Data protection notice for website visitors, customers, suppliers, interested parties and other persons concerned
The following information will provide you as visitors of the Wirthwein Online Offer, as customers, interested parties of our services, suppliers or other persons concerned with an overview of how we process your personal data and about your rights resulting from the data protection law. It depends largely on the services required or agreed upon which data in detail are processed and used in which manner. This is the reason why not all parts of this information shall apply to you equally.
1. Responsible authority and contact data of data protection officer
Phone: +49 7933 702-0
Our external data protection officer is available at:
Katja Green, DEKRA Assurance Services GmbH
c/o Wirthwein AG
Phone: +49 7933 702-0
2. Processing of personal data in connection with your use of our websites, applications and online platforms
Data categories, purpose of processing and legal basis
Within the framework of your use of the Wirthwein websites, applications or online tools (in the following called Wirthwein Online Offer) we shall process the following personal data:
- Personal data which you enter voluntarily within the framework of the Wirthwein Online Offer (e.g. for registration, inquiries for contacting, participation in surveys, etc.), such as first and family name, email address, phone number, information that is given within the framework of support inquiries, comments or forum posts
- Information that is automatically sent to us from your web browsers or devices, such as your IP address, type of device, type of browser, previously visited websites, visited subpages or data and time of respective visitor inquiries
We shall process your personal data for the following purpose:
- to enable you to use the services and functions of the Wirthwein Online Offer,
- to process your inquiry,
- to prove your identity and to authenticate users,
- to send you marketing information or to contact you within the framework of customer satisfaction surveys as described in section 4, and
The processing of personal data is necessary to realize the aforementioned purposes. Unless not expressly stated otherwise as regards the collection of personal data, the legal basis of data processing is:
- Implementation and performance of contracts with you pursuant to Art. 6 Sect. 1 lit. b GDPR,
- Fulfillment of legal obligations Wirthwein is object to pursuant to Art. 6 Sect. 1 lit. c GDPR, or
- Safeguarding of legitimate interests of Wirthwein pursuant to Art. 6 Sect. 1 lit. f GDPR. Wirthwein’s legitimate interest is in the processing of your personal data for the purpose of providing offers and operating the Wirthwein Online Offer.
In some cases we shall ask you for your explicit consent for personal data processing. In this case, your given consent is the legal basis for personal data processing pursuant to Art. 6 Sect. 1 lit. a GDPR.
The Wirthwein Online Offer places so-called cookies. Cookies are small text files that are stored on your computer when visiting our website. We place cookies for the purpose of ensuring usage of our online offers, for marketing, individual website optimization and to ensure IT safety.
When calling our website a so-called cookie banner pops up. By clicking a button you agree to us using cookies on this website and are able to make a choice of cookies we use on this website. Your selection is stored for future visits.
Depending on their function and purpose it requires the consent of users to use certain cookies.
However, the consent of users shall not be required for cookies which are essential for users to make use of the Wirthwein Online Offer or to ensure IT safety. Setting of such cookies and processing operations in this respect shall be permitted pursuant to Art. 6 Sect. 1 lit. f GDPR.
In contrast, cookies for all other purposes, such as for individual website optimization, marketing or realization of statistical surveys of your activities on the website, shall require your consent if personal data are processed hereby.
Overview of cookies used on this website:
|Name, Provider||Purpose||Type||Storage period|
|_cookie_consent, wirthwein.de||Consent to the cookies||HTTP||1 year|
|_ga, wirthwein.de||Registers a clear ID which is used to generate statistical data how visitors use our website.||HTTP||2 years|
|_gcl_au, wirthwein.de||TagManager Conversion Tracking, Measurement of downloads||HTTP||2 months|
This website uses functions of the web analyzing service Google Analytics. Provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Google Analytics uses so-called cookies, which are text files that are stored on your computer and will allow for an analytical use of the website. As a rule, the information generated by cookies concerning your use of this website is transferred to and stored on a Google server in the USA.
Data of Google Analytics cookies are stored pursuant to Art. 6 Sect. 1 lit. f GDPR. The owner of the website has a legitimate interest in analyzing user behavior to optimize web offer and advertisement.
- IP anonymization
On this website, we have activated the IP anonymization function. As a result, your IP address is abbreviated by Google within the member states of the European Union or other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. Only in exceptional cases shall the full IP address be transmitted to one of Google’s servers in the United States and abbreviated there. On behalf of the operator of this website, Google shall use this information to analyze your use of this website, to generate reports on website activities and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted from your browser in conjunction with Google Analytics shall not be merged with other data of Google.
- Browser Plug-In
You shall have the option to prevent cookies from being stored by changing the settings of your browser software. However, we shall point out that in this case you may not be able to use all functions of this website to the full extent. Moreover, you shall have the option to prevent recording of the data generated by cookies and affiliated with your use of the website (including your IP address) by Google as well as processing of these data by Google by downloading and installing the browser plug-in available at: tools.google.com/dlpage/gaopout.
- Objection against data collection
You can prevent the recording of your data by Google Analytics by clicking on the following link. An opt-out cookie is set to prevent the collection of your information on future visits to this site: deactivate Google Analytics
For more information concerning the handling of user data by Google Analytics please consult Google’s Data Privacy Declaration at: support.google.com/analytics/answer/6004245.
Use of Google Maps
Some Wirthwein Online Offers use Google Maps to be able to offer you certain site-related functions (e.g. to show you the way to a Wirthwein contact person). Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA („Google“) as the service provider processes personal data of Google Maps users, which may also include the IP address of your device and your location information. The processing of standard data requires your permission to determine your location in the settings of your device. Google is exclusively responsible for processing your personal data in connection with the use of Google Maps; please find Google’s Privacy Statement at: www.google.com/policies/privacy/.
Google Web Fonts
This website uses so-called Web Fonts provided by Google for a uniform presentation of fonts. When calling a website, your browser loads up the required web fonts to your browser cache to correctly display texts and fonts.
For this purpose, your browser has to establish a connection to Google servers. As a result, Google is informed that our website was called by your IP address. The use of Google Web Fonts is based on the interest of a uniform and appealing presentation of Wirthwein Online Offers. It is a legitimate interest pursuant to Art. 6 Sect. 1 lit. f GDPR.
Should your browser not support Web Fonts, a standard font of your computer shall be used instead.
Links to other Websites
This privacy statement shall only apply to Wirthwein Online Offers but not to websites and applications of third parties. Wirthwein Online Offers may contain links to websites and applications of third parties which might be of your interest. Wirthwein shall not be held responsible for collection, processing and use of your data within the framework of websites or applications that are not operated by Wirthwein. Wirthwein shall also not be held responsible for their contents.
On our websites we use links to our company profiles in the respective networks pursuant to Art. 6 Sect. 1 lit. f GDPR. The links shall be regarded as communication means with customers, interested parties and users and to inform them of our services.
Moreover, we use social plug-ins on our website. It may not be excluded that already by calling the Wirthwein Online Offer respective social networks or service providers are informed of your visit to the Wirthwein Online Offer. This shall apply at least when you have an active account at the respective network which you are logged in at while visiting the Wirthwein Online Offer.
When following a link, you shall consider the following advice regarding the processing of your personal data. We shall point out that we have no bearing which of your data are processed by the respective networks. Please take details regarding data collection by the respective social networks and your rights and setting options from the respective privacy notices.
Facebook uses social plug-ins on our website to better process personal information. For this we use the ‘Like’ or ‘Share’ buttons, which is an offer by facebook.
When calling a page of our web appearance which contains such plug-ins your browser establishes a direct connection to the facebook server. Contents of the plug-ins are transferred from facebook to your browser directly and are therefore integrated in the website.
By integrating the plug-in, facebook is informed that your browser has called the respective page of our web appearance even if you do not dispose of your own facebook account or are not logged in at facebook at present. The information (including your IP address) is directly transferred from your browser to the facebook server in the USA to be stored there.
If you are logged in at facebook, facebook can directly assign your visit to our website to your facebook account. If you interact with the plug-ins, e.g. click on ‘like‘ or ‘link‘ buttons, the respective information is also directly transferred to the facebook server to be stored. Moreover, the information is published on facebook and displayed to your facebook customers.
Facebook shall be able to use this information for the purpose of advertisement, market research and customized administration of the facebook pages. For this facebook creates profiles regarding usage, interest, and relationships, e.g. to analyze your use of our website with regards to popped-up ads on facebook, to inform other facebook users of your activities on our website and to render other services associated with the use of facebook.
If you do not want facebook to assign the collected data through our web appearance to your facebook account, please log out from facebook before visiting our website.
Please take purpose and extent of data processing and further processing and use of data by facebook as well as your relevant rights and settings options to protect your privacy from the facebook Privacy Statement at www.facebook.com/about/privacy/.
We have integrated plug-ins of the tweet network Twitter Inc. You will recognize the Twitter plug-ins by the Twitter logo on our website. Please find an overview of so-called tweet-buttons at about.twitter.com/resources/buttons.
When calling a page of our web appearance which contains such a plug-in your browser establishes a direct connection to the Twitter server. Thus Twitter is informed that your IP address has visited our site. If you click on the Twitter ‘tweet button’ while being logged in your Twitter account you can link contents of our sites to your Twitter profile, which allows Twitter to assign your visit to our websites to your user account. We shall point out that we as the provider of the websites have no knowledge of the content of the transferred data and its use by Twitter.
If you do not want Twitter to assign your visit to our site, please log out from Twitter before visiting our website.
Please find further information in the Twitter Privacy Statement at: twitter.com/privacy.
Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you call one of our sites which contains functions of LinkedIn a connection to the LinkedIn server is established. LinkedIn is notified that your IP address has visited our website. If you click on the ‘Recommend’ button of LinkedIn and your account is logged in with LinkedIn, LinkedIn is able to allocate your visit to our website to your user account. We shall point out that we as the provider of the websites have no knowledge of the content of the transferred data and its use by LinkedIn.
The use of the LinkedIn plug-in is based on Art. 6 Sect. 1 lit. f GDPR. The operator of the website has a legitimate interest in maximum visibility on social media.
For further information please consult LinkedIn’s Privacy Statement at: https://www.linkedin.com/legal/privacy-policy
Our website uses features of Wikipedia. Provider is the Wikipedia Foundation Inc., 149 New Montgomery Street, Floor 6, San Francisco, CA 94105, USA. Every time you call one of our sites which contains functions of Wikipedia a connection to the Wikipedia server is established. As far as we are informed, personal data are not stored. In particular, neither IP addresses are stored nor is the usage behavior evaluated.
Our website uses functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
Every time you call one of our sites which contains functions of XING a connection to the XING server is established. As far as we are informed, personal data are not stored. In particular, neither IP addresses are stored nor is the usage behavior evaluated.
The use of the XING plug-in is based on Art. 6 Sect. 1 lit. f GDPR. The operator of the website has a legitimate interest in maximum visibility on social media. For more information on data protection and the XING share button please consult Xing’s Privacy Statement at: www.xing.com/app/share
YouTube with expanded data protection integration
Our website uses plug-ins of the YouTube website operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
We use YouTube in the expanded data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors of their website before they watch a video. Nevertheless, the expanded data protection mode does not necessarily exclude data sharing with YouTube partners. For instance, YouTube establishes a connection to Google DoubleClick network whether you watch a video or not.
A connection to the YouTube server is established as soon as you start a YouTube video on our website. As a result, the YouTube server is informed which of our pages you have visited. If you are logged in your YouTube account you allow YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.
Furthermore, when you start a video, YouTube is able to store various cookies on your device. By means of these cookies, YouTube is able to obtain information about our website visitors. Among others, this information is used to generate video statistics which aim at improving user friendliness and preventing fraud attempts. The cookies will remain on your device until you delete them.
After you have started to play a YouTube video additional data processing transactions may be triggered where applicable, which is beyond our control.
The use of YouTube is based on the interest of presenting the Wirthwein Online Offers in an appealing manner. This is a legitimate interest pursuant to Art. 6 Sect. 1 lit. f GDPR. For more information about data protection of YouTube, please consult the YouTube Privacy Statement at: https://policies.google.com/privacy?hl=en.
3. Processing of personal data of business partners
Data categories, purpose of processing and legal basis
Within the framework of business relationships with business partners, Wirthwein processes personal data with contact partners of customers, suppliers, interested parties, sales partners and cooperation partners (in the following called the Business Partner):
- Contact information, such as first and family name, business address, business phone, fax, and mobile number, business email address,
- Payment data, such as indications that are necessary to handle payment or prevent fraud, including credit card information and card verification numbers,
- Further information the processing of which is necessary within a project or a contractual relationship with Wirthwein and which the Business Partner gives voluntarily, e.g. within the limits of effected orders, inquiries or project details,
- Personal data that are collected from publicly available sources, information databases or credit agencies, and
- Where legally necessary in the context of compliance screenings: birth date, ID card and numbers, information concerning relevant legal proceedings or other legal disputes the Business Partner is involved in.
Wirthwein processes personal data for the following purposes:
- For communication with the Business Partner concerning products, services and projects, e.g. to process inquiries of the Business Partner or provide technical information of products,
- For planning, performance and administration of a contractual business relationship of Wirthwein and the Business Partner, e.g. to process product orders and services, collect payments, for bookkeeping and billing purposes and to carry out deliveries, maintenance and repair work,
- For customer surveys, marketing campaigns, market analyses, competitions, challenges, and similar campaigns and events,
- For customer satisfaction surveys and direct marketing as described in section 4,
- For maintaining and protecting Wirthwein products and services as well as our websites, preventing and identifying safety risks, fraudulent actions or other criminal activities or activities with the intent to cause damage,
- Compliance with (i) legal requirements (e.g. retention requirements in terms of tax and commercial law), (ii) existing obligations to carry through compliance screenings (to prevent economic crime or money laundering) as well as (iii) Wirthwein guidelines and industry standards and
- Settlement of legal disputes, enforcement of existing contracts, and enforcement, exercise and defense of legal claims.
The processing of personal data shall be necessary to realize the aforementioned purposes. Unless not expressly stated otherwise as regards the collection of personal data, the legal basis of data processing is:
- Implementation and performance of contracts with you pursuant to Art. 6 Sect. 1 lit. b GDPR,
- Fulfillment of legal obligations Wirthwein is object to pursuant to Art. 6 Sect. 1 lit. c GDPR, or
- Safeguarding of legitimate interests of Wirthwein pursuant to Art. 6 Sect. 1 lit. f GDPR. Wirthwein’s legitimate interest is in the initiation, execution and handling of business relations.
Should you have given your explicit consent for personal data processing on a case-by-case basis, your given consent shall be the legal basis for personal data processing pursuant to Art. 6 Sect. 1 lit. a GDPR.
4. Processing of personal data for customer satisfaction surveys and direct marketing
Within the framework of existing legislation Wirthwein shall be allowed to use your contact data for direct marketing purposes (e.g. invitations to fairs, newsletters) or to carry out customer satisfaction surveys, also per email. You have the right to object to your contact data being used for these purposes at any time by sending an email to email@example.com or by making use of the objection option by means of the message you have received.
5. Notes on data protection regarding online applications
Should you want to apply with us by electronic means, please exclusively use our online application portal. You can take further information regarding the handling of data provided here from the privacy statement for online applications. We kindly ask you not to apply by email as we cannot ensure safe transmission of your data.
6. Recipients and categories of recipients
Within our company those authorities get access to your data that need them to fulfill our contractual and legal obligations. Also service providers and vicarious agents we use shall be permitted to receive data for these purposes provided they maintain confidentiality and integrity. These are companies from IT services, logistics, printing services, telecommunication, debt collection, consulting, as well as sales and marketing.
With regard to data transfer to recipients outside the company it shall be important to observe that we only pass on necessary personal data in compliance with data protection regulations. Basically, we shall be permitted to pass on information about you if legally required, upon your approval or if we are authorized to provide information. Under these conditions, recipients of personal data may be:
- Public authorities und institutions (e.g. financial authorities, prosecution authorities, family courts, land registries) in the case of legal or official obligations,
- Credit und financial services institutions or comparable institutions to which we transfer personal data within the framework of the execution of business relations (e.g. banks, credit agencies),
- Other group-affiliated companies for risk controlling due to legal or official obligations,
- Creditors or liquidators who inquire within the framework of enforcements,
- Service providers, whom we consult within the framework of order processing
- Commercial agents of the company
7. Transfer to third countries
Data are transmitted to entities outside the European Union (so-called third countries)
- If necessary to execute your orders (e.g. delivery orders),
- If statutory (e.g. tax based reporting obligations) or
- Upon your consent.
Moreover, data transmission to entities in third countries shall be intended in the following cases:
- If necessary in individual cases, your personal data shall possibly be transmitted to IT service providers in third countries to guarantee IT operations of the company in compliance with the data protection level of the European Union.
- Due to statutory provisions to combat money laundering, terrorist funding and other criminal offenses as well as within the framework of balancing of interest, in individual cases personal data (e.g. authentification information) are transmitted to third countries in compliance with the data protection level of the European Union.
8. Storage period
We shall process and store your personal data as long as it is necessary to fulfill our contractual obligations and exercise our rights.
Should your data be not longer required for the fulfillment of contractual or legal obligations, they shall be deleted regularly unless– restricted – further processing shall be necessary for the following purposes:
- The fulfillment of retention obligations according to commercial and tax law based on the German Commercial Code, the General Fiscal Law and the Money Laundering Act. As a rule, the set limits for data storage and documentation are between two and ten years.
- Preservation of evidence within the framework of statutes of limitations. Pursuant to §§ 195 ff. of the German Civil Code these statutes of limitations may last up to 30 years, whereas the regular limitation period amounts to 3 years.
9. Data security
Our employees and the service providers we work with shall be obliged to maintain secrecy and comply with the provisions of applicable data protection acts. The company shall take appropriate technical and organizational precautions to protect your personal data against loss, change, destruction or access by unauthorized persons or unauthorized disclosure. Our precautions shall be constantly improved in line with technological advancements.
10. Rights of persons concerned
Each person concerned shall have the right to obtain information pursuant to Art. 15 GDPR, the right to demand correction pursuant to Art. 16 GDPR, the right to cancelation pursuant to Art. 17 GDPR, the right to limitation of processing pursuant to Art. 18 GDPR as well as the right to data transferability pursuant to Art. 20 GDPR.
As regards the right to information and cancellation, the limitations pursuant to §§ 34 and 35 Privacy Act shall apply. Moreover, there is the right to appeal with a responsible supervisory authority for data protection (Art. 77 GDPR in conjunction with § 19 Privacy Act).
You shall have the right to revoke your given consent in the processing of personal data at any time. This shall also apply to the revocation of declarations of consents given to us before the GDPR validity, i.e. before May 25, 2018. Please note that the revocation takes effect for the future only. Processing carried out prior to the revocation shall remain unaffected hereby.
For grounds resulting from your particular situation you shall also be given the right to enter an objection against the processing of your personal data pursuant to Art. 6 Sect. 1 lit. e GDPR (data processing for the public benefit) and Art. 6 Sect. 1 lit. f GDPR (data processing based on balancing of interest) at any time; this shall also apply to profiling based on this provision pursuant to Art. 4 Sect. 4 GDPR. Should you enter an objection, we shall not process your personal data any longer unless we shall provide compelling legitimate reasons for data processing which prevail your interests, rights and liberties. This includes in particular if processing shall be necessary for the establishment, exercise or defense of legal claims.
Moreover, you shall have the right pursuant to Art. 22 GDPR not to be subject to any fully automated decision-making. Basically we do not make use of any fully automated decision-making for the establishment, execution and termination of business relationships. Should we implement these procedures in individual cases (e.g. to improve our products and services), we shall inform you hereof and also of your rights in this respect separately if statutory.
For further information and explanations with respect to the aforementioned rights, please consult the website „Rights for Citizens“ of the European Commission.
11. Obligation of data provision
Within the framework of our business relations you shall be obliged to provide those personal contract data that are necessary for the establishment, exercise and termination of business relationships and for the fulfillment of contractual obligations involved or the collection of which we are bound by law. As a rule, without these data we shall not be able to enter into, to execute or terminate orders.
The same shall apply to visitors of the Wirthwein Online Offer and the collection of usage data. Without the collection of usage data we as well as our service providers shall not be obliged to put the Wirthwein Online Offer at your disposal.
Your data shall be processed partly automatically to analyze certain personal aspects (profiling). For example, we shall use profiling in the following cases:
- We shall use evaluation tools to be able to specifically inform and advice you of products and services. They allow for individual communication and advertisement including marketing and opinion research.
- We shall use scoring within the framework of credit assessment. Hereby the probability is calculated that customers meet their payment commitments in accordance with the terms of contract. Scoring is based on mathematically-statistically recognized and proven methods. The calculated scores shall support us in decision-making within the framework of product sales and shall form part of the ongoing risk management.
13. Validity and modifications of this data privacy statement
This data privacy statement is currently valid as of August 7, 2019.