Data Privacy

1 Introduction

Using the following information, we would like to give you a summary of the way your personal data are processed by us and your rights as a “data subject” arising from data protection laws. As a rule, you do not need to disclose any personal data to use our websites. However, if you would like to use special services provided by our company via our website, processing of personal data might be required. If processing of personal data is required and if no legal basis for such processing exists, we generally ask for your consent.

Processing of personal data, such as your name, address or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and according to the country-specific data protection provisions applicable to “Weckerle GmbH”. The objective of this privacy policy is to inform you about the scope and purpose of the personal data we collect, use and process.

In our capacity as data controller, we implemented numerous technical and organisational measures to ensure that personal data processed via this website is protected as completely as possible. Nevertheless, web-based data transfer generally still presents vulnerabilities, which makes any guarantee of complete protection impossible. For this reason, you are free to transmit personal data to us using alternative means such as telephone or mail.

2 Controller

Weckerle GmbH
Holzhofstrasse 26, 82362 Weilheim, Germany,

is the controller as defined in the GDPR

Phone: +49 (0) 881 9293 0
Email: info@weckerle.com

Director of the controller: Thomas Weckerle

3 Data protection officer

You can contact the data protection officer at:

email: datenschutz@weckerle.com

You can contact our data protection officer directly at any time if you have any questions or suggestions regarding data protection.

4 Definitions

The privacy policy is based on the terms used by the European directives committee and the European legislature when adopting the General Data Protection Regulation (GDPR). We aim to make reading and understanding our privacy policy easy for both the general public and our customers and business partners. To ensure this, we would like to explain the terms used in advance.

The following terms are used in this privacy policy, among others:

  1. Personal data
    Personal data means any information relating to an identified or identifiable natural person. A natural person is deemed identifiable if they can be identified directly or indirectly, especially using assignment to an identifier such as a name, an identifying number, location data, an online identifier or one or several special characteristics which express the physical, physiological, genetic, mental, commercial, cultural or social identity of the natural person concerned.
  2. Data subject
    A data subject is any identified or identifiable natural person whose personal data are processed by the processing controller (our company).
  3. Processing
    Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  4. Restriction of processing
    Restriction of processing means the marking of stored personal data with the aim of restricting their processing in the future.
  5. Profiling
    Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  6. Pseudonymisation
    Pseudonymisation means processing personal data in such a way that the personal data cannot be assigned to a specific data subject any more without referring to additional information, provided such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  7. Processor
    Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  8. Recipient
    Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether this is a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
  9. Third party
    Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process the personal data.
  10. Consent
    Consent by the data subject means any freely given, specific, informed and unambiguous indication of their wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of the personal data relating to them.

5 Legal basis for processing

Our company uses article 6 (1) point a GDPR as the legal basis for processing operations with regard to which we have obtained your consent to process data for a specific purpose.

If processing personal data is required for contract performance regarding a contract to which you are a party, as is for example the case with processing operations necessary for the supply of goods or rendering of other services or return services, processing is based on article 6 (1) point b GDPR. The same applies to processing operations required to execute pre-contractual measures, as is the case with inquiries regarding our products or services.

If our company must comply with a legal obligation requiring the processing of personal data, for example to fulfil tax obligations, processing is based on article 6 (1) point c GDPR.

In rare cases, processing personal data could be required to protect vital interests of the data subject or another natural person. This would be the case if, for example, a visitor was injured on our premises and it thus became necessary to transmit their name, age, health insurance data or other vital information to a doctor, a hospital or another third party. In this case, processing would be based on article 6 (1) point d GDPR.

Lastly, processing operations could be based on article 6 (1) point f GDPR. This legal basis applies to processing operations which are not covered by any other of the aforementioned legal bases if processing is required to safeguard legitimate interests of our company or any third party, provided the interests, fundamental rights and freedoms of the data subject do not outweigh such interests. European legislators make special mention of such processing operations, which is the particular reason why we are allowed to carry them out. In this matter, the legislators were of the opinion that legitimate interests might be assumed to exist if you are a customer of our company (recital 47 sentence 2 GDPR).

6 Technology

6.1 SSL/TLS encryption

This site uses SSL/TLS encryption to guarantee secure data processing and make sure any confidential content, such as orders, login data or contact enquiries you sent to us, the website operator, is transmitted securely. You can recognise an encrypted connection by the lock symbol in the address bar of your browser and by the fact that “https://” is displayed in the address bar of your browser instead of “http://”.

If SSL/TLS encryption is activated, data you transmit to us cannot be read by any third party.

6.2 Data collection when visiting our website

If you use our website purely for information purposes, i.e. if you do not register or transmit information to us in any other way, we will only collect data your browser transfers to our server (by means of so-called “server logfiles”). Our website collects various general information and data whenever a page is accessed by you or an automated system. The general information and data are recorded are stored on the server logfiles. The following information can be collected

  1. browser type and browser version used,
  2. operating system used by the system accessing the site,
  3. the website a system accessing our website comes from (the so-called referrer),
  4. the sub-websites on our website accessed by the visiting system,
  5. the date and time you accessed our website,
  6. an internet protocol address (IP address),
  7. the internet service provider used by the system accessing our website.

When we use such general information and data, we do not draw any conclusions about you as an individual. Rather, this information is necessary to

  1. correctly display the content on our website,
  2. optimise the content on our website and corresponding advertisements,
  3. ensure the long-term functionality of our IT systems and the technologies our website uses and
  4. provide the information necessary for criminal prosecution to law enforcement authorities in case of a cyber-attack.

Thus, the information and data collected will be evaluated by us for statistical purposes on the one hand and, on the other hand, for the purpose of enhancing data security and data protection within our company to ultimately ensure an optimal security level for personal data processed by us. The data from the server logfiles will be stored separately from any personal data provided by a data subject.

Article 6 (1) sentence 1 point f GDPR constitutes the legal basis for data processing. Our legitimate interest can be derived from the above-mentioned purpose of data collection.

7. Content on our website

7.1 Contact / contact form

If you contact us (e.g. via contact form or email), we will collect personal data. The personal data collected when using a contact form are indicated on the respective contact form. Such data are stored and used exclusively for the purpose of replying to your request or for contact purposes and related technical administration. Your data are processed on the legal basis of our legitimate interest of replying to your request according to article 6 (1) point f GDPR. If you contact us with the intention of concluding a contract, article 6 (1) point b GDPR forms an additional legal basis for data processing. After we finished handling your request, your data will be erased; this is the case if under the circumstances it seems reasonably certain that the respective matter has been settled conclusively and provided the erasure of data is not prevented by any statutory retention obligations.

8 Plugins and other services

8.1 Google Web Fonts

Our website uses so-called web fonts for a uniform display of fonts. Web fonts are provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you open a webpage, your browser loads the necessary web fonts into the browser cache to be able to display texts and fonts correctly.

For this purpose, the browser you use must connect with Google’s servers. Through this, Google becomes aware of the fact that our website was opened via your IP address. We use Google Web Fonts to present our website in a uniform and attractive way. This is considered a legitimate interest as defined in article 6 (1) point f GDPR.

Google LLC based in USA is certified for “Privacy Shield”, a US-European data protection convention guaranteeing compliance with the level of data protection applicable in the EU.

For more information regarding Google Web Fonts, please refer to https://developers.google.com/fonts/faq and Google’s privacy policy: https://www.google.com/policies/privacy/

9 Your rights as a data subject

9.1 Right to confirmation

You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed.

9.2 Right of access article 15 GDPR

You have the right to obtain from us free of charge at any time access to information about the personal data stored concerning you as an individual; furthermore, you have the right to obtain a copy of such data at any time.

9.3 Right to rectification article 16 GDPR

You have the right to request the rectification of inaccurate personal data concerning you. Furthermore, the data subject has the right to have incomplete personal data completed, taking into account the purposes of processing.

9.4 Erasure article 17 GDPR

You have the right to request we erase personal data concerning you without undue delay if one of the reasons provided for by law applies and if processing is not necessary.

9.5 Restriction of processing article 18 GDPR

You have the right to request from us restriction of processing if one of the statutory requirements is met.

9.6 Data portability article 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from us, to whom,the personal data have been provided, if processing is based on consent in accordance with article 6 (1) point a GDPR or article 9 (2) point a GDPR or on a contract in accordance with article 6 (1) point b GDPR and provided processing is carried out by automated means, if processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, upon exercising your right to data portability in accordance with article 20 (1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and if this action does not have any negative impact on the rights and freedoms of another person.

9.7 Objection article 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on article 6 (1) point e (data processing in the public interest) or f GDPR (data processing based on weighing of interests).

The same applies to profiling based on those provisions as defined in article 4 no. 4 GDPR.

If you object to processing, we will no longer process your personal data unless we can prove compelling legitimate reasons for processing which outweigh your interests, rights and freedoms or if processing is carried out for the purpose of establishing, exercising or defending legal claims.

In specific cases, we process personal data for the purpose of direct advertising. You can object to the processing of your personal data for the purpose of such advertising at any time. The same applies to profiling if it is carried out in connection with such direct advertising. If you make known to us your objection to processing for the purpose of direct advertising, we will not process your personal data for this purpose any longer.

Furthermore, you have the right to object, on grounds relating to your particular situation, to our processing personal data concerning you for scientific or historical research purposes or statistical purposes in accordance with article 89 (1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Notwithstanding directive 2002/58/EC, you are free to exercise your right of objection in connection with the use of information society services by automated means using technical specifications.

9.8 Withdrawing a data protection-relevant statement of consent

You have the right to withdraw your consent regarding the processing of personal data at any time with effect for the future.

9.9 Complaint to a supervisory authority

You have the right to lodge a complaint with a competent data protection supervisory authority regarding our processing of personal data.

10 Routine storage, erasure and blocking of personal data

We only process and store your personal data for the duration necessary to fulfil the storage purpose and if this is provided for by any of the statutory provisions our company is subject to.

If the storage purpose no longer exists or if a prescribed storage period has expired, the personal data will be routinely blocked or erased in accordance with legal provisions.

11 Storage periods for personal data

The respective statutory retention period is the criterion for determining how long personal data will be stored for. Once such a period has expired, the respective data will be routinely erased if they are no longer required for contract performance or contract initiation.

12 Up-to-dateness of the privacy policy and amendments

This privacy policy is currently valid as of May 2018.

Our websites’ and offers’ ongoing development and changes in legal or official requirements may necessitate amendments to this privacy policy. You can consult and print out the most up-to-date version of this privacy policy at any time via “https://www.weckerle.com/data-privacy/?lang=de”.