First off, your data is in good hands with us. We will only do what you want us to do with your data.
The details are set out below in the long version of our promise.
We have written our Privacy Policy in the most comprehensible way possible. For example, we have omitted references to laws and simplified many specialist terms. The relevant legally valid text can be found under ‘Details >’.
Incidentally, by GDPR we mean the General Data Protection Regulation of the European Union.
I. General information
1. Contact details of the controller
Wiethe Content GmbH
Hermann-Müller-Straße 12
49124 Georgsmarienhütte
Germany
Phone: +49 5401 3651 100
Fax: +49 5401 3651 10
group@wiethe.com
2. Contact details of our Data Protection Officer
E-Mail: datenschutz@wiethe.com
II Concrete information on the collection of personal data
1. Visiting the website
1.a) Purpose of the collection and processing of data
To keep a technical eye on what is happening on our website, we store some data (see list under ‘Details >’). This helps us, for example, to detect faults and overloads. It also gives us an indication of how to further develop our website.
The data cannot be linked to you.
Every time a user accesses a page from our website or calls up a file stored on our website, access data relating to this process are stored in a log file. Each dataset consists of:
(1) the page from which the file was requested,
(2) the name of the file,
(3) the date and time of the request,
(4) the amount of data transmitted,
(5) the access status (file transmitted, file not found, etc.),
(6) a description of the type of operating system and web browser used,
(7) the client IP address.
e use this data in order to operate our website, in particular to determine the utilisation of the website and website malfunctions, and to make adjustments or improvements. The client IP address is used for the purpose of transmitting the data requested; when no longer technically required, the client IP address will be rendered anonymous by deleting the last block of numbers (IPv4) or the last octet (IPv6).
1.b) Duration of retention
The data mentioned in 1.a) are stored every time our website is accessed. They will be deleted when we no longer need them‒ within ten weeks at the latest.
1.c) Legal basis
The European Union’s General Data Protection Regulation allows us to process data in this way.
The legal basis for the temporary storage of the aforementioned data is Article 6(1)(f) of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”). The legitimate interest is to make available our website. In accordance with Section 2 No. 2 of the Telecommunications Digital Services Data Protection Act (TDDDG), your consent to these processing operations is not necessary because we would not be able to make this “digital service” (= the Wiethe website) available to you without these processing operations.
1.d) Possibility of objection and removal
You can let us know that you do not agree to the storage of data.
2. Cookies
2.a) Purpose of the collection and use of data
When you visit our website, small data packages are stored on your web browser (or on the device you use to visit our website). They are called cookies. With the help of these cookies, our website can tell that this web browser has already visited the page before. Any settings that may have been made can then be made again automatically (e.g. the selected language). Cookies also help us to adapt the pages to your preferences and to speed up the display of the page.
In order to make it technically possible to visit our website, we transmit so-called cookies to the data subject’s end device. Cookies are small text files that enable the data subject’s end device to be identified, usually by recording the name of the domain from which the cookie data were sent, information on the age of the cookie and an alphanumeric identifier. Saving the cookie on the end device used – without interfering with the operating system – enables the end device to be recognised and allows us to make immediately available any possible presettings. We use this information to adapt our website and the services offered to your needs and to enable you to access our website more quickly.
2.b) Duration of retention
You can delete our cookies from your browser/device at any time. Besides that, the cookies will also be deleted automatically after different lengths of time.
The different cookies are stored for different lengths of time; however, the maximum period is two years. Cookies are stored on your local end device, not on our server, which is why the actual deletion period depends on how your browser software is configured. Please refer to the operating instructions of your browser software to find out how to delete – either ad hoc or automatically – cookies that we have set.
2.c) Legal basis
The General Data Protection Regulation allows us to set cookies.
The storage of the aforementioned data is based in part on your consent (in accordance with Section 25(1) TTDSG and Article 6(1)(a) GDPR), namely in the case of cookies that are set in order to be able to optimise the quality of our website through analysis. Cookies are also set to enable users to visit our website; in particular, a number of functionalities on our website cannot be used without cookies, since, in the absence of cookies, the user would not be recognised when changing to a different page, and language settings would be lost, for instance. The legal basis for setting these cookies is our legitimate interest in making our website available to you for your use (Article 6(1)(f) GDPR). Without these cookies, we would not be able to offer you this website (Section 25(2)(2) TTDSG).
2.d) Possibility of objection and removal
You can delete cookies yourself at any time in the browser. In addition, cookies can be rejected in the privacy settings.
The data subject may block the use of cookies in the end device used or delete these cookies after use. In some circumstances, however, it may not be possible to use the full functionality of our website. Please refer to the operating instructions of the browser software to find out how to block cookies and to delete cookies that have already been saved.
3. Direct marketing
3.a) Purpose of the collection and use of data
When you buy something from us (goods or services), we receive your contact details. We will use these details to send you advertising for other products. You can object to this at any time if you want us to stop sending you advertising.
We will use the data received from the data subject in connection with the sale of goods or services in order to undertake direct marketing for our offerings. In the case of an email address, this will only take place for our own similar goods or services and where the data subject has not objected to its use, which is pointed out (inter alia hereby) during data collection; in addition, with every use, reference is made to the continued possibility of opting out.
3.b) Duration of retention
We will delete your contact details from our advertising database the moment you request us to do so. We will also delete them if more than 12 months have passed between two advertising mails.
3.c) Legal basis
The General Data Protection Regulation allows us to use contact details for advertising.
3.d) Possibility of objection and removal
If you do not want to receive advertising from us, simply contact us. Then we will stop sending you advertising.
4. Contact form, contact by email, fax or telephone
4.a) Purpose of the collection and use of data
When you contact us, we save the information you give us. This is the case regardless of how you contact us. We will not pass on your data.
4.b) Duration of retention
When we no longer need the information relating to you which you gave us during our communication, we will delete it.
4.c) Legal basis
The General Data Protection Regulation allows us to use contact details.
4.d) Possibility of objection and removal
If you do not want us to continue using your data, you can object to this at any time. Simply contact us, and we will delete your details.
5. Newsletter
5.a) Purpose of the collection and use of data
We will be happy to send you our newsletter by email.
There is the option of subscribing to a newsletter. Subscribing to our newsletter is a double opt-in process. This means that once a data subject has subscribed, they will receive an email asking them to confirm their subscription. When the data subject subscribes to the newsletter, the data from the input mask provided by them at the time of subscription will be transmitted to the service provider we use – rapidmail. These data are the email address stated, the IP address, and the time and date of subscription. The data collected are needed to be able to send the newsletter and manage the subscription.
We use rapidmail (rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany) to send newsletters. The sending of our newsletters is organised and analysed by rapidmail. The data entered by the data subject for the purpose of subscribing to the newsletter will be stored on the rapidmail servers in Germany. Data are not transferred to third countries. If data subjects do not wish their data to be analysed by rapidmail, they must unsubscribe from the newsletter. We provide a link in each newsletter message for this purpose. For analysis purposes, the emails sent using rapidmail contain a so-called tracking pixel, which connects to the rapidmail servers when the email is opened. This enables us to determine whether a newsletter message has been opened. We can also use rapidmail to determine whether and which links in the newsletter message have been clicked. Optionally, links in the email can be set as tracking links to count your clicks.
5.b) Duration of retention
When you unsubscribe from the newsletter, we will delete all personal data linked to your email address. However, your email address will continue to be kept on a list so that we can ensure that you do not receive any further promotional emails from us. Should you decide against this, please let us know and we will remove your email address from this list.
The data will be deleted as soon as the data are no longer necessary for achieving the purpose and the data subject has unsubscribed from the newsletter.
The personal data stored by us as part of the consent to send the newsletter will be stored by us until the data subject unsubscribes from the newsletter; they will be deleted from our servers as well as from the rapidmail servers after unsubscribing from the newsletter. However, we will continue to store the email address to ensure that we do not write to the data subject again for marketing purposes. Should such storage be unwanted, the data subject can notify us and we will then also delete this entry.
5.c) Legal basis
The General Data Protection Regulation allows newsletters to be sent to you (but only, of course, if you agree to it.)
The legal basis for storing the aforementioned data, only after prior consent in the context of subscription, is Article 6(1)(a) GDPR (and therefore also in accordance with Section 25(1) TDDDG). Since the data subject is able to withdraw his or her consent at any time, the legitimacy of the processing of personal data that took place on the basis of consent until its withdrawal is not affected.
For more information about the rapidmail privacy policy, please see the rapidmail privacy policy at www.rapidmail.de/datensicherheit. Further details about the rapidmail analysis functions can be found at the following link: www.rapidmail.de/wissen-und-hilfe
5.d) Possibility of objection and removal
You can unsubscribe from the newsletter at any time. You can also contact us to have your email address removed from the “unsubscribe list” (see also 5.b).
The use of data for receiving the newsletter may be objected to at any time for future effect by unsubscribing from the newsletter, without incurring any costs other than the cost of transmission at the basic rates. This can be done by declaring to us your objection. If the data subject wishes to unsubscribe from the newsletter, he or she will find in every newsletter, for example, an appropriately marked link that need simply be clicked.
In addition, the data subject can also contact us to also have their email address removed from the “unsubscribe list” (see also 5.b).
6. Google Services
6.1 Google Analytics
6.1 a) Purpose of the collection and use of data
By using the Google Analytics service, we get an insight into the use of our website. Google is a company based in the USA. In order to create the necessary statistics, the IP address you used to visit our website is stored. However, the IP address will be processed in anonymous form. Cookies are also used (see also 2.a) to facilitate such analysis. In other words, both we and Google process this information in anonymous form.
6.1 b) Duration of retention
Your full IP address will only be used for the duration of a fraction of a second, i.e. for the purpose of anonymising it. The raw data for statistics will be deleted after 14 months.
Once the data are no longer needed to achieve the purpose, they will be deleted, which is the case when the anonymisation, which takes place within the European Union, has been completed. This takes less than one second.
The data sent by us and that are linked to cookies, user identifications (e.g. user IDs) or advertising IDs will be deleted automatically after 14 months. Data that have reached their storage period are deleted automatically once a month.
For more information, visit https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=de.
6.1 c) Legal basis
The General Data Protection Regulation allows us to analyse visits.
In order to use Google services, you must give your consent in accordance with Section 25(1) TDDDG, Article 6(1)(a) GDPR. Google LLC is a company in the USA, a country in which the level of data protection does not correspond to that of the EU. However, because Google LLC has certified itself with the EU-US Privacy Framework (https://www.dataprivacyframework.gov/), a level of data protection appropriate to the EU applies in this case.
6.1 d) Possibility of objection and removal
You can prevent cookies from being set and data from being shared with Google in your browser/device or in our website’s privacy settings. But it could be that some convenient functionalities will then no longer work. A browser plug-in can even be used to prevent data being shared with Google: http://tools.google.com/dlpage/gaoptout?hl=de
The data subject can prevent cookies from being saved by changing the appropriate setting in the browser software; we point out to the data subject, however, that this may mean that he or she will not be able to use the full functionality of this website. The data subject can also prevent the data generated by the cookie relating to the use of the website (including the IP address) from being recorded and used by Google by downloading and installing the browser plugin available from this link [http://tools.google.com/dlpage/gaoptout?hl=de].
6.2 Google Maps
6.2 a) Purpose of the collection and use of data
Our website uses Google Maps to display a map of the area surrounding our agency. Google is a company in the USA. When you use Google Maps, data about your use of the map function is transmitted to Google. This serves to provide the service in the first place, but also to improve it. This data may include your IP address, location data and other usage information.
Google Maps enables maps to be embedded directly in websites. This requires the processing of the user’s IP address and metadata. Cookies or cookie-like technologies can be stored and read. These may contain personal data and technical data such as user IDs, consents, map software settings and security tokens. According to Google, this data can be used to record websites visited, to compile detailed statistics on user behaviour and to improve Google’s services. This data can be linked by Google with the data of users logged in to Google’s websites (e.g. google.com and youtube.com). Google makes personal data available to its affiliated companies, other trusted companies or persons who can process this data on the basis of Google’s instructions and in accordance with Google’s data protection provisions.
6.2 b) Duration of retention
The data collected by Google Maps is stored and processed by Google. We have no influence on the duration of the storage of this data by Google.
Further information on the storage period can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de or in more detail at https://policies.google.com/technologies/retention?hl=de&hl=de
6.2 c) Legal basis
The General Data Protection Regulation allows us to use Google Maps with your permission.
To use Google services, you must give your consent in accordance with § 25 para. 1 TDDDG and Art. 6 para. 1 lit a GDPR. You give this consent via the cookie banner that appears when you access the website or directly in the display area of the map integration.
Google LLC is a company in the USA, a country in which the level of data protection does not correspond to that of the EU. However, because Google LLC has certified itself with the EU-US Privacy Framework (https://www.dataprivacyframework.gov/), a level of data protection appropriate to the EU applies in this case.
6.2 d) Possibility of objection and removal
You can revoke your consent to the use of Google Maps at any time in the ‘Privacy’ menu item at the bottom of the website. There are other options.
The person concerned can prevent the storage of cookies by setting the browser software accordingly and, if necessary, by using suitable software to prevent the general transfer of data to Google; however, we would like to point out to the person concerned that in this case not all functions of this website can be used to their full extent.
7. WiredMinds
7.a) Purpose of the collection and use of data
We use the statistics service WiredMinds to gain an insight into the use of our website. To do this, the IP address you used to visit our website, among other things, is stored. However, the IP address is shortened, and can no longer be linked to you. In other words, both we and WiredMinds process this anonymous information.
7.b) Duration of retention
Your full IP address will only be used for a fraction of a second, i.e. for the purpose of anonymising it.
7.c) Legal basis
The General Data Protection Regulation and the German Telemedia Act allow us to analyse visits in this way.
The legal basis for storing the aforementioned data is Section 25(1) TTDDG and Article 6(1)(a) GDPR. This means that we collect data to analyse the surfing behaviour of unidentifiable users in order to optimise our website and the services we offer. This will only take place with your consent.
8. Matomo
8.a) Purpose of the collection and use of data
Matomo provides us with statistical information on user activity on our website. Data are collected anonymously.
This website uses the open source software program Matomo (formerly PIWIK, www.matomo.org) for statistical analysis of visits to the website. Matomo uses cookies to do so (see also 2.a). In the process, data may be recorded, processed and stored, from which anonymous user profiles are created.
TThe data collected are those specified in 1.a) and, in addition
a pseudonymised identification number
your anonymised IP address (the last number block of the IP address is deleted)
country and municipality of origin (by determining longitude and latitude using the shortened IP address)
the device used (including language settings, browser version and display size)
possibly the URL of the external link on our website that you use to leave the website
The information collected by Matomo for this purpose is transmitted to the server on which our website is hosted, and forwarded to Matomo for usage analysis purposes. The Matomo server is located in Germany. Your IP address will be anonymised immediately after processing, before storage and transmission.
Matomo’s Privacy Policy is available here: https://matomo.org/privacy-policy/.
8.b) Duration of retention
Your full IP address will only be used for a fraction of a second, for the purpose of anonymising it. All other data will be automatically deleted within 7 weeks.
8.c) Legal basis
The General Data Protection Regulation and the Telecommunications Digital Services Data Protection Act allow us to analyse visits in this way.
The legal basis for the use of the data is the pursuit of our legitimate interests in the analysis, optimisation and economic operation of our website (Article 6(1)(f) GDPR by means of collecting anonymous usage data and producing statistics from those data. If the relevant consent has been requested, the processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.
8.d) Possibility of objection and removal
You may object to data processing by Matomo.
9. Applications
9.a) Purpose of the collection and use of data
Application details are used solely for the application procedure.
11.b) Duration of retention
If the applicant is hired, we will retain the data for the duration of employment. If the applicant is not hired, we will delete the data as soon as they are no longer required. This is typically the case after six months. If an application is withdrawn, we will also delete the data.
9.c) Legal basis
The General Data Protection Regulation and the Federal Data Protection Act govern the handling of data in application procedures.
9.d) Possibility of objection and removal
You have the right to object to processing, and to request the erasure of data. It could be the case that legal provisions do not allow this. (For example, the requirement that application details must be retained in case of complaints under the Act on Equal Treatment. See also 11.b)
III. Rights of the data subject
You have the following rights with regard to the personal data transmitted to us via our website.
1. Right of access under Article 15 GDPR
You have the right to the following information
a) the reason for processing
b) the type of data processed
c) in the event of the disclosure of your data: the recipients
d) the storage period
e) information about your rights to rectification and erasure, and the restriction of and objection to data processing
f) the right to lodge a complaint with a data protection authority
g) if we have data relating to you that you did not transmit to us yourself: the origin of the data
h) about the application of automated decision-making and details about it
i) if data is disclosed outside the validity of the General Data Protection Regulation: about guarantees that afford appropriate protection
If you wish to have more than one copy of the information, we may invoice you for this.
The data subject has the right to the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data relating to the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) where the personal data are not collected from the data subject, any available information as to their source;
h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
i) where personal data are transferred to a third country or to an international organisation, the data subject will have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
We will provide the data subject with a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs.
2. Right to rectification under Article 16 GDPR
If the data we have relating to you are incorrect, we will be happy to rectify them.
The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data relating to him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. Right to erasure under Article 17 GDPR
You have the right to have your data deleted.
4. Right to restriction of processing under Article 18 GDPR
If you wish, we shall ensure that we no longer process your data. Several grounds for when this is possible are listed under “Details >”.
5. Right to information under Article 19 GDPR
If your data are corrected or erased, or if their processing is restricted, we will notify all other organisations to which we have transmitted your data in the past. If you wish, we will of course also notify you of this.
6. Right to data portability under Article 20 GDPR
As a general rule, we will hand out to you the data we have relating to you. This applies to data where you have voluntarily agreed that they can be processed, or that we have received within a contract. In addition, this is only possible if the data can be processed by us automatically. You will receive the data from us in digital form. On request, we will also transmit these data to someone else.
7. Right to object under Article 21 GDPR
You can object at any time to data processing to which you have voluntarily agreed.
The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data relating to him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data relating to him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
Any consent granted by the data subject may be withdrawn by him or her at any time. Any collection and processing undertaken until such time remains, however, lawful.
8. Automated individual decision-making, including profiling, under Article 22 GDPR
We shall not make decisions concerning you based exclusively on automated means. People will also always be involved in decision-making processes. (Exceptions are legally possible.)
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
This does not apply if the decision
a) is necessary for entering into, or performance of, a contract between the data subject and us,
b) is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
c) is based on the data subject’s explicit consent.
Such decisions may not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.
In the cases referred to under points (a) and (c), we will implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on our part, to express his or her point of view and to contest the decision.
9. Right to lodge a complaint with a supervisory authority under Article 77 GDPR
You have the right to complain to a supervisory authority (e.g. to Lower Saxony State Data Protection) if you believe that we do not adhere to these data protection regulations.
10. Right to an effective judicial remedy under Article 79 GDPR
You can, of course, lodge a complaint at any time if you believe that we have breached data protection legislation.
