1. General information and principles of data processing
We are glad that you visit our website. The protection of your privacy and the protection of your personal data, the so-called personal data, when using our website is very important to us.
According to Art. 4 No. 1 GDPR, personal data are all information relating to an identified or identifiable natural person. This includes, for example, information such as your first and last name, your address, your telephone number, your e-mail address and your IP address.
Data that cannot be linked to your person, for example after anonymization, is not personal data. The processing (e.g. the collection, storage, reading, querying, use, transmission, deletion or destruction) according to Art. 4 No. 2 GDPR always requires a legal basis or your consent. Processed personal data must be deleted as soon as the purpose of the processing has been achieved and no legally prescribed retention obligations are to be observed.
Here you will find information about the handling of your personal data when you visit our website. In order to provide the functions and services of our website, it is necessary that we collect personal data about you.
We also explain to you the type and scope of the respective data processing, the purpose and the corresponding legal basis and the respective storage period.
Below you will find the contact details of the responsible controller and the data protection officer.
2. Controller / Data Protection Officer
Controller for the processing of personal data on this website (please see the imprint):
WEKA Group GmbH
Tel: +49 82 33 23-0
Fax: +49 8233 23-195
If you have any questions about data protection, you can also contact our data protection officer at any time:
Dr. Georg F. Schröder, LL.M.
Data Protection Officer
legal data Schröder Rechtsanwaltsgesellschaft mbH
80333 Munich, Germany
Phone: +49 89 954 597 520
Fax: +49 89 954 597 522
3. Provision and use of the website/ log files
3.1. Type and scope of data processing
If you use this website without otherwise transmitting data to us, we collect the following technically necessary data via log files, which are automatically transmitted to our server:
- Date and time
- IP address
- Session ID
- Visited web page
- Name of the website from which our website was accessed
- Browser used
3.2. Purpose and legal basis
This processing is technically necessary in order to be able to display our website to you. We also use the data to ensure the security and stability of our website. This processing is also necessary to prevent the misuse of our website.
The legal basis for this processing is Art. 6(1) lit. f) GDPR. The processing of the mentioned data is necessary for the operation of the website and protection against misuse of the website and thus serves the protection of a legitimate interest of our company.
3.3. Storage period
As soon as the personal data mentioned are no longer required to display the website, the data will be deleted. The collection of the data for the provision of the website and the storage of the data in log files is necessary for the operation of the website. Consequently, there is no possibility for the user to object to this aspect. Log data is permanently deleted after 7 days at the latest if it is not relevant in the context of a legal dispute. Further storage may take place in individual cases if this is required by law.
4.1. Type, scope and purpose of data processing
Our website uses transient/session cookies, which are automatically deleted when you close your browser. This type of cookie allows us to collect your session ID. This makes it possible to assign different requests of your browser to a common session and it is possible to recognize your device during subsequent visits to websites.
Persistent cookies are used on our website. Persistent cookies are cookies that are stored in your browser for a longer period of time and can transmit information. The respective storage period differs depending on the cookie. You can delete persistent cookies independently using your browser settings.
We use analytical cookies to track the anonymous user behavior on our website.
Configuring the browser settings
Most web browsers are pre-set to automatically accept cookies. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may then no longer be able to use all the functions of our website.
You can also use your browser settings to delete cookies already stored in your browser. Furthermore, it is possible to set your browser so that it informs you before cookies are stored. Since the different browsers may differ in their respective functions, please use the respective help menu of your browser for the corresponding configuration options.
4.2. Legal basis
4.3. Storage period
As soon as the data transmitted to us via cookies is no longer required for the purposes described above, this information will be deleted. Further storage may take place in individual cases if this is required by law.
5. Data collection for the implementation of pre-contractual measures and for contract fulfilment
5.1. Type and scope of data processing
In the pre-contractual area and at the conclusion of the contract we collect personal data about you. This includes, for example, first and last name, address, e-mail address, telephone number or bank details.
5.2. Purpose and legal basis of data processing
We collect and process this data exclusively for the purpose of contract execution and/or for the fulfilment of pre-contractual obligations.
The legal basis for this is Art. 6(1) lit b) GDPR. If you also give your consent, the additional legal basis is Art. 6(1) lit. a) GDPR.
5.3. Storage period
The data will be deleted as soon as they are no longer necessary for the purpose of their processing.
In addition, statutory retention obligations may exist, such as commercial or tax retention obligations in accordance with the German Commercial Code (HGB) or the German Fiscal Code (AO). If such storage obligations exist, we will block or delete your data at the end of these storage obligations.
6. Data transmission
We will only pass on your personal data to third parties if:
a) you have given your explicit consent in accordance with Art. 6(1) lit. a) GDPR
b) this is legally permissible and is necessary according to Art. 6(1) lit. b) GDPR for the fulfilment of a contractual relationship with you or the implementation of pre-contractual measures
c) We may be legally obliged to transmit data in certain cases to state authorities, e.g. tax authorities, supervisory authorities and law enforcement authorities.
d) the disclosure according to Art. 6(1) lit. f) GDPR is necessary for the protection of legitimate company interests, as well as for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
e) in accordance with Art. 28 GDPR, we use external service providers, so-called processors, who are obliged to handle your data with care.
We use such service providers in the following areas:
When transferring your personal data to external bodies in third countries, i.e. outside the EU or the EEA, we ensure that these bodies treat your personal data with the same care as within the EU or the EEA. We only transfer personal data to third countries for which the EU Commission has confirmed an appropriate level of protection or if we ensure the careful handling of personal data through contractual agreements or other suitable guarantees.
7. Contact options by e-mail
On our website you can contact us by e-mail.
7.1. Type and scope of data processing
You can contact us by e-mail. Our data collection is limited to the e-mail address of the e-mail account you use to contact us and to any personal data you make available when contacting us.
7.2. Purpose and legal basis
The purpose of data processing is to enable us to respond appropriately to your request.
The legal basis for this is Art. 6(1) lit. f) GDPR. We have a legitimate interest in the processing of the above-mentioned personal data in order to be able to process your request properly.
7.3. Storage period
The duration of the storage of the above data depends on the background of your contact. Your personal data is regularly deleted if the purpose of the communication no longer applies and storage is no longer necessary. This may result, for example, from the conclusion of processing of your request.
9. Data security and security measures
We are committed to protecting your privacy and keeping your personal information confidential. For this purpose, we take extensive technical and organizational security measures, which are regularly reviewed and adapted to technological progress.
Among other things, this includes the use of recognized encryption methods (SSL or TLS). Unencrypted disclosed data, for example unencrypted e-mails, could possibly be read by third parties. We have no influence on that. It is the responsibility of the respective user to protect the data provided by them against misuse by using encryption or other means.
We reserve the right to update this statement at any time if necessary.
11. Your rights
Here you will find your rights regarding your personal data. Details can be found in articles 7, 15-22 and 77 GDPR. In this regard, you can contact the controller (item 2) or the data protection officer (item 2).
a) Right to withdraw your data protection consent according to Art. 7(3) s. 1 GDPR
You can withdraw your consent to the processing of your personal data at any time with effect for the future. However, this does not affect the legality of the processing until revocation.
b) Right of access according to Art. 15 GDPR
You have the right to request confirmation whether we obtain personal data concerning you.
In this case you have the right to get information about your personal data as well as further information, e.g. the purposes of processing, categories of personal data concerned, the recipients and the planed period of storage or the criteria used to determine that period.
c) Right to obtain rectification and completion according to Art. 16 GDPR
You have the right to obtain the correction of incorrect data without delay. Taking into account the purposes of the processing, you have the right to obtain the completion of incomplete data.
d) Right to erasure (« right to be forgotten ») according to Art. 17 GDPR
You have a right of erasure, as far as the processing is not necessary. This is the case, if your data is no longer necessary for the original purposes, for example if you have withdrawn your consent or if the data was processed unlawfully.
e) Right to restriction of processing according to Art. 18 GDPR
You have the right to obtain restriction of data processing, e.g. if you believe that the personal data is incorrect.
f) Right to data portability according to Art. 20 GDPR
You have the right to receive your personal data previously provided to us by you in a structured, commonly used and machine-readable format.
g) Right to object according to Art. 21 GDPR
You have the right to object at any time to the processing of certain personal data concerning you for reasons arising from your particular situation.
In the case of direct marketing, you as the data subject have the right to object at any time to the processing of personal data concerning you for the purpose of advertising; this also applies to profiling, insofar as it is associated with direct marketing.
h) Automated individual decision-making, including profiling according to
You have the right not to be subject to a decision based solely on automated processing – including profiling – except in the exceptional circumstances mentioned in Art. 22 GDPR.
A decision based solely on automated processing – including profiling – does not take place.
i) A decision based solely on automated processing – including profiling – does not take place.
You can also lodge a complaint with a data protection supervisory authority at any time, for example if you believe that data processing is not in compliance with data protection regulations.
The data protection supervisory authority for us is the following:
Bavarian State Office for Data Protection Supervision
PO Box 1349
Bavarian State Office for Data Protection Supervision
PO Box 1349