Personal data is information that makes it possible to identify a natural person. This includes in particular name, date of birth, address, telephone number, e-mail address, but also your IP address.
We talk about anonymous data when no personal reference to the user can be made.
Responsible entity and data privacy officer
Phone: +49 7933 702-0
Fax: +49 7933 702-910
Contact data privacy:
Your rights as a data subject
First of all, we would like to inform you about your rights as a data subject. These rights are standardized in Art. 15 - 22 DS-GVO. This includes:
- The right to information (Art. 15 GDPR),
- The right to deletion (Art. 17 DS-GVO),
- The right to rectification (Art. 16 DS-GVO),
- The right to data portability (Art. 20 DS-GVO),
- The right to restriction of data processing (Art. 18 DS-GVO),
- The right to object to data processing (Art. 21 DS-GVO).
To assert these rights, please contact: email@example.com. The same shall apply if you have questions about data processing in our company or would like to revoke a granted consent. You shall also have a right of appeal to a data privacy supervisory authority.
Rights of objection
With respect to rights of objection, please note the following:
If you object to processing for direct marketing purposes, we shall no longer process your personal data for these purposes. The objection is free of charge and can be made form-free, if possible to: firstname.lastname@example.org.
In the event that we process your data to protect legitimate interests, you may object to this processing at any time on grounds relating to your particular situation; this shall also apply to profiling based on these provisions.
We shall then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
Purposes and legal bases of data processing
When processing your personal data, the provisions of the DS-GVO and all other applicable data privacy regulations shall be complied with. Legal bases for data processing arise in particular from Art. 6 DS-GVO.
We shall use your data to initiate business, to fulfill contractual and legal obligations, to carry out the contractual relationship, to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct advertising.
Your consent to data processing may also constitute a permission requirement under data privacy law. Before giving your consent, we shall inform you about the purpose of the data processing and about your right of withdrawal.
Disclosure to third parties
We shall only pass on your data to third parties within the framework of the statutory provisions or with corresponding consent. Otherwise, we shall not disclose your data to third parties unless we are required to do so by mandatory legal provisions (disclosure to external bodies such as supervisory authorities or law enforcement agencies).
Recipients of the data / categories of recipients
Within our company, we shall ensure that only those persons receive your data who need them to fulfill contractual and legal obligations.
In certain cases, service providers support our technical departments in the fulfillment of their tasks. The necessary contractual framework under data privacy law has been concluded with all service providers.
Third country transfer / third country transfer intention
Data shall only be transferred to third countries (outside the European Union or the European Economic Area) if this is necessary for the performance of the contractual relationship, is required by law or you have given us your consent to do so.
Data storage period
We shall store your data as long as they are needed for the respective processing purpose. Please note that numerous retention periods require that data must continue to be stored. This applies in particular to retention obligations under commercial or tax law (e.g. Commercial Code, Fiscal Code, etc.). If there are no further storage obligations, the data shall be routinely deleted once the purpose has been achieved.
Moreover, we may retain data if you have given us your permission to do so or if legal disputes arise and we use evidence within the scope of statutory limitation periods, which may be up to thirty years; the regular limitation period is three years.
Secure transfer of your data
In order to protect the data stored by us in the best possible way against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, we shall use appropriate technical and organizational security measures. The security levels shall be continuously reviewed in cooperation with security experts and adapted to new security standards.
The exchange of data to and from our website shall always be encrypted. We offer HTTPS as the transmission protocol for our website, always using the current encryption protocols. There is also the option of using alternative communication channels (e.g., the postal service).
Obligation to provide the data
Various personal data are necessary for the establishment, implementation and termination of the debt relationship and the fulfillment of the associated contractual and legal obligations. The same shall apply to the use of our website and the various functions it provides.
We have summarized details of this for you in the above point. In certain cases, data shall also be collected or made available due to legal requirements. Please note that it is not possible to process your request or carry out the underlying contractual relationship without providing these data.
Categories, sources and origin of data
The data we process are determined by the respective context: This depends on whether you place an order online or enter an inquiry in our contact form, for example, or whether you send us an application or submit a complaint.
Please note that we may also provide information for special processing situations separately at an appropriate point, e.g. when you upload application documents or submit a contact inquiry.
When you visit our website, we shall collect and process the following data:
- Name of the Internet service provider
- Information about the website from which you are visiting us
- Web browser and operating system used
- IP address assigned by your Internet service provider
- Files requested, amount of data transferred, downloads/file exports
- Information about the web pages that you call up from us, including date and tim
For reasons of technical security (in particular to defend against attempted attacks on our web server), these data shall be stored in accordance with Art. 6 Para. 1 lit. f DS-GVO. After 7 days at the latest, the IP address shall be shortened and anonymized so that no reference to the user can be made.
In the context of a contact request, we collect and process the following data:
- Company (for contact form/registration trade fair)
- Name (for all contact forms)
- Contact details (e-mail address, telephone number) (for all contact forms)
- Your message (for contact form/registration trade fair)
- Your feedback (for project management, order information material)
- Your desired date (for trade fair registration)
For online applications, we shall collect and process the following data:
- Name, first name
- E-mail address + password for registration
- Title if applicable
- Address (phone number)
- Contact details (phone number)
- Curriculum vitae
- Cover letter
Automated individual case decisions
We use purely automated processing to bring about a decision in the following cases:
In order to provide you with targeted information and advice on products and services, we use evaluation tools. These enable tailored communication and advertising, including market and opinion research. We use scoring to assess your creditworthiness. This involves calculating the probability that a customer will meet his or her payment obligations in accordance with the contract. Scoring is based on a mathematically and statistically recognized and proven procedure. The score values calculated support us in our decision-making process when concluding product deals and are included in ongoing risk management.
Cookies (Art. 6 para. 1 S. 1 lit. a, f DS-GVO, § 25 para. 1, 2 TTDSG)
Assuming your consent, further cookies are used, by means of which we or third parties can, for example, evaluate how our services are used. This allows us to design the content according to user requirements. In addition, the cookies enable us to measure the effectiveness of a particular advertisement and to have it placed, for example, depending on the thematic user interests. The legal basis for this is your explicit consent (Art. 6 para. 1 p. 1 lit. a DS-GVO, § 25 para. 1 TTDSG).
You shall be entitled to revoke your consent via our Consent banner at any time with effect for the future and change the cookie settings. Please note that changes must be made separately for each terminal device.
If you maintain accounts with the third-party providers we use and are logged in there, your data may be linked to the respective account. You can avoid such a combination by not granting or revoking your consent to the cookies in question or by logging out of the respective third-party providers in advance.
Most browsers accept cookies automatically. You can also manually deactivate, restrict or delete cookies on your end device via the settings of your browser or software-supported. If you deactivate the setting of cookies, the full use of our website is not possible or only possible to a limited extent.
Links Social Media
On our website you will find links to the social media services of Meta / Facebook, Instagram, LinkedIn, Xing and YouTube. Links to the websites of the social media services can be recognized by the respective company logo. You will find the Wirthwein SE company website on the respective social media service if you follow these links. By clicking on a link to a social media service, a connection to the servers of the social media service is established. In this way, it is transmitted to the servers of the social media service that you have visited our website. In addition, further data will be transmitted to the provider of the social media service, such as:
- Website address of the activated link
- Date and time when the website was called up or the link was activated
- Information about the browser and the operating system used
- IP address
If you are already logged in to the corresponding social media service at the time the link is activated, the provider of the social media service may be able to determine your user name and possibly even your real name from the transmitted data and assign this information to your personal user account with the social media service. You can exclude this possibility of assignment to your personal user account by logging out of your user account in advance.
The servers of the social media services are located in the USA and other countries outside the European Union. The data may therefore also be processed by the provider of the social media service in countries outside the European Union. Please note that companies in these countries are subject to data protection laws that do not generally protect personal data to the same extent as is the case in the member states of the European Union.
Contact form / contact by e-mail (Art. 6 para. 1 lit. a, b DS-GVO)
There is a contact form on our website that can be used to contact us electronically. If you write to us via the contact form, we shall process the data you provide in the contact form for contacting you and answering your questions and requests.
Here, the principle of data economy and data avoidance shall be complied with, in that you shall only have to provide the data that we absolutely require from you in order to contact you, i.e. your e-mail address and the message field itself. In addition, your IP address shall be processed for technical necessity as well as for legal protection. All other data are voluntary fields and can be entered optionally (e.g. to answer your questions individually).
We shall implement appropriate security measures to protect the security and confidentiality of your data in the best possible way. Your request shall be transmitted to us in encrypted form.
Should you contact us by e-mail, we shall process the personal data provided in the e-mail solely for the purpose of processing your inquiry.
Advertising purposes active customers (Art. 6 para. 1 lit. f DS-GVO )
Wirthwein SE is interested in maintaining the customer relationship with you and in sending you information and offers about our products / services. Therefore, we shall process your data in order to send you appropriate information and offers by e-mail.
The objection can be made free of charge and without formalities without giving any reasons and should preferably be addressed to +49 7933 / 7020, by e-mail to email@example.com or by mail to Wirthwein SE, Walter-Wirthwein-Strasse 2-10, 97993 Creglingen, Germany.
Applicant portal (Art. 6 para. 1 lit. a, b DS-GVO)
Thank you for your interest in working for Wirthwein SE. We shall be aware of the importance of your data and shall process the personal data you provide in the application form only for the purpose of effective and correct processing of the application procedure and for contacting you as part of the application process. No data shall be passed on to third parties without your consent.
As part of the application form, you will be asked to provide personal data. In doing so, we shall observe the principle of data economy and data avoidance by only requiring you to provide us with the data that we need to fully review your application documents, such as your curriculum vitae, or that we are legally obligated to collect. These mandatory fields are marked with an *(asterisk). For technical necessity as well as for legal protection, we shall also process your IP address.
Without these data, we unfortunately shall not able to check your application documents, therefore our application system shall not allow the upload of the application documents in this case. Of course, you shall have the option to provide voluntary information in the application form.
To protect the security and confidentiality of your data as best as possible, we shall implement appropriate security measures. Your application documents shall be transmitted to us in encrypted form through our application system.
We shall store your data for the above-mentioned purposes until the application process has been completed and related deadlines have expired - at the latest six months after receipt of a decision. However, you shall have the option of us storing your application documents for longer and matching them with other vacancies that match your profile.
For this we shall require your consent, which you can give us by clicking on the checkbox before uploading your application documents. In this case, we shall store your data for 12 months. You may of course revoke your consent at any time without giving reasons with effect for the future by phone at +49 7933 / 7020, by e-mail to firstname.lastname@example.org or by mail to Wirthwein SE, Walter-Wirthwein-Strasse 2-10, 97993 Creglingen, Germany.
Processing of personal data of business partners
Data categories / origin
In the context of the cooperation with business partners, Wirthwein shall process personal data of contact persons at customers, suppliers, interested parties, sales partners and cooperation partners (hereinafter "business partners"):
Contact information, such as first and last name, business address, business phone number, business mobile phone number, business fax number and business e-mail address, payment data, such as information required for the processing of payment transactions or fraud prevention, including credit card information and card verification numbers, further information the processing of which is required in the context of a project or the processing of a contractual relationship with Wirthwein and which is provided voluntarily by business partners, e.g. in the context of orders placed, inquiries or project details, personal data collected from publicly available sources, information databases or from credit agencies and to the extent legally required in the context of compliance screenings: date of birth, ID and ID numbers, information on relevant legal proceedings or other legal disputes that involve business partners.
In principle, we shall receive your personal data from you as part of the contract initiation process or during the ongoing contractual relationship. Exceptionally, in certain constellations, your personal data shall also be collected from other sources. This includes event-related queries on relevant information from credit agencies, in particular on creditworthiness and credit behavior.
In the IT environment, Wirthwein SE relies, among other things, on products of Microsoft Corporation. In the course of using the IT systems, the following categories of data may be processed:
- Functional data (data that is essential for the provision of the service)
- Content data (data relating to content, which are processed within the scope of the services)
- Diagnostic & log data (technically logged data that are required for maintenance, troubleshooting, and occasionally for further development)
These data categories shall be systematically collected directly from you. We will be happy to provide you with further information on data processing in specific IT systems on request.
In the course of our online meetings using Microsoft Teams, we shall process the following personal data:
- Communication data (e.g. your email address, if you provide it in a personalized manner)
- Log files, protocol data
- Metadata (e.g. IP address, time of participation, etc.)
- Profile data (e.g. your user name, if you provide this voluntarily)
We would like to point out that we shall not be responsible for any further data processing, for example, in connection with calling up the MS Teams website and/or installing the MS Teams app.
Microsoft shall reserve the right to process customer data for its own business purposes. We have no control over these data processing activities by Microsoft. To the extent that Microsoft Teams processes personal data in connection with business purposes, Microsoft shall be the independent data controller for those data processing activities and, as such, shall be responsible for compliance with all applicable data protection laws. If you require information about Microsoft's processing, please refer to Microsoft's relevant statement.
Purposes and legal bases of data processing
Wirthwein SE shall process personal data for the following purposes:
When processing your personal data, the provisions of the DS-GVO, the BDSG and other relevant legal provisions shall always be observed.
Your personal data shall be processed exclusively for the implementation of pre-contractual measures (e.g. for the preparation of offers for products or services) and for the fulfillment of contractual obligations (e.g. for the implementation of our service or for the processing of orders/orders/payments) (Art. 6 para. 1 lit. b DS-GVO) or if there is a legal obligation for processing (e.g. due to tax law requirements) (Art. 6 para. 1 lit. c DS-GVO). The personal data was originally collected for these purposes.
Of course, your consent to data processing can also constitute a permission requirement under data protection law (Art. 6 (1) a DS-GVO). Before granting, we shall inform you about the purpose of the data processing and about your right of revocation according to Art. 7 (3) DS-GVO.
Wirthwein SE is also interested in maintaining the customer relationship with you and in sending you information and offers about our products/services by e-mail. Therefore, we shall process your data in order to send you corresponding information and offers (Art. 6 para. 1 lit. f DS-GVO).
For the detection of criminal offences, your personal data shall only be processed under the provisions of Art. 10 DS-GVO.
Recipients of the data / categories of recipients
In our company, we shall ensure that only those departments and persons shall receive your data who need them to fulfill our contractual and legal obligations.
In certain cases, service providers support our specialist departments in performing their tasks. The relevant data protection contracts have been concluded with all service providers.
These are, in particular, service companies such as parcel services and freight forwarders who take over the transport, storage and shipping of goods for us, as well as external service providers who, if necessary, support us in auditing suppliers and in carrying out certification audits.
In addition, we shall regularly carry out creditworthiness checks on customers and suppliers and, in this context, pass on information on payment processing, for the purpose of checking payment behavior and creditworthiness, to credit and business information agencies. In the context of the annual audit and insurance matters, we may also use the assistance of external service providers and thus pass on data to them.
In addition, we use the support of an IT service provider and a cloud provider. If necessary, your personal data may therefore also be processed in the cloud. We have concluded the relevant contracts required from a data protection perspective for this purpose. If the cloud provider is located in a country outside the EU / EEA (third country), we shall take the measures possible and required under data protection law in accordance with Art. 44 et seq. EU-DS-GVO to establish the level of data protection in the respective third country. In doing so, we shall take technical and organizational measures to ensure that only those persons who need your data to fulfill their contractual and legal obligations shall receive it.
Finally, we are also required by law to disclose certain information to public authorities, such as: tax authorities, law enforcement agencies and customs authorities.
When selecting service providers, an attempt is made to use European service providers (service providers within the European Economic Area). However, this is not always possible - for example, in the case of Microsoft. If we use service providers from third countries, we shall make sure that the configuration is as restrictive as possible.
(In the case of Microsoft, for example, data processing in Europe is agreed. In addition, the configuration is restricted by IT experts and individual processing operations are coordinated with the data protection officer).
The company Wirthwein SE maintains presences in the "social media", presently on Facebook, Instagram, LinkedIn, Xing and YouTube. Insofar as we have control over the processing of your data, we shall ensure that the applicable data protection provisions are complied with.
Below please find the key information on data protection law with regard to our websites.
Name and address of the party responsible for the operation
In addition to Wirthwein SE, the following party shall be responsible for the company websites as defined by the German Data Protection Regulation (DS-GVO) as well as other provisions under data protection law
- Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
- Instagram (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
- LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland)
- Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Deutschland)
- YouTube (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland)
However, you shall use these platforms and their functions on your own responsibility. This shall apply in particular to the use of the interactive functions (e.g. commenting, sharing, rating).
We would also like to point out that your data may be processed outside the European Union.
Purpose and legal basis
We maintain the fan pages ourselves in order to communicate with the visitors of these pages and to inform them about our offers in this way.
In addition, we shall collect data for statistical purposes in order to be able to further develop and optimize the content and to make our offer more attractive. The data required for this purpose (e.g. total number of page views, page activity and data provided by visitors, interactions) are processed by the social networks and made available to us. We shall have no influence on generation and presentation.
Furthermore, your personal data will be processed by the social media providers for market research and advertising purposes. It is possible, for example, that usage profiles are created based on your usage behavior and the resulting interests. This allows, among other things, advertisements to be placed within and outside the platforms that correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not directly collected on your end devices may also be stored in your usage profiles. The storage and analysis also take place across devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.
The processing of your personal data by Wirthwein SE shall be based on our legitimate interests in effective information and communication pursuant to Art. 6 para. 1 sentence 1 lit. f. DS-GVO.
Should you be asked for consent to data processing, i.e. if you declare your consent by confirming a button or similar (opt-in), the legal basis of the processing shall be Art. 6 para. 1 sentence 1 lit. a., Art. 7 DS-GVO.
Your rights / possibility of objection
If you are a member of a social network and do not want the network to collect data about you via our fan page and link it to your stored membership data at the respective network, you shall
- log out of the respective network before visiting our fan page,
- delete the cookies stored on the device and
- exit and restart your browser.
After logging in again, however, you shall once more be recognizable to the network as a specific user.
For a detailed description of the respective processing and the possibilities to object (opt-out), we shall refer to the following linked information:
Generally, you shall have the following rights regarding the processing of your personal data:
Right of access; right to rectification; right to erasure; right to restriction of processing; right to object; right to data portability; right to complain about unlawful processing of your personal data to the competent data protection authority.
However, since Wirthwein SE does not have complete access to your personal data, you should contact the providers of the social media directly if you wish to assert your rights, as they each have access to the personal data of their users and can take corresponding measures and provide information.
If you still need help, we shall of course try to support you. Please contact email@example.com.
Notes on copyright and artistic copyright
If you want to publish pictures, texts, plans, videos, music, etc. on our website, you should know that you may assign all rights of use to the network, which could ultimately have legal consequences for you should you not be the author or rights holder yourself.
Links to other providers
Our website also contains - clearly recognizable - links to the websites of other companies. Insofar as there are links to websites of other providers, we shall have no influence on their content. Therefore, no guarantee or liability shall be assumed for these contents. The respective provider or operator of the pages shall be responsible for the content of these pages at all times.
The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal contents were not recognizable at the time of linking. However, a permanent control of the contents of the linked pages shall not be reasonable without concrete evidence of a violation of the law. Should we become aware of any infringements of the law, we shall immediately remove the links in question.
Creglingen, July 2023