensure the highest possible level of protection for the personal data of data subjects. The guarantee applicable to the transfer to third countries is specified in our privacy policy with the respective recipients.

Order processing

Recipients used may work for us as so-called processors. We have “Order processing agreements” with them in accordance with Art. 28 para. 3 GDPR. This means that the data processors may only process your personal data in a way that we have explicitly instructed them to do. Processors implement technical and organisational measures/precautions within the meaning of Art. 32 GDPR in order to process your data in a safe manner and in accordance with our instructions.

Storage period

In principle, we store the data of visitors to our website for as long as this is necessary for the provision of our services or for as long as is stipulated by the European legislator or another legislator in laws or regulations to which we are subject. In all other cases, we delete the personal data after completion of the purpose, with the exception of data that we must continue to store to fulfil legal obligations (e.g. we are obliged to keep documents such as contracts and invoices for a certain period of time to comply with fiscal and commercial retention periods).

Automated decision-making (including profiling)

We do not use automated decision-making or profiling as per Art. 22 GDPR.

Legal bases

Relevant legal bases arise primarily from the GDPR. These are supplemented by national laws of the member states and may be applicable together with or in addition to the GDPR.

Consent:
article 6, paragraph 1 a) of the GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose.
Contract performance:
article 6, paragraph 1 b) of the GDPR serves as the legal basis for processing that is necessary for the fulfilment of a contract to which the data subject is a party or for the implementation of pre-contractual measures at the request of the data subject.
Legal obligation:
article 6, paragraph 1 c) of the GDPR serves as the legal basis for processing that is necessary to fulfil a legal obligation.
Vital interests:
article 6, paragraph 1 d) of the GDPR serves as a legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.
Public interest:
article 6, paragraph 1 e) of the GDPR serves as the legal basis for processing that is necessary for the performance of a task carried out in the public interest or in the exercise of public authority entrusted to the controller.
Legitimate interest:
article 6, paragraph 1 f) of the GDPR serves as a legal basis for processing that is necessary to safeguard the legitimate interests of the controller or a third party, unless such considerations are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, in particular if the data subject is a child.

 

Rights of the data subject

Right of access:
in line with article 15 of the GDPR, data subjects have the right to request confirmation as to whether we process data concerning them. You can request information about this data as well as the further information listed in article 15, paragraph 1 of the GDPR and a copy of your data.
Right to rectification:
in line with article 16 of the GDPR, data subjects have the right to request the rectification or completion of their personal data that is processed by us.
Right to erasure:
in line with article 17 of the GDPR, data subjects have the right to request the immediate deletion of their personal data. Alternatively, they can demand that the processing of their data be restricted in line with article 18 of the GDPR.
Right to data portability:
in line with article 20 of the GDPR, data subjects have the right to demand to be supplied with the data that they provided and to request its transfer to another controller.
Right to lodge a complaint:
data subjects also have the right to lodge a complaint with the supervisory authority responsible for them in accordance with article 77 of the GDPR.
Right to object:
If personal data has been processed based on legitimate interests as stipulated in article 6, paragraph 1, sentence 1 f of the GDPR, data subjects have the right to object to the processing of their personal data, if there are reasons for this arising from their particular situation or the objection is directed against direct marketing as stipulated in article 21 of the GDPR. In the latter case, data subjects have a general right to object, and this will be implemented by us without them stating a specific situation.
 
 

Retraction

Some data processing operations are only possible with the express consent of the data subjects. They have the option of revoking consent that has already been granted at any time. No reason must be given. All they need to do is send an informal e-mail to:info@werma.com.

The consent of data processing activities on our website can be adjusted and revoked in our Consent Manager. Revocation by the user means that the data processing for the stated purposes will not take place, the data will be deleted for the purpose and will no longer be collected by us.

The lawfulness of any data processing performed before consent was retracted remains unaffected.

External links

Links to the websites of other providers can be found on our website. We hereby inform you that we have no influence on the content of the linked websites or on the compliance of their providers with data protection regulations.

Changes

We reserve the right to adjust the data protection notices on our website at any time in the event of changes and in compliance with the applicable data protection regulations so that they comply with data protection requirements.

 

This privacy policy was created by

Deutsche Datenschutzkanzlei – Maximilian Musch

www.ddsk.de